Suggestions to install and configure Linux securely:

• Apply all significant security patches to the OS and to services installed with the OS. Please apply these patches selectively, because applying all available updates may install new features and even new OS releases that ACSLS has not been tested with.
• Make sure that telnet and rlogin are not installed or disabled. Use ssh instead.

  Also make sure that ftp is not installed or disabled, and use sftp instead.

  To see all services, login as root and issue the following command:

  service –-status-all

• To delete services permanently, issue the following command:

  svccfg delete -f service-name

• Do not disable ssh. You want users to remotely login to the ACSLS using ssh, not telnet or rlogin. Also do not disable sftp.
• Network services, specifically rpcbind, must be enabled to allow ACSLS client communication.

  When launching rpc on Linux, launch it with the –i flag.

• Some Ethernet ports on the ACSLS server need to be open for communication with ACSLS. Client applications use specific Ethernet ports for communication with ACSLS, and ACSLS communicates with specific ports on tape libraries. See Ethernet Ports Used for ACSLS Communication for the ports that need to be available for ACSLS communication. On the ACSLS server ensure that iptables is configured to allow traffic to the ports used by ACSLS.