3.16. Security Level Selection
3.16.1. Standard Selection
Configure the services that will start when the system is activated. You can manually configure each service. In addition, you can configure security levels defined based on the purpose of each service to be started. The selectable security levels are as follows:
Table 3-6. Security levels
| High | The system will only start minimum services required to use the system as a client. This level ensures the highest security. This level is recommended for a computer that is directly connected to the Internet. |
| Medium | In addition to the high-level services, certain services, such as those from the SSH server and mail server (Postfix), will start. |
| Open | Most services will start. Many ports will be left open. This level ensures the use of various services, but the most dangerous in security. It should not be set for a machine that is connected to the Internet. |
Usually, you should select "High", the default setting of the installer. On the [Custom Selection] tab, you can see services that can be activated at each security level. In addition, if you are a power user, you can manually configure each service.
If you select "Standard desktop", which is the default, as the installation type, the services that will be activated at the high and medium levels are as follows: The services that will be installed vary depending on the selected installation type.
Table 3-7. Services that will be activated at different security levels
| Service name | High | Medium | Description |
|---|---|---|---|
| IIim | Yes | Yes | IIIMP-based Input Method Server |
| UpdateCheck | Yes | Yes | Check script for updated packages |
| acpid | Yes | Yes | ACPI ¡ÊAdvanced Configuration and Power Interface¡Ë control daemon |
| alsasound | Yes | Yes | ALSA sound driver load |
| apmd | No | Yes | APM (Advanced Power Management¡Ë control daemon |
| atapidma | Yes | Yes | ATAPI CD-ROM DMA enable |
| clamd | No | Yes | Anti-virus daemon |
| crond | Yes | Yes | Automatic program execution daemon |
| cups | Yes | Yes | CUPS printer server daemon |
| freshclam | No | Yes | Update daemon for clam anti-virus DBs |
| fuse | Yes | Yes | fuse kernel module load |
| keytable | Yes | Yes | Keyboard layout configuration script |
| kparam | Yes | Yes | Kernel parameter configuration script |
| messagebus | No | Yes | D-BUS daemon |
| netfs | No | Yes | Network file system mount script |
| network | Yes | Yes | Network interface configuration script |
| postfix | No | Yes | Mail transfer agent |
| skkserv | No | Yes | SKK dictionary server |
| sshd | No | Yes | Secure shell daemon |
| submount | Yes | Yes | subfs enable |
| syslog | Yes | Yes | System logging |
| tuneidend | No | Yes | Hard disk optimization |
| udev | Yes | Yes | Automatic device file generation |
| xinetd | Yes | Yes | Superserver |
3.16.2. Custom selection
The services that will be activated when the system starts are selected. The numeric value in the "Securelevel" column is the security level defined for the service.
If "High", "Medium", or "Open" is selected on the [Standard selection] tab, the security level in this column is at least 80, 50, or 20, respectively, in the selected service. Select services to be started or stopped as required.
 | You can also use the service configuration tool to change the service activation configuration after Turbolinux FUJI is installed. |