An Overview of Security-Related Packages

To enable the secure server, you need to have the following packages installed at a minimum:


The apache package contains the httpd daemon and related utilities, configuration files, icons, Apache modules, man pages and other files used by the Apache Web server.


The mod_ssl package includes the mod_ssl module, which provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.


The openssl package contains the OpenSSL toolkit. The OpenSSL toolkit implements the SSL and TLS protocols and also includes a general purpose cryptography library.


The mm package contains the MM library, which allows multiple instances of the httpd daemon to share state information.

Additionally, other software packages included with Red Hat Linux can provide certain security functionalities (but are not required by the secure server to function):


The apache-devel package contains the Apache include files, header files and the APXS utility. You will need all of these if you intend to load any extra modules, other than the modules provided with this product. Please see the Official Red Hat Linux Reference Guide for more information on loading modules onto your secure Web server using Apache's DSO functionality.

If you do not intend to load other modules onto your Apache server, you do not need to install this package.


The apache-manual package contains the Apache Project's Apache 1.3 User's Guide in HTML format. This manual is also available on the Web at

OpenSSH packages

The OpenSSH packages provide the OpenSSH set of network connectivity tools for logging into and executing commands on a remote machine. OpenSSH tools encrypt all traffic (including passwords), so you can avoid eavesdropping, connection hijacking, and other attacks on the communications between your machine and the remote machine.

The openssh package includes core files needed by both the OpenSSH client programs and the OpenSSH server. The openssh package also contains scp, a secure replacement for rcp (for copying files between machines) and ftp (for transferring files between machines).

The openssh-askpass package supports the display of a dialog window which prompts for a password during use of the OpenSSH agent with RSA authentication.

The openssh-askpass-gnome package contains a GNOME GUI desktop environment dialog window which is displayed when OpenSSH programs prompt for a password. If you are running GNOME and using OpenSSH utilities, you should install this package.

The openssh-server package contains the sshd secure shell daemon and related files. The secure shell daemon is the server side of the OpenSSH suite, and must be installed on your host if you want to allow SSH clients to connect to your host.

The openssh-clients package contains the client programs needed to make encrypted connections to SSH servers, including the following: ssh, a secure replacement for rsh; and slogin, a secure replacement for rlogin (for remote login) and telnet (for communicating with another host via the TELNET protocol).

For more information about OpenSSH, see Chapter 9 and the OpenSSH website at


The openssl-devel package contains the static libraries and the include file needed to compile applications with support for various cryptographic algorithms and protocols. You need to install this package only if you are developing applications which include SSL support — you do not need this package to use SSL.


The stunnel package provides the Stunnel SSL wrapper. Stunnel supports the SSL encryption of TCP connections, so it can provide encryption for non-SSL aware daemons and protocols (such as POP, IMAP and LDAP) without requiring any changes to the daemon's code.

Table 14-1 displays the location of the secure server packages and additional security-related packages within the package groups provided by Red Hat Linux. This table also tells you whether each package is optional or not for the installation of a secure Web server.

Table 14-1. Security Packages

Package NameLocated in GroupOptional?
apacheSystem Environment/Daemonsno
mod_sslSystem Environment/Daemonsno
opensslSystem Environment/Librariesno
mmSystem Environment/Libraries no
openssh-serverSystem Environment/Daemonsyes