We have taken the standard RedHat 5.2 release and have added or changed the following to help improve the security of systems installed with this Fermi Linux 5.2.1 release. 

• Pre-nstalled all of the Red Hat errata rpms.
• Created /etc/hosts.allow and /etc/hosts.deny to allow un-encrytped network access to the .fnal.gov domain only.  Off site users may need to modify these files for local access.
• Modified /etc/inetd.conf to only allow telnet, rlogin, rsh and ftp access.
• Installed ssh (secure shell) by default if the installation has access to linux-rep.fnal.gov during the install.  Note that linux-rep.fnal.gov only allows .fnal.gov access to ssh because of United States Export Restrictions on crypotgraphy.  This is also why it is not on the CDROM. So all offsite users will have to get ssh from other means.
• When a package is upgraded we will place it in linux.fnal.gov://linux/521/i386/updates/RedHat/RPMS.  AutoRPM will automatically upgrade packages when able.   For more info on this process see the Fermi AutoRPM documentation.