Need advice on security

[Chong Yu Meng]

On Wed, 2007-03-28 at 09:49 -0700, Bill Campbell wrote:
> Configuring ssh to only accept identities in authorized_keys
> files, building it with libwrap support, and restricting ssh
> access via the /etc/hosts.allow file makes it extremely hard for
> outsiders to gain unauthorized access to the system.
> 
> Setting user's shells to /bin/false makes it difficult to get
> shell access (but not impossible as I found a cracked system in
> which /bin/bash had been hard-linked to /bin/false).
> 
> Most non-rootkit attacks I've seen on *nix systems have been made
> through web exploits of php, webmin, or usermin.  There have been
> numerous PHP exploits, 

<snip>
> 
> That's all I have time to address now.

Thanks for the information, Bill! It's very useful and at least now I
have a clearer idea of what I am protecting against. 

I am very wary of what I hear from local consultants, engineers and
bureaucrats because they tend to believe that any answer -- even the
wrong answer -- is better than no answer at all. Their responses have
gotten me into trouble before, not only with technology issues, but also
with the tax authorities and once with the law. 

With regard to bad php and perl scripts, I think a firewall is not much
help. Configuring passwordless SSH is a good idea, as is setting up
hosts.allow. I'd installed something called "fail2ban", a script that
was introduced to me by Mr. Bandel on this list. It works very well! 

My worry is that there is something like a buffer overflow-type attack,
such as the "Ping of Death" that happened to NT4, years ago, that could
break into a Linux system through a port that may or may not be open.
Could a hacker for example crack a system through, say, port 1999, even
if the port was not open, and nothing was listening on it?

Thanks and Regards,
pascal chong