You hear about hacking but I'm not exactly sure how someone could hack into a server via a port.
For example, someone hacks into apache through port 80 - does that somehow leave my entire server at risk if they can get to root or would they be locked into the apache environment only?

It depends how the system is set up, and what your system is vulnerable to. This is the sort of thing that SELinux is aimed at, where the kernel monitors what a process is trying to do, and judges whether it's the sort of thing that it should permit. Hope you're still running it.

To be honest, I'm not sure. I have it on my distro but not exactly sure what it monitors - I'll read some guides but is it a simple case of yum install selinux?

Say my port 80 was open and someone hacked in to apache, what risk is there of getting into root. I assume php safe mode is on and apache has standard install settings for all the folders.

Never make assumptions.

It is, what I meant to say was if it is on, then how else could a port be used to hack in?

by finding a bug in safe mode.

SELinux is there by default on CentOS, shold be fully enabled by default. run system-config-securitylevel (or just -security..?) or getenforce to check. This is a great example of something that can be very painful to live with, with administrators having to spend a lot of time teaching the system what is not a hack attempt etc. So most people just turn it off.

getenforce says disabled

vi /etc/sysconfig/system-config-securitylevel
says:
--enabled
--port:22 tcp

you're looking at the firewall tab for that port 22 entry. Anyway though, this wasn't a thread about SELinux, so I'll leave that for now.

I think by now the question you should ask is "How do I assess the security posture of my machine and how do I harden it properly?".

Well, yes but it's because I'm separating each service into separate questions.
I guess I could say I have the following main services:
apache
ssh
squid

I believe I have taken care of ssh with my firewall settings, passwords, separate IP, non default port number, and logwatch. I could do a lot more but I believe restricting logons to 2 per minute and with a 10+ char&num password should restrcit the chances to negligible.

How do I then check the remaining security implications of having ports 80, 8080, and 3128 open plus apache/squid security implications.
These are by far the most likely ports that someone is going to try to hack in through. The rest are DNS, ICMP, etc.

There are plenty of tools out there that you can use to scan your own systems to see what is vulnerable with one of the best being nessus and its plugins.
But they say the biggest percentage of compromises are in fact results of social engineering, so sometimes it does not even matter how secure your systems are.

including scanning apache and squid config files?
I'll have a look at that download...
Do I install Nessus on the Linux box and also on another computer outside of the network to test its ports plus other stuff?

such as?

You're painting half the picture with a very broad brush.


Cool! Who are "they"? And where do "they" say that? Pointers welcome.

Social engineering isn't hacking or cracking.

Do you still log in over SSH as root user?
Do you use fail2ban or an equivalent (Failed SSH logins sticky)?
Why don't you use SSH pubkey auth?

What does Apache provide?
If it's PHP-based (and else too) did you ever invest time reading about security implications and the products docs or generic HOWTO's about securing it?
Does Apache have mod_security loaded?

What is Squid used for?
Does Squid have ACLs loaded?

For all available services, does your firewall provide rate limiting, blocking fragments and other unwanted traffic?


As far as scanning for ports with no access restrictions goes OK but saying "by far the most likely" is just making assumptions. Hardening your machine is more than just scanning for open ports with Nmap, Nessus or whatever else. I know it's in need of revamping but check out the LQ FAQ: Security references (or better: the cleaned version at http://rkhunter.wiki.sourceforge.net/SECREF).