Security holes, how do hackers get in?

You either break in via a flaw that allows you to predict what the machine is looking for and inject your traffic in, which the server thinks is coming from somewhere else, or you use a buffer overflow, where an extra bit of code is added onto the end of some data going into abuffer, this code is then execute by the kernel, as a privilidged user, this code can then be used to run something else, such as adding a malicious user.
Other things to do, latest kernel patches, firewall, go through your startup scripts, make sure nothing is started that you don't need.
Titan is an excellent resource to help harden your machine (http://www.fish.com/titan/TITAN_documentation.html)
But definately keep all internet facing services (sendmail, bing, apache etc) patched up to date

There are many ways in which security can be compromised, many types of attacks and so on. Have a look at www.securityfocus.com and you'll see that there were problems with almost everything (and get scared ;-).

An old example is sendmail. Sendmail allowed emails to be piped to commands (this feature is used by mail lists managers like majordomo). But the default configuration till version xx (I don't remember) allowed  everybody to do that. Imagine what happends if you can run a command (maliciously) remotely on a mail server with the mail daemon rights. And on solaris user sendmail has uid 0 (which means root).

Nessus (www.nessus.org) is also a good tool to check your server security. There is also an article about nessus: http://www.securityfocus.com/infocus/1741

And to state once again what liddler said: "keep all internet facing services (sendmail, bing, apache etc) patched up to date"

Thanks,

Also I've been told to update my kernel. Whats the easiest way of doing this and where can I find kernels? Also, what is the main purpose of the linux kernel?

You can get the kernel source from whover you distribution comes from i.e. www.redhat.com for RedHat or www.linux-mandrake.com for Mandrake.
The Kernel is the core of the operating system, the same as DOS or windows XP is on Microsoft machines

Depending on what you are using see
http://www.redhat.com/support/resources/howto/kernel-upgrade
http://en.tldp.org/HOWTO/Kernel-HOWTO

Also one mybe intersting page: http://www.governmentsecurity.org

What's the purpose of the kernel ? Hmm. Basically is the core of the OS

Nice liddler, you're faster :)

Thanks guys, is there anyway of splitting the points?

There should be a split button somewhere bellow the comment area...

I cant see it, I'll ask the mods.

One more quick question. I've just purchaed Mandrake 9.2 Pro Suite. It comes with sshd 3.6 which is the same version I've got the source files for. Do I uninstall the rpm that comes with the o/s and install from source or is it safe to leave the one that comes with it? This goes for all packages

Thanks

None. You install the packages as they came and after you have installed the machine, trimmed it down to what's necessary only and secured it, you use the UPGRADE feature for your distribution. This should contact a server from the vendor (or a mirror) and fetch and install the necessary packages
If you register, you'll also receive emails when an upgrade is available

I cant use the upgrade feature as the servers dont currently have an internet connection, and when they do, they wont be booting using the gui, it will be command line only. Is it safe to leave the packages that are installed?

There should be also a command line tool for upgrading.

Best would be to do the upgrade through a firewall first and than put them on net.

ok but if its the latest rpm thats been installed during install then it should be quite safe, or not?

Cheers, your advice has been really helpful, thanks a lot