here's the deal:
- i have a dedicated linux server (RH 8.0)
- a hardware firewall (snapgear lite plus) with three ports open: 22, 80, 443
- up-to-date versions of openssh, openssl, zlib, java, apache, tomcat, mysql (basically, it's used as a web server, and nothing else)
currently, i don't have anything listening to 443 - this will eventually be used for getting sensitive user data. (nmap only sees 22 and 80)
there are two user ids, both of which have random passwords.
how might a hacker get into this system?
the reason i ask is that i'm getting close to going live, and i've been working under the assumption that with very few processes and virtually no open ports, that i should be ok. but given this type of system, what kinds of attacks are there? (i'm more concerned about data being compromised than DoS)
when you say insecure scripts, are you referring to cgi scripts, or something else? other than making sure that there's nothing exciting in apache/htdocs and tomcat/webapps, is there anything i should be careful of?
basically, the system is set up as:
apache -> mod_jk2 -> tomcat
Pretty much any kind of script. Most recently the common ones I find are PHP scripts with poorly written includes.
The big thing if you use any scripting languages or dynamic code on your site (although it's good practice even if you don't), is to make sure you have your kernel up to date, your system well patched, and if you search around in these forums you can find numerous tips on securing the system further.