I have security measures put in place to keep unwanted users out of my server. I’ve changed the SSH port, disabled root login, have a software firewall to block portscans, and have entries in hosts.deny and hosts.allow.
I have various services denied to all but another server of mine should my IP change, and two other administrators + my own IP address.
My question is, can hosts.deny/allow configuration be overridden so that they can gain access to my server? Does using chroot jail for running things like an IRC server and Teamspeak server prevent people from gaining access to my server and screwing with it?
/etc/hosts.{allow,deny} is only used by a network application if it uses TCPWrappers; if it doesn’t then those files practically may as well not exist, and if it does then those files should hold regardless of the clients. A chroot jail will certainly provide some security, but if you want something bulletproof then you’ll want to look at SELinux and the like.
Check more discussion of this question.
