I got burned about 10 years ago by 'samba' not doing what I thought I'd told it to. I used the 'bind interfaces only' configuration directive, which I thought would prevent it from opening any ports on my Internet interface. I was wrong.
Unfortunately I also had no idea about the concept of security patches and, to this day, I still have no idea how I should have gone about getting security updates for Slackware (I switched to Debian and never looked back). The result was some script kiddie got root and started to use my box to start scanning for more vulnerable samba installations to break.
My response was to unplug all of the network cables and have a poke around to see what he'd been up to. I took a full backup of the box and then re-installed it from scratch as I couldn't trust it.
I learned that you should always look at what ports you have open (`netstat -lpn` is my favourite command for this) and that there are some times when a firewall might be of use (I'm not a fan of firewalls on anything other than gateway boxes).
I'd say the the single most important thing that you've mentioned there is 'logcheck'. If you can remove all of the login spam (by moving ssh to a non-default port for example), then watching your logs becomes a reasonable task and will alert you to any specifically targeted attacks.
"If I have to change it every XX days, I tend to pick very easy to remember passwords, and just change a digit at the end of it every time. As a result of this password "enhancement" system, I think I personally have much weaker passwords."
Assuming that "XX days" === 'less than 100 days', I totally agree.
We use a six month password cycle at work, and I think that's reasonable as it only takes me a few days to remember a password that I use tens of times a day. If it's a password that I use less frequently or a change is mandated more frequently, then I would do the same as Bruce and use something more obvious or only make small changes to the password each time.
This may be a good introduction to BSD (I don't know BSD at all so can't comment on that side much), but it certainly isn't representative of modern Linux kernels and distributions.
"Last modified: $Date: 2005/04/15 06:38:18 $" explains a lot.
I was about to comment about this specifically until I saw that someone else beat me to it.
THIS ARTICLE IS FROM 2005 PEOPLE
Sure, some things will have not changed, but I imagine a great many things will have. While its a good article and a good read, I wouldn't consider it up to date; if anyone has a more recent discussion I'd definitely be interested in reading it. For example, how the discussion covers largely RedHat based distros, if the article was written nowadays I think that would change.
You're essentially saying to follow the herd then; as a nerd, I can not blindly condone such an action. This doesn't mean you should stop fighting though.
http://www.theregister.co.uk/2009/07/20/anti_sec_spoof/