LAMP and postfix-dovecot security

Hash: SHA1


I am very much new at administrating a LAMP/email server, although I have administered, fixed and secured Windows systems for around five years.
I have built a system based on Ubuntu 9.04 running services are ssh, LAMP, and Postfix with Dovecot.
Everything is working fine, as far as my limited knowledge allows me to deduce such workings.
I eventually plan to expose this system to the Internet after I investigate integrating ClamAV, PostfixDspam, the SPF package and Forum
software. But before I take this any further, I wish to security test the existing system.

As a novice security researcher I am looking for advice and links to tips and tools which will allow me to test all of the currently installed
components from a security perspective. I will worry about the rest at a later date. I have googled but I would take me days to separate the
wheat from the chaff.

So far I have come across although not used Nikto, Nessus, DenyHosts. I am also aware of and have used to a limited extent Backtrack and
KCPentrix live CD's

Can anyone please offer sources of information and tools on hardening and pentesting the services I currently use.

Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla -


This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

Relevant Pages

  • Re: Starting a host
    ... > A friend of mine and I are going to startup a host on the internet. ... > like to read about these services in order to know about any security ... > clients that are into the music industry. ... > or if you could suggest good books on security issues, administrating ...
  • Re: What are the best OSS discussion group apps?
    ... thomas fisher wrote: ... Comment: Using GnuPG with Mozilla - ...