LAMP and postfix-dovecot security



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I am very much new at administrating a LAMP/email server, although I have administered, fixed and secured Windows systems for around five years.
I have built a system based on Ubuntu 9.04 running services are ssh, LAMP, and Postfix with Dovecot.
Everything is working fine, as far as my limited knowledge allows me to deduce such workings.
I eventually plan to expose this system to the Internet after I investigate integrating ClamAV, PostfixDspam, the SPF package and Forum
software. But before I take this any further, I wish to security test the existing system.

As a novice security researcher I am looking for advice and links to tips and tools which will allow me to test all of the currently installed
components from a security perspective. I will worry about the rest at a later date. I have googled but I would take me days to separate the
wheat from the chaff.

So far I have come across although not used Nikto, Nessus, DenyHosts. I am also aware of and have used to a limited extent Backtrack and
KCPentrix live CD's

Can anyone please offer sources of information and tools on hardening and pentesting the services I currently use.

Thanks
Dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFK2fawBStvyIzJtOARAnPQAJwLYqp23ZOavSXeZDh/PAzoM74ynwCcC9Rv
byLHWYRXYn0DM1G0eNzohVw=
=ycDl
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------