LAMP and postfix-dovecot security

Hash: SHA1


I am very much new at administrating a LAMP/email server, although I have administered, fixed and secured Windows systems for around five years.
I have built a system based on Ubuntu 9.04 running services are ssh, LAMP, and Postfix with Dovecot.
Everything is working fine, as far as my limited knowledge allows me to deduce such workings.
I eventually plan to expose this system to the Internet after I investigate integrating ClamAV, PostfixDspam, the SPF package and Forum
software. But before I take this any further, I wish to security test the existing system.

As a novice security researcher I am looking for advice and links to tips and tools which will allow me to test all of the currently installed
components from a security perspective. I will worry about the rest at a later date. I have googled but I would take me days to separate the
wheat from the chaff.

So far I have come across although not used Nikto, Nessus, DenyHosts. I am also aware of and have used to a limited extent Backtrack and
KCPentrix live CD's

Can anyone please offer sources of information and tools on hardening and pentesting the services I currently use.

Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla -


This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.