LAMP and postfix-dovecot security

From: admin <admin@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 17 Oct 2009 17:54:08 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I am very much new at administrating a LAMP/email server, although I have administered, fixed and secured Windows systems for around five years.
I have built a system based on Ubuntu 9.04 running services are ssh, LAMP, and Postfix with Dovecot.
Everything is working fine, as far as my limited knowledge allows me to deduce such workings.
I eventually plan to expose this system to the Internet after I investigate integrating ClamAV, PostfixDspam, the SPF package and Forum
software. But before I take this any further, I wish to security test the existing system.

As a novice security researcher I am looking for advice and links to tips and tools which will allow me to test all of the currently installed
components from a security perspective. I will worry about the rest at a later date. I have googled but I would take me days to separate the
wheat from the chaff.

So far I have come across although not used Nikto, Nessus, DenyHosts. I am also aware of and have used to a limited extent Backtrack and
KCPentrix live CD's

Can anyone please offer sources of information and tools on hardening and pentesting the services I currently use.

Thanks
Dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFK2fawBStvyIzJtOARAnPQAJwLYqp23ZOavSXeZDh/PAzoM74ynwCcC9Rv
byLHWYRXYn0DM1G0eNzohVw=
=ycDl
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Follow-Ups:
- Re: LAMP and postfix-dovecot security
  - From: Claudio Criscione
- Re: LAMP and postfix-dovecot security
  - From: Joe Peters

Prev by Date: Re: Which Commercial Web App Scanner?
Next by Date: Re: List of Computer-based Security Testing Methodologies
Previous by thread: Security Analysis and Data Visualization - Book
Next by thread: Re: LAMP and postfix-dovecot security
Index(es):
- Date
- Thread

Relevant Pages

Re: Starting a host
... > A friend of mine and I are going to startup a host on the internet. ... > like to read about these services in order to know about any security ... > clients that are into the music industry. ... > or if you could suggest good books on security issues, administrating ...
(comp.os.linux.networking)
Re: What are the best OSS discussion group apps?
... thomas fisher wrote: ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
(Ubuntu)