I have always had an interest in network/computer/data security and have for years played around with a number of interesting and useful tools that can be used to audit systems for vulnerabilities as well as exploit them. To that end, I have never put together a list of the security audit and penetration testing applications and tools that I find indispensable when performing these types of scans and audits – this is that list.
This article involves the use of tools and techniques that may be illegal and in most cases are frowned upon to be used in any manner other than research and/or security testing of YOUR OWN infrastructure. Mis-use of these tools or the techniques mentioned in this article can get you in REAL TROUBLE. I take no responsibility for any damage to system that you may cause by using this information or any trouble that you get into by mis-using this information. If you plan to use these tools in a consulting capacity on behalf of a customer wanting a security audit, ensure that you have a well defined scope and signed agreements that release you from liability caused by any damage/outage as a result of your testing.
In this article, I am going to outline the steps that I have taken to create a secure and stable FTP server for general purpose file transfer etc. I am not using FTPS (FTP Secure) in this article though it is possible using vsftpd. I have used a number of techniques in this article to secure the server that can be found here as well as some tweaks to SELinux that I will explain.
I take no responsibility for any damage that may result from following this guide. Ensuring that you take the appropriate measures to secure your server/infrastructure is paramount. I also recommend thoroughly testing this configuration before production use.
This post outlines the procedures that I use to secure a LAMP stack built on Ubuntu or Debian. All of the techniques outlined in this post are ones that I have gathered over the years through experience as well as through research and other Internet sites.
DISCLAIMER: I take no responsibility for any damage that may be caused to your system as a result of following any portion of this guide. As with anything that has a system wide effect, it is highly recommended that you backup your system prior to making any changes. Additionally, as with any web application, it is important to ensure that the file permissions are set correctly as well as that the code has been audited to ensure it is secure.