LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions
User Name
Password
Linux - Distributions This forum is for Distribution specific questions.
Red Hat, Slackware, Debian, Novell, LFS, Mandriva, Ubuntu, Fedora - the list goes on and on... Note: An (*) indicates there is no official participation from that distribution here at LQ.

Notices



Reply
 
Search this Thread
Old 06-22-2013, 03:04 PM   #16
minty33
Member
 
Registered: Aug 2012
Location: earth
Distribution: Mint Xfce, Korora Gnome3, Ubuntu Server NoGui,
Posts: 136

Rep: Reputation: 1

oh okay so you do have a plan. i really wasn't sure why you were using bt i was not trying to be rude at all. i am always learning on this site myself and am no guru either. as for testing your web server i would say metasploit is a good tool for exploiting weak unpatched software but a good port scan using various options will give you a good idea of what an attacker could find out about your server. see what kinda of goods the machine gives up on various scan methods. it is this info an attacker will use to target specific software via a platform like metasploit. once you know what they can see there are ways to reduce the avaialability of this info. alot of the info you need to lock down your server will be linux server security practices using iptables, .conf files and rules to have good restriction etc... not much backtrack will do on that end. here are two good books however one is on metasploit but the other is great book on security tools and in particular has a great chapter on recon with nmap. i think it is the right book i know it has a drill on the cover but somehow this looks different to me. i will check mine at home and make sure. if it is wrong i will post the correct one tonight.
http://www.amazon.com/Metasploit-The.../dp/159327288X
http://shop.oreilly.com/product/9780596009632.do
 
Old 06-23-2013, 01:08 AM   #17
newbie14
Member
 
Registered: Sep 2011
Posts: 418

Original Poster
Rep: Reputation: Disabled
Dear Minty,
Yes first thing we have used a firewall and limited access via the vpn. Secondly we are using key based ssh login and with fail2ban and iptables and also pam enabled. Besides that the centos is installed based on minimal installation just with either web server or db server accordingly. I will look into the books do share any other sites if you know that will be good for beginners.
 
Old 06-23-2013, 01:32 AM   #18
John VV
Guru
 
Registered: Aug 2005
Posts: 13,523

Rep: Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805
If you have left CentOS 6.4 ( textonly server install) at the default settings
ALL ports are "stealth" blocked

as in they will NOT return a open or closed
cent will just NOT respond

so Nmap will not return much
 
Old 06-23-2013, 01:47 AM   #19
newbie14
Member
 
Registered: Sep 2011
Posts: 418

Original Poster
Rep: Reputation: Disabled
Dear John VV,
Yes is just the text base no gui. Thus from the firewall we open only certain port such as 80, 21 and 22 accordingly for web server and ssh. So what else can I do with BT to scan and find vulnerability?
 
Old 06-23-2013, 02:47 AM   #20
John VV
Guru
 
Registered: Aug 2005
Posts: 13,523

Rep: Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805
Start with "Kali" , dump the idea of using the rather OLD bt5 ( it is based on the unsupported ubuntu 10.04 )
http://www.kali.org/

then learn how to use the tools that are in it
start with the documentation
http://docs.kali.org/

then for each tool, use that tools web site and forum .

Think of it as earning a BS or MS degree , and it will take a bit of time .

Last edited by John VV; 06-23-2013 at 02:49 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Any official torrent link to download CentOS 6.0 or 6.3 ? thiyagusham Linux - Newbie 5 03-26-2013 12:37 PM
[SOLVED] torrent client + magnet link under Slackware 12.2 igadoter Slackware 5 04-07-2012 09:27 AM
magnet link to torrent prudra Debian 1 03-10-2012 10:00 PM
LXer: Torrent Search - Torrent searching application for the Gnome desktop environment LXer Syndicated Linux News 0 08-18-2010 09:20 AM
How to down iso image with torrent satimis Fedora 6 05-22-2006 10:09 AM


All times are GMT -5. The time now is 02:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration