PDA

View Full Version : Knoppix optimised for Network security



vengapir8
02-27-2003, 02:37 AM
.

mmaki
02-27-2003, 05:20 AM
This is exactly the system I have been meaning to create. Dump all the games and I'm sure we can fit these on. I know many are already in the regular system.

I have used most of these and would like to get comments from other more experienced admins on their favorite tools.

Mike

airsnort
amap
arping
cheops
etherape
ethereal
fping
gipsc
ipfm
ipsc
iptraf
kismet
mrtg
nbtscan
netsaint
ntop
pchar
snort
tcpdump

David Douthitt
02-27-2003, 05:37 PM
Some of my favorite tools are:

tcptraceroute
iplog
arping
portsentry

Note that Red Hat released a program arping which is NOT the one I like, but rather there is another one that allows you to ping addresses by just giving an ARP address.

You might wish to note that the latest release has the following already:

kismet
tcpdump
iptraf
ethereal
airsnort

minhsao
03-12-2003, 05:58 PM
You might wish to note that the latest release has the following already:

kismet
tcpdump
iptraf
ethereal
airsnort


However, Kismet in 3.1 is only a 1.4 version and I been having issues getting it working properly.

As for tools on the custome knoppix... don't forget MTR ... great traceroute util

BTW... what is the current status of this project?? I am very interested.
Thanks!

Min

mmaki
03-12-2003, 07:15 PM
Glad you asked, cause I've been meaning to post. I remastered by removing all the foreign language (non-English) KDE files to make room. I added all the packages posted here. Of course many need more configuring to work from the CD, but they do work. If there was someplace to upload my iso I'd be happy to.

I believe mtr is already there. I don't remember installing it and it ran when when I started it.

minhsao
03-12-2003, 07:51 PM
cool! :D
Yeah I would love to get a copy of your new ISO.
Does Kismet work on your ISO? If so what version of Kismet is it?

As for servers... I don't know where you can put it, but I can probably set some space aside on my home ftp tonight if you are interested. Email me or IM me and I can get it setup. Also you might want to think about using BitTorrent to distribute instead of hosting it on one single FTP.

http://bitconjurer.org/BitTorrent/index.html

Thanks
Min

vengapir8
03-13-2003, 12:31 AM
.

minhsao
03-16-2003, 03:30 AM
mmaki,
Any news on your custom system util tools version of Knoppix?
Which version of Kismet are you using??

Thank
Min

mmaki
03-17-2003, 11:10 PM
Sorry for the delay in reply, I though I would be notified of replies. Seems that works sometimes and not others. Anyway, I have v 2.6.2-6 of kismet. I have not tried it from CD. I know it works from a HD install. I'll try it from CD and let you know.

I'll check out BitTorrent too.

Mike

minhsao
03-25-2003, 03:23 AM
cool ... looking forward to it.

Thanks

min

minhsao
03-27-2003, 04:41 PM
FYI... With the new version of Knoppix, kismet 2.6 works great!!!

Berdt
03-31-2003, 10:07 AM
maybe it is a good idea to add the Citrix ICA client, behind the present rdp and vnc clients?

drewbradford
03-31-2003, 10:15 PM
Don't forget the NTFS tools. It can come in handy to be able to use ntfsresize.

mmaki
04-01-2003, 05:29 AM
What are the NTFS tools? Please list them here and I'll try to include them.

drewbradford
04-01-2003, 08:03 AM
They are available at http://linux-ntfs.sourceforge.net/.

Some of them are experimental, but they are fairly small in size, so it's worth including as many as possible.

shadow
04-12-2003, 07:40 AM
Don't forget to install the chkrootkit tools as well. These would be very useful to me.

stars
05-18-2003, 07:27 PM
Anyone still interested on this ?
I guess I will be picking up on this to create my own security/forensic/etc tool kit.
But it would be nice to get some help :D

Like suggestion on how to add modules easily. I think morphix is a nice idea but I would like to use the standard Knoppix release as there seem to be a lot of updates on drivers, etc.

All I need is to make a standard list of apps to remove (eg open office, kde organizer, etc) to make way for the security modules/packages.

Any comments? :)

Thanks!

mmaki
05-18-2003, 11:13 PM
I still have the remaster I did that contains the packages I listed in the 2nd posting of this thread. I have been meaning to post it with BitTorrent but have not yet. I would actually like to remaster it with the latest 3.2 but .... gotta find the time.

funtasmc
05-20-2003, 01:10 AM
I built a re-master of Knoppix 3.2 with as many of the "Top 75" list at insecure.org as I could....

All I did was do an apt-get install on all the packages by name. So, only the latest version with Debian packages out there were installed. Next revision, perhaps I will put some effort into the apps. I put the real effort into actually doing the re-mastering.

I took regular Knoppix and removed the foreign KDE locales (afterall *I* am American, everything should be the way *I* want it. :roll: ). This gave me more than enough space to add:

Snort (with default rules)
dsniff
whisker
John The Ripper
Nikto
nbtscan
Xprobe2
Ngrep
THC-Amap
Nemesis
fragroute
fping
TCPtraceroute
tcpreplay

--------------------------------------------
Knoppix 3.2 already included:

Nessus
Ethereal
Netcat
tcpdump
hping2
ettercap
openssh
Kismet
airsnort
GPG
Perl
OpenSSL
lsof
hunt
stunnel
The Coroner's Toolkit
arpwatch
dig


The rest of the Top 75 were either for Windows, were not "free", were not available as Debian packages or didn't really apply to a LiveCD distro (like firewalls, other OSes, etc).

I am more than happy to share the end result. I just don't have a fat enough pipe to share the iso out on my own network. Perhaps soon I will, and perhaps by then I'll have made the re-master even better.


Mike
PS: Thanks to the Knopper team for the AWESOME distro. :D

t1ck_t0ck
05-20-2003, 04:47 AM
I also have a customization like this nearly done: Knoppix-STD (security tools distribution). It includes tools organized as follows (a lot of these come with Knoppix by default):

cracker: john with custom dictionary and AFS,NTLM,MySQL patches
crypto: openssl, gnupg, stunnel, etc
firewall: iptables & gtkiptables
forensics: sleuthkit, autopsy, fenris
honeypot: honeyd, labrea
ids: snort, aide, syslog
net-utils: etherape, ntop, cheops, arpwatch, etc
pen-test: many many pen test tools
servers: dns, irc, xinetd, apache, cryptcat, samba, etc.
sniffers & assemblers: ethereal, tcpdump, ngrep, netsed, paketto, ettercap, etc.
vuln-test: amap, nmap, nessus, snot, hping2, chkrootkit. nbtscan, etc.
wireless: airsnort, kismet, wavemon, wardrive, patched orinoco

hardly a complete list, but you get the idea. I'm trying to score some hosting now. I'll post a general announcement and to this thread when it's up. I'm hoping to have it up by June 1st.

stars
05-20-2003, 04:04 PM
I was thinking of removing some games and open-office using the kpakage manager. Advisable>?
The remastering script seems to require 6G of space ...

How did you install the packages?
Did u chroot, compile and make install ... remove the "work" directories and remaster?
I guess the main problem will be the libraries dependencies?

I am still new to knoppix ... and was thinking could morpix be a better choice?
Any comments? :-)

Thanks!!

poussin
05-21-2003, 07:36 PM
It will be a very good distrib , keep me informed please


:P :P :P

poussin
05-27-2003, 05:51 AM
No News :(

t1ck_t0ck
05-27-2003, 02:12 PM
Well, not much news anyway. I'm still aiming for this weekend (June 1st) as a release for the Knoppix-STD beta iso. I just have a couple of minor issues to work out. For a beta it's pretty tight and it looks like everything works.

I've got a domain, but I'm sure I'm going to get nailed by my ISP for posting a 700 MB iso, so I doubt I'll be able to post it for too long.

I'm still looking for mirrors (Help?) and I'm going to try distribution through Bit Torrent [http://bitconjurer.org/BitTorrent/index.html]. I'll also sell the CD for those lacking bandwidth or paitence.

So, hopefully, it will be posted this weekend. I'll make an announcement here and a new post to Customising & Remastering.

kwadroke
05-27-2003, 10:00 PM
I've got a domain, but I'm sure I'm going to get nailed by my ISP for posting a 700 MB iso, so I doubt I'll be able to post it for too long.

I'm still looking for mirrors (Help?) and I'm going to try distribution through Bit Torrent [http://bitconjurer.org/BitTorrent/index.html]. I'll also sell the CD for those lacking bandwidth or paitence.

What about creating a Sourceforge Project? www.sourceforge.net

t1ck_t0ck
05-27-2003, 10:11 PM
Tried it. They denied my project. :(

Maybe I'll try again since several other Knoppix customizations are available over there, as is FIRE. Maybe I just caught one of their moderators on a bitchy afternoon.

RuffRidr
05-29-2003, 02:09 PM
Tried it. They denied my project. :(

Maybe I'll try again since several other Knoppix customizations are available over there, as is FIRE. Maybe I just caught one of their moderators on a bitchy afternoon.

I'm very interested in your Knoppix-STD customization. Are you still going to be posting it soon? I think the BitTorrent idea for distribution is a good one also.

--RuffRidr

t1ck_t0ck
05-29-2003, 02:25 PM
Knoppix-STD is still on track, but it might be the beginning of next week before I can post the iso. I've been getting some good feedback from my alpha testers that I won't have time to incorporate until this weekend.

I still don't have any hosts/mirrors, so Bit Torrent will probably be my main distribution method.

To be safe I'll say next weekend, June 7th, but I'll probably have something up Tues. or Wed.. It's all I'm working on right now, much to the detriment of my paying job :)

coulter
06-08-2003, 03:25 AM
just wondering when we would see this package up... I do have a request, could you include the modified Orinoco drivers http://airsnort.shmoo.com/orinocoinfo.html so that the wireless cards can have some function?

Thanx

t1ck_t0ck
06-08-2003, 07:35 AM
Well, I guess it's good enough for now. Official announcement is in a separate post. Yes, Virginia, it does include the patched orinoco drivers (see screen shots). :)

Please go easy on my poor ISP's server. If you can mirror or provide torrent link, please let me know at t1ck_t0ck@knoppix-std.org. 600MB iso. CD's for sale probably Wed the 11th.

well here we go:

Anouncing Knoppix-STD 0.1b: security tools distribution

STD focuses on information security and network management tools. It is meant to be used by both the novice looking to learn more about information security and the security professional looking for another swiss army knife for their tool kit.

homepage: http://www.knoppix-std.org
forum: http://forum.knoppix-std.org

RuffRidr
06-09-2003, 03:01 PM
Me and the rest of the team are playing with it now. We're really liking it so far!

Great job t1ck_t0ck!

--RuffRidr

kamikaze_fish
06-17-2003, 05:35 AM
very nice!!! thank you tick tock! I'll be dloading it tomorrow and will let you know what I think. If it is good which it sure looks it, I'm sure I can scrounge a couple of dollars up to donate from the guys at work.

dragonx
06-17-2003, 06:17 AM
I tried the KNOPPIX-STD it works great. I have a re-master at my site called the Penguin Sleuth Kit. You can check it out at:

www.linux-forensics.com

I also posted a validation study that I did on Knoppix. It doesn't look so good for EXT3 and reiser partitions. I have found that mounting read-only on reiser and EXT3 partitions changes the state of the drive. The study is in the publications section of my website and comes on my penguin sleuth CD. There is a link in my download sections that explains what Penguin Sleuth has on it.

t1ck_t0ck
06-17-2003, 10:31 PM
A couple of things.

1) Penquin sleuth kit looks great. can't wait to try it out.

2) the Knoppix validation paper is a must read. Everyone even vaguely interested in doing an autopsy on a Linux box using a Linux OS like STD (or PSK or FIRE or....) should read this paper! [www.linux-forensics.com]

3) www.knopix-std.org is down. Bandwidth exceeded. I'm not surprised. My monthly bandwidth allowance was 16 GB and I was using about 25 GB a DAY :).

In the week that I've had the iso posted I've had nearly 600 downloads. Thanks for the support! I'm glad you're finding it useful.

Please bare wth me. I expect to have a mirror on ibiblio soon as well as sourceforge. I'll also be ditching the ghetto ass ISP I've been using. DON'T EVER USE 5gbhosting.com. (I should have known the pricing was too good to be true. I should have done my research. I know better than this...)

At any rate. The site should be back soon. STD is just getting started.

dragonx
06-17-2003, 11:12 PM
I do have to admit STD is very well organized. I have a quick correction. My Validation Paper is not on My CD yet. I released the first ISO before the paper. I will be including it with next weeks release. I have to do one or two cosmetic changes to Penguin Sleuth (Can you believe i mispelled version) plus add the paper. The paper though is available on my web site for now. The good news is that there has been some work done on figuring out the potential problems and it looks like you will still be able to use the CD's to mount the partitions. You will just have to do it from a command line with certain switches. I am not sure yet on the verdict. I will try to post another paper when the possible solution is figured out. I'll keep you posted.....


Thanks
Ernie Baca
www.linux-forensics.com