Local Area Security Linux 0.4a

Anonymous Coward writes "Local Area Security Linux is a small 'live CD' distribution based on Knoppix that aims at being less than 185MB so it will fit on a MiniCD. It is now 107MB with FluxBox as the window manager. It contains about 100 security (forensics, penetration testing, firewall, intrusion detection, etc.) tools including Ethereal and Nessus. See a screenshot here."

Torrent file

[DJFelix]

Click here for a torrent of the .04a ISO image.

Enjoy!

Re:Torrent file

[numatrix]

Please, PLEASE folks, use the torrent. My desktop is one of the mirrors, and I suddenly noticed about 9Mb/s started flowing and couldn't figure it out. I joked to my officemate that one of the isos I was hosting musta been /.'ed. Then I thought about it and, well, yeah, it was.

Fluxbox

[Blangopolis]

The window manager that LAS is using, fluxbox, is a truly great window manager. I think that it is one of my favorites. It basically is an extension of the blackbox window manager. I was actually reading a review on it earlier.

Overall, this is a great new window manager, that will perform well on lower end machines.

SLashdotted!! mirrors

[Creepy+Crawler]

::::: New Mirrors Added! :::::

L.A.S. 0.4a Main with FluxBox MD5: 0939d7294035b5246bedbce1085bb1e1

http://lightning.chem.tue.nl/las/l.a.s_0.4a_MAIN .i so -The Netherlands

http://sarovar.org/mirrors/knoppix-las/l.a.s_0.4 a_ MAIN.iso -India/Asian Pacific

http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.4a_MA IN .iso -USA

L.A.S. 0.3b Main MD5: f47150d2458c78169a65458bcf8ebf96

http://lightning.chem.tue.nl/las/l.a.s_0.3b.iso

http://sarovar.org/mirrors/knoppix-las/l.a.s_0.3 b. iso

http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.3b.is o

L.A.S. 0.3b SECSERV MD5: ff412734492e39d1d084ced556a47493

http://lightning.chem.tue.nl/las/l.a.s_0.3b_SECS ER V.iso

http://sarovar.org/mirrors/knoppix-las/l.a.s_0.3 b_ SECSERV.iso

http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.3b_SE CS ERV.iso

Re:live CDs are nice

[caudron]

"when's the day that I can roll out my own live CDs without TOO much effort? Just select the packages you want, kernel, drivers, etc, wait as the program churns out a nice ISO for you which you can burn to a CD and voila, insta-Linux!"

When? Today.

What you just described is what Gentoo is about entirely. Gentoo fanaticism aside, if that's what you want, then you should look into it.

-Tom

Re:maybe I missed it but,

[anno1a]

With it being based on Knoppix, which is based on Debian, I'm sure a simple procedure of apt-get update, apt-get dist-upgrade could be implemented, installing all (or better, only selected vital-for-security-checking) updated programs onto a RAM-drive.

Sounds a lot like F.I.R.E.

This sounds a LOT like F.I.R.E. (http://fire.dmzs.com) which I've found to be extremely useful, and highly recommend for forensics, pen testing, and other practical security efforts.

Re:live CDs are nice

You can now.

Check out Morphix. It's a distro based on Knoppix, but modularized. There are small versions (that will fit on a mini-CD) as well as "fat" versions (with all the bells and whistles).

It's designed so that you can choose the features you want, add additional software, and burn a custom CD. Not quite turnkey, but quite doable with a little effort.

Re:Forensics utilities are somewhat useless

[DamienMcKenna]

I think the idea of this is to grab a random PC on the network and use it for testing, like Mary Thesecretary's P4/3ghz that is used for daily reports and word processing. I don't really think they want you to take down the core servers to run tests, if you do that then you don't have anything to test against.

Re:Why not included in distributions?

[eggarsuit]

I think the point of the Live CD is to let people use these tools without having to actually install Linux on their computer. Versions of all of these tools are available with pretty much every other Linux distro. It's just a way to use this software without dedicating a machine, or even part of a machine to Linux.

Redundant

[veldmon]

Gentoo already provides this service and much more. I have used the the ports collection (Portage) to download the source of each and every package that is on this new LANSL LiveCD.

Why would I want to use an unoptimized version of each of these security tools when I could speed up their operation by at least 10%?

It just makes imminently more sense to only have source on your CD. What's the use of binary packaged security tools that could have buffer overflow vulnerabilities of their own, that I could not first examine before using.

Re:YADLD Yet Again :-P

[autechre]

Lazarus and The Coroner's Toolkit were developed several years ago by Wietse Venema (Postfix, TCPWrappers) and Dan Farmer (SATAN). Lazarus recovers deleted files which can then be browsed with a Web browser. The Coroner's Toolkit is forensics software (post-breakin analysis). I saw a presentation on them in 1999, and they looked very useful then; I'm sure they're even better now. Fortunately, I haven't had occasion to use them :)

Re:USB flash version

[numatrix]

I can think of two:

knoppix-usb
and runt.

Knoppix-usb is based on (you guessed it!) and runt is based on slackware.

Just like Trinux

[DrugCheese]

I used to use an old floppy based distro called Trinux. On about 3 floppies I had X server + GUI web browser and some network tools to do some testing. I think it was flown as a security tool distro but I used it mainly for network troubleshooting. Still ahve the floppies but I think the site and distro have died.
Anyone know what I'm talking about?

File information for the BT

L.A.S. 0.4a MAIN with FluxBox
Description: This is the alpha version of 0.4 with FluxBox added along with more tools.
MD5: 0939d7294035b5246bedbce1085bb1e1
Version: 0.4a | Filesize: 107.29 MB
Added on: 11-Aug-2003
Homepage | Details

HTH

Re:live CDs are nice

[jafiwam]

Not that I know anything about it (still playing with Knopppix) but there is Debian based Knoppix like thing that lets you customize the CDs first.

Again, not that I have tried it. Here's a link:

Morphix

I'm using it right now ...

[MacEnvy]

I'm typing this right now in the "Links" browser. It's fast, it looks good, it has most of the tools I use (Nessus, Ethereal, XMMS, Firebird). I might just mod this and carry it with me instead of using other people's machines when I'm doing diagnostics. It picked up my wireless correctly and everything.

Have fun with this one, kids.

Re:Forensics utilities are somewhat useless

[MoralHazard]

Oh, really? Since when does "advanced forensics [sic] analysis" involve expensive tools? What forensic company do you work for, anyway, that you'd have the experience to make such a sweeping generalization? Oh, wait... you DON'T work for a forensic company--you build servers for a living.

I've worked six jobs in the last four months using Unix tools, and used various combinations of dd, netcat, ssh, mount, losetup, grep, and the other unix basics to wonderful effect on every one. They don't really ever fail on account of bugs or arbitrary limit conditions (can't handle files bigger than X MB, for instance), and they're terribly simple to troubleshoot. Oh, and there's nothing like an open-source tool for when you have to walk into court and answer the question "So, Mr. Expert-Computer-guy, how do you KNOW that this software did what you said it did?" It takes the wind out of an attorney's sails when you whip out the printed source code to md5sum and start walking him through it.

I've used the $90K forensic tools from the high-profile companies, and they work OK. Not great , though. EnCase, one of the more popular LE programs, has been plagued with bugs in the latest major version. Also, they're restricted to Windows and Mac analysis, so you're out of luck if you get a Linux machine. Oh, and don't even bother with tech support unless you're a true idiot who has failed to plug in his computer--one time, their IDE write-blocking interface was forcing drives into PIO mode (and taking 40 hours to copy a 10 GB hard drive!), and their phone tech suggesting that I try "www.hardforum.com" for technical advice. Talk about pure shit.

Most of the other insanely expensive tools that I've used have similar issues: limited platform support, buggy out the ass, and crappy tech support. The last isn't their fault so much, because most people using forensic tools are advanced enough that they won't be helped by any by the best--and the best technical/forensic people are expensive. But the bugs, oh god, the bugs!

There are a few tools that the USAF's OSI put into public domain usage that are handy, but really, you just need a linux machine with dd, ssh, netcat, and a custom kernel.

I'm not impressed

[frovingslosh]

OK, I'm running it right now. I'm not very impressed. The menu does not list all of the included apps (none of the security apps, the very reason for this, as far as I can tell. It (the menu) does have stuff I don't want, including a lame game, a spreadsheet, a winamp clone and some other stuff, but not the security stuff!

I got a shell running, but there seems to be no man command and no documentation for some things in the menu, like the TinyIRC client. Obviously since I'm posting this from the running ISO there must be a web browser, but I had never used "links" before, so it was not easy to find. How I find the security tools supposedly built into this I have no idea. I did get a GUI ethereal running by bringing up a shell and typing in ethereal, but I just don't know what else is here (and what isn't).

By the way, I have network issues when booting Knoppix on this computer, so I booted this ISO with the "Knoppix expert" option. Or at least I tried to. Although it prompted me for the boot option, it ignored it after I typed it in.