Local Area Security Linux 0.4a

Anonymous Coward writes "Local Area Security Linux is a small 'live CD' distribution based on Knoppix that aims at being less than 185MB so it will fit on a MiniCD. It is now 107MB with FluxBox as the window manager. It contains about 100 security (forensics, penetration testing, firewall, intrusion detection, etc.) tools including Ethereal and Nessus. See a screenshot here."

maybe I missed it but,

[justMichael]

How do you deal with the weekly Nessus plugin updates? Do you have to d/l and burn a new disk every week or two?

Re:maybe I missed it but,

[Jeremiah+Cornelius]

You run "nessus-update-plugins", which pop th elatest and greatest to your ramdisk.

Same as Knoppix.

No big deal, losing these between boots. The 2200+ vulns on the CD are fine to begin with AFAIC.

Re:Security?

[Frymaster]

But.. it can be used for the powers of evil.

of course! tools are value-neutral - it's intent that makes something good or evil. a gun can be used to do good, a pillow can be a weapon of murder.

now what we really need is /dev/intent

Re:USB flash version

[sys$manager]

Hardly any systems have a BIOS that supports USB booting right now.

Re:Forensics utilities are somewhat useless

[Amon+Re]

Or more simply....a hacking tool.

Why not included in distributions?

[kneecarrot]

I have only dabbled in Linux so excuse my ignorance, but some of these apps seem rather important. Why aren't they included in the various Linux distributions? Or are they just better incarnations of included software?

Re:Why not included in distributions?

The point is, when something has gone wrong with your system -- like for example that it's been taken over by an intruder, you can boot up and try to do stuff, but you never know what kinds of traps the intruder may have left for you. Maybe they just looked around and did nothing, or maybe they've left behind special code so that just running a regular program or even just booting up might cause your entire hard drive to be erased. What you want to do in that kind of situation is boot off a different volume -- one that gives you software that is known to be good and known not to be under the control of whoever broke into your system.

Plus, in such a situation, you want to be able to look at the state of the system without changing it. Even booting up a regular system changes some files. If you are going to be contacting law enforcement or anything, you need to gather information that's as accurate as possible, with absolutely no unnecessary changes.

Another reason such a CD might be help is if you are a security person (or a hacker) who travels around a lot and wants to always have your tools with you. This could even be useful to a system admin who wants to do a spot check by booting up the CD on some computer in a different building than where his normal machine is.

Downtime

[Bruha]

Someone earlier said companies cannot afford downtime. True but in most corporate enviroments there are plenty of boxes to take over the job of the hacked box most times and in the event that there's no backup most serious hackings will require the downtime anyways to investigate and fix the issue.

Can you imagine if a credit card database was hacked and they said just bring it back up?

Re:Forensics utilities are somewhat useless

[agentZ]

you'll probably be working for a large firm that can afford forensics tools that cost tons of cash and do much more advanced forensics analysis than the forensics software for Linux.

If I'm working for a cash rich company, why can't I use the free toolkit and pocket the extra money set aside for "tools"?

Re:Forensics utilities are somewhat useless

I may be missing something here, but it sounds like you're describing a scenario where a machine has been compromised, and you're discussing what should be done afterwards. If you're describing something else, everyone should just ignore the rest of this article. Otherwise...

If a system has been compromised, then you can't afford not to take it down. In my book, any system that has been compromised is already down and should never be put back on the network again. At least not until you have done forensics, then either re-installed it from the original media or restored from backups that you're totally sure were made before the break-in. Anything else is just an invitation for downtime of your other machines and thus further losses. You may think you can go in and clean out the infection, but that's just a pipedream. You may have gotten it all, but you can never be sure, and from now on, that system is basically useless because it will always be suspect.

And if the rest of the business protests because that system is mission critical, then it's the system admin's responsibility to inform everyone that that's why it has to be worked on right away.

Re:No Damn Blaster...

[frovingslosh]

Now, how many tools like this do you see for a windows, or any closed source environment.

Actually, there are a number of tools for windows. Even ethereal is available for windows and works pretty well on it. Part of the problem is that you can't legally make and redistribute a CD that will boot and run windows from CD, so there would be no good way to set up windows with everything that needs installed and run these types of applications from CD, even if you had windows on the computer (plus not being able to plan for what flavor of Windows you had). And while there are a lot of good tools to do these things under windows, and most or all of what is on this CD is open source and certainly could be ported to windows, the people making these tools simply prefer Linux and put them there first. But the tools do exist under windows.

Re:live CDs are nice

[Kadagan+AU]

Along these same lines, but far more specialized, is MoviX, which allows you to customize it with any media files you like, then burn a liveCD that will play your movies/music on most any computer. I really love all these great innovations coming out these days! Another cool feature with MoviX, depending on the version you download, is that it can load the entire OS into memory, then you remove the disk and put a dvd in the drive to watch. fun times! =D

Re:live CDs are nice

[zapp]

(disclaimer: i've never used Gentoo, this is all just from what i've read about it)

Isn't Gentoo compiled specifically for your machine, with all sorts of optomizations and such? Doesn't that contradict the concept of burning a cd that can run on (almost) any system?

Re:Redundant

[advocate_one]

no, not redundant at all... optimisation will make it work fast on only the machine you built it for... try booting an "optimised" CD on the machines in a mixed environment... one where you have no real idea of what is in the box until you fire it up... like at a friends or clients place.

Those binary packaged tools also have the source available on the web and you can check each package out yourself there. the list of packages is available on the download site...

The guy who put the distro together has merely taken the trouble to save you a lot of time by assembling all the packages himself. I'm sure he will be just as keen to keep it up to date as well keeping track of major holes and also making sure you have the documentation available so you can keep it up to date yourself as well like you can with Knoppix.

I take it from your tirade that you've never enjoyed the advantage of Knoppix in being able to boot up the disk on someone elses computer without having to actually mess with the hard disk at all??? Just try turning up at a clients site with a CD stuffed with source code and expecting to be able to install it all on the hard disk before you can conduct your tests... and having to wait whilst it all compiles...

The prepackaged binary CD is far more convenient... and you can leave a copy behind for him to use himself... I've left behind some twenty knoppix CDs now for friends and relatives to play around with so they can experience Linux without having to mess with their hard disk. I've since gone back and installed it properly for seven of those people as duel boot setups.

Knoppix as a Debian installer

[deadcasuals]

One thing you can do is to install the Live CD to a hard drive to get a permanant installation. While this may seem counter productive for a Live CD, I've found it to be really useful. I'm currently using the Knoppix Security Tools Distribution as a "desktop" OS... :-) Knoppix 3.2 (what both these distros are based on) includes a really useful script to install the Live CD to the hard drive. It's the easiest way I've found so far to get a Debian testing/unstable system installed and running - with X configured correctly the first time! That, in addition to having tons of great security tools preinstalled and configured makes for one sweet network-workstation-on-steroids.

...of course, I'm in charge of security where I work, so using this as a desktop OS may get you fired from _your_ work... :)

g00r00?

OpenBSD?

[megaversal]

If they're trying to offer a secure server Linux distro, you'd think they'd run their webserver on that instead of OpenBSD.