Local Area Security Linux 0.4a

Anonymous Coward writes "Local Area Security Linux is a small 'live CD' distribution based on Knoppix that aims at being less than 185MB so it will fit on a MiniCD. It is now 107MB with FluxBox as the window manager. It contains about 100 security (forensics, penetration testing, firewall, intrusion detection, etc.) tools including Ethereal and Nessus. See a screenshot here."

Torrent file

[DJFelix]

Click here for a torrent of the .04a ISO image.

Enjoy!

Re:Torrent file

[numatrix]

Please, PLEASE folks, use the torrent. My desktop is one of the mirrors, and I suddenly noticed about 9Mb/s started flowing and couldn't figure it out. I joked to my officemate that one of the isos I was hosting musta been /.'ed. Then I thought about it and, well, yeah, it was.

Re:Torrent file

[TedCheshireAcad]

I've said it before, and I'll say it again...

BitTorrent is teh rox0r.

296k/sec down, 135k up

sorry about the leetspeek.

Security?

[willy134]

So is this a security or hacking cd? Seems like some good tools to me.

Re:Security?

[Frymaster]

But.. it can be used for the powers of evil.

of course! tools are value-neutral - it's intent that makes something good or evil. a gun can be used to do good, a pillow can be a weapon of murder.

now what we really need is /dev/intent

Re:Security?

[duffbeer703]

I understand that hacking tools don't kill people, people kill people... But what about the children?

Re:Security?

[thetamind_pyros]

Oh, trust me, its a hacking CD. Hackers always use miniCDs. They just look cooler than full sized CDs.

I can see it now... In Matrix3, Trinity pulls out a miniCD and holds it in front of the camera. The shimmering glow of the miniCD sends awwws through the audience. Trinity inserts the miniCD and..

L.A.S now booting...

appears on the screen. A couple hard core geeks stand up and cheer.

Could you see that scene done with a full sized CD? No, it just would not be as cool.

maybe I missed it but,

[justMichael]

How do you deal with the weekly Nessus plugin updates? Do you have to d/l and burn a new disk every week or two?

Re:maybe I missed it but,

[Jeremiah+Cornelius]

You run "nessus-update-plugins", which pop th elatest and greatest to your ramdisk.

Same as Knoppix.

No big deal, losing these between boots. The 2200+ vulns on the CD are fine to begin with AFAIC.

Sometimes the child in me wins ...

[JSkills]

"penetration testing" with FluxBox?

Sounds like futuristic porno rather than Unix security.

Sorry. That was not funny and clearly off-topic. Mod me down :-(

New feature request

[Doesn't_Comment_Code]

...All on 1 miniCD. That sounds very convenient.

I request that the next feature to develop is an option where you just wave or shake the miniCD at the computer to remedy any problems. This would alleviate the hassle of putting the miniCD into the tray and running it.

I am a big fan of easy to use diagnostics/repair utilities. This sounds very good, and with just this one final tweaking, I think it will be perfect.

live CDs are nice

[Dark+Lord+Seth]

Live CDs like knoppix are all very lovely but when's the day that I can roll out my own live CDs without TOO much effort? Just select the packages you want, kernel, drivers, etc, wait as the program churns out a nice ISO for you which you can burn to a CD and voila, insta-Linux! Now that would seriously rock as you can simply modify all the basics as you see fit and can easily alter the whole deal for bugfixes.

Re:live CDs are nice

[caudron]

"when's the day that I can roll out my own live CDs without TOO much effort? Just select the packages you want, kernel, drivers, etc, wait as the program churns out a nice ISO for you which you can burn to a CD and voila, insta-Linux!"

When? Today.

What you just described is what Gentoo is about entirely. Gentoo fanaticism aside, if that's what you want, then you should look into it.

-Tom

Re:live CDs are nice

You can now.

Check out Morphix. It's a distro based on Knoppix, but modularized. There are small versions (that will fit on a mini-CD) as well as "fat" versions (with all the bells and whistles).

It's designed so that you can choose the features you want, add additional software, and burn a custom CD. Not quite turnkey, but quite doable with a little effort.

Fluxbox

[Blangopolis]

The window manager that LAS is using, fluxbox, is a truly great window manager. I think that it is one of my favorites. It basically is an extension of the blackbox window manager. I was actually reading a review on it earlier.

Overall, this is a great new window manager, that will perform well on lower end machines.

SLashdotted!! mirrors

[Creepy+Crawler]

::::: New Mirrors Added! :::::

L.A.S. 0.4a Main with FluxBox MD5: 0939d7294035b5246bedbce1085bb1e1

http://lightning.chem.tue.nl/las/l.a.s_0.4a_MAIN .i so -The Netherlands

http://sarovar.org/mirrors/knoppix-las/l.a.s_0.4 a_ MAIN.iso -India/Asian Pacific

http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.4a_MA IN .iso -USA

L.A.S. 0.3b Main MD5: f47150d2458c78169a65458bcf8ebf96

http://lightning.chem.tue.nl/las/l.a.s_0.3b.iso

http://sarovar.org/mirrors/knoppix-las/l.a.s_0.3 b. iso

http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.3b.is o

L.A.S. 0.3b SECSERV MD5: ff412734492e39d1d084ced556a47493

http://lightning.chem.tue.nl/las/l.a.s_0.3b_SECS ER V.iso

http://sarovar.org/mirrors/knoppix-las/l.a.s_0.3 b_ SECSERV.iso

http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.3b_SE CS ERV.iso

Excellent. :)

[numbski]

I'm getting to really love these things. If it's got ssh, scp, ethereal, port scanner, and a few other goodies, this thing's gonna rock.

Re:Usefull

[tbdean]

I always thought a Linux bootable CD would be great at Best Buy. Throw the CD in, reboot, and then ask the sales rep to come over and show you how to get around "this new version of Windows."

Don't need no network security tools

[Rosco+P.+Coltrane]

I have a script on my box that puts the eth0 interface down and back up every 3 minutes to break the connection of any evil pirate who might haNO CARRIER

USB flash version

[Kegetys]

How about an version that you can (easily) put on an USB flash memory card and boot from there?

Re:USB flash version

[Kegetys]

Hmm.. My GA-8IGX mobo has support for it, based on the i845 chipset which is quite old already. I think there certainly are alot of systems that support it, its just not a very commonly known feature.

Re:USB flash version

[numatrix]

I can think of two:

knoppix-usb
and runt.

Knoppix-usb is based on (you guessed it!) and runt is based on slackware.

Sounds a lot like F.I.R.E.

This sounds a LOT like F.I.R.E. (http://fire.dmzs.com) which I've found to be extremely useful, and highly recommend for forensics, pen testing, and other practical security efforts.

Forensics utilities are somewhat useless

[dodell]

In the real world, you don't always have permission to take a box down to perform forensics. Rebooting == downtime. Booting into Linux from a CD to inspect == downtime. When you *are* granted permission to take down a box for forensics analysis (you have to get permission in a search warrant for this, or permission from the company that wants you to investigate, but this is rarely feasable), you'll probably be working for a large firm that can afford forensics tools that cost tons of cash and do much more advanced forensics analysis than the forensics software for Linux.

This sounds more like another goodies CD for people to mess around with at school. Or perhaps something to give people Linux demos with. Who knows. I wouldn't market it as a forensics tool, though.

Re:Forensics utilities are somewhat useless

[chef_raekwon]

i agree with your statement to some extent...you won't be downing a server to run some silly tools that you can run on the server...

but, if you are a "security consultant", you simply need to show up, on-site with your mini-cd, and proclaim that all matters will be quickly resolved...as soon as you comandeer the secretary's pc.....
(and quickly reboot it.) .....
i dunno.

Re:Forensics utilities are somewhat useless

[MoralHazard]

Oh, really? Since when does "advanced forensics [sic] analysis" involve expensive tools? What forensic company do you work for, anyway, that you'd have the experience to make such a sweeping generalization? Oh, wait... you DON'T work for a forensic company--you build servers for a living.

I've worked six jobs in the last four months using Unix tools, and used various combinations of dd, netcat, ssh, mount, losetup, grep, and the other unix basics to wonderful effect on every one. They don't really ever fail on account of bugs or arbitrary limit conditions (can't handle files bigger than X MB, for instance), and they're terribly simple to troubleshoot. Oh, and there's nothing like an open-source tool for when you have to walk into court and answer the question "So, Mr. Expert-Computer-guy, how do you KNOW that this software did what you said it did?" It takes the wind out of an attorney's sails when you whip out the printed source code to md5sum and start walking him through it.

I've used the $90K forensic tools from the high-profile companies, and they work OK. Not great , though. EnCase, one of the more popular LE programs, has been plagued with bugs in the latest major version. Also, they're restricted to Windows and Mac analysis, so you're out of luck if you get a Linux machine. Oh, and don't even bother with tech support unless you're a true idiot who has failed to plug in his computer--one time, their IDE write-blocking interface was forcing drives into PIO mode (and taking 40 hours to copy a 10 GB hard drive!), and their phone tech suggesting that I try "www.hardforum.com" for technical advice. Talk about pure shit.

Most of the other insanely expensive tools that I've used have similar issues: limited platform support, buggy out the ass, and crappy tech support. The last isn't their fault so much, because most people using forensic tools are advanced enough that they won't be helped by any by the best--and the best technical/forensic people are expensive. But the bugs, oh god, the bugs!

There are a few tools that the USAF's OSI put into public domain usage that are handy, but really, you just need a linux machine with dd, ssh, netcat, and a custom kernel.

Downtime

[Bruha]

Someone earlier said companies cannot afford downtime. True but in most corporate enviroments there are plenty of boxes to take over the job of the hacked box most times and in the event that there's no backup most serious hackings will require the downtime anyways to investigate and fix the issue.

Can you imagine if a credit card database was hacked and they said just bring it back up?

Re:No Damn Blaster...

[frovingslosh]

Now, how many tools like this do you see for a windows, or any closed source environment.

Actually, there are a number of tools for windows. Even ethereal is available for windows and works pretty well on it. Part of the problem is that you can't legally make and redistribute a CD that will boot and run windows from CD, so there would be no good way to set up windows with everything that needs installed and run these types of applications from CD, even if you had windows on the computer (plus not being able to plan for what flavor of Windows you had). And while there are a lot of good tools to do these things under windows, and most or all of what is on this CD is open source and certainly could be ported to windows, the people making these tools simply prefer Linux and put them there first. But the tools do exist under windows.

Knoppix can already do this!

[purplebear]

You should be able to customize what is on the knoppix cd fairly easy already. If you look at the Knoppix cheatcodes, for manipulating hardware detection, there is a note in there about remastering the cd:

If you wish to remaster the CD, please don't forget to specify
-b KNOPPIX/boot.img
for the german version of the bootfloppy, or
-b KNOPPIX/boot-en.img
for the english version, as option to mkisofs. Otherwise your CD
won't be bootable. The directory KNOPPIX, containig the compressed
filesystem file "KNOPPIX", must be located in the top level
directory of the CD.

So, just take the knoppix ISO, copy to disk and modify away. Then use mkisofs with the -b flag to make your new custom ISO. :)

Re:Redundant

[advocate_one]

no, not redundant at all... optimisation will make it work fast on only the machine you built it for... try booting an "optimised" CD on the machines in a mixed environment... one where you have no real idea of what is in the box until you fire it up... like at a friends or clients place.

Those binary packaged tools also have the source available on the web and you can check each package out yourself there. the list of packages is available on the download site...

The guy who put the distro together has merely taken the trouble to save you a lot of time by assembling all the packages himself. I'm sure he will be just as keen to keep it up to date as well keeping track of major holes and also making sure you have the documentation available so you can keep it up to date yourself as well like you can with Knoppix.

I take it from your tirade that you've never enjoyed the advantage of Knoppix in being able to boot up the disk on someone elses computer without having to actually mess with the hard disk at all??? Just try turning up at a clients site with a CD stuffed with source code and expecting to be able to install it all on the hard disk before you can conduct your tests... and having to wait whilst it all compiles...

The prepackaged binary CD is far more convenient... and you can leave a copy behind for him to use himself... I've left behind some twenty knoppix CDs now for friends and relatives to play around with so they can experience Linux without having to mess with their hard disk. I've since gone back and installed it properly for seven of those people as duel boot setups.

Re:Great Idea...

[toddestan]

Yeah, I walk around my schools campus carrying CDs that say things ldke l33t h4k0r1n9 t00lz" on them.

Heck, I'd just throw a few low quality .mp3's in any free space on the CD, and claim it's a CD of remixes of Britney Spears and 'N-Sync. I doubt they'll suspect anything.

I'm using it right now ...

[MacEnvy]

I'm typing this right now in the "Links" browser. It's fast, it looks good, it has most of the tools I use (Nessus, Ethereal, XMMS, Firebird). I might just mod this and carry it with me instead of using other people's machines when I'm doing diagnostics. It picked up my wireless correctly and everything.

Have fun with this one, kids.

Re:More suicide bombing in Israel?

[spacecowboy420]

Why is it flame-bait when someone states an obvious fact? I have no problem with jews or any other religion/group of people - but more and more I am finding it hard not to be an anti-semite. As the parent poster pointed out, why do the Jews never learn?

It seems to me that everyone that answers a question by invoking God (Allah etc..) you are sentencing yourself and your children to death. Doesn't the fact that deaths caused by religious fundamentalism out number any disease (plaque, aids etc..)combined click in the mind of the most logic challenge that this is not the correct path? Doesn't murdering people - at all - tell you that you are as wrong as the murderers you are fighting?

Want peace? Remove god from the equation and you'll be on the short path (not there, but almost - you need to establish secular morality first)

no, I didn't forget the AC button, I truly believe what I say, mod me the way you like, but I speak truth.