10 Best Security Live CD Distros

Ant writes to tell us Darknet has a summary of the ten best LiveCD distributions dealing with security. With links to download and a little information about each one." An great overview of some handy tools, some you know and probably a few you don't.

Backtrack rules...

[Daxster]

I've used Auditor extensively in the past year or so, and played around with Slax. Slax is buggy and definitely lacking polish, but it's modular system of scripts and packages make it perfect for a combination of whoppix and Auditor. Now if only proper ndiswrapper modules were included...

Like rain on your weeding day

[BadAnalogyGuy]

I suppose it's probably safe to trust that the makers of your LiveCD aren't putting little rootkits into the image that automatically get installed to the existing OS image on the hard disk.

LiveCDs are great, but always make sure that the source is trustworthy or you may end up with a bootable CD with Tubgirl as the desktop background. That wouldn't be pleasant. Especially in front of a customer.

Re:Like rain on your weeding day

This is a good reason never to test something while customers are present...

Re:Like rain on your weeding day

If it was raining when I wanted to do some weeding, I'd go and tidy the greenhouse instead ;)

Re:Like rain on your weeding day

[Renraku]

"I suppose it's probably safe to trust that the makers of your LiveCD aren't putting little rootkits into the image that automatically get installed to the existing OS image on the hard disk."

And thus, your stash is found, your company/country loses, and you go to jail for 20 years based off of a chat log.

Assumptions do that..

Re:Like rain on your weeding day

[MooUK]

Anyone using something like this for the first time in the presence of a customer should have bigger problems than just tubgirl...

Re:Like rain on your weeding day

[Zarquil]

I dunno...

Usually I use a LiveCD in order to restore a mungled Windows installation.

I'm never really sure if I sould expect to find Tubgirl already set as the desktop background before I ever get to the machine in the first place...

  - Zarq

Re:Like rain on your weeding day

[Mateito]

This little experiment shows that users will install anything: http://www.csoonline.com.au/index.php?id=205513513 5&eid=-302

Atleast in Kanotix

[poeidon1]

it lacked ndiswrapper kernel module though it had ndiswrapper installed. Made it impossible to use it with my wireless network. If it ships with ndiis wrapper it should have had ndiswrapper module or atleast some source where it could be compiled.

Re:Atleast in Kanotix

[poeidon1]

Oops, I always end up confusing between knoppix-STD and Kanotix

Re:Atleast in Kanotix

[Filip22012005]

No network interface? That's a security feature!

Re:Is it difficult to proofread a submission?

[Jonas56]

Even worse, the editor added that comment, as it's outside the quote. Well, at least I assume that's the ending quotation mark, seeing as there's no beginning quotation mark. It is late, maybe he's half asleep.

Pros & Cons of Live CDs

Advantage of Live CD is that you can try it without installing anything into a computer. The disadvantage is its very slow and very limited in functionality. Very frustrating for every day use. Nothing can beat the performance of an installed version.

It is very good to be security conscious. If you really want to benefit by the advances in Unix, try a secure OS like Tomahawk Desktop.

Re:Pros & Cons of Live CDs

[Slashcrap]

It is very good to be security conscious. If you really want to benefit by the advances in Unix, try a secure OS like Tomahawk Desktop.

Initially I thought this was just a really lame astroturf for what is simply yet another minor desktop Linux distro, but then I looked at their site.

Turns out it does have some unique features. For instance not only does it come with a firewall enabled, it comes with a picture of a firewall too! Check this out - http://www.tomahawkcomputers.com/images/inkscape-1 -204.png

Beat that OpenBSD!

Re:Pros & Cons of Live CDs

[couchslug]

The live CDs are not intended for everyday use. An option for hard drive installation of a CD image (such as the Damn Small Linux Frugal Install) allows
you to get live CD functionality (i.e. booting the identical image each time) from a hard disk install.

Re:Pros & Cons of Live CDs

[rapidweather]

I use my livecd linux all the time, and find that it is indeed useful, and is not slow at all to boot or run. I have a blog here too. Take a look at the screenshots, link in my signature. If one has a spare hard drive partition, just do "tohd=/dev/hda3" at the boot prompt (using hda3 as an example), and you have the CD copied to that partition, and running from that, very fast on 7200 rpm drives. Next time, just "fromhd=/dev/hda3" and you are able to remove the CD from the drive in a few seconds, and run off your "installation". This is not an install, and only takes a few short minutes to get the CD copied and running for the first time.

I have Opera 8.52 and Flock 0.5.12 set up to _delete_ their ~/.opera or ~/.flock directories in ramdisk when these browsers are closed by the user. Done for security and to reclaim /ramdisk space.

Also, I have a preconfigured GuardDog firewall, allowing web surfing and email protocols by default, requiring no action or setup by the user, just boot the CD, and the firewall is up and doing what it does.

Tests on older computers with 128 MB of ram show that the livecd linux works just fine. I use a dual 200 mmx all the time, even for remastering.

I have a fully automated remastering script built in, and a script to copy the CD as a master copy, to a hard drive partition, for your use in remastering my CD. Both of these are very easy to use, just tell it where you want the "master copy" to be placed, and when you are ready to make an iso, tell it where to find the "master copy". These scripts are accessable via the IceWM or Fluxbox menus. Other included Window Managers are twm and KDE. Based on Knoppix 3.4, extensive changes have been made, including a choice of several mouse cursor themes on the fly. Very easy to try all of them, about 20 seconds for each. I have 12 built-in RSS feeds in Opera, they load in seconds after about 2 minutes of dial up online time, and provide an excellent preview of nearly 200 current news stories in Opera's Mail system, updated as long as the browser is open. Firefox 1.5.0.1 has 7 RSS feeds, handled as drop down lists from the bookmarks toolbar. Feel free to dig through the Getting Started Guide, link above for more unique features.

Hmmm

[ShaolinTiger]

Still up for me?

Load Averages 8.31 6.93 6.18

Re:Hmmm

[HaydnH]

"Load Averages 8.31 6.93 6.18"

People are complaining that it's being /.ed and you've loaded it 3 times to get load times? You mean mean man =P

Fastest whore on the block

[arrrrg]

Coral Cache

Re:Fastest whore on the block

[Thuktun]

Great, the article itself is redirecting its Coral Cache URL. Those of us behind draconian firewalls that block odd ports would be out of luck if not for Mirrordot's cache.

slashdotted top ten

1. BackTrack
2. Operator
3. PHLAK
4. Auditor
5. L.A.S Linux
6. Knoppix-STD
7. Helix
8. F.I.R.E
9. nUbuntu
10. INSERT Rescue Security Toolkit
Extra - Knoppix

Re:slashdotted top ten

[zerocool^]

I'm running a Knoppix-STD mirror at the Virginia Tech CS Dept Mirror. I've emailed them back and forth, but they haven't added me to their site. Try not to pound the K-STD site; they don't have a lot of bandwidth. And if you want to download it, I'm probably as reliable, if not more so, than the other mirrors listed.

~Will

Re:Calling all karma whores..

[isorox]

Anybody got a mirror?

Yes, I use it to shave

Re:*YAWN* ;^O

[thedletterman]

OpenBSD nad NetBSD are the top two that came to mind at first for me, but apparently BSD didn't make the list at all. I wonder what that is about.

e-penis??

"...e-penis..."

This is a product I haven't heard of before. I only have a regular penis myself. Perhaps you can enlighten me here:
  - What advantages does an e-penis have over a regular penis?
  - Can you e-mail it to your girlfriend every night when you are on business trips to keep her out of the arms of other men?
  - Is driver support a problem?
  - Can it be overclocked?

Re:e-penis??

[mrogers]

Can you e-mail it to your girlfriend every night when you are on business trips to keep her out of the arms of other men?

You can, but you should use PGP to avoid the risk of a man-in-the-middle attack.

Re:e-penis??

[pneumatus]

"...e-penis..."

You forgot 1 vital question,
- Does it run Linux?

Re:e-penis??

[MaxPowerDJ]

Imagine your e-penis crashing in the middle of an intensive session... would you want your e-penis running Windows? You wouldn't want to manually restore it...

At least read the title of the articel

[Propaganda13]

"10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery)"

The BSD's are not Live CD Distros used for penetration-testing, forensics, or recovery.

Re:*YAWN* ;^O

[RLiegh]

My guess is that there are only two Live-CD BSD distributions (to the best of my knowledge, at least); freesbie (which isn't security oriented) and one from NetBSD (which I forget the name of, and I'm not even sure is being made any more). There is no Live-CDs from the OpenBSD camp at all.

The article (and therefore, discussion) is about Live-CDs.

No BSD?

[putko]

What about that OpenBSD-based live CD? Isn't that a top security OS?

Or is this thing only for Linux?

Re:No BSD?

[Professor_UNIX]

What about that OpenBSD-based live CD? Isn't that a top security OS?

OpenBSD is a strong server operating system but it makes a horrible forensics toolkit base because of the lack of the level of hardware support that Linux enjoys. I'm not bashing it as a server OS since you can pick and choose the best supported components in that environment, but when using it as a forensics tool you have to support a wide variety of very oddball hardware that a desktop or server might contain and Linux is better at doing that.

Re:No BSD?

[Ratbert42]

Top secure OS, not top hacker OS.

Re:At least read the title of the articel

[GomezAdams]

OpenBSD and FreeBSD have live distros. Don't know about NetBSD. Google is your friend.

Re:*YAWN* ;^O

[fok]

Are they made for Pen-Test, Forensics & Recovery?

Re:Kororaa with Xgl, for beauty

[babbling]

It's crappy in terms of security. Runs the ssh daemon by default.

Re:*YAWN* ;^O

[kv9]

with NetBSD you can build your own. there also is some desktop centric live cd called NeWBIE

OliveBSD?

[wick3t]

Although it's not a linux distribution, surely any live CD based on OpenBSD deserves a mention!

Re:*YAWN* ;^O

[thedletterman]

Yeah, I noticed this when i doubled-back and read the article in depth. i read the summary, and looked over the list and was astonished when neither of these BSD distros was mentioned, as they are pretty well known for being a high security distribution.

How about "Live USB Key" distros?

[timeOday]

Anybody know a distro that's easy to install and run from a USB key?

I've found instructions on doing this for some distros (including Knoppix I think), but the step-by-step was too long and involved.

Re:How about "Live USB Key" distros?

[Mark+Clegg]

I remember reading about on some time ago. - http://runt.mybox.org/

Re:How about "Live USB Key" distros?

[spydir31]

You can run RIP( (R)ecovery (I)s (P)ossible ) rescue system from a USB key, and you could probably adapt it's instructions to something else
RIP site

Re:How about "Live USB Key" distros?

[farker+haiku]

Check out http://slax.linux-live.org/, it's a 185 MB distro. Or you can roll your own.

Re:How about "Live USB Key" distros?

[Frogg]

If i recall correctly, if you boot the latest version of PHLAK there is an icon on the desktop to install a mini version of PHLAK to removable drive.

It worked for me, took only moments, and didn't require any technical shenanigans (beyond knowing where my usb drive was mounted, i think)

This is all from memory, as the PHLAK site seems unavailable right now.

Of course, it's your decision as to whether PHLAK is any good as a general purpose day-to-day linux distro.

Re:How about "Live USB Key" distros?

[Xerp]

There are loads. Personally I use Devil Linux, and in fact, you can run pretty much any distro with tweaking ;) Yes, I know.. you said easy!

The main thing you need to consider is the size of the distro. I'm got a full 512 Mb on my stick, so its not too bad.

Anyway, as far as easy goes - grab Damn Small Linux. Or Feather Linux.

I remember seeing Mandrake Go! or something a while back as well. Haven't tried that one though.

You may also like to head over to Live Distro for some light reading!

Re:How about "Live USB Key" distros?

[korbin_dallas]

Damn Small Linux.

http://www.damnsmalllinux.org/

Its pretty easy, but its very difficult to separate the 'old' docs from the 'new' info about some sections of the system.

Make a cdrom, boot a box off that, then from the menus, choose to create a bootable usb OR a usb that can be started from within Windows or Linux as a guest OS.

BUT:
Of the many hundreds of computers here I have not found one that would in fact boot from USB!

Running as a Guest OS inside of Windows doesn't provide any Network Access. Now Qemu site says its possible, but its not obvious how to configure such a thing.

Adding your own stuff. It is very difficult, for some reason, to package your own stuff for use with DSL(mostly lack of clear docs). We have our own programs we want to add, so I have to figure this out myself.

Re:How about "Live USB Key" distros?

[el_nino-2000]

I've also been trying to find a good distro that will run from a USB key for diagnostic uses.

Does anyone know if it's possible to have both Linux AND Windows based bootable USB key? Maybe partitioning it... I'm not sure. All the diag software vendors like Dell, etc. have software, but it only runs on Windows or in DOS, so that's why I'd like to have both.

Re:How about "Live USB Key" distros?

[korbin_dallas]

FollowUp:

Some apps are easy to add. I have a static compiled program and 3 executable Java Jar files. Adding the jre15.dsl (from the dsl website) and the jars to the / of a pendrive is easy. Then boot the DSL cdrom and use the mydsl option to load the 'modules'. This is per some DSL Wiki info.
Search for 'create package'.

Its HARDER if you need to compile some program and dynamically link it to the libs. I found the easiest way is to install DSL to its own HD partition, then use the myDSL tool to download gcc, c libs, kernel headers etc. Thats very easy with the myDSl tool and net access. Then build the app on DSL. At this point my DSL build partition consumes about 500Mb. From there I have to determine the libs, apps, deps and config stuff to put into a package.

BTW I am doing this so I can create a 'portable' Test system, that I can load onto any PC with a network card, to be used in our software test lab.
You know the kind where we get hand-me-down computers that are well past their useful life. They are typically p2-400 or p3-500 slot 1 pcs. They tend to die at the worst times.

Hope that helps someone.

Re:Kororaa with Xgl, for beauty

[Slashcrap]

Don't know about security though. But since Xgl is fairly new I wouldn't trust it in a server.

You have missed the point. If it weren't for my unshakeable faith in the Slashdot community, I might even suspect you of not having read the article.

This is about Live CDs designed for security auditing, not the security of Live CDs. Although Nmap with OpenGL support would be pretty cool - watching thousands of Phong shaded, texture mapped SYN packets flying at the target host and either bouncing off or penetrating would make my day. Someone page Dan Kaminsky - he's great at cool shit like that.

Re:*YAWN* ;^O

[Slashcrap]

Yeah, I noticed this when i doubled-back and read the article in depth. i read the summary, and looked over the list and was astonished when neither of these BSD distros was mentioned, as they are pretty well known for being a high security distribution.

If you read the article so thoroughly, how did you miss the fact that it was about Live CDs used for security testing? The BSD Live CDs may well be very secure, but they do not come with hundreds of auditing tools. They are therefore out of scope for the article.

Re:weeding is crap in the rain, plot gets all mudd

Uh, you noticed his username right?

Re:Is it difficult to proofread a submission?

[digitaldc]

How difficult would it have been to change this to "A great"?

As difficult as it would be for some to not harp on a simple typo?

Insert Linux

[swtaarrs]

The best one I've found is Insert Linux. Once you download, burn, and boot from the ISO, there's a menu option in fluxbox to install to a usb key. All you have to do is make sure the the first partition on the drive is at least 64MB and it'll do the rest for you, formatting the partition, copying files, and installing the bootloader. I haven't used it a whole lot, but they pack a lot into 60MB.

Re:Insert Linux

[rwhamann]

I haven't used it a whole lot, but they pack a lot into 60MB.

You give us 60mb, we'll give you the world.

Re:Insert Linux

[permaculture]

I really want to boot from a USB pen drive. The file downloaded OK and the CD booted OK.
Rightclick desktop and choose "Applications, INSERT, usb-install"
Now a confusing choice, which device: hdx/sdx/ubx?

UBX -> "Error creating EXT2 filesystem"
SDX -> seems to have overwritten my hard drive (no matter, it's a test PC)
HDX -> leave this for later

I think this PC has: sdc, sda1, sda5, sdb1, and sdc - might it be one of those?

Or can you help me use fdisk to check my USB device name? I managed to get a CLI and type "fdisk" in, but there's syntax to puzzle over. I tried a few things but nothing really got anywhere.

Many thanks :)

Re:Insert Linux

[dylan_-]

Probably /dev/sdb or c. Simple way to check: Leave the thing unplugged on boot. Start up a terminal and type "dmesg"...see what it ends with? Now insert the drive. Type "dmesg" at terminal again. Should have added some stuff about usb-storage where it names the device.

Re:Insert Linux

[permaculture]

Cheers dylan, that's got me going.

sda1 = HDD partition 1, sda5 = HDD partition 2, sdc = USB

much obliged :)

Re:At least read the title of the articel

[goonerw]

OpenBSD and FreeBSD have live distros. Don't know about NetBSD. Google is your friend.

What part of 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) did you not understand? The ones reviewed are geared towards forensic analysis and such, not just a secure OS in general. From what Google tells me, there aren't any live BSD systems that fit the article's title.

Adios / UML

[Locarius]

I am suprised that they did not include Adios. The nicest feature is the ability to run multiple Linux kernels in userspace (User Mode Linux). It also comes with heaps of security tools on the LiveCD.

Re:dang, no mod points to mod this off-topic, lame

Can you read this?

Olny srmat poelpe can.

cdnuolt blveiee taht I cluod aulaclty uesdnatnrd waht I was rdanieg. The phaonmneal pweor of the hmuan mnid, aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoatnt tihng is taht the frist and lsat ltteer be in the rghit pclae. The rset can be a taotl mses and you can sitll raed it wouthit a porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe. Amzanig huh? yaeh and I awlyas tghuhot slpeling was ipmorantt!

INSERT is also part of the Ultimate Boot CD.

[Richard+Steiner]

The Ultimate Boot CD is a nice collection of memory, CPU, partition, filesystem, benchmarking, and BIOS utilities, and the "full" version of the UBCD contains INSERT as well as all of the other stuff. Quite a nice collection of utilities and diagnostic software on one CD.

Re:dang, no mod points to mod this off-topic, lame

[the+chao+goes+mu]

fizzle bar to dog taco lick?
Couldn't understand that? Perhaps it is because it was gibberish. Perhaps had we agreed on some basic rules of communication it would have been intelligible. But then that would make us "grammar nazis" wouldn't it?
It drives me mad when people insist "don't need no grammer, us talk reel gud neway". Perhaps, for the moment. But without any rules for communication whatsoever we have no way to communicate at all
Worse still, the same people who whine about grammar (or often "grammer") nazis are the same people who exceptionally rigid about programming language syntax. (eg. A discussion in the recent past insisted .NET's C++ variant isn't reall C++ because it lacks features A, B, & C. [ I have forgotten the specifics at the moment.]) Why can they understand that computer programming requires an inflexible syntax, but think humans can communicate without any rules at all?

Re:Is it difficult to proofread a submission?

[hanleys]

How difficult would it have been to add the word Linux in the title, so I wouldn't have bothered to read it?

Just throwing security apps on a livecd distro

[walterbyrd]

Is not all that impressive to me.

Also, it seems to me that a rescue CD should not, by default, boot to a GUI. It slows down the boot, and is not that useful when GUI can not be loaded. People who use these should know how to use the command line.

Re:Just throwing security apps on a livecd distro

[PitaBred]

I'm sure they do. But a command line has much lower resolution than a full X11 setup, and believe it or not, graphics can sometimes convey more information faster than lines of text (you have heard the picture is worth 1000 words saying, right?). But performance is why the DE's that these use are things like FVWM and Fluxbox rather than KDE for the most part.

Re:Just throwing security apps on a livecd distro

[r3adah3ad]

I believe Backtrack boots to command line by default.

Live CD's for Power PC

[Cap'n+Awesome]

Any sugestions for a security focused live cd that will run on a PPC chip.

Re:Attention: a link from 1 LiceCD infected by wor

[PitaBred]

You know, this might have been an interesting post if it was coherent...

Re:Is it difficult to proofread a submission?

[Braino420]

uhh, you're kind of in the wrong place. Here, let me redirect you.

Does anyone have the IP address and/or copy?

[pbrammer]

Looks like their DNS servers are not responding to my queries when I try to resolve www.darknet.org.uk. Does anyone have the IP address of that site? How about a copy of the article? The listed nameservers (ns[12].malaysiablogs.com) appear to be unresponsive.

Re:Does anyone have the IP address and/or copy?

[pbrammer]

They are resolving now. Thanks.

RO-OS

[Doc+Ruby]

One of the best features of a secure Live CD is that the read-only media prevents attacks from writing to the stored OS (on CD). I'd love to see a virtualization system that reloads the OS from the CD every so often (hours, minutes, seconds) and switches all processes to the new, more trustworthy instance.

Maybe a safer system will just reload a single watchdog instance from the CD, which checks itself against the other running instances.

Any difference would send an alarm out of the system.

Of course, the virtualization layer itself needs authenticity checks. But that might be possible against a CD image, and in any case would be no less secure than without this system I'm describing.

Re:RO-OS

[swab79]

What is somebody switched the CD?

Re:RO-OS

[Doc+Ruby]

The OS should send an alert when the CD drive is opened, and assume the CD has been violated. A more secure kernel might allow the CD drive to open only in single user mode, for OS upgrades. A more secure system might not allow the CD drive to open at all, requiring upgrades to open the CD on a separate machine, and coldswapping the CD/drive only by those with access to powercycle the machine and upgrade its hardware.

There's still not a lot of good protections from physical access to the machine. My suggestions are useful in protecting from remote attacks, like most defense strategies.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:dang, no mod points to mod this off-topic, lame

[networkBoy]

spelling _is_ important. Letter letter is not, thus if you are dislexic and invert letters you're likely A-OK
-nB

Re:dang, no mod points to mod this off-topic, lame

[CFrankBernard]

This is from the Slashback along time ago:

Anidroccg to crad cniyrrag lcitsiugnis planoissefors at an uemannd
utisreviny in Bsitirh Cibmuloa, and crartnoy to the duoibus cmials of
the ueticnd rcraeseh, a slpmie, macinahcel ioisrevnn of ianretnl
cretcarahs araepps sneiciffut to csufnoe the eadyrevy oekoolnr.



Translation:

According to card carrying linguistics professionals at an unnamed
university in British Columbia, and contrary to the dubious claims of
the uncited research, a simple, mechanical inversion of internal
characters appears sufficient to confuse the everyday onlooker.

Re:dang, no mod points to mod this off-topic, lame

[ryuspeed]

I think that the confusing part in your example is more the constructs and not the words themselves. That is, if you combine a sentence structure and style that is not readily apparent to the reader with jumbled words, I agree that you can confuse the reader. You have to give some hints to the reader. The majority of your text was readable without too much issue, but I don't normally associate professionals with universities (professors, maybe) and "inversion of internal characters" doesn't just jump into my mind.

I would argue that it's easy enough to confuse an average reader with properly spelled words given a sufficiently complex sentence structure. All the same, it's still fun. :-)

Re:dang, no mod points to mod this off-topic, lame

[ryuspeed]

You misspelled rscheearch it should really be rscheearechr (or equivalent).

suitability for WEP cracking

[NaDrew]

Let's say there's a WiFi AP with basic WEP at a bookstore near me, and let's say I want to crack it. Does one (or more) of these LiveCD distros include the necessary tools?

Re:suitability for WEP cracking

[Sigg3.net]

Whoppix, Whax, Auditor, Backtrack etc...
I think the well-known "how to crack WEP in 10 minutes" flash video was done in Whoppix.
All you need is love. And airsnort, aireplay and airocrack.

troll

[Sigg3.net]

Google is your friend.
In China, google is not.