Slashdot Mirror

← Back to Stories (view on slashdot.org)

10 Best Security Live CD Distros

Posted by ryuzaki0 on from the don't-leave-home-without-it dept.

Ant writes to tell us Darknet has a summary of the ten best LiveCD distributions dealing with security. With links to download and a little information about each one." An great overview of some handy tools, some you know and probably a few you don't.

35 of 122 comments (clear)

  1. Backtrack rules... by Daxster · · Score: 5, Informative

    I've used Auditor extensively in the past year or so, and played around with Slax. Slax is buggy and definitely lacking polish, but it's modular system of scripts and packages make it perfect for a combination of whoppix and Auditor. Now if only proper ndiswrapper modules were included...

    --
    Death by snoo-snoo!
  2. Like rain on your weeding day by BadAnalogyGuy · · Score: 4, Interesting

    I suppose it's probably safe to trust that the makers of your LiveCD aren't putting little rootkits into the image that automatically get installed to the existing OS image on the hard disk.

    LiveCDs are great, but always make sure that the source is trustworthy or you may end up with a bootable CD with Tubgirl as the desktop background. That wouldn't be pleasant. Especially in front of a customer.

    1. Re:Like rain on your weeding day by Anonymous Coward · · Score: 2, Funny

      If it was raining when I wanted to do some weeding, I'd go and tidy the greenhouse instead ;)

    2. Re:Like rain on your weeding day by Renraku · · Score: 2, Funny

      "I suppose it's probably safe to trust that the makers of your LiveCD aren't putting little rootkits into the image that automatically get installed to the existing OS image on the hard disk."

      And thus, your stash is found, your company/country loses, and you go to jail for 20 years based off of a chat log.

      Assumptions do that..

      --
      Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
    3. Re:Like rain on your weeding day by MooUK · · Score: 2, Insightful

      Anyone using something like this for the first time in the presence of a customer should have bigger problems than just tubgirl...

  3. Atleast in Kanotix by poeidon1 · · Score: 3, Interesting

    it lacked ndiswrapper kernel module though it had ndiswrapper installed. Made it impossible to use it with my wireless network. If it ships with ndiis wrapper it should have had ndiswrapper module or atleast some source where it could be compiled.

    --
    They called me mad, and I called them mad, and damn them, they outvoted me. -Nathaniel Lee
    1. Re:Atleast in Kanotix by Filip22012005 · · Score: 3, Funny

      No network interface? That's a security feature!

      --
      When the policeman of the tie, rule you violate, hello punishment of the kitty?
  4. Re:Is it difficult to proofread a submission? by Jonas56 · · Score: 2

    Even worse, the editor added that comment, as it's outside the quote. Well, at least I assume that's the ending quotation mark, seeing as there's no beginning quotation mark. It is late, maybe he's half asleep.

  5. Hmmm by ShaolinTiger · · Score: 2, Informative

    Still up for me?

    Load Averages 8.31 6.93 6.18

    --
    Share your Knowlege - Kung-Fu Geekery
  6. Fastest whore on the block by arrrrg · · Score: 2, Informative

    Coral Cache

  7. slashdotted top ten by Anonymous Coward · · Score: 4, Informative

    1. BackTrack
    2. Operator
    3. PHLAK
    4. Auditor
    5. L.A.S Linux
    6. Knoppix-STD
    7. Helix
    8. F.I.R.E
    9. nUbuntu
    10. INSERT Rescue Security Toolkit
    Extra - Knoppix

    1. Re:slashdotted top ten by zerocool^ · · Score: 2, Informative


      I'm running a Knoppix-STD mirror at the Virginia Tech CS Dept Mirror. I've emailed them back and forth, but they haven't added me to their site. Try not to pound the K-STD site; they don't have a lot of bandwidth. And if you want to download it, I'm probably as reliable, if not more so, than the other mirrors listed.

      ~Will

      --
      sig?
  8. e-penis?? by Anonymous Coward · · Score: 3, Funny

    "...e-penis..."

    This is a product I haven't heard of before. I only have a regular penis myself. Perhaps you can enlighten me here:
      - What advantages does an e-penis have over a regular penis?
      - Can you e-mail it to your girlfriend every night when you are on business trips to keep her out of the arms of other men?
      - Is driver support a problem?
      - Can it be overclocked?

    1. Re:e-penis?? by mrogers · · Score: 5, Funny
      Can you e-mail it to your girlfriend every night when you are on business trips to keep her out of the arms of other men?

      You can, but you should use PGP to avoid the risk of a man-in-the-middle attack.

  9. No BSD? by putko · · Score: 4, Interesting

    What about that OpenBSD-based live CD? Isn't that a top security OS?

    Or is this thing only for Linux?

    --
    http://www.thebricktestament.com/the_law/when_to_s tone_your_children/dt21_18a.html
    1. Re:No BSD? by Professor_UNIX · · Score: 4, Interesting
      What about that OpenBSD-based live CD? Isn't that a top security OS?

      OpenBSD is a strong server operating system but it makes a horrible forensics toolkit base because of the lack of the level of hardware support that Linux enjoys. I'm not bashing it as a server OS since you can pick and choose the best supported components in that environment, but when using it as a forensics tool you have to support a wide variety of very oddball hardware that a desktop or server might contain and Linux is better at doing that.

    2. Re:No BSD? by Ratbert42 · · Score: 2, Insightful

      Top secure OS, not top hacker OS.

  10. Re:At least read the title of the articel by GomezAdams · · Score: 4, Informative

    OpenBSD and FreeBSD have live distros. Don't know about NetBSD. Google is your friend.

    --
    Too lazy to create a sig...
  11. Re:*YAWN* ;^O by kv9 · · Score: 3, Informative

    with NetBSD you can build your own. there also is some desktop centric live cd called NeWBIE

    --
    Stop Computers/Cars Analogies on S
  12. OliveBSD? by wick3t · · Score: 5, Informative

    Although it's not a linux distribution, surely any live CD based on OpenBSD deserves a mention!

  13. How about "Live USB Key" distros? by timeOday · · Score: 4, Interesting
    Anybody know a distro that's easy to install and run from a USB key?

    I've found instructions on doing this for some distros (including Knoppix I think), but the step-by-step was too long and involved.

    1. Re:How about "Live USB Key" distros? by Mark+Clegg · · Score: 2, Informative

      I remember reading about on some time ago. - http://runt.mybox.org/

    2. Re:How about "Live USB Key" distros? by farker+haiku · · Score: 4, Informative

      Check out http://slax.linux-live.org/, it's a 185 MB distro. Or you can roll your own.

      --
      Your sig(k) has been stolen. There is a puff of smoke!
    3. Re:How about "Live USB Key" distros? by korbin_dallas · · Score: 2, Interesting

      Damn Small Linux.

      http://www.damnsmalllinux.org/

      Its pretty easy, but its very difficult to separate the 'old' docs from the 'new' info about some sections of the system.

      Make a cdrom, boot a box off that, then from the menus, choose to create a bootable usb OR a usb that can be started from within Windows or Linux as a guest OS.

      BUT:
      Of the many hundreds of computers here I have not found one that would in fact boot from USB!

      Running as a Guest OS inside of Windows doesn't provide any Network Access. Now Qemu site says its possible, but its not obvious how to configure such a thing.

      Adding your own stuff. It is very difficult, for some reason, to package your own stuff for use with DSL(mostly lack of clear docs). We have our own programs we want to add, so I have to figure this out myself.

      --
      They Live, We Sleep
  14. Re:Kororaa with Xgl, for beauty by Slashcrap · · Score: 2, Funny

    Don't know about security though. But since Xgl is fairly new I wouldn't trust it in a server.

    You have missed the point. If it weren't for my unshakeable faith in the Slashdot community, I might even suspect you of not having read the article.

    This is about Live CDs designed for security auditing, not the security of Live CDs. Although Nmap with OpenGL support would be pretty cool - watching thousands of Phong shaded, texture mapped SYN packets flying at the target host and either bouncing off or penetrating would make my day. Someone page Dan Kaminsky - he's great at cool shit like that.

  15. Re:Is it difficult to proofread a submission? by digitaldc · · Score: 2, Funny

    How difficult would it have been to change this to "A great"?

    As difficult as it would be for some to not harp on a simple typo?

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  16. Insert Linux by swtaarrs · · Score: 3, Informative

    The best one I've found is Insert Linux. Once you download, burn, and boot from the ISO, there's a menu option in fluxbox to install to a usb key. All you have to do is make sure the the first partition on the drive is at least 64MB and it'll do the rest for you, formatting the partition, copying files, and installing the bootloader. I haven't used it a whole lot, but they pack a lot into 60MB.

    1. Re:Insert Linux by permaculture · · Score: 2, Interesting

      I really want to boot from a USB pen drive. The file downloaded OK and the CD booted OK.
      Rightclick desktop and choose "Applications, INSERT, usb-install"
      Now a confusing choice, which device: hdx/sdx/ubx?

      UBX -> "Error creating EXT2 filesystem"
      SDX -> seems to have overwritten my hard drive (no matter, it's a test PC)
      HDX -> leave this for later

      I think this PC has: sdc, sda1, sda5, sdb1, and sdc - might it be one of those?

      Or can you help me use fdisk to check my USB device name? I managed to get a CLI and type "fdisk" in, but there's syntax to puzzle over. I tried a few things but nothing really got anywhere.

      Many thanks :)

      --
      Environmentalism is the new Victorianism. Everyone ties on a green corset and pretends we're virtuous.
    2. Re:Insert Linux by dylan_- · · Score: 2, Informative

      Probably /dev/sdb or c. Simple way to check: Leave the thing unplugged on boot. Start up a terminal and type "dmesg"...see what it ends with? Now insert the drive. Type "dmesg" at terminal again. Should have added some stuff about usb-storage where it names the device.

      --
      Igor Presnyakov stole my hat
  17. Adios / UML by Locarius · · Score: 3, Informative

    I am suprised that they did not include Adios. The nicest feature is the ability to run multiple Linux kernels in userspace (User Mode Linux). It also comes with heaps of security tools on the LiveCD.

  18. Re:dang, no mod points to mod this off-topic, lame by Anonymous Coward · · Score: 4, Funny

    Can you read this?

    Olny srmat poelpe can.

    cdnuolt blveiee taht I cluod aulaclty uesdnatnrd waht I was rdanieg. The phaonmneal pweor of the hmuan mnid, aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoatnt tihng is taht the frist and lsat ltteer be in the rghit pclae. The rset can be a taotl mses and you can sitll raed it wouthit a porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe. Amzanig huh? yaeh and I awlyas tghuhot slpeling was ipmorantt!

  19. INSERT is also part of the Ultimate Boot CD. by Richard+Steiner · · Score: 3, Informative

    The Ultimate Boot CD is a nice collection of memory, CPU, partition, filesystem, benchmarking, and BIOS utilities, and the "full" version of the UBCD contains INSERT as well as all of the other stuff. Quite a nice collection of utilities and diagnostic software on one CD.

    --
    Mainframe/UNIX Bit Twiddler and long time Windows/Linux Hobbyist.
    The Theorem Theorem: If If, Then Then.
  20. Just throwing security apps on a livecd distro by walterbyrd · · Score: 2, Insightful

    Is not all that impressive to me.

    Also, it seems to me that a rescue CD should not, by default, boot to a GUI. It slows down the boot, and is not that useful when GUI can not be loaded. People who use these should know how to use the command line.

  21. Re:Is it difficult to proofread a submission? by Braino420 · · Score: 2, Funny

    uhh, you're kind of in the wrong place. Here, let me redirect you.

    --
    They call me the wookie man, I guess that's what I am
  22. RO-OS by Doc+Ruby · · Score: 3, Insightful

    One of the best features of a secure Live CD is that the read-only media prevents attacks from writing to the stored OS (on CD). I'd love to see a virtualization system that reloads the OS from the CD every so often (hours, minutes, seconds) and switches all processes to the new, more trustworthy instance.

    Maybe a safer system will just reload a single watchdog instance from the CD, which checks itself against the other running instances.

    Any difference would send an alarm out of the system.

    Of course, the virtualization layer itself needs authenticity checks. But that might be possible against a CD image, and in any case would be no less secure than without this system I'm describing.

    --

    --
    make install -not war