Home page logo
/

basics logo Security Basics mailing list archives

RE: exposure to bootable Linux distros
From: "JTH" <jth () visi com>
Date: Tue, 16 Mar 2004 10:37:55 -0600

Does it have an hd installation tool as Knoppix?
If so, does it get installed reasonably secured (like old knoppix
versions) or
does it do like the new knoppix versions (starting in some version of
those
3.3) that logs automaticly, opens shells as root with no password and does
not
let people logout and stuff like that?

This info is knoppix-std specific, (based on knoppix 3.2, I think) as I
don't use straight-up knoppix. 

When installed to hd, Knoppix lets you log out just fine. As a livecd, it
reboots upon logout. And the root/"passwordless" terminal is because SUDO is
set up to not require password reentry. This can be altered on one line
using visudo. 

Or, in other words, is it good to install, or is it like Knoppix, that got
better as a live-cd but now sucks when we're talking about an hd-install?

I think it's still damn fine installed to hd. But that's just me.

-----Original Message-----
From: Marcos D. Marado Torres [mailto:marado () student dei uc pt]
Sent: Thursday, March 11, 2004 5:48 PM
To: Greg Tracy
Cc: security-basics () securityfocus com
Subject: Re: exposure to bootable Linux distros

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Does it have an hd installation tool as Knoppix?
If so, does it get installed reasonably secured (like old knoppix
versions) or
does it do like the new knoppix versions (starting in some version of
those
3.3) that logs automaticly, opens shells as root with no password and does
not
let people logout and stuff like that?

Or, in other words, is it good to install, or is it like Knoppix, that got
better as a live-cd but now sucks when we're talking about an hd-install?


Keep the good work,
Mind Booster Noori

- --
==================================================
Marcos Daniel Marado Torres AKA Mind Booster Noori
/"\               http://student.dei.uc.pt/~marado
\ /                       marado () student dei uc pt
 X   ASCII Ribbon Campaign
/ \  against HTML e-mail and Micro$oft attachments
==================================================

On Wed, 10 Mar 2004, Greg Tracy wrote:

I've had a lot of experience with a wide variety of these (live CDs),
and am
in fact playing around with remastering Knoppix for my young son to use
for
educational games. If you like PHLAK, you'll love Knoppix-STD (Security
Tools Distribution).

http://knoppix-std.org

It's a more mature release and has better hardware detection, as well as
better support for wireless tools out of the box. The most recent
release
boots into fluxbox by default and offers a web page that opens on boot
that
lists and explains all the tools included on the CD. It's a lighter
weight
distro and has a pretty large following.

A CD that is popular with a friend who is involved in forensics is
F.I.R.E.
(forensic and Incident Response Environment). I haven't used it
personally,
but I'm aware that some of it's freatures are bundled in STD and PHLAK.
It's
at:

http://fire.dmzs.com/

Greg

From: "Jim Clark" <jclark () cmanet org>
Date: Thu, 4 Mar 2004 17:17:24 -0800
To: "Chris Halverson" <chris.halverson () encana com>,
<security-basics () securityfocus com>
Subject: RE: exposure to bootable Linux distros

Am currently testing PLAK. So far greatly impressed.  It is a little
hard at first but the tools are phenominal.  FWIW.

-----Original Message-----
From: Chris Halverson [mailto:chris.halverson () encana com]
Sent: Thursday, March 04, 2004 9:20 AM
To: security-basics () securityfocus com
Subject: exposure to bootable Linux distros




Has anyone had exposure to Operator (built from Knoppix) or PHLAX?  I
haven't been able to download and try them but it was brought up in
one
of my classes that I am taking.



What purposes do you pentest with these?

External perimeter security, DMZ or internal?

How would you block non-authorized users from utilizing these? (with
the
exception of BIOS password protection and disabling the floppy, usb
and
cdrom boot capabilities)

----------------------------------------------------------------------
--
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert
instructors.

Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your
organization.

Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------
--
----


----------------------------------------------------------------------
-----
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert
instructors.
Attend a course taught by an expert instructor with years of in-the-
field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your
organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------
------



------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-
field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFAUPqumNlq8m+oD34RAi9qAKC5BoZDc2SNp3I9y7f/RtC+UVz+xACcCqpy
klFjiOdz6duETZl/ibfUnd0=
=yrZf
-----END PGP SIGNATURE-----


--------------------------------------------------------------------------
-
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------------------
--


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]