Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Software Linux

Local Area Security Linux 0.4a 229

Anonymous Coward writes "Local Area Security Linux is a small 'live CD' distribution based on Knoppix that aims at being less than 185MB so it will fit on a MiniCD. It is now 107MB with FluxBox as the window manager. It contains about 100 security (forensics, penetration testing, firewall, intrusion detection, etc.) tools including Ethereal and Nessus. See a screenshot here."
This discussion has been archived. No new comments can be posted.

Local Area Security Linux 0.4a

Comments Filter:
  • Torrent file (Score:5, Informative)

    by DJFelix ( 468187 ) * <marler@gmail.com> on Tuesday August 12, 2003 @02:26PM (#6678488) Homepage
    Click here [no-ip.com] for a torrent of the .04a ISO image.

    Enjoy!

    • Re:Torrent file (Score:5, Informative)

      by numatrix ( 242325 ) on Tuesday August 12, 2003 @02:56PM (#6678808)
      Please, PLEASE folks, use the torrent. My desktop is one of the mirrors, and I suddenly noticed about 9Mb/s started flowing and couldn't figure it out. I joked to my officemate that one of the isos I was hosting musta been /.'ed. Then I thought about it and, well, yeah, it was.
      • I used one of the euro FTP's and had the file in an hour or so. I've got it torrent'd now, every little T1 helps. Spiking at 60 and 70k up, averaging 8-12.

        If you've got the full version, put it on torrent anyway. share files that aren't copyrighted for once.
    • by TedCheshireAcad ( 311748 ) <ted@@@fc...rit...edu> on Tuesday August 12, 2003 @03:14PM (#6678976) Homepage
      I've said it before, and I'll say it again...

      BitTorrent is teh rox0r.

      296k/sec down, 135k up

      sorry about the leetspeek.
    • does somone have a torrent of the site with the torrent on it? I seem to be having troubles connecting.

      Pat
    • Lemme post a quick reply -- I never got BT to work, and figured I'd just download from the mirrors. I got sick of 30 KB/sec, an got BitTorrent [bitconjurer.org] to work. I'm at 147 KB/sec and rising. (And as a sidenote... You'll be alleviating the huge load on the mirrors, as well as helping your fellow /.ers.)

      Don't do it because of the pleas from the mirror operators -- do it to get a faster download. :)
  • Security? (Score:5, Interesting)

    by willy134 ( 682318 ) on Tuesday August 12, 2003 @02:27PM (#6678495)
    So is this a security or hacking cd? Seems like some good tools to me.
    • I think the authors intent was that of a security CD.. more or less to scan your network for "issues".

      But.. it can be used for the powers of evil.
      so more or less, in the US he would be found guilty of releasing hacking programs to the world.. :(

      ChiefArcher

      • Re:Security? (Score:5, Insightful)

        by Frymaster ( 171343 ) on Tuesday August 12, 2003 @02:34PM (#6678586) Homepage Journal
        But.. it can be used for the powers of evil.

        of course! tools are value-neutral - it's intent that makes something good or evil. a gun can be used to do good, a pillow can be a weapon of murder.

        now what we really need is /dev/intent

        • by duffbeer703 ( 177751 ) on Tuesday August 12, 2003 @02:37PM (#6678611)
          I understand that hacking tools don't kill people, people kill people... But what about the children?
        • >a gun can be used to do good

          If you exclude protection from enviroment (killing an animal because it wants to eat you, something that will not be any concern to 99.99% of people) the only good a gun can be used for is to prevent evil caused by guns.

          Your analogy holds up though because all of these tools would not need to exist if people didn't create tools to crack into peoples computers and mess things up.
        • These tools need evil bits.
      • It's obvious from the desire to keep it on a "mini CD" that this is meant for clandestine activity. Any legitimate user of "security tools" wouldn't mind simply using a regular sized CD. :)
    • by thetamind_pyros ( 656004 ) on Tuesday August 12, 2003 @07:25PM (#6681275) Homepage
      Oh, trust me, its a hacking CD. Hackers always use miniCDs. They just look cooler than full sized CDs.

      I can see it now... In Matrix3, Trinity pulls out a miniCD and holds it in front of the camera. The shimmering glow of the miniCD sends awwws through the audience. Trinity inserts the miniCD and..

      L.A.S now booting...

      appears on the screen. A couple hard core geeks stand up and cheer.

      Could you see that scene done with a full sized CD? No, it just would not be as cool.
  • by justMichael ( 606509 ) on Tuesday August 12, 2003 @02:27PM (#6678500) Homepage
    How do you deal with the weekly Nessus plugin updates? Do you have to d/l and burn a new disk every week or two?

    • With it being based on Knoppix, which is based on Debian, I'm sure a simple procedure of apt-get update, apt-get dist-upgrade could be implemented, installing all (or better, only selected vital-for-security-checking) updated programs onto a RAM-drive.
    • One thing you can do is to install the Live CD to a hard drive to get a permanant installation. While this may seem counter productive for a Live CD, I've found it to be really useful. I'm currently using the Knoppix Security Tools Distribution [knoppix-std.org] as a "desktop" OS... :-) Knoppix 3.2 (what both these distros are based on) includes a really useful script [linuxworld.com] to install the Live CD to the hard drive. It's the easiest way I've found so far to get a Debian testing/unstable system installed and running - with X con
  • "penetration testing" with FluxBox?

    Sounds like futuristic porno rather than Unix security.

    Sorry. That was not funny and clearly off-topic. Mod me down :-(

  • I dont know it realy looks like a toy to throw in and boot up some lab machine without leaving many traces. Most people I can think that need this allready have linux on a laptop for this function or are running windows equivialants.

    Maybe it's a good giveaway for consultants to throw a little knoledge at the clients let them get scared and then do a real audit?
    • Re:Usefull (Score:5, Funny)

      by tbdean ( 163865 ) on Tuesday August 12, 2003 @02:32PM (#6678555) Homepage
      I always thought a Linux bootable CD would be great at Best Buy. Throw the CD in, reboot, and then ask the sales rep to come over and show you how to get around "this new version of Windows."
      • But do you realy want to scan the network at best buy? All those vulnerable windows boxes.
      • Knoppix was great for my last trip to best buy. I threw it in a couple of laptops to make sure i wouldn't be buying into a hardware nightmare. Of course I couldn't seem to flag down a sales person actually willing to sell me the item, and once I finally recieved assistance I was told they were out of stock.

        Circuit city appriciated the business I gave them though, and they knocked some money of the price of the laptop (they weren't offering the same credit terms). YMMV, chain retail stores are a crap shoot.
  • by Doesn't_Comment_Code ( 692510 ) on Tuesday August 12, 2003 @02:29PM (#6678519)
    ...All on 1 miniCD. That sounds very convenient.

    I request that the next feature to develop is an option where you just wave or shake the miniCD at the computer to remedy any problems. This would alleviate the hassle of putting the miniCD into the tray and running it.

    I am a big fan of easy to use diagnostics/repair utilities. This sounds very good, and with just this one final tweaking, I think it will be perfect.

    • Well, I've got one more feature to ask for, while we're asking. I want more games on it. It doesn't have enough (any?). I want it to have the full version of Neverwinter Nights (plus expansion) or it, as well as Unreal Tournament 2003 for when I feel like fragging. It still needs to fit on the mini-cd that you just wave in front of the computer though ;)
    • I request that the next feature to develop is an option where you just wave or shake the miniCD at the computer to remedy any problems. This would alleviate the hassle of putting the miniCD into the tray and running it.

      Sounds like a great Open Source project to make your fame with. Please make it RFC 2321 [ietf.org] compliant.

      Standards are very important, after all.
    • the problem is most PCs are not yet equipped with the cd-bluetooth karmic storage drives...
  • Now, how many tools like this do you see for a windows, or any closed source environment. Its tools like these that keep linux away from crap like this balster worm. Linux isn't perfect, but it learns from its mistakes, thats what makes it superior to and closed source software
    • Yet Another D??? Linux Distro....

      Haven't we already got enough?

      And what is this Coroner's toolkit thingy? Something for the morgue? What does it have to do with Linux?

      And forget this Lazarus thingy-- if you want religion, get Jesux.

      Oh, and more more thing. My pen writes fine. No need to test it.

      (for the humor impaired-- if you didn't get it, forget it)
      • Lazarus and The Coroner's Toolkit were developed several years ago by Wietse Venema (Postfix, TCPWrappers) and Dan Farmer (SATAN). Lazarus recovers deleted files which can then be browsed with a Web browser. The Coroner's Toolkit is forensics software (post-breakin analysis). I saw a presentation on them in 1999, and they looked very useful then; I'm sure they're even better now. Fortunately, I haven't had occasion to use them :)

        • Lazarus and The Coroner's Toolkit were developed several years ago by Wietse Venema (Postfix, TCPWrappers) and Dan Farmer (SATAN). Lazarus recovers deleted files which can then be browsed with a Web browser. The Coroner's Toolkit is forensics software (post-breakin analysis). I saw a presentation on them in 1999, and they looked very useful then; I'm sure they're even better now. Fortunately, I haven't had occasion to use them :)

          I know what they are. Sorry for my lame attempt at making a joke. For thos
    • by frovingslosh ( 582462 ) on Tuesday August 12, 2003 @03:09PM (#6678917)
      Now, how many tools like this do you see for a windows, or any closed source environment.

      Actually, there are a number of tools for windows. Even ethereal is available for windows and works pretty well on it. Part of the problem is that you can't legally make and redistribute a CD that will boot and run windows from CD, so there would be no good way to set up windows with everything that needs installed and run these types of applications from CD, even if you had windows on the computer (plus not being able to plan for what flavor of Windows you had). And while there are a lot of good tools to do these things under windows, and most or all of what is on this CD is open source and certainly could be ported to windows, the people making these tools simply prefer Linux and put them there first. But the tools do exist under windows.

      • well the distro itself is a major utility, and that cannot be ported to windows.

        you got one thing right, windows cannot be made (legally) to do this since it doesnt boot from CD with the applications ready to run. hell i doubt as if you could get windows with the same programs onto a mini-CD.
  • live CDs are nice (Score:5, Interesting)

    by Dark Lord Seth ( 584963 ) on Tuesday August 12, 2003 @02:30PM (#6678525) Journal

    Live CDs like knoppix are all very lovely but when's the day that I can roll out my own live CDs without TOO much effort? Just select the packages you want, kernel, drivers, etc, wait as the program churns out a nice ISO for you which you can burn to a CD and voila, insta-Linux! Now that would seriously rock as you can simply modify all the basics as you see fit and can easily alter the whole deal for bugfixes.

    • Re:live CDs are nice (Score:3, Informative)

      by caudron ( 466327 )
      "when's the day that I can roll out my own live CDs without TOO much effort? Just select the packages you want, kernel, drivers, etc, wait as the program churns out a nice ISO for you which you can burn to a CD and voila, insta-Linux!"

      When? Today.

      What you just described is what Gentoo is about entirely. Gentoo fanaticism aside, if that's what you want, then you should look into it.

      -Tom
      • by zapp ( 201236 )
        (disclaimer: i've never used Gentoo, this is all just from what i've read about it)

        Isn't Gentoo compiled specifically for your machine, with all sorts of optomizations and such? Doesn't that contradict the concept of burning a cd that can run on (almost) any system?
        • Isn't Gentoo compiled specifically for your machine, with all sorts of optomizations and such? Doesn't that contradict the concept of burning a cd that can run on (almost) any system?

          Typically, yes, Gentoo is compiled for your machine. However, nothing prevents you from setting the architecture to i386 and making a universal system. Gentoo is almost a "meta" disto, in that you could use it to build a secure distro, web server only distro, desktop system, etc.

          And of course, since it's open source, it doesn

    • Just select the packages you want, kernel, drivers, etc, wait as the program churns out a nice ISO ...

      Well, as I see it, with Knoppix (and derivatives) you get almost everything you need. If not you can always apt-get what you need as it's based on Debian. Not exactly what you want, but it's easily customizable from this viewpoint.

      z
      • Well, as I see it, with Knoppix (and derivatives) you get almost everything you need. If not you can always apt-get what you need as it's based on Debian. Not exactly what you want, but it's easily customizable from this viewpoint.

        No, you get all of what the developer thinks you need, but that's hardly always what you need. Knoppix has even been removing things to make space, so you no longer get some things, but you still get three or four different spreadsheets and word processors and at least two power

      • I can't even figure out how to get console nethack on knoppix. All we get is this crappy isomorphic view, I can't tell wtf I'm doing.
    • Re:live CDs are nice (Score:5, Informative)

      by Anonymous Coward on Tuesday August 12, 2003 @02:46PM (#6678707)
      You can now.

      Check out Morphix [sourceforge.net]. It's a distro based on Knoppix, but modularized. There are small versions (that will fit on a mini-CD) as well as "fat" versions (with all the bells and whistles).

      It's designed so that you can choose the features you want, add additional software, and burn a custom CD. Not quite turnkey, but quite doable with a little effort.

      • Along these same lines, but far more specialized, is MoviX [sourceforge.net], which allows you to customize it with any media files you like, then burn a liveCD that will play your movies/music on most any computer. I really love all these great innovations coming out these days! Another cool feature with MoviX, depending on the version you download, is that it can load the entire OS into memory, then you remove the disk and put a dvd in the drive to watch. fun times! =D
        • Wow, there's so much going on in LiveCDs these days. I'm terribly impressed. I use Morphix as a router with almost everything running out of RAM and I love it, but there's so many different versions coing out these days I don't have time to try them all. It sure is cool though. I'm going to check out this MoviX in addition to this LASL I'm downloading.
    • I want a live CD that has the option to run off a RAM drive, update itself by downloading the source files on the web, compile, install, etc. Then has the option of burning the whole updated OS back to another live CD for further propogation.

      Another idea would be to have a distro that scans all the systems on your subnet and offers you a nice GUI to supply passwords so it can use to hack, steal their apps, use their bandwidth, and make them your bitches, etc.

      I rather enjoy the thought of hostile operatin
    • by purplebear ( 229854 ) on Tuesday August 12, 2003 @03:21PM (#6679064)
      You should be able to customize what is on the knoppix cd fairly easy already. If you look at the Knoppix cheatcodes, for manipulating hardware detection, there is a note in there about remastering the cd:

      If you wish to remaster the CD, please don't forget to specify
      -b KNOPPIX/boot.img
      for the german version of the bootfloppy, or
      -b KNOPPIX/boot-en.img
      for the english version, as option to mkisofs. Otherwise your CD
      won't be bootable. The directory KNOPPIX, containig the compressed
      filesystem file "KNOPPIX", must be located in the top level
      directory of the CD.


      So, just take the knoppix ISO, copy to disk and modify away. Then use mkisofs with the -b flag to make your new custom ISO. :)
    • Re:live CDs are nice (Score:3, Informative)

      by jafiwam ( 310805 )
      Not that I know anything about it (still playing with Knopppix) but there is Debian based Knoppix like thing that lets you customize the CDs first.

      Again, not that I have tried it. Here's a link:

      Morphix [sourceforge.net]
  • Fluxbox (Score:5, Informative)

    by Blangopolis ( 695958 ) on Tuesday August 12, 2003 @02:31PM (#6678543)
    The window manager that LAS is using, fluxbox, is a truly great window manager. I think that it is one of my favorites. It basically is an extension of the blackbox window manager. I was actually reading a review [newsforge.com] on it earlier.

    Overall, this is a great new window manager, that will perform well on lower end machines.

  • by Creepy Crawler ( 680178 ) on Tuesday August 12, 2003 @02:31PM (#6678544)
    ::::: New Mirrors Added! :::::

    L.A.S. 0.4a Main with FluxBox MD5: 0939d7294035b5246bedbce1085bb1e1

    http://lightning.chem.tue.nl/las/l.a.s_0.4a_MAIN .i so -The Netherlands

    http://sarovar.org/mirrors/knoppix-las/l.a.s_0.4 a_ MAIN.iso -India/Asian Pacific

    http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.4a_MA IN .iso -USA

    L.A.S. 0.3b Main MD5: f47150d2458c78169a65458bcf8ebf96

    http://lightning.chem.tue.nl/las/l.a.s_0.3b.iso

    http://sarovar.org/mirrors/knoppix-las/l.a.s_0.3 b. iso

    http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.3b.is o

    L.A.S. 0.3b SECSERV MD5: ff412734492e39d1d084ced556a47493

    http://lightning.chem.tue.nl/las/l.a.s_0.3b_SECS ER V.iso

    http://sarovar.org/mirrors/knoppix-las/l.a.s_0.3 b_ SECSERV.iso

    http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.3b_SE CS ERV.iso
  • Excellent. :) (Score:5, Interesting)

    by numbski ( 515011 ) * <numbski@@@hksilver...net> on Tuesday August 12, 2003 @02:32PM (#6678553) Homepage Journal
    I'm getting to really love these things. If it's got ssh, scp, ethereal, port scanner, and a few other goodies, this thing's gonna rock.
  • by Rosco P. Coltrane ( 209368 ) on Tuesday August 12, 2003 @02:34PM (#6678574)
    I have a script on my box that puts the eth0 interface down and back up every 3 minutes to break the connection of any evil pirate who might haNO CARRIER
  • USB flash version (Score:5, Interesting)

    by Kegetys ( 659066 ) on Tuesday August 12, 2003 @02:39PM (#6678637) Homepage
    How about an version that you can (easily) put on an USB flash memory card and boot from there?
  • by Anonymous Coward on Tuesday August 12, 2003 @02:41PM (#6678661)
    This sounds a LOT like F.I.R.E. (http://fire.dmzs.com) which I've found to be extremely useful, and highly recommend for forensics, pen testing, and other practical security efforts.
  • by dodell ( 83471 ) <{moc.scinortetis} {ta} {lledod}> on Tuesday August 12, 2003 @02:42PM (#6678673) Homepage
    In the real world, you don't always have permission to take a box down to perform forensics. Rebooting == downtime. Booting into Linux from a CD to inspect == downtime. When you *are* granted permission to take down a box for forensics analysis (you have to get permission in a search warrant for this, or permission from the company that wants you to investigate, but this is rarely feasable), you'll probably be working for a large firm that can afford forensics tools that cost tons of cash and do much more advanced forensics analysis than the forensics software for Linux.

    This sounds more like another goodies CD for people to mess around with at school. Or perhaps something to give people Linux demos with. Who knows. I wouldn't market it as a forensics tool, though.
    • Or more simply....a hacking tool.
    • I think the idea of this is to grab a random PC on the network and use it for testing, like Mary Thesecretary's P4/3ghz that is used for daily reports and word processing. I don't really think they want you to take down the core servers to run tests, if you do that then you don't have anything to test against.
    • you'll probably be working for a large firm that can afford forensics tools that cost tons of cash and do much more advanced forensics analysis than the forensics software for Linux.

      If I'm working for a cash rich company, why can't I use the free toolkit and pocket the extra money set aside for "tools"?
    • by Anonymous Coward

      I may be missing something here, but it sounds like you're describing a scenario where a machine has been compromised, and you're discussing what should be done afterwards. If you're describing something else, everyone should just ignore the rest of this article. Otherwise...

      If a system has been compromised, then you can't afford not to take it down. In my book, any system that has been compromised is already down and should never be put back on the network again. At least not until you have done for

      • I agree. If a system has been compromised, it should be immediately removed from the network. I'm referring to situations in which a computer has not necessarily been compromised, but contains "sensitive" "wiped" data. In these situations, it may not be feasable to remove the box from the network.
    • I work with this stuff, and just plain ol' Knoppix is tool #1 or 2 for incident/post-mortem. You are way off base in your assumptions. Especially if you think small banks and insurance companies are budgeting copies of Encase for the InfoSec staff.
    • by chef_raekwon ( 411401 ) on Tuesday August 12, 2003 @03:22PM (#6679074) Homepage
      i agree with your statement to some extent...you won't be downing a server to run some silly tools that you can run on the server...

      but, if you are a "security consultant", you simply need to show up, on-site with your mini-cd, and proclaim that all matters will be quickly resolved...as soon as you comandeer the secretary's pc.....
      (and quickly reboot it.) .....
      i dunno.
    • by MoralHazard ( 447833 ) on Tuesday August 12, 2003 @05:23PM (#6680397)
      Oh, really? Since when does "advanced forensics [sic] analysis" involve expensive tools? What forensic company do you work for, anyway, that you'd have the experience to make such a sweeping generalization? Oh, wait... you DON'T work for a forensic company--you build servers for a living.

      I've worked six jobs in the last four months using Unix tools, and used various combinations of dd, netcat, ssh, mount, losetup, grep, and the other unix basics to wonderful effect on every one. They don't really ever fail on account of bugs or arbitrary limit conditions (can't handle files bigger than X MB, for instance), and they're terribly simple to troubleshoot. Oh, and there's nothing like an open-source tool for when you have to walk into court and answer the question "So, Mr. Expert-Computer-guy, how do you KNOW that this software did what you said it did?" It takes the wind out of an attorney's sails when you whip out the printed source code to md5sum and start walking him through it.

      I've used the $90K forensic tools from the high-profile companies, and they work OK. Not great , though. EnCase, one of the more popular LE programs, has been plagued with bugs in the latest major version. Also, they're restricted to Windows and Mac analysis, so you're out of luck if you get a Linux machine. Oh, and don't even bother with tech support unless you're a true idiot who has failed to plug in his computer--one time, their IDE write-blocking interface was forcing drives into PIO mode (and taking 40 hours to copy a 10 GB hard drive!), and their phone tech suggesting that I try "www.hardforum.com" for technical advice. Talk about pure shit.

      Most of the other insanely expensive tools that I've used have similar issues: limited platform support, buggy out the ass, and crappy tech support. The last isn't their fault so much, because most people using forensic tools are advanced enough that they won't be helped by any by the best--and the best technical/forensic people are expensive. But the bugs, oh god, the bugs!

      There are a few tools that the USAF's OSI put into public domain usage that are handy, but really, you just need a linux machine with dd, ssh, netcat, and a custom kernel.
      • No, I don't build servers for a living, I administrate them. I think you would agree that this job does require some amount of knowledge of computer forensics. And, to clarify further, I *am* discussing situations dealing with Windows computers.

        Agreed, many of the more "advanced" forensic utilities are somewhat lacking in certain areas, but there are cases in which they are really the only way to get the job done. And I've come across many situation in which it is not feasable to take the box down.
    • Taking a box offline may not be an option in a lot of environments, but I can think of several cases in which this would be very useful.

      1. Small/home/project server
        One of my private servers was taken over once. Very un-nice thing, resulting in several months of frustrating interaction with network provider until we figured out we'd been rootkitted. We reinstalled everything from scratch and did our best to lock it down, but it still would have been nice to have a handy forensics tool to pop on the 'doze
  • I have only dabbled in Linux so excuse my ignorance, but some of these apps seem rather important. Why aren't they included in the various Linux distributions? Or are they just better incarnations of included software?

    • I think the point of the Live CD is to let people use these tools without having to actually install Linux on their computer. Versions of all of these tools are available with pretty much every other Linux distro. It's just a way to use this software without dedicating a machine, or even part of a machine to Linux.
    • by Anonymous Coward

      The point is, when something has gone wrong with your system -- like for example that it's been taken over by an intruder, you can boot up and try to do stuff, but you never know what kinds of traps the intruder may have left for you. Maybe they just looked around and did nothing, or maybe they've left behind special code so that just running a regular program or even just booting up might cause your entire hard drive to be erased. What you want to do in that kind of situation is boot off a different volu

  • Downtime (Score:4, Insightful)

    by Bruha ( 412869 ) on Tuesday August 12, 2003 @02:50PM (#6678762) Homepage Journal
    Someone earlier said companies cannot afford downtime. True but in most corporate enviroments there are plenty of boxes to take over the job of the hacked box most times and in the event that there's no backup most serious hackings will require the downtime anyways to investigate and fix the issue.

    Can you imagine if a credit card database was hacked and they said just bring it back up?
  • by Tumbleweed ( 3706 ) on Tuesday August 12, 2003 @03:18PM (#6679026)
    Newer mini-CDs now fit up to 210Meg, FYI.

    And they have R/W versions, as well. Nifty!

    I always thought something like these would make great floppy replacements, but it looks like USB flash drives are gonna do that first. That's OK - solid state storage rawks, and their capacity is already well over that of even the 210Meg CD-R(/W) mini-CDs.

    Here's to hoping they come out with FireWire '2' (IEEE1394.b) flash drives! *cheers*
  • Also featured on slashdot recently:

    http://www.knoppix-std.org/ [knoppix-std.org].

    -- PhoneBoy

  • Just like Trinux (Score:2, Informative)

    by DrugCheese ( 266151 )
    I used to use an old floppy based distro called Trinux. On about 3 floppies I had X server + GUI web browser and some network tools to do some testing. I think it was flown as a security tool distro but I used it mainly for network troubleshooting. Still ahve the floppies but I think the site and distro have died.
    Anyone know what I'm talking about?
  • At the Nessus site:
    "A security scanner is a software which will audit remotely a given network and determine whether bad guys (aka 'crackers') may break into it, or misuse it in some way."

    It fails to mention that Nessus maintains a database of all security violations that can be parsed by Hackers in the know.

    WAAAHAAAHAAA... (cough) (cough) (cough)
  • by MacEnvy ( 549188 ) <{moc.iksnicob} {ta} {iksnicobj}> on Tuesday August 12, 2003 @04:56PM (#6680182) Journal
    I'm typing this right now in the "Links" browser. It's fast, it looks good, it has most of the tools I use (Nessus, Ethereal, XMMS, Firebird). I might just mod this and carry it with me instead of using other people's machines when I'm doing diagnostics. It picked up my wireless correctly and everything.

    Have fun with this one, kids.
  • I'm not impressed (Score:3, Informative)

    by frovingslosh ( 582462 ) on Tuesday August 12, 2003 @05:53PM (#6680624)
    OK, I'm running it right now. I'm not very impressed. The menu does not list all of the included apps (none of the security apps, the very reason for this, as far as I can tell. It (the menu) does have stuff I don't want, including a lame game, a spreadsheet, a winamp clone and some other stuff, but not the security stuff!

    I got a shell running, but there seems to be no man command and no documentation for some things in the menu, like the TinyIRC client. Obviously since I'm posting this from the running ISO there must be a web browser, but I had never used "links" before, so it was not easy to find. How I find the security tools supposedly built into this I have no idea. I did get a GUI ethereal running by bringing up a shell and typing in ethereal, but I just don't know what else is here (and what isn't).

    By the way, I have network issues when booting Knoppix on this computer, so I booted this ISO with the "Knoppix expert" option. Or at least I tried to. Although it prompted me for the boot option, it ignored it after I typed it in.

  • OpenBSD? (Score:2, Insightful)

    by megaversal ( 229407 )
    If they're trying to offer a secure server Linux distro, you'd think they'd run their webserver on that instead of OpenBSD.

A conclusion is simply the place where someone got tired of thinking.

Working...