[Dshield] Remote incident handling tool
bytesnagger at gmail.com
Thu Dec 1 15:59:24 GMT 2005
Dan's makes a great mention of the SLAX LiveCD and the Linux Live
scripts. The slax modular design makes is very easy to customize your
own LiveCD. The URL to visit is http://www.linux-live.org/ with the
sites intro stating that "Linux Live is a set of shell scripts which
allows you to create own LiveCD from every Linux distribution. Just
install your favourite distro, remove all unnecessary files (for example
man pages and all other files which are not important for you) and then
download and run these scripts." I have easily modified both the SLAX
http://slax.linux-live.org) and WHAX (http://www.iwhax.net)ISOs to suit
my various needs. Also, there has already been talk of merging the WHAX
and Auditor projects in the WHAX forums,
On a side note, has anyone read/skimmed the book "Penetration Tester's
Open Source Toolkit", http://www.syngress.com/catalog/?pid=3330
dan at madjic.net wrote:
>>On Mon, 2005-11-28 at 11:13 -0800, Pete Cap wrote:
>>> What we're going to do is create a Linux LiveCD containing all the
>>>tools we want (snort, nessus, cheops-ng, etc.) in an ISO.
>>Humm. Sounds like knoppix-std.
> Not to start a religious war but slax, a slackware based live Linux that
> is much easier to modify / maintain than the knoppix based distros since
> it is a modular design.
> Have a look at: slax.linux-live.org
> have fun
>>> Now, this CD will have some capability to where we can remotely
>>So, knoppix-std with sshd running by default with port forwarding
>>> We would need to set it up so that while the ISO was readily
>>>available, not just anyone could use it (or at least, not to exchange
>>>information with the "home base" network).
>>So, knoppix-std with sshd running by default, port forwarding enabled,
>>and a separately distributed set of public/private & host keys to
>>control access. Check out:
>>for some great SSH info and ideas.
>>> Does this sound technically feasible?
>>Sure does. Its will take some prep work but is certainly doable. Grab a
>>copy of "Knoppix Hacks" published through O'Reilly. That will get you
>>going in the right direction.
>>Using .Net? Need to know more about .Net Security?
>>send all posts to list at lists.dshield.org
>>To change your subscription options (or unsubscribe), see:
> Using .Net? Need to know more about .Net Security?
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list