[Dshield] Remote incident handling tool

byte snagger bytesnagger at gmail.com
Thu Dec 1 15:59:24 GMT 2005


Dan's makes a great mention of the SLAX LiveCD and the Linux Live 
scripts. The slax modular design makes is very easy to customize your 
own LiveCD.  The URL to visit is http://www.linux-live.org/ with the 
sites intro stating that "Linux Live is a set of shell scripts which 
allows you to create own LiveCD from every Linux distribution. Just 
install your favourite distro, remove all unnecessary files (for example 
man pages and all other files which are not important for you) and then 
download and run these scripts."  I have easily modified both the SLAX 
http://slax.linux-live.org) and WHAX (http://www.iwhax.net)ISOs to suit 
my various needs.  Also, there has already been talk of merging the WHAX 
and Auditor projects in the WHAX forums, 
http://forum.remote-exploit.org/viewtopic.php?p=5488#5488

On a side note, has anyone read/skimmed the book "Penetration Tester's 
Open Source Toolkit", http://www.syngress.com/catalog/?pid=3330

dan at madjic.net wrote:
>>On Mon, 2005-11-28 at 11:13 -0800, Pete Cap wrote:
>>
>>> What we're going to do is create a Linux LiveCD containing all the
>>>tools we want  (snort, nessus, cheops-ng, etc.) in an ISO.
>>
>>Humm. Sounds like knoppix-std.
>>http://www.knoppix-std.org/
> 
> 
> Not to start a religious war but slax, a slackware based live Linux that
> is much easier to modify / maintain than the knoppix based distros since
> it is a modular design.
> Have a look at: slax.linux-live.org
> 
> have fun
> Dan
> 
> 
>>> Now, this CD will have some capability to where we can remotely
>>>administer it
>>
>>So, knoppix-std with sshd running by default with port forwarding
>>enabled.
>>
>>
>>> We would need to set it up so that while the ISO was readily
>>>available, not just anyone could use it (or at least, not to exchange
>>>information with the "home base" network).
>>
>>So, knoppix-std with sshd running by default, port forwarding enabled,
>>and a separately distributed set of public/private & host keys to
>>control access. Check out:
>>http://www.stearns.org/
>>
>>for some great SSH info and ideas.
>>
>>
>>> Does this sound technically feasible?
>>
>>Sure does. Its will take some prep work but is certainly doable. Grab a
>>copy of "Knoppix Hacks" published through O'Reilly. That will get you
>>going in the right direction.
>>
>>HTH,
>>Chris
>>
>>
>>_________________________________________
>>Using .Net? Need to know more about .Net Security?
>>http://isc.sans.org/banner_count.php?dest=dotnet
>>
>>_______________________________________________
>>send all posts to list at lists.dshield.org
>>To change your subscription options (or unsubscribe), see:
>>http://www.dshield.org/mailman/listinfo/list
> 
> 
> 
> 
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 


More information about the list mailing list