[Dshield] Remote incident handling tool

Chris Brenton cbrenton at chrisbrenton.org
Mon Nov 28 21:38:18 GMT 2005


On Mon, 2005-11-28 at 11:13 -0800, Pete Cap wrote:
>
>  What we're going to do is create a Linux LiveCD containing all the tools we want  (snort, nessus, cheops-ng, etc.) in an ISO.

Humm. Sounds like knoppix-std. 
http://www.knoppix-std.org/

>  Now, this CD will have some capability to where we can remotely administer it

So, knoppix-std with sshd running by default with port forwarding
enabled. 

>  We would need to set it up so that while the ISO was readily available, not just anyone could use it (or at least, not to exchange information with the "home base" network).

So, knoppix-std with sshd running by default, port forwarding enabled,
and a separately distributed set of public/private & host keys to
control access. Check out:
http://www.stearns.org/

for some great SSH info and ideas.

>  Does this sound technically feasible? 

Sure does. Its will take some prep work but is certainly doable. Grab a
copy of "Knoppix Hacks" published through O'Reilly. That will get you
going in the right direction.

HTH,
Chris




More information about the list mailing list