[Dshield] Remote incident handling tool
cbrenton at chrisbrenton.org
Mon Nov 28 21:38:18 GMT 2005
On Mon, 2005-11-28 at 11:13 -0800, Pete Cap wrote:
> What we're going to do is create a Linux LiveCD containing all the tools we want (snort, nessus, cheops-ng, etc.) in an ISO.
Humm. Sounds like knoppix-std.
> Now, this CD will have some capability to where we can remotely administer it
So, knoppix-std with sshd running by default with port forwarding
> We would need to set it up so that while the ISO was readily available, not just anyone could use it (or at least, not to exchange information with the "home base" network).
So, knoppix-std with sshd running by default, port forwarding enabled,
and a separately distributed set of public/private & host keys to
control access. Check out:
for some great SSH info and ideas.
> Does this sound technically feasible?
Sure does. Its will take some prep work but is certainly doable. Grab a
copy of "Knoppix Hacks" published through O'Reilly. That will get you
going in the right direction.
More information about the list