[Dshield] Remote incident handling tool
dan at madjic.net
Tue Nov 29 02:22:10 GMT 2005
> On Mon, 2005-11-28 at 11:13 -0800, Pete Cap wrote:
>> What we're going to do is create a Linux LiveCD containing all the
>> tools we want (snort, nessus, cheops-ng, etc.) in an ISO.
> Humm. Sounds like knoppix-std.
Not to start a religious war but slax, a slackware based live Linux that
is much easier to modify / maintain than the knoppix based distros since
it is a modular design.
Have a look at: slax.linux-live.org
>> Now, this CD will have some capability to where we can remotely
>> administer it
> So, knoppix-std with sshd running by default with port forwarding
>> We would need to set it up so that while the ISO was readily
>> available, not just anyone could use it (or at least, not to exchange
>> information with the "home base" network).
> So, knoppix-std with sshd running by default, port forwarding enabled,
> and a separately distributed set of public/private & host keys to
> control access. Check out:
> for some great SSH info and ideas.
>> Does this sound technically feasible?
> Sure does. Its will take some prep work but is certainly doable. Grab a
> copy of "Knoppix Hacks" published through O'Reilly. That will get you
> going in the right direction.
> Using .Net? Need to know more about .Net Security?
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list