[Dshield] Remote incident handling tool

dan@madjic.net dan at madjic.net
Tue Nov 29 02:22:10 GMT 2005


> On Mon, 2005-11-28 at 11:13 -0800, Pete Cap wrote:
>>
>>  What we're going to do is create a Linux LiveCD containing all the
>> tools we want  (snort, nessus, cheops-ng, etc.) in an ISO.
>
> Humm. Sounds like knoppix-std.
> http://www.knoppix-std.org/

Not to start a religious war but slax, a slackware based live Linux that
is much easier to modify / maintain than the knoppix based distros since
it is a modular design.
Have a look at: slax.linux-live.org

have fun
Dan

>
>>  Now, this CD will have some capability to where we can remotely
>> administer it
>
> So, knoppix-std with sshd running by default with port forwarding
> enabled.
>
>>  We would need to set it up so that while the ISO was readily
>> available, not just anyone could use it (or at least, not to exchange
>> information with the "home base" network).
>
> So, knoppix-std with sshd running by default, port forwarding enabled,
> and a separately distributed set of public/private & host keys to
> control access. Check out:
> http://www.stearns.org/
>
> for some great SSH info and ideas.
>
>>  Does this sound technically feasible?
>
> Sure does. Its will take some prep work but is certainly doable. Grab a
> copy of "Knoppix Hacks" published through O'Reilly. That will get you
> going in the right direction.
>
> HTH,
> Chris
>
>
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list