Security auditing tools?
John Richard Moser
nigelenki at comcast.net
Wed Feb 22 17:45:37 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mario Đanić wrote:
>
>
> On 2/22/06, *John Richard Moser* <nigelenki at comcast.net
> <mailto:nigelenki at comcast.net>> wrote:
>
>> I've noticed there's a LOT of LiveCDs out there like Auditor, Whax, and
>> Backtrack. There's also the Knoppix STD and Whoppix laying around out
>> there. Each of these provides a drop-in Live environment from which
>> you
>> can run password crackers, vulnerability scanners (nessus), and in some
>> cases even hurl exploit code (metasploit) at the machines you're
>> testing.
>>
>> Historically these tools are very difficult to install and configure on
>> a typical system. Nessus requires a server be set up with new users
>> added, for example; while Auditor auto-configures nessusd and activates
>> it on first run of Nessus. So the long and short of it comes out to be
>> that these LiveCDs come with all of this stuff pre-configured, with
>> update scripts laying around for things like Nessus (grab new security
>> plug-ins) and amap (grab new application banner databases).
>>
>> Ubuntu seems to have several branches. There's a base desktop branch,
>> an educational branch, a KDE desktop branch, a server branch, a small
>> business server branch, etc. Would it be infeasible to consider a
>> security auditing branch which packages up security tools and initial
>> configuration helpers ( i.e. "get a dictionary for john the ripper,"
>> "Copy local users to nessus user list," "update interface for
>> Nessus/nmap/amap databases/plugins" etc)? I may be going out on a limb
>> here; I haven't considered that I may be the only person in the world
>> who would find this useful.
>>
> Hello,
> it seems that nUbuntu (which is not affliated with Canonical, neither
> Ubuntu) is the shoot you need.
nUbuntu is another LiveCD. I was more looking for something more of an
install base. The basic idea is the system would install like Ubuntu,
minus gaim, openoffice.org, xchat, gimp, ekiga, gnome-games, rhythmbox,
serpentine, sound juicer, and totem. It would additionally install
several network security auditing tools.
The advantage here is that the tools can be updated as released, via
ubuntu-backports or such. Also various definitions files like John the
Ripper dictionaries, banner data for amap, or Nessus plug-ins could be
kept up-to-date. It's very possible for someone to walk into a pen-test
environment on a system or network that was flagged as dangerous (i.e.
leaking confidential information) and disconnected from the Internet;
this makes dropping in a 5 month old LiveCD and updating all your tools
rather infeasible. Bringing a loaded up laptop would be highly useful here.
Another more specific advantage is that existing Ubuntu installations
could just have the seed package installed to load ubuntu-desktop up,
similar to how ubuntu can have kubuntu-desktop installed and full
support KDE and GNOME at the same time.
Ah well, I guess most of the security guys prefer carrying around
LiveCDs; they're more forensically sound anyway.
> Best regards,
> Mario
- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
Creative brains are a valuable, limited resource. They shouldn't be
wasted on re-inventing the wheel when there are so many fascinating
new problems waiting out there.
-- Eric Steven Raymond
We will enslave their women, eat their children and rape their
cattle!
-- Evil alien overlord from Blasto
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFD/KNAhDd4aOud5P8RApo3AJ9UJYi0O4vtUdi9pz7YcC3akiqwngCfb4ci
svs9N+V+aKbitVoOihIH+a0=
=biuz
-----END PGP SIGNATURE-----
More information about the ubuntu-devel
mailing list