Security Basics mailing list archives
RE: exposure to bootable Linux distros
From: "JTH" <jth () visi com>
Date: Tue, 16 Mar 2004 10:37:55 -0600
Does it have an hd installation tool as Knoppix? If so, does it get installed reasonably secured (like old knoppix versions) or does it do like the new knoppix versions (starting in some version of those 3.3) that logs automaticly, opens shells as root with no password and does not let people logout and stuff like that?
This info is knoppix-std specific, (based on knoppix 3.2, I think) as I don't use straight-up knoppix. When installed to hd, Knoppix lets you log out just fine. As a livecd, it reboots upon logout. And the root/"passwordless" terminal is because SUDO is set up to not require password reentry. This can be altered on one line using visudo.
Or, in other words, is it good to install, or is it like Knoppix, that got better as a live-cd but now sucks when we're talking about an hd-install?
I think it's still damn fine installed to hd. But that's just me.
-----Original Message----- From: Marcos D. Marado Torres [mailto:marado () student dei uc pt] Sent: Thursday, March 11, 2004 5:48 PM To: Greg Tracy Cc: security-basics () securityfocus com Subject: Re: exposure to bootable Linux distros -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does it have an hd installation tool as Knoppix? If so, does it get installed reasonably secured (like old knoppix versions) or does it do like the new knoppix versions (starting in some version of those 3.3) that logs automaticly, opens shells as root with no password and does not let people logout and stuff like that? Or, in other words, is it good to install, or is it like Knoppix, that got better as a live-cd but now sucks when we're talking about an hd-install? Keep the good work, Mind Booster Noori - -- ================================================== Marcos Daniel Marado Torres AKA Mind Booster Noori /"\ http://student.dei.uc.pt/~marado \ / marado () student dei uc pt X ASCII Ribbon Campaign / \ against HTML e-mail and Micro$oft attachments ================================================== On Wed, 10 Mar 2004, Greg Tracy wrote:I've had a lot of experience with a wide variety of these (live CDs),and amin fact playing around with remastering Knoppix for my young son to useforeducational games. If you like PHLAK, you'll love Knoppix-STD (Security Tools Distribution). http://knoppix-std.org It's a more mature release and has better hardware detection, as well as better support for wireless tools out of the box. The most recentreleaseboots into fluxbox by default and offers a web page that opens on bootthatlists and explains all the tools included on the CD. It's a lighterweightdistro and has a pretty large following. A CD that is popular with a friend who is involved in forensics isF.I.R.E.(forensic and Incident Response Environment). I haven't used itpersonally,but I'm aware that some of it's freatures are bundled in STD and PHLAK.It'sat: http://fire.dmzs.com/ GregFrom: "Jim Clark" <jclark () cmanet org> Date: Thu, 4 Mar 2004 17:17:24 -0800 To: "Chris Halverson" <chris.halverson () encana com>, <security-basics () securityfocus com> Subject: RE: exposure to bootable Linux distros Am currently testing PLAK. So far greatly impressed. It is a little hard at first but the tools are phenominal. FWIW. -----Original Message----- From: Chris Halverson [mailto:chris.halverson () encana com] Sent: Thursday, March 04, 2004 9:20 AM To: security-basics () securityfocus com Subject: exposure to bootable Linux distros Has anyone had exposure to Operator (built from Knoppix) or PHLAX? I haven't been able to download and try them but it was brought up inoneof my classes that I am taking. What purposes do you pentest with these? External perimeter security, DMZ or internal? How would you block non-authorized users from utilizing these? (withtheexception of BIOS password protection and disabling the floppy, usbandcdrom boot capabilities) --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expertinstructors.Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of yourorganization.Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- ---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545offany course! All of our class sizes are guaranteed to be 10 students orlessto facilitate one-on-one interaction with one of our expertinstructors.Attend a course taught by an expert instructor with years of in-the-fieldpen testing experience in our state of the art hacking lab. Master theskillsof an Ethical Hacker to better assess the security of yourorganization.Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545offany course! All of our class sizes are guaranteed to be 10 students orlessto facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-fieldpen testing experience in our state of the art hacking lab. Master theskillsof an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------------BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFAUPqumNlq8m+oD34RAi9qAKC5BoZDc2SNp3I9y7f/RtC+UVz+xACcCqpy klFjiOdz6duETZl/ibfUnd0= =yrZf -----END PGP SIGNATURE----- -------------------------------------------------------------------------- - Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------- --
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- exposure to bootable Linux distros Chris Halverson (Mar 04)
- <Possible follow-ups>
- RE: exposure to bootable Linux distros Jim Clark (Mar 08)
- Re: exposure to bootable Linux distros Greg Tracy (Mar 11)
- Re: exposure to bootable Linux distros Marcos D. Marado Torres (Mar 12)
- RE: exposure to bootable Linux distros JTH (Mar 16)
- Re: exposure to bootable Linux distros Greg Tracy (Mar 11)
- Re: exposure to bootable Linux distros Eric Brown (Mar 12)