10 Best Security Live CD Distros

Ant writes to tell us Darknet has a summary of the ten best LiveCD distributions dealing with security. With links to download and a little information about each one." An great overview of some handy tools, some you know and probably a few you don't.

Backtrack rules...

[Daxster (854610)]

I've used Auditor extensively in the past year or so, and played around with Slax. Slax is buggy and definitely lacking polish, but it's modular system of scripts and packages make it perfect for a combination of whoppix and Auditor. Now if only proper ndiswrapper modules were included...

Like rain on your weeding day

[BadAnalogyGuy (945258)]

I suppose it's probably safe to trust that the makers of your LiveCD aren't putting little rootkits into the image that automatically get installed to the existing OS image on the hard disk.

LiveCDs are great, but always make sure that the source is trustworthy or you may end up with a bootable CD with Tubgirl as the desktop background. That wouldn't be pleasant. Especially in front of a customer.

Re:Like rain on your weeding day

[by Anonymous Coward]

If it was raining when I wanted to do some weeding, I'd go and tidy the greenhouse instead ;)

Re:Like rain on your weeding day

[Renraku (518261)]

"I suppose it's probably safe to trust that the makers of your LiveCD aren't putting little rootkits into the image that automatically get installed to the existing OS image on the hard disk."

And thus, your stash is found, your company/country loses, and you go to jail for 20 years based off of a chat log.

Assumptions do that..

Re:Like rain on your weeding day

[MooUK (905450)]

Anyone using something like this for the first time in the presence of a customer should have bigger problems than just tubgirl...

Atleast in Kanotix

[poeidon1 (767457)]

it lacked ndiswrapper kernel module though it had ndiswrapper installed. Made it impossible to use it with my wireless network. If it ships with ndiis wrapper it should have had ndiswrapper module or atleast some source where it could be compiled.

Re:Atleast in Kanotix

[poeidon1 (767457)]

Oops, I always end up confusing between knoppix-STD and Kanotix

Re:Atleast in Kanotix

[Filip22012005 (852281)]

No network interface? That's a security feature!

Hmmm

[ShaolinTiger (798138)]

Still up for me?

Load Averages 8.31 6.93 6.18

Re:Hmmm

[HaydnH (877214)]

"Load Averages 8.31 6.93 6.18"

People are complaining that it's being /.ed and you've loaded it 3 times to get load times? You mean mean man =P

slashdotted top ten

[by Anonymous Coward]

1. BackTrack
2. Operator
3. PHLAK
4. Auditor
5. L.A.S Linux
6. Knoppix-STD
7. Helix
8. F.I.R.E
9. nUbuntu
10. INSERT Rescue Security Toolkit
Extra - Knoppix

Re:slashdotted top ten

[zerocool^ (112121)]

I'm running a Knoppix-STD mirror at the Virginia Tech CS Dept Mirror [vt.edu]. I've emailed them back and forth, but they haven't added me to their site. Try not to pound the K-STD site; they don't have a lot of bandwidth. And if you want to download it, I'm probably as reliable, if not more so, than the other mirrors listed.

~Will

No BSD?

[putko (753330)]

What about that OpenBSD-based live CD? Isn't that a top security OS?

Or is this thing only for Linux?

Re:No BSD?

[Professor_UNIX (867045)]

What about that OpenBSD-based live CD? Isn't that a top security OS?

OpenBSD is a strong server operating system but it makes a horrible forensics toolkit base because of the lack of the level of hardware support that Linux enjoys. I'm not bashing it as a server OS since you can pick and choose the best supported components in that environment, but when using it as a forensics tool you have to support a wide variety of very oddball hardware that a desktop or server might contain and Linux is better at doing that.

Re:No BSD?

[Ratbert42 (452340)]

Top secure OS, not top hacker OS.

OliveBSD?

[wick3t (787074)]

Although it's not a linux distribution, surely any live CD based on OpenBSD [paderni.free.fr] deserves a mention!

How about "Live USB Key" distros?

[timeOday (582209)]

Anybody know a distro that's easy to install and run from a USB key?

I've found instructions on doing this for some distros (including Knoppix I think), but the step-by-step was too long and involved.

Re:How about "Live USB Key" distros?

[Mark Clegg (833186)]

I remember reading about on some time ago. - http://runt.mybox.org/ [mybox.org]

Re:How about "Live USB Key" distros?

[spydir31 (312329)]

You can run RIP( (R)ecovery (I)s (P)ossible ) rescue system from a USB key, and you could probably adapt it's instructions to something else
RIP site [tux.org]

Re:How about "Live USB Key" distros?

[farker haiku (883529)]

Check out http://slax.linux-live.org/ [linux-live.org], it's a 185 MB distro. Or you can roll your own [linuxfromscratch.org].

Re:How about "Live USB Key" distros?

[Frogg (27033)]

If i recall correctly, if you boot the latest version of PHLAK there is an icon on the desktop to install a mini version of PHLAK to removable drive.

It worked for me, took only moments, and didn't require any technical shenanigans (beyond knowing where my usb drive was mounted, i think)

This is all from memory, as the PHLAK site seems unavailable right now.

Of course, it's your decision as to whether PHLAK is any good as a general purpose day-to-day linux distro.

Insert Linux

[swtaarrs (640506)]

The best one I've found is Insert Linux [inside-security.de]. Once you download, burn, and boot from the ISO, there's a menu option in fluxbox to install to a usb key. All you have to do is make sure the the first partition on the drive is at least 64MB and it'll do the rest for you, formatting the partition, copying files, and installing the bootloader. I haven't used it a whole lot, but they pack a lot into 60MB.

INSERT is also part of the Ultimate Boot CD.

[Richard Steiner (1585)]

The Ultimate Boot CD [ultimatebootcd.com] is a nice collection of memory, CPU, partition, filesystem, benchmarking, and BIOS utilities, and the "full" version of the UBCD contains INSERT as well as all of the other stuff. Quite a nice collection of utilities and diagnostic software on one CD.

Re:Insert Linux

[permaculture (567540)]

I really want to boot from a USB pen drive. The file downloaded OK and the CD booted OK.
Rightclick desktop and choose "Applications, INSERT, usb-install"
Now a confusing choice, which device: hdx/sdx/ubx?

UBX -> "Error creating EXT2 filesystem"
SDX -> seems to have overwritten my hard drive (no matter, it's a test PC)
HDX -> leave this for later

I think this PC has: sdc, sda1, sda5, sdb1, and sdc - might it be one of those?

Or can you help me use fdisk to check my USB device name? I managed to get a CLI

Re:Insert Linux

[dylan_- (1661)]

Probably /dev/sdb or c. Simple way to check: Leave the thing unplugged on boot. Start up a terminal and type "dmesg"...see what it ends with? Now insert the drive. Type "dmesg" at terminal again. Should have added some stuff about usb-storage where it names the device.

Re:Insert Linux

[permaculture (567540)]

Cheers dylan, that's got me going.

sda1 = HDD partition 1, sda5 = HDD partition 2, sdc = USB

much obliged :)

Re:How about "Live USB Key" distros?

[Xerp (768138)]

There are loads. Personally I use Devil Linux, and in fact, you can run pretty much any distro with tweaking ;) Yes, I know.. you said easy!

The main thing you need to consider is the size of the distro. I'm got a full 512 Mb on my stick, so its not too bad.

Anyway, as far as easy goes - grab Damn Small Linux. Or Feather Linux.

I remember seeing Mandrake Go! or something a while back as well. Haven't tried that one though.

You may also like to head over to Live Distro [livedistro.org] for some light reading!

Re:How about "Live USB Key" distros?

[korbin_dallas (783372)]

Damn Small Linux.

http://www.damnsmalllinux.org/ [damnsmalllinux.org]

Its pretty easy, but its very difficult to separate the 'old' docs from the 'new' info about some sections of the system.

Make a cdrom, boot a box off that, then from the menus, choose to create a bootable usb OR a usb that can be started from within Windows or Linux as a guest OS.

BUT:
Of the many hundreds of computers here I have not found one that would in fact boot from USB!

Running as a Guest OS inside of Windows doesn't provide any Network Access. Now Qemu s

Adios / UML

[Locarius (798304)]

I am suprised that they did not include Adios [qut.edu.au]. The nicest feature is the ability to run multiple Linux kernels in userspace (User Mode Linux). It also comes with heaps of security tools on the LiveCD.

Just throwing security apps on a livecd distro

[walterbyrd (182728)]

Is not all that impressive to me.

Also, it seems to me that a rescue CD should not, by default, boot to a GUI. It slows down the boot, and is not that useful when GUI can not be loaded. People who use these should know how to use the command line.

Re:Just throwing security apps on a livecd distro

[PitaBred (632671)]

I'm sure they do. But a command line has much lower resolution than a full X11 setup, and believe it or not, graphics can sometimes convey more information faster than lines of text (you have heard the picture is worth 1000 words saying, right?). But performance is why the DE's that these use are things like FVWM and Fluxbox rather than KDE for the most part.

Does anyone have the IP address and/or copy?

[pbrammer (526214)]

Looks like their DNS servers are not responding to my queries when I try to resolve www.darknet.org.uk. Does anyone have the IP address of that site? How about a copy of the article? The listed nameservers (ns[12].malaysiablogs.com) appear to be unresponsive.

RO-OS

[Doc Ruby (173196)]

One of the best features of a secure Live CD is that the read-only media prevents attacks from writing to the stored OS (on CD). I'd love to see a virtualization system that reloads the OS from the CD every so often (hours, minutes, seconds) and switches all processes to the new, more trustworthy instance.

Maybe a safer system will just reload a single watchdog instance from the CD, which checks itself against the other running instances.

Any difference would send an alarm out of the system.

Of course, the virtualization layer itself needs authenticity checks. But that might be possible against a CD image, and in any case would be no less secure than without this system I'm describing.

Re:Is it difficult to proofread a submission?

[Jonas56 (814173)]

Even worse, the editor added that comment, as it's outside the quote. Well, at least I assume that's the ending quotation mark, seeing as there's no beginning quotation mark. It is late, maybe he's half asleep.

Re:Is it difficult to proofread a submission?

[digitaldc (879047)]

How difficult would it have been to change this to "A great"?

As difficult as it would be for some to not harp on a simple typo?

Re:Is it difficult to proofread a submission?

[Braino420 (896819)]

uhh, you're kind of in the wrong place. Here, let me redirect you [digg.com].

Re:dang, no mod points to mod this off-topic, lame

[the chao goes mu (700713)]

fizzle bar to dog taco lick?
Couldn't understand that? Perhaps it is because it was gibberish. Perhaps had we agreed on some basic rules of communication it would have been intelligible. But then that would make us "grammar nazis" wouldn't it?
It drives me mad when people insist "don't need no grammer, us talk reel gud neway". Perhaps, for the moment. But without any rules for communication whatsoever we have no way to communicate at all
Worse still, the same people who whine about grammar (or often "gramme

Re:dang, no mod points to mod this off-topic, lame

[by Anonymous Coward]

Can you read this?

Olny srmat poelpe can.

cdnuolt blveiee taht I cluod aulaclty uesdnatnrd waht I was rdanieg. The phaonmneal pweor of the hmuan mnid, aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoatnt tihng is taht the frist and lsat ltteer be in the rghit pclae. The rset can be a taotl mses and you can sitll raed it wouthit a porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe. Amzanig huh? yaeh and I awlyas tghuhot slpeling was ipmorantt!

Fastest whore on the block

[arrrrg (902404)]

Coral Cache [nyud.net]

e-penis??

[by Anonymous Coward]

"...e-penis..."

This is a product I haven't heard of before. I only have a regular penis myself. Perhaps you can enlighten me here:
  - What advantages does an e-penis have over a regular penis?
  - Can you e-mail it to your girlfriend every night when you are on business trips to keep her out of the arms of other men?
  - Is driver support a problem?
  - Can it be overclocked?

Re:e-penis??

[mrogers (85392)]

Can you e-mail it to your girlfriend every night when you are on business trips to keep her out of the arms of other men?

You can, but you should use PGP to avoid the risk of a man-in-the-middle attack.

At least read the title of the articel

[Propaganda13 (312548)]

"10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery)"

The BSD's are not Live CD Distros used for penetration-testing, forensics, or recovery.

Re:At least read the title of the articel

[GomezAdams (679726)]

OpenBSD and FreeBSD have live distros. Don't know about NetBSD. Google is your friend.

Re:*YAWN* ;^O

[RLiegh (247921)]

My guess is that there are only two Live-CD BSD distributions (to the best of my knowledge, at least); freesbie (which isn't security oriented) and one from NetBSD (which I forget the name of, and I'm not even sure is being made any more). There is no Live-CDs from the OpenBSD camp at all.

The article (and therefore, discussion) is about Live-CDs.

Re:*YAWN* ;^O

[kv9 (697238)]

with NetBSD you can build your own [pkgsrc.se]. there also is some desktop centric live cd called NeWBIE [sourceforge.net]

Re:*YAWN* ;^O

[Slashcrap (869349)]

Yeah, I noticed this when i doubled-back and read the article in depth. i read the summary, and looked over the list and was astonished when neither of these BSD distros was mentioned, as they are pretty well known for being a high security distribution.

If you read the article so thoroughly, how did you miss the fact that it was about Live CDs used for security testing? The BSD Live CDs may well be very secure, but they do not come with hundreds of auditing tools. They are therefore out of scope for the art

Re:Kororaa with Xgl, for beauty

[babbling (952366)]

It's crappy in terms of security. Runs the ssh daemon by default.

Re:Kororaa with Xgl, for beauty

[Slashcrap (869349)]

Don't know about security though. But since Xgl is fairly new I wouldn't trust it in a server.

You have missed the point. If it weren't for my unshakeable faith in the Slashdot community, I might even suspect you of not having read the article.

This is about Live CDs designed for security auditing, not the security of Live CDs. Although Nmap with OpenGL support would be pretty cool - watching thousands of Phong shaded, texture mapped SYN packets flying at the target host and either bouncing off or penetrating

Re:Pros & Cons of Live CDs

[Slashcrap (869349)]

It is very good to be security conscious. If you really want to benefit by the advances in Unix, try a secure OS like Tomahawk Desktop.

Initially I thought this was just a really lame astroturf for what is simply yet another minor desktop Linux distro, but then I looked at their site.

Turns out it does have some unique features. For instance not only does it come with a firewall enabled, it comes with a picture of a firewall too! Check this out - http://www.tomahawkcomputers.com/images/inkscape-1 -204.png [tomahawkcomputers.com]

Beat

Re:Attention: a link from 1 LiceCD infected by wor

[PitaBred (632671)]

You know, this might have been an interesting post if it was coherent...