SecurityLiveCD

This project is closed. Please see https://launchpad.net/nubuntu instead.

Summary

The purpose of this project is to have an Ubuntu LiveCD with useful network security tools. Current version is 0.1 (Nov 9, 2005) based on Ubuntu 5.10 LiveCD

Contributors welcome. Launchpad page: https://launchpad.net/people/ubuntu-securitylivecd

Applications to Install

Some places to start:

Note: some applications are not going to make much sense in a LiveCD to use on the field but it's good to have them as learning/teaching/demo tools.

Applications and Data to Take Out

From Gnome menu:

Applications:

  • accessories:
  • Games: (all)
  • Graphics: (all)
  • Internet: (all except firefox)
  • office: (all)
  • sound & video: (all)

  • system tools:
    • Applicatins menu editor
    • Bug report tool

System:

  • preferences?

Other: languages (leave English only)

Creation of Version 0.1 of Ubuntu Security LiveCD

Notes about the creation of this CD:

  • Used instructions from: https://wiki.ubuntu.com//LiveCDCustomizationHowTo/

  • At this point I want the candidate applications to be installed must be available using apt-get from available repositories (including universe).
  • kernel version is 2.6.12-9.21

Installed

Note: names used are the names of the packages (sometimes is different from the user application. Some version numbers are added for reference).

Note: this should be group in something like:

  • Intrusion Detection
  • Vulnerabililty Assessment
  • Forensics
  • Network utilities
  • Other

Note: add links to items in this list.

  • nmap 3.81
  • nessus 2.2.4
  • chkrootkit 0.45
  • tcpdump (already there)
  • kismet
  • ethereal
  • etherape
  • seahorse
  • nemesis
  • airsnort
  • curl
  • arping
  • arpwatch
  • clamav
  • nbtscan
  • nikto
  • p0f
  • siege 2.61
  • snort
  • netcat (already there)
  • httptunnel
  • netsed
  • dsniff
  • ngrep
  • john
  • wenglish
  • linneighborhood
  • ntop
  • smbclient, smbfs (already there)
  • tcptrack
  • swatch
  • honeyd
  • labrea
  • biew
  • fenris
  • foremost
  • wipe
  • zebedee

Not in repositories: (some will be added in a later version)

  • airtraf
  • hydra
  • arpfetch
  • arpspoof
  • exodus
  • firewalk
  • ncpquery
  • screamingcobra
  • airsnarf
  • icmpshell
  • shadyshell
  • stegtunnel
  • tcpstatflow
  • snot
  • ipmagic
  • gspoof
  • packetto
  • aimsniff
  • filesnarf
  • mailsnarf
  • msgsnarf
  • urlsnarf
  • webspy
  • chntpw
  • cmospwd
  • pwl9x
  • rcrack
  • argus
  • cdpr
  • acid
  • logsnorter
  • md5sum
  • thd
  • bsed
  • fatback
  • md5deep
  • pasco
  • readdbx
  • readoe
  • rifiuti
  • secure_delete
  • dnsspoof
  • hping2

To be added later:

  • Paketto Keiretsu
  • amap

Taken Out

Note: Using dpk --purge

Note: Based in list from: http://svn.gnome.org/viewvc/livecd-project/trunk/remaster.conf?revision=71&view=markup

  • ubuntu-desktop
  • openoffice.org2 (move to end?)
  • openoffice.org2-base
  • openoffice.org2-math
  • openoffice.org2-impress
  • openoffice.org2-gnome
  • openoffice.org2-calc
  • openoffice.org2-writer
  • openoffice.org2-draw
  • openoffice.org2-evolution
  • python-uno
  • openoffice.org-common -core NO!!
  • evolution-exchange
  • evolution-plugins
  • evolution
  • gimp
  • ttf-baekmuk & /usr/share/fonts/truetype/baekmuk

  • xscreensaver-gl
  • xscreensaver
  • update-notifier
  • update-manager
  • parted
  • mutt (not installed)
  • fetchmail
  • ttf-kochi-mincho
  • ttf-kochi-gothic & /usr/share/fonts/truetype/kochi

  • rss-glx

This list has to increment.

Creation of CD

I got an error while doing $ umount /mnt "device is busy"; to find the processes that are using the partition I did: $ fuser -u /mnt, and that gave me the PIDs of those programs (they were: arpwatch, freshclam -that's clamAV- and snort), In order to terminate them I can kill them or do $ fuser -k /mnt

Extra things to delete in extracted_cd:

There are lots of stuff to rm. At this point I only deleted:

  • /doc/install/manual
  • /programs/openoffice/

There's many things that need revisiting here.

NOTE: testing with qemu (qemu -cdrom liveimage.iso -boot d) didn't work

Testing

Created CD "version 0.1" booted fine; operating system works well.

Size is 540.8 MB

Testing of added programs:

There where problems with some graphical applications. Some need to be configured before burning CD.

Graphical:

  • seahorse OK
  • etherape OK
  • ethereal NO: "Could not set capabilities: Operation not permitted"
  • ntop NO: cannot write to /var/lib/ntop/prefsCache.db
  • nessus NO: "could not open a connection to localhost" (no server running?)
  • airsnort OK? (starts, no wifi)
  • linneighborhood (LinNeighborhood) OK

CLI:

  • chkrootkit OK
  • curl OK
  • arping OK
  • arpwatch OK
  • clamav OK
  • nbtscan OK
  • nikto OK
  • p0f OK
  • siege OK
  • snort OK (sudo snort -h 192.168.0.0/24 -c /etc/snort/snort.conf
  • netcat (nc) OK
  • httptunnel (htc, hts) OK
  • netsed OK
  • dsniff OK
  • ngrep OK
  • john OK
  • wenglish OK (at /usr/share/dict/american-english)
  • smbclient OK
  • tcptrack OK
  • swatch OK
  • labrea OK
  • biew OK
  • fenris NO: libc mapping problem
  • foremost Ok
  • wipe OK
  • zebedee OK

Version 0.2

For this version we have to improve the two taks:

  • installed programs:
    • make work all of them
    • add important missing tools
  • remove more programs and data

(Dec 8, 05) Let's see if we can have a beta version before next year.

We need a list of infosec applications classified in "must have" (to include in the beta) and "nice to have" (to try adding later on).

Attributes to write about these apps: name, url, size (packaged) and comments if needed

Must Have

Nice to Have

SecurityLiveCD (last edited 2009-02-11 16:53:06 by fduran)