From Fedora Project Wiki
(Add sectool to our package list)
m (internal link cleaning)
 
(2 intermediate revisions by 2 users not shown)
Line 6: Line 6:
-->
-->


= Fedora Security LiveCD =
This page has been moved to:
 
[[SecuritySpin]]
 
 
== Goals ==
* To provide a fully functional livecd based on Fedora for use in security auditing, forensics research, and penetration testing.
 
== Features ==
* All of the security [[Security/Features|  features]]  and [http://fedoraproject.org/wiki/LukeMacken/SecurityLiveCD?action=show#head-27b097ac2a10288e938becca54b2a72df8175279 tools]  Fedora has to offer
* Features from the [http://fedoraproject.org/wiki/FedoraLiveCD FedoraLiveCD]
* Ability to install directly to hard drive
 
== Spinning your own ==
<pre>
$ hg clone http://hg.lewk.org/security-livecd
</pre>
Making changes to the LiveCD is as simple as modifying the '''livecd-fedora-security.ks''' configuration file.
 
== Contributing ==
You can help with this project by writing RPMS for packages in the Wishlist, reviewing existing new package reports, tweaking the livecd configuration, among many other things.
 
Send patches, suggestions, etc to LukeMacken.
 
== Software ==
=== Available ===
The following packages currently exist in Fedora and are on the Security LiveCD.
{| border="1"
|- style="color: white; background-color: #3074c2; font-weight: bold"
| '''Software''' || '''Description'''
|- ||style="color: black; background-color: #eeeff1"
| ''Reconnaissance''
|-
| [http://monkey.org/~dugsong/dsniff/ dsniff]  || dsniff is a collection of tools for network auditing and penetration testing. ||
|-
|[http://www.hping.org/ hping3] || TCP/IP stack auditing and much more
|-
|[http://www.deepspace6.net/projects/netcat6.html nc6]  || Netcat with IPv6 Support
|-
|[http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/ nc]  || Reads and writes data across network connections using TCP or UDP
|-
|[http://www.nessus.org nessus] || Remote vulnerability scanner
|-
|[http://ngrep.sourceforge.net/  ngrep] || Network layer grep tool
|-
|[http://www.insecure.org/nmap/ nmap] || Network exploration tool and security scanner
|-
|[http://lcamtuf.coredump.cx/p0f.shtml p0f]  || Versatile passive OS fingerprinting tool
|-
|[http://monkey.org/~provos/scanssh scanssh]  || Fast SSH server and open proxy scanner
|-
|[http://www.dest-unreach.org/socat socat] || Bidirectional data relay between two data channels ('netcat++')
|-
|[http://www.tcpdump.org tcpdump]  || A network traffic monitoring tool
|-
|[http://www.nongnu.org/tiger/ tiger] || Security auditing on UNIX systems
|-
|[http://www.wireshark.org/ wireshark]  || Network traffic analyzer
|-
|[http://www.sys-security.com/index.php?page=xprobe xprobe2]  || An active operating system fingerprinting tool
|-
|[http://www.inetcat.net/software/nbtscan.html nbtscan]  || Tool to gather NetBIOS info from Windows networks
|-
| [http://tcpxtract.sourceforge.net/ tcpxtract]  || Tool for extracting files from network traffic based on file signatures
|-
| [http://www.packetfactory.net/projects/firewalk/ firewalk]  || Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a  given IP forwarding device will pass.
|-
| [http://lin.fsid.cvut.cz/~kra/index.html hunt]  || Tool for demonstrating well known weaknesses in the TCP/IP protocol suite
|-
| [http://halberd.superadditive.com halberd]  || Tool to discover HTTP load balancers
|-
| [http://qosient.com/argus/ argus] || Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status
and performance of all network transactions seen in a data network traffic stream.
|- ||style="color: black; background-color: #eeeff1"
| ''Forensics''
|-
|[http://www.chkrootkit.org chkrootkit] || Tool to locally check for signs of a rootkit
|-
|[http://www.clamav.net clamav] || Clam Antivirus
|-
|[http://www.garloff.de/kurt/linux/ddrescue/ dd_rescue] || Fault tolerant "dd" utility for rescuing data from bad media
|-
|[http://www.stud.uni-hannover.de/user/76201/gpart/ gpart]  || A program for recovering corrupt partition tables
|-
|[http://merd.sourceforge.net/pixel/hexedit.html hexedit] ||  A hexadecimal file viewer and editor
|-
|[http://prelude-ids.org/ prelude] || Log analyzer
|-
|[http://www.cgsecurity.org/wiki/TestDisk testdisk]  || Tool to check and undelete partition
|-
|[http://foremost.sf.net foremost]  || Recover files by "carving" them from a raw disk
|-
| [http://fedorahosted.org/sectool sectool] || A security audit system and intrusion detection system
|- ||style="color: black; background-color: #eeeff1"
| ''Wireless''
|-
|[http://www.aircrack-ng.org aircrack-ng] || aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured.
|-
|[http://airsnort.shmoo.com/ airsnort]  || Wireless LAN (WLAN) tool which recovers encryption keys
|-
|[http://www.kismetwireless.net kismet] || WLAN detector, sniffer and IDS
|- ||style="color: black; background-color: #eeeff1"
| ''Code Analysis''
|-
|[http://www.striker.ottawa.on.ca/~aland/pscan pscan]  || Limited problem scanner for C source files
|-
|[http://www.splint.org/ splint]  || A tool for statically checking C programs for coding errors and security vulnerabilities
|-
| [http://www.dwheeler.com/flawfinder flawfinder]  || Examines C/C++ source code for security flaws
|- ||style="color: black; background-color: #eeeff1"
| ''Intrusion Detection''
|-
|[http://sourceforge.net/projects/aide aide] || Intrusion detection environment
|-
|[http://www.snort.org snort]  || Intrusion detection system
|-
|[http://www.tripwire.org/ tripwire] || IDS (Intrusion Detection System)
|- ||style="color: black; background-color: #eeeff1"
| ''Password Tools''
|-
|[http://www.openwall.com/john john] || John the Ripper password cracker
|}
 
=== Wishlist ===
Note: the software listed below has not yet been verified to make sure the licenses meet our [[Packaging/Guidelines|  Guidelines]] .  Please see the [[Extras/NewPackageProcess|  NewPackageProcess]]  to help get these packages into Fedora.
{| border="1"
|- style="color: white; background-color: #3074c2; font-weight: bold"
| '''Software''' || '''Description''' || '''Notes'''
|-
| [http://airsnarf.shmoo.com/ airsnarf]  || A rogue AP setup utility ||
|-
| [http://www.rfxnetworks.com/apf.php apf]  || PF is a policy based iptables firewall system designed for ease of use and configuration ||Packager unfriendly. Upstream contacted with no response
|-
| [http://www.sleuthkit.org/autopsy/ autopsy]  || The Autopsy Forensic Browser is a graphical interface to the command line digital investigation tools in  The Sleuth Kit. ||
|-
| [http://farm9.org/Cryptcat/ cryptcat]  || Cryptcat is the standard netcat enhanced with twofish encryption. ||
|-
| [http://www.thc.org/thc-hydra/ hydra]  ||  A very fast network logon cracker which support many different services ||
|-
| [http://sourceforge.net/projects/iisemul8/ iisemulator]  || The goal of this project is to create a functioning web server which is indistinguishable from Microsoft's IIS product at a topical level. ||
|-
| [http://www.metasploit.com/ metasploit]  || The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. ||
|-
| [http://www.rootkit.nl/projects/rootkit_hunter.html rkhunter]  || Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests. || In the repository now
|-
| [http://www.sleuthkit.org/sleuthkit/index.php sleuthkit]  || The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that allow you to investigate a computer. || [https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204228 Dead(?) Review Request]
|-
| [http://directory.fsf.org/security/misc/TCT.html tct]  || Tools for analyzing a system after a break-in ||
|-
| [http://www.securesoftware.com/download_rats.htm rats]  || Rough Auditing Tool for Security || In the repo now
|-
| [http://www.academicunderground.org/examiner/ examiner]  || The Examiner is an application that utilizes the objdump command to disassemble and comment foreign executable binaries ||
|-
| [http://sourceforge.net/projects/cowpatty/ cowpatty]  || Audit Wpa pre-shared keys || Under [https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231011 review (#Bug 231011)]
|-
| [http://taviso.decsystem.org/scanmem.html scanmem]  || scanmem is a simple interactive debugging utility for linux, used to locate the address of a variable in an executing process. This can be used for the analysis or modification of a hostile process on a compromised machine, reverse engineering, or as a "pokefinder" to cheat at video games. || Peter Gordon mentioned on a fedora-maintainers [https://www.redhat.com/archives/fedora-maintainers/2007-March/msg00174.html thread]  that he was in the process of packaging this up
|-
| [http://directory.fsf.org/sdd.html sdd]  || 'sdd' is a replacement for a program called 'dd'. sdd is much faster than dd in cases where input block size (ibs) is not equal to the output block size (obs). Statistics are more easily understoon than those from 'dd'. Timing available, -time option will print transfer speed Timing & Statistics available at any time with SIGQUIT (^\) Can seek on input and output Fast null input Fast null output. Support for the RMT (Remote Tape Server) protocol makes remote I/O fast and easy.  ||
|-
| [http://www.truecrypt.org/downloads.php TrueCrypt]  || Free open-source disk encryption software for Windows Vista/XP/2000 and Linux || Questionable license?
|-
| [http://www.honeyd.org honeyd]  || Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. ||
|-
| [http://arpon.sourceforge.net arpon] || ArpON (Arp handler inspectiON) is a portable handler daemon with some nice tools to handle all ARP aspects. ||
|}
 
== References ==
 
* http://lwn.net/Articles/225215/. Maybe provide this extension by default?
 
[[Category:Spins]]

Latest revision as of 08:19, 18 September 2016


This page has been moved to: SecuritySpin