On Saturday (yesterday now) I gave rundowns of four fairly current Linux distributions on live CD's.
(By the way, I apologize for making light of the STD distro last entry. I expect to be blown off the air any hour now.)
These distros feature pre-installed security and forensics tools, some command-line and some graphical - and a few with options in both directions. FCCU (a Knoppix-based product from the Belgian Federal Crime Control Unit) and DEFT (a small but serviceable Xubuntu-based distro with a forensic or repair/recovery emphasis) were the first two, but the stars of the show were my personal favorite of the moment, Protech, and a tough contender, BackTrack.
Protech is based on Ubuntu and uses Fluxbox as a thin desktop environment, helping low-mem machines like mine. It has many well-known useful tools like filesnarf, wireshark, Metacoretex, kismet, gkismet, airsnort, cowpatty and so on. There's also a firewall (Bastille) included, THREE honeypots including La Brea, two kit finders (chrootkit and rkhunter) and sticks with the spreading and very considerate ethic of automajically ejecting your live CD during shutdown before reboot. This distro is also one of a growing group that (unlike live-only concepts such as STD, TRK and others) is written with the option of HDD install in mind. Protech (as well as BackTrack 3 mentioned next) want to be your desktop as well, not just a live CD. It's your choice.
BackTrack 3 (or try this link if needed) is the most current final version of this distro (with 4 out in either alpha or beta by now). It offers more of everything and is insecure.org's result for most popular Linux security distribution; it's the most comprehensive distro I've seen so far and its organization is clever. At least every category of tool is represented with multiple tool options in almost all. Some categories have over 50 options. Talk about a shortcut reload strategy - you'd spend a lifetime installing and updating individual tools otherwise. In addition to the usual crowd (the SleuthKit / Autopsy package, tinyproxy, truecrypt, nMap, Zenmap, TCPtraceroute, SNMPwalk and so on, there's an "archive" category which includes only one option. But it's an important one, one that I've harped upon for years, claiming that everyone should take note. It's a link to archive.org, the maintainers of a search function called the Wayback Machine (a reference to the original Rocky and Bullwinkle show). Need to research a web page no longer in existence? If you know the URL, just plug it in and Zap - there's multiple hits on the dates that archive.org recorded the contents. I've tried it on pages of my own. Your mileage may vary, but maybe they'll have snapshotted what you need.
To cinch the deal, BackTrack has a boot-up option offering two desktops: Fluxbox for low-mem situations and KDE 3.5 for the full-service customer (and in a light enough build to run well on a P3 866 with 256 on the ram). I'm sticking with Protech for the moment, but BackTrack may win me over.
More info to come on the show in 2 weeks (HLUG does presentation meetings on the second and fourth Saturdays, 2pm, at the HQ of the Houston Area League of PC Users).
