LinuxQuestions.org - Devil-Linux cd firewall

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Devil-Linux cd firewall (https://www.linuxquestions.org/questions/linux-security-4/devil-linux-cd-firewall-139088/)

Devil-Linux cd firewall

Does anyone have experience with the Devil-Linux cd firewall ?

I haven't directly used Devil Linux, but from their homepage, it looks like it just uses the standard iptables/netfiler firewall with the patch-o-matic base add-ons and includes the firewallbuilder GUI.

Try asking a specific question, as there are a number of people here who are iptables gurus and can help you out.

I currently use IPcop v1.2 on an old Pentium 100 box, but would like less noise and hassle if the box shuts down for any reason. I got the Devil-Linux cd burned and ready to run, I just need to buy a floppy to set the config up.

Buuuuuuuuump

After all the recent discussions about Linux boxes getting root-kitted, compromised etc etc, I too am now looking at using a Live CD firewall and Devil Linux is the one I'm having an extra good look at.

So anyone using Devil Linux, I would appreciate comments please

One question I would like answered, is a distro like this susceptible to root kits and other nasties.

floppy

Quote:

Originally posted by floppywhopper
Buuuuuuuuump

After all the recent discussions about Linux boxes getting root-kitted, compromised etc etc, I too am now looking at using a Live CD firewall and Devil Linux is the one I'm having an extra good look at.

So anyone using Devil Linux, I would appreciate comments please

One question I would like answered, is a distro like this susceptible to root kits and other nasties.

floppy

yes, any distro is susceptible to exploits, even live cd distros... a nasty can be installed in RAM without needing write access to the cd... a lot of folks (i'm not saying you're one of them) think that because the cd isn't writable they are 100% safe, which is not true... of course the live cd read-only nature does give you some convenience when it comes to these situations - if you get hit by a nasty you can reboot and the nasty will be wiped from the RAM - but you'd still have to deal with the vulnerability that allowed the exploit before bringing the system back online... sometimes the workaround could be as simple as blocking the port for the affected daemon while you get your updated ISO... but if you are working completely remotely, their will be a window of opportunity between the time the network is brought-up (upon reboot) and the time you issue the workaround - during this window you could get owned once again... so it would be optimal to have physical access so you could do the fix/workaround BEFORE putting the box back online...

having said that, it should be noted that devil linux uses a grsecurity patched kernel and most of it's binaries are compiled with the gcc stack smashing protector option, so you get a higher-level of security than you would on most other live distros... the possibilities of getting owned on devil linux via something like a buffer-overflow (for example) are lower than on typical live cd distros...

http://www.grsecurity.net/

http://www.research.ibm.com/trl/projects/security/ssp/

just my two cents...

Thats very interesting , thanks for the info

While I didn't make any assumptions about live CD security, I have to admit that I didn't know that about RAM infections ... thats why I asked. Anyway the system is anything but remote LOL its under the table where I'm working now. :D

The more I learn the more I realise how little I know
always learning ...... :study:

any other comments about Devil Linux or Live Cd firewalls appreciated.

floppy

Loading USB drive for config files

In devil linux, u have to either provide a floppy disk or USB disk so that Devil can read and write configuration files to and fro. The thing is I do not know what parameters u have to pass on to mount the USB disk (something with DL_config=.....)

Please help!

THanx