LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 02-06-2009, 01:47 PM   #1
andrewwilkerson
LQ Newbie
 
Registered: Feb 2009
Posts: 5

Rep: Reputation: 0
Good Linux Security LiveCD - recommendation needed.


I need a good recommendation for a Linux LiveCD that has a good selection of tools to detect and eliminate security threats. I am more worried about key loggers and other data miners than I am with virus and standard malware.

The machine that I need to scan is a Dell laptop with Windows Vista (groan).

I am by no means a security expert or a Linux expert. But I have used Linux multiple times to diagnose and repair other problems. I have a very good working knowledge of computers in general. And am use to trolling forms and google for answers. I have no problem having to read the FAQ's and other helpful documents.

Any recommendations would be greatly appreciated!

Thanks
-Ash
 
Old 02-06-2009, 01:55 PM   #2
ncsuapex
Member
 
Registered: Dec 2004
Location: Raleigh, NC
Distribution: CentOS 2.6.18-53.1.4.el5
Posts: 770

Rep: Reputation: 42
check out knoppix.
 
Old 02-06-2009, 03:52 PM   #3
andrewwilkerson
LQ Newbie
 
Registered: Feb 2009
Posts: 5

Original Poster
Rep: Reputation: 0
Ncsuapex:

I was looking for something more like OPHcrack, than a distro. But if i have to go a normal distro and just use pre existing utilities / programs, that's no problem. All I need to know is which utilities / programs you would recommend to search for this stuff.

Thanks again.

Also are you at NC State?
 
Old 02-06-2009, 04:14 PM   #4
alan_ri
Senior Member
 
Registered: Dec 2007
Location: Croatia
Distribution: Debian GNU/Linux
Posts: 1,733
Blog Entries: 5

Rep: Reputation: 127Reputation: 127
Google=Linux security tools and Google=Linux security distros.
 
Old 02-06-2009, 04:39 PM   #5
larryhaja
Member
 
Registered: Jul 2008
Distribution: Slackware 13.1
Posts: 291

Rep: Reputation: 75
Quote:
Originally Posted by andrewwilkerson View Post
I was looking for something more like OPHcrack, than a distro.
If you want a penetration testing LiveCD then I would go with Backtrack 3. BT3 doesn't have Ophcrack supplied with it but you can always add it later. If Ophcrack is what you need then there is a Ophcrack LiveCD from their site. I've never used the Ophcrack LiveCD so I don't know how it works but I have used the Ophcrack program and it works pretty good with the free tables they provide. Another pentest distro to look at would be Pentoo, which is based off of Gentoo.
 
Old 02-06-2009, 11:08 PM   #6
internetSurfer
Member
 
Registered: Jan 2008
Location: w3c
Distribution: Slackware 12 Zenwalk 5.2
Posts: 71

Rep: Reputation: 16
 

Last edited by internetSurfer; 02-07-2009 at 09:42 PM.
 
Old 02-07-2009, 10:47 AM   #7
andrewwilkerson
LQ Newbie
 
Registered: Feb 2009
Posts: 5

Original Poster
Rep: Reputation: 0
Larryhaja, thanks for the recommendations. I will definitely check it out!

The google search was the first thing that I did. I read about distro's like BackTrack, Operator, PHLAK, Knoppix-STD etc... I was just hopping for a more personalized recommendation.

For clarification I was referencing OPHcrack not because I need to crack a password on them laptop. It was because you just put in the OPHcrack cd in, it boots up and does it's thing. You don't have to babysit it or anything. I was looking for something similar to that but with security scanners instead of a password cracker on it.

Also I guess I should have told everyone exactly what i am using this for; I have to scan a Dell Laptop (Vista) for all sorts of data mining utilities. The reason for this is I have a friend who's ex boy friend took her identity and opened up credit cards and various other things in her name. Then racked up about 30K in debt. Now the police charged him with 8 different crimes. He then proceeded to not show up for his arraignment and now is on the lam. The point of all that is the jackass is a sneaky bastard. And did install key loggers multiple times on her computer already.

Now my personal opinion is to just "boot and nuke" the laptop and then reinstall everything. But she won't let me do that because....well I don't know the reason why she won't let me do it. So I am stuck having to scan the damn thing for anything I can think of. Now while I have scanned it with multiple windows applications, I just don't trust them. Thus looking for a linux solution.

Hope that helps. Sorry it was such a long explanation and wasn't in the first post. I appreciate the help!
 
Old 02-07-2009, 11:41 AM   #8
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by andrewwilkerson View Post
Now my personal opinion is to just "boot and nuke" the laptop and then reinstall everything. But she won't let me do that because....well I don't know the reason why she won't let me do it. So I am stuck having to scan the damn thing for anything I can think of. Now while I have scanned it with multiple windows applications, I just don't trust them. Thus looking for a linux solution.
I would actually think that Windows applications for scanning Windows systems in this manner would be a thousand times better than anything available on GNU/Linux. I think you should explain to her the unnecessary risk she is submitting herself to by not wiping the disk and getting a fresh start. Perhaps she's scared that you'll mess things up and stuff, but don't Dell laptops all come with some kind of CD which makes a clean install virtually foolproof?

Last edited by win32sux; 02-07-2009 at 11:44 AM.
 
Old 02-07-2009, 03:33 PM   #9
larryhaja
Member
 
Registered: Jul 2008
Distribution: Slackware 13.1
Posts: 291

Rep: Reputation: 75
Quote:
Originally Posted by win32sux View Post
I would actually think that Windows applications for scanning Windows systems in this manner would be a thousand times better than anything available on GNU/Linux. I think you should explain to her the unnecessary risk she is submitting herself to by not wiping the disk and getting a fresh start.
Yes, I believe a Windows tool would have better programs to deal with this type of issue. In addition to win32sux reply, once a Windows computer has been compromised you can never be 100% certain that the keylogger/virus/worm or what have you has been successfully removed from the system. It would be best to backup the data, reformat the drive, and start new.

But if you want to go the Linux route there is a ClamAV Live CD that may be worth checking out. I've never used ClamAV, so I don't know how useful it will be.
http://www.volatileminds.net/projects/clamav/
You might also want to check out chkrootkit to check for rootkits. It may be overkill but it sounds like your friends computer is really compromised.
 
Old 02-07-2009, 03:51 PM   #10
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Umm, if this guys is being charged with crimes and you have reason to believe he criminally tampered with this laptop, you shouldn't be altering data on the disk (too late, unfortunately). Make a forensically acceptable copy of the drive and seal it in a tamper-evident container with your initials on it and the date the copy was made. Then wipe it and reinstall. If you want to search the drive for malware, make a second copy before you wipe it and use the second copy for your own research.
 
Old 02-09-2009, 08:35 AM   #11
andrewwilkerson
LQ Newbie
 
Registered: Feb 2009
Posts: 5

Original Poster
Rep: Reputation: 0
I want to thank everyone for their suggestions!

Because of the criminal investigation I had already planned to make an image or her laptop. A before and after imagine in fact. I think I am just going to have to convince her that we are going to need to reformat that thing. And I guess showing her this thread might be a good way to start.

But I will probably give the Linux stuff a try just to mess around with it. I have really liked what I have worked with so far. The is no reason I shouldn't mess around, have some fun and gain some knowledge.

Thank you again.
 
Old 02-09-2009, 12:28 PM   #12
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
Originally Posted by andrewwilkerson View Post
But I will probably give the Linux stuff a try just to mess around with it. I have really liked what I have worked with so far. The is no reason I shouldn't mess around, have some fun and gain some knowledge.
That's the point of making two copies: One for law enforcement, and one for you to play with while the user reinstalls their OS and gets on with their life. Hard drives aren't very expensive these days. Heck, if you have enough free space on one of your drives you could simply dd the infected drive to a file and then mount it as a loopback device.

By the way, I can stress strongly enough: Make a copy for evidence now, you can play around with other stuff later. The longer you delay the less chance the copy will be in any way usable as evidence.

Last edited by chort; 02-09-2009 at 12:30 PM.
 
Old 02-10-2009, 08:25 AM   #13
andrewwilkerson
LQ Newbie
 
Registered: Feb 2009
Posts: 5

Original Poster
Rep: Reputation: 0
I'm going to make an image of it as soon as she brings it to me.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
recommendation needed for domestic security system keratos Linux - General 11 08-23-2008 11:39 AM
Jukebox with good folder view - recommendation needed. Jyde Linux - Software 4 11-20-2007 09:50 PM
help needed in security ,vonarabilities ,loopholes in linux security haseebnazar Linux - Security 2 11-23-2005 07:16 PM
Need Recommendation of good wireless card for linux (any) snufferz Linux - Wireless Networking 2 02-07-2004 06:40 AM


All times are GMT -5. The time now is 02:50 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration