<div dir="ltr">2008/9/5 Luke Macken <<a href="mailto:lmacken@redhat.com">lmacken@redhat.com</a>> <div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div><div></div><div class="Wj3C7c">On Fri, Sep 05, 2008 at 12:52:49AM +0200, Adrian Pilchowiec wrote: > On Wednesday 03 of September 2008 23:00:44 Luke Macken wrote: > > On Wed, Sep 03, 2008 at 10:54:37AM +0530, Huzaifa Sidhpurwala wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Todd Zullinger wrote: > > > > Huzaifa Sidhpurwala wrote: > > > >> I just came across a knoppix security tool live CD and thought it > > > >> would be a good idea for a security tool fedora spin too. > > > >> The tools are freely available at: > > > >> > > > >> <a href="http://knoppix-std.org/index.html" target="_blank">http://knoppix-std.org/index.html</a> > > > >> and are all GPLed? > > > >> > > > >> Do you guys think this is a good idea, I am sure such a spin does > > > >> not exists in Fedora yet. > > > > > > > > Do you mean something like Luke Macken put together? > > > > > > > > <a href="http://fedoraproject.org/wiki/LukeMacken/SecurityLiveCD" target="_blank">http://fedoraproject.org/wiki/LukeMacken/SecurityLiveCD</a> > > > > > > Yeah but more tools and more bare bones, > > > Perhaps i can assist Luke in this? > > > > Absolutely! > > > > I'm in the process of rebasing the kickstart against the latest livecd > > base, and I will be pushing it through the New Spin Process soon. > > > > More tools? Yes. I want it to ship with every security tool in Fedora. > > If you know of any that are missing from the list, please let me know. > > > > Maybe it would be good to add OpenVAS [1] (free fork of nessus) to the spin ? </div></div>I added OpenVAS to the WishList, thanks! <a href="https://fedoraproject.org/wiki/SecuritySpin#Wishlist" target="_blank">https://fedoraproject.org/wiki/SecuritySpin#Wishlist</a> <div><div></div><div class="Wj3C7c"> luke -- fedora-devel-list mailing list <a href="mailto:fedora-devel-list@redhat.com">fedora-devel-list@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/fedora-devel-list" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-devel-list</a> </div></div></blockquote></div> Got few other tools to propose: Lynis [1] - Security and system auditing tool Nebula [2] Intrusion signature generator Unhide [3] tool for searching hidden processes SARA [4] Security Auditor's Research Assistant SiLK [5] Security analysis tool for network developed by CERT ArpON [6] Detects and blocks all ARP poisoning/spoofing attacks. Bh (Beholder) [7] IDS for wireless networks. Distack [8] Framework for attack detection which allows for an integration of various detection methods as lightweight modules. Ttyrpld [9] Multi-os kernel-level tty logger A lot of useful tools for this spin can be also found on Packetstorm [10] web page. It would be also great if there would be snort + mysql (or whatever db) + base (or acid, or whatever analysis tool for snort) integrated by default. [1] <a href="http://www.rootkit.nl/projects/lynis.html">http://www.rootkit.nl/projects/lynis.html</a> [2] <a href="http://nebula.mwcollect.org/">http://nebula.mwcollect.org/</a> [3] <a href="http://www.security-projects.com/?Unhide">http://www.security-projects.com/?Unhide</a> [4] <a href="http://www-arc.com/sara/">http://www-arc.com/sara/</a> [5] <a href="http://tools.netsa.cert.org/silk/">http://tools.netsa.cert.org/silk/</a> [6] <a href="http://arpon.sourceforge.net/">http://arpon.sourceforge.net/</a> [7] <a href="http://www.beholderwireless.org/">http://www.beholderwireless.org/</a> [8] <a href="https://i72projekte.tm.uka.de/trac/Distack">https://i72projekte.tm.uka.de/trac/Distack</a> [9] <a href="http://ttyrpld.sourceforge.net/">http://ttyrpld.sourceforge.net/</a> [10] <a href="http://packetstorm.linuxsecurity.com/defense/unix/">http://packetstorm.linuxsecurity.com/defense/unix/</a> </div>