Bootable distributions of the Linux operating system are becoming very popular for use in securing networks, testing network security, and conducting forensics after suspected intrusions.
Local Area Security Linux is a ‘Live CD’ distribution with a small footprint. Containing over 200 information security and administration related tools, as well as a full desktop environment and office productivity applications. With such a small footprint L.A.S. Linux can be optionally loaded and run from physical RAM (assuming there is 256MB or more).
F.I.R.E. is a portable bootable CD-ROM based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.
F.I.R.E. also provides necessary tools for live forensics/analysis on Win32, Sparc Solaris and x86 Linux hosts just by mounting the CD-ROM and using the trusted static binaries available in /statbins.
Knoppix-STD is a customized distribution of the Knoppix Live Linux CD. Boot to the CD and you have Knoppix-STD. That would include Linux kernel 2.4.20, KDE 3.1, incredible hardware detection and hundreds of applications. Boot without the CD and you return to your original operating system. Aside from borrowing power, peripherals and RAM, Knoppix-STD doesn’t touch the host computer.
STD focuses on information security and network management tools. It is meant to be used by both the novice looking to learn more about information security and the security professional looking for another Swiss army knife for their tool kit.
The tools are divided into the following categories (see the STD Tools section for details):
- encryption utilities
- penetration tools
- vulnerability assessment
- forensic tools
- intrusion detection
- packet sniffers and assemblers
- network utilities
- wireless tools
- password auditing (crackers)
PHLAK is a modular live security bootable Linux distribution. PHLAK comes with two light GUI’s (fluxbox and XFCE4), many security tools, and a spiral notebook full of security documentation. PHLAK is a derivative of Morphix, created by Alex de Landgraaf.
PLAC is a business card sized bootable CD-ROM running Linux. It has network auditing, disk recovery, and forensic analysis tools. ISO will be available and scripts to roll you own CD.
The Penguin Sleuth Kit is a re-master of the KNOPPIX distribution of bootable Linux with additional network security auditing tools and forensic tools.
PLD RescueCD is a bootable disk that contains a live bootable Linux distribution based on PLD Linux (2.4.23 modular kernel) made in Poland. Furthermore this version uses transparent compression (squashfs) to fit about 130 MB of software onto a single mini CD 50 MB in usable form. These images are small enough to fit on most business card-sized CD-ROMs (approx. 50MB), but can be burned onto any standard CD-R or CD-RW, as well.
PLD RescueCD can be used to rescue ailing machines, perform intrusion post-mortems, act as a temporary secur linux-based workstation (using SSH, VPN connecting to remote host – other networking clients are also supported), install PLD Linux, and perform many other tasks that we haven’t yet imagined. It provides a much nicer rescue environment than your average rescue floppy.
SystemRescueCd is a Linux system on a bootable CD-ROM for repairing your system and your data after a crash. It also aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the partitions of the hard disk. It contains a lot of system utilities (parted, partimage, fstools, …) and basic ones (editors, midnight commander, network tools). It aims to be very easy to use: just boot from the CD-ROM, and you can do everything. The kernel of the system supports most important file systems (ext2/ext3, reiserfs, xfs, jfs, vfat, ntfs, iso9660), and network ones (samba and nfs).
Mondo backs up your GNU/Linux server or workstation to tape, CD-R, CD-RW, NFS or hard disk partition. In the event of catastrophic data loss, you will be able to restore all of your data [or as much as you want], from bare metal if necessary.
Mondo supports LVM, RAID, ext2, ext3, JFS, XFS, ReiserFS, VFAT, and can support additional filesystems easily: just e-mail the mailing list with your request. It supports adjustments in disk geometry, including migration from non-RAID to RAID. Mondo runs on all major Linux distributions and is getting better all the time. You may even use it to backup non-Linux partitions, such as NTFS.
stresslinux is a minimal Linux distribution running from a bootable CD-ROM or via PXE.
stresslinux makes use of utilities available on the net like: stress, cpuburn, hddtemp, lm_sensors …
stresslinux is dedicated to users who want to test their system(s) entirely on high load and monitoring the health.
LNX-BBC is a mini bootable Linux-distribution, small enough to fit on a CD-ROM that has been cut, pressed, or molded to the size and shape of a business card.
LNX-BBCs can be used to rescue ailing machines, perform intrusion postmortems, act as a temporary workstation, and perform many other tasks that we haven’t yet imagined
tomsrtbt is “The most GNU/Linux on one floppy disk” for:
- rescue recovery panic & emergencies
- tools to keep in your shirt pockets
- whenever you can’t use a hard drive
Operator is a complete bootable Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system.
The technique to allow Operator to boot and run from RAM is based on a project called KNOPPIX. KNOPPIX is a bootable CD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a bootable Linux demo, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk. Mastering of this CD uses on-the-fly decompression which allows for up to 2 GB of stored data.
Trinux: A Linux Security Toolkit was one of the first floppy-based distributions, first released in the Spring of 1998. It included a wide range of network security tools for network analysis, vulnerability scanning, and sniffing. Its simple and open design allowed it be easily modified and extended.
Tinfoil Hat Linux started as a secure, single floppy, bootable Linux distribution for storing PGP keys and then encrypting, signing and wiping files. At some point it became an exercise in over-engineering.
Tinfoil Hat is useful if:
- You’re using a computer that could have a key logger installed. KeyGhost is an example of a tiny & cheap hardware logger.
- You need to use your personal GPG keys at work, school or a web hosting facility where you don’t trust or own the equipment.
- If you maintain a PGP Certificate Authority or signing key and have to have a safe place to use the CA key.
- If you simply don’t want to risk putting a PGP key on a hard drive where someone else might have access to it.
- The Illuminati are watching your computer, and you need to use morse code to blink out your PGP messages on the numlock key.
This FAQ answer is based upon information provided by Lord Shaolin