Re: Creating my own personal Linux distribution for Penetration Testing and White-Hat Hacking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chip Panarchy wrote: > Greetings, > > Recently I have been working on a distribution of Linux built on > Debian... to get more specific, built on Linux -> Debian -> Ubuntu > 8.10 -> Super Ubuntu. Though I will probably build it directly from > Ubuntu (or Debian) sometime in the future. > > My distribution has been specialised to suite the requirements of your > everyday (and not so everyday!) pen-tester and white/grey hat hackers. > > My sobriquet for this distribution is: HackBuntu. > > Though sometime in the (near) future, I will probably rename it to: > Subuntu. (SecurityUbuntu) > > I have posted this on this mailing list for some advice. > > Can someone please recommend me some tools to put on it? > > Here is what I have already put into the distribution (excluding > command line ones); > > Metasploit > Ettercap > Cain & Abel (via WINE) > NetStumbler (via WINE) > Maltego CE > Nessus > PuTTy > Wireshark > NMap > ZeNMap > OPHCrack > > Please recommend me some more tools to 'put into' this distribution. > > Thanks in advance, > > Chip D. Panarchy > > Why not just contribute to the backtrack project? It's not debian based, but the hardwork is done. Mainly because it supports 99% of wifi cards with full cap/inject support. - -- Rich Healey - iTReign \.''`. / [EMAIL PROTECTED] Developer / Systems Admin \ : :' : /[EMAIL PROTECTED] AIM: richohealey33 \ `. `' / [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] \ `- / [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk8bvMACgkQLeTfO4yBSAcGAQCgpzCreeCZorBUyHQGeK6eqTkM PaIAoJ4pqn3/WygIARtaV+Tk1tFSUIsA =Iclb -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: securing server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 P PRABHU wrote: > HI > > Steps : > > 1 ) Dont run Xwindows and better install MINIMAL/SERVER edition of OS > 2 ) Remove all unwanted packages. U can very well reduce the number of > packages to 300max > 3 ) Remove all unwanted user/group accounts > 4 ) Update the packages > 5 ) Do security tunings in Sysctl.conf > 6 ) Do security tunings in ssh like stop Xforwarding, No Root Login etc > 7 ) Put Warning in MOTD , issue and issue.nt > 8 ) Make sure u need anonymous ftp or not > 9 ) Signature off the Apache > 10 ) Put login alert script in ,bashrc and .bash_logout to mail u if someone > logsin/out > 11 ) Run tripwire daily > 12 ) Keep the machine behind firewall,ids/ips > 13 ) Do security tunings in security.conf > 14 ) Run apache-ssl instaed of apache > 15 ) Run apache etc in chroot > 16 ) Check whether u need Directory listing in Apache if not block it. > 17 ) Run Clamav kind of freeAV for scanning. > 18 ) > To prevent ProFTPd DoS attacks using ../../.., add the following line in > /etc/proftpd.conf: DenyFilter \*.*/ > > Finally > > 1 ) Run free Vulnerability scanners like Retina etc and find any > vulnerability is there in final machine > 2 )take all inventory like packages installed etc and do a weekly check is > there any change in packages. > > Libras > > - Original Message > From: Jean-Paul Lacquement <[EMAIL PROTECTED]> > To: debian-security@lists.debian.org > Sent: Wednesday, May 7, 2008 2:39:02 PM > Subject: securing server > > Hi, > > I plan to secure my Debian stable (or testing if you say it's better) server. > > > I already did the followings: > - installed chkrootkit > - installed fail2ban (for ssh and proftpd) > - allow only one user (not root) via /etc/ssh/sshd_config, only ssh v2 > > > The followings daemon are installed : > - proftpd > - apache2 > - ssh > > Would you please list me which packages to install and which rules to apply ? > > Many thanks, > Jean-Paul > > Expanding on that, go to town with metasploit, nessus and nmap. See if _YOU_ can get in. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIKRo4LeTfO4yBSAcRAjCGAKDITgERoE9+kJ/lKQ/FF20wzz46qwCdHrMV wZyGTF8TFmC1vZA2/2V4Mgk= =ouEN -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: securing server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Antwerpen wrote: > > Steve schrieb: >> Le 07-05-2008, à 17:34:08 +0800, Abdul Bijur Vallarkodath >> ([EMAIL PROTECTED]) a écrit : >> >> >>>just my two pence. >>> >> >> and my two centimes. >> >> >>>* Change the ports of most ports like ssh, ftp, smtp, imap etc. >>> from the >>>default ones to some other ones. >>> >> >> >From my poor understanding of security related issues, I guess this is >> totally useless since any (good) port scanner will defeat this without >> any problem. Remember, security by obscurity is a bad idea. >> >> >> > > Used solely you are right, but used in addition to usual other securing > mechanisms it can help against zero-day attacks, which only shoot > exploits to well-known ports. > > Only when the 0day attack originates from a Skiddy who found it on milw0rm (making it technically no longer an 0day anyway). If someone is determined enough to get access to a system to take the time to write an exploit, they're certainly clever enough to use nmap, which defeats most attempts at hiding a service version. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIKRPzLeTfO4yBSAcRAjmNAJ0eDx+cdZU1NnfyWLvbNhlEfK92VQCgxzNc F9oDXS7vaw0QKQC5rMEzFps= =lghP -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ia32-libs security support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Goswin von Brederlow wrote: > Rich Healey <[EMAIL PROTECTED]> writes: [snip] >> Correct me if i'm wrong, but code compiled natively on the amd64 machine >> should work fine. > > 1) ia64 has no toolchain support for i486 > 2) too late for lenny to make frozen libraries compile new packages > >> It's the precompiled i386 code that will cause issues, assuming that >> you'd install the same lib packages for the amd64 machine as you would i386. > > The precompiled debs are unpacked and files moved around, deleted or > edited (like shlibs files). Most notably libraries move to > /emul/ia32-linux/[usr/]lib/. > > This has all been worked out long ago already as the big fat ia32-libs > package already does all those transformations. > > MfG > Goswin Goswin, Thanks for clearing this up. Regards Rich Healey -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIFlZGLeTfO4yBSAcRAnV2AJ9PO9PXWYBmXOukLkJ8xpNjGcRTbQCeMjvt AOcWqk2W8I3yGgvR0I7nmfA= =IdHW -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ia32-libs security support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dominic Hargreaves wrote: > Hello, > > I'm shortly going to be deploying a new general purpose login host on > etch. As our old system is i386 and our new system amd64, I have > installed the ia32-libs package, to give user-compiled code a chance of > working, but having inspected the contents of the package, it seems to > contain quite a lot of .so files repackaged from the i386 binaries, and > I'm concerned that these won't be security supported (I've seen no > security updates for this package). > > Is my analysis correct, and I shouldn't install this package in a > production environment? > > Thanks, > Dominic. > Correct me if i'm wrong, but code compiled natively on the amd64 machine should work fine. It's the precompiled i386 code that will cause issues, assuming that you'd install the same lib packages for the amd64 machine as you would i386. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIFXOKLeTfO4yBSAcRAhGvAJ9xboqM4dEfZtloettd56uBsHtcdACggzgz EoW/GC7Ix4lFWtS2w89ZWX4= =9qpH -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is oldstable security support duration something to be proud of?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve Kemp wrote: > On Mon Mar 10, 2008 at 17:57:04 -0400, Filipus Klutiero wrote: > >> It should be supported as long as RHEL. > > Give me piles of cash and I'll support it for as long as you want. > > But this discussion is pointless. The statement is true *we* are > proud; regardless of whether you or anybody else agrees or not. > > As has already been hashed out on the debian-www list. > > Steve For what it's worth, I'm proud of you guys. I do volunteer work for a much smaller project, and it's hard but satisfying. The fact is, doing *anything* out of the goodness of your heart is admirable. Doing the amount of work that it takes to keep such a massive package base secure is legendary. If i gave you a Toyota would you really complain that it wasn't a Porsche? Regards Rich Healey -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH1dhILeTfO4yBSAcRAi0jAJ4jhk/Hb3LGrOQUhQpMKEMjLMdhmQCfQ/Yw 0YekXS3dYAFWHsKFqrdlTxk= =wl4Y -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
