Results 1 to 3 of 3
I know, I know, odd question, and it's not a typo. I'm looking for a relatively modern, INsecure distro of linux for use at my uni - we're setting up ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-30-2008 #1
- Join Date
- Nov 2008
Any Insecure Distros knocking around?
I know, I know, odd question, and it's not a typo.
I'm looking for a relatively modern, INsecure distro of linux for use at my uni - we're setting up two computers for a "warboxing" affair, where we've got two teams of people trying to break into each other's boxes to teach them about linux security - what sort of attacks to expect, and how to stop them.
the distro that we'd settled on using was debian woody - based on (I believe) the 2.2.20 kernel, with what appears to be more holes than a ship made of sieves - perfect, seeing as the expected userbase won't know a whole much about linux.
However, me and the other organiser can't for the life of use get X running properly, and I don't have the time to figure out how to get an old, outdated kernel to work properly on relativley modern hardware.
So, explanation done with, I ask you this: is there a distro out there at the moment, with a relatively modern kernel, some kind of window manager, and a whole host of security issues, right out of the box?
EDIT: Oh, and if I've stuck this in the wrong section, feel free to get it moved to wherever's applicable. This just seemed the most appropriate.. though, new forum, new stuff tog et used to
Last edited by MDK_Marshal; 11-30-2008 at 07:55 PM. Reason: Adding a wee disclaimer!
- 11-30-2008 #2
- Join Date
- Nov 2004
Eh....nothing comes to mind. Developers and the community have been trying hard to squish those bugs for the last few years
I would imagine a good approach would be more in line with attacking method used to configure the system. If people are running services they don't need as root, with poor passwords that's one way. I'm sure there are plenty of current vulnerabilities (positive!) but as they become known the community do work to eradicating these problems.
A famous one was the forkbomb vulnerability in Mandrake a few years ago. Ulimit wasn't configured correctly so there was no limit on the number of processes a user could have. Maybe that could help?
- 12-10-2008 #3
It took me a while to remember it! But this is what you want: Damn Vulnerable Linux! It's based on DSL, so it goes along with your choice of a Deb based system. But it's actually built with all kinds of security holes on purpose.