Find the answer to your Linux question:
Results 1 to 9 of 9
Hi Guys, I'm about to make a minor career change, and I'm moving into IT security and penetration testing. I've still got a lot to learn but I'm getting there ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! Catsworth's Avatar
    Join Date
    Jul 2006
    Location
    UK
    Posts
    45

    Specialised Pen-testing/Security distros


    Hi Guys,

    I'm about to make a minor career change, and I'm moving into IT security and penetration testing.

    I've still got a lot to learn but I'm getting there

    My favourite 'flavour' of Linux so far has been Ubuntu, which I'm dual-booting with Windoze XP Pro.

    I understand that there are some Linux distro's which are very heavily tailored towards IT security/vulnerability testing.

    Does anybody have any idea if any of these distro's are any good? Would anybody recommend one? Would I be better with a specialised distro or should I stick with Ubuntu and install the various tools there?

    I quite like the look of Backtrack.

    Apparently it's based on SLAX, and is a merger of WHAX and Auditor.

    Anybody got any thoughts on these, or experience using them?

    If I install a third OS (whichever distro I choose in addition to Ubuntu) can I safely have all 3 sharing my HDD the same way that I currently dual-boot?

    Sorry for all the questions, like I say I'm new and still have a lot to learn
    Cheers guys.

  2. #2
    Linux Guru fingal's Avatar
    Join Date
    Jul 2003
    Location
    Birmingham - UK
    Posts
    1,539
    I'm no expert on this but I would think almost any major distro is suitable for security testing. Not everyone likes Ubuntu's philosophy of allowing users to run processes with sudo.

    I saw you mentioned using a pen drive? A little known distro - used originally as a network testing tool - is RUNT Linux. Its future is in doubt now that the main developer is going to work with Google. I think you could also use a pen drive distro like Damn Small Linux, or maybe adapt Knoppix.

    Multi-booting distros is very possible with few problems. Most of us on here do it when we feel like it. I think it's a good idea to learn about the Grub bootloader (other's prefer Lilo) and there's a great little tutorial on here if you look in the tutorials section.

    Actually if you use Linux for long enough you are naturally drawn towards security issues as you become more aware of how to secure your box. The usual rules apply, and you'll find plenty of other threads on here dealing with this.
    I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso

  3. #3
    Just Joined! Catsworth's Avatar
    Join Date
    Jul 2006
    Location
    UK
    Posts
    45
    Hi,

    When I talked about pen-testing above I mean "penetration testing".

    The distro's I've mentioned all come with security/vulnerability testing software (port mappers, traffic sniffers, etc).

    Thanks for your comments though, much appreciated.

    *Cats*

  4. #4
    Just Joined! Catsworth's Avatar
    Join Date
    Jul 2006
    Location
    UK
    Posts
    45
    Also, I'm not quite sure what the problem is with allowing users to run as root using sudo, could someone explain the problem with that please?

    Thanks.

  5. #5
    Linux User Kojak's Avatar
    Join Date
    Apr 2006
    Posts
    421
    The sudo thing is off-topic, so we should not discuss it in this thread imho.

    Based on your original question about penetration, there are several distros that are suiteable for that. Pentoo (Gentoo offshot) is one of them, nubuntu (Ubuntu offshot) is another one that might be interesting for you.

    More is available here: http://distrowatch.com/search.php?ca...&status=Active
    Windows free since 2002 | computing since 1984

  6. #6
    Linux Guru bigtomrodney's Avatar
    Join Date
    Nov 2004
    Location
    Ireland
    Posts
    6,133
    Just a quick shout in, I have often used Phlak for pen testing. www.phlak.org - Professional Hackers Linux Assault Kit

  7. #7
    Just Joined! Catsworth's Avatar
    Join Date
    Jul 2006
    Location
    UK
    Posts
    45
    Hi Guys, thanks for that.

    I've had a look at P.H.L.A.K but it would appear that development of it has been abandoned, I'm not sure if that's likely to cause me problems in the future as I try to stay current.

    I'll certainly take a look at the Ubuntu variant though, that does sound interesting.

    Thanks again.

  8. #8
    Linux Enthusiast
    Join Date
    Jul 2005
    Location
    Maryland
    Posts
    522
    Take a look at Knoppix STD
    and few others, also based on Knoppix

  9. #9
    Linux Newbie
    Join Date
    Nov 2002
    Posts
    139
    I am wondering why has not Back|Tarck been mentioned ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •