craigevil wrote:use one of the pentesting isos from
ISOs : http://www.expect-us.net/iso.html
p00d73 wrote:Yup, use Backtrack, there aren't many more other pen-test distros still alive (Knoppix STD was awesome, but too outdated now).
I wouldn't download any of those OS from that link though, get it from the official site http://www.backtrack-linux.org/
Anonymous OS was infested with spyware, wouldn't surprise me if these were too.
EDIT: more on topic: you'll have a hard time finding any Linux distribution/community equally paranoid as the OpenBSD one.
craigevil wrote:Backtrack is a widely accepted pentesting distro.
/tmp wrote: I'm exploring the defensive side of the fence.
craigevil wrote:How paranoid do you want to be?
craigevil wrote:1) Encrypt the entire hardrive during the install processes
2) Install ufw and set it to the default deny
3) Install and run Bastille, disable remote logins and root login
4) disable any unneeded services/processes
5) Install and use the various security apps; Lynis, tiger, tripwire, samhain, snort, aide, psad
6) Disable Flash, Java, and cookies in your browser, using a whitelist to allow cookies on select sites
7) Properly setup any server applications, using passphrase for ssh
8 ) Keep applications updated, subscribe to the Debian security mailing-list
9) Stick with applications in the Debian repos
p00d73 wrote:Full paranoid.
Consider running browsers and everything with a a network connection on chroot environments, that might confuse exploiters.
$ df -h
Filesystem Size Used Avail Use% Mounted on
rootfs 16G 12G 2.9G 81% /
udev 10M 0 10M 0% /dev
tmpfs 203M 364K 203M 1% /run
/dev/mapper/debian-root 16G 12G 2.9G 81% /
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 406M 4.0K 406M 1% /run/shm
/dev/sda1 228M 38M 178M 18% /boot
tmpfs 1013M 2.4M 1011M 1% /tmp
Users browsing this forum: srq2625 and 8 guests