Best Linux security Suite

[Spider]

I'm considering brushing up my knowledge of security and the like and thus want to install Linux on my machine to use the various open source tools available. I know there are a number of security centric distro’s available, one of which being BackTrack (which, to this point, I plan on using), but just wondered if there was a better alternative? Or indeed should I just install a generic distro such as fedora or ubuntu and install all the tools manually?

Any advice welcomed.

 

[BillytheImpaler]

What are you looking for such a distro to do? Do you want a desktop OS with security apps for you to use or are you thinking more along the lines of a hardware firewall for your home network? Guide us along a bit if you would.

 

[Spider]

I want to learn the fundamentals of network security and penetration testing. it'll be purely a research platform and maybe the odd bit of Ethernet/wireless security cracking (on my own (W)LAN of course).

 

[chriscpritchard]

well i'm setting up a gentoo system that has totally encrypted root and swap partitions (the only non encrypted partition is /boot), it will require a USB stick to be inserted (with the encrypted key file on) and then the GPG password to decrypt the key file in order for it to boot, I am also planning on trying out some iptables and other stuff security wise on the install

 

[Una]

What exactly is it you are looking for/to do?

Here are some links which you may find useful.
http://www.nsa.gov/selinux/ - Probably the best security hardened kernel.
http://www.grsecurity.net/ - Yet another security enhancement.
http://www.securityfocus.com/ - Security news.
http://www.metasploit.com/ - Metasploit exploit framework... - for pen testing.
http://www.nessus.org/ - Vulnerability scanner.
http://wepcrack.sourceforge.net/ - WEP cracker.
http://www.wireshark.org/ - Packet sniffer/protocol analyser.
http://www.milw0rm.com/ - Has plenty of good papers for security researchers.

If you have anything more specific feel free to ask.

 

[fumbles]

http://www.clarkconnect.com/

That distro is built for networks, and as all good networks have to be secure...
In other words it is perfect for what you are after.
The catch is it is not entirely free, although they might have a free version. Got to start somewhere.

 

[Garp]

http://www.phlak.org/modules/news/ phlaxk is quite good, as is:
http://s-t-d.org/faq.html Knoppix STD

Both are live CDs too so no need to install (unless you want to)

 

[Garp]

While I remember, a very good book I can reccomend if you're interested in pen testing and hacking in general is "Hacking Exposed".

# Publisher: Osborne/McGraw-Hill,U.S.; 5Rev Ed edition (31 May 2005)
# Language English
# ISBN-10: 0072260815
# ISBN-13: 978-0072260816

I believe that the 5th edition is still the most up to date available. Most good bookstores or on-line book e-tailers will be able to get it for you for probably around £20 and it covers an awful lot of ground.

Some Linux software thats worth considering for automated security testing:

http://www.nessus.org/ Nessus is a remote security scanner, and considered one of the best out there.

chkrootkit (http://www.chkrootkit.org/) and rkhunter (http://www.rootkit.nl/projects/rootkit_hunter.html) for doing rootkit and basic security checks on a linux box.

 

[GarethDW]

Have a look at Bastille - it's not a distro but is a suite for hardening (and explaining why) some of the more popular distros.

Also, have a look at Whax - the merged Whoppix (which was White Hat Knoppix) and Slax... it's crammed full of all the security tools you can think of.

 

[business.kid]

If you're into LEARNING, try this Hardened Linux From Scratch

http://www.linuxfromscratch.org/hlfs

Download the book, read it, download the archives & patches and screw it together. It uses Pax/Grsecurity, GCC patches for Stack Smashing Protection, (which are now integrated into gcc-4.x) and is watched by the guys from many other hardened distros. The other one I came away with respect for was gentoo hardened.

As gcc-4.x has effectively increased the security of all systems built under it, some of the belt & braces stuff is less needed than formerly.

 

[Garp]

Hmm.. I haven't touched LFS for a long time. Gentoo usually satisfies those urges, but it sure is a good way to learn a lot about the underlying Linux infrastructure!

 

[uk_viper]

heres a few

PDF from tldp for securing and optimizing
http://tldp.org/LDP/solrhe/Securing-Optimizing-Linux-The-Ultimate-Solution-v2.0.pdf

http://www.linuxsecurity.com/ << speaks for itself