Linux penetration testing

Basically what I am looking for is a list of recommended procedures
you would employ when performing penetration testing on linux systems.

If you have good links or advice I am all eyes.

On Thu, 31 Mar 2005 16:09:43 -0500, sypo@kilnet.net wrote:

> Basically what I am looking for is a list of recommended procedures you
> would employ when performing penetration testing on linux systems.
>
> If you have good links or advice I am all eyes.

You may possibly or even probably know all of this already, but to try to
answer the (_Frequently_Asked_) question, here is my humble attempt.

1. Don't go by any "cookbook". Guides are fine and can be helpful, but
the landscape changes too quickly now for any set rules or procedures to
be entirely comprehensive for any length of time. Hopefully, some other
respondents can and will give you some very insightful and specific
recommendations, and I hope that they do that. You really need to have an
intelligent, knowledgeable human brain checking this out every day (for
Linux or anything else!). Lots of the apparent "penetration" really comes
from "inside", by one means or another, so you really have to be be
focused in all directions, if that is not an oxymoron. One can hardly
avoid flirting with paranoia in these matters. Here is hoping your brain
is healthy. For perspective, read this diary every day:

http://isc.sans.org/diary.php

2. Unknown avenues of attack show up constantly. The advice of updating
and patching remains a valid method of minimizing any impact of recently
discovered methods of penetration. Don't avoid the freely available and
widely distributed "conventional wisdom".

And YES, I do realize that I haven't yet addressed your focus on
penetration testing. ... Which follows:

3. Here is the meat. If you are able to do this yourself or with the help
of your friends, relatives, business associates, etc., go outside your own
system and test your firewalls with nmap or nmapfe for the GUI. Failing
this, go to:

http://nessus.org/

4. Your firewall is only the first line of defense against penetration.
There are already many known ways that firewall protection can be
bypassed. Your intelligent human brain (not some static computer code)
should be evaluating that for yourself, independently.

5. The saying goes:

Don't believe anything that you read, and no more than half of what you
see and hear with your own eyes and ears.

.. There are scams of all sorts today. And there are ways to compromise
systems that do not rely on breaking through firewalls. I hope that does
not happen to you or me.

That was my very best tonight. Address additional questions in the
newsgroup, please. And thank you.

Best wishes

On 2005-04-01, Newsbox <nospam_for_me_please@thanks.invalid> wrote:

> Don't believe anything that you read, and no more than half of what you
> see and hear with your own eyes and ears.

I don't believe you!

--keith

--
kkeller-usenet@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
see X- headers for PGP signature information

On Thu, 31 Mar 2005 21:52:52 -0800, Keith Keller wrote:

> On 2005-04-01, Newsbox <nospam_for_me_please@thanks.invalid> wrote:
>
>> Don't believe anything that you read, and no more than half of what you
>> see and hear with your own eyes and ears.
>
> I don't believe you!
>
> --keith

hi keith,

I really do know what you mean, and appreciate it, too.

Wait, ... Maybe I shouldn't say this ...

Paranoia is *such* a demanding discipline. ...

But it is so close to absolute security. Just because you're not paranoid
doesn't mean that they are _not_ out to get you.

ps. I don't believe me either. Or you, for that matter.

Best wishes and all in good spirits.

wish that i had a name to sign with :(

o well

Newsbox <nospam_for_me_please@thanks.invalid> wrote in
news:eJSdndo5P-ZBQ9HfRVn-rw@acadia.net:

> 3. Here is the meat. If you are able to do this yourself or with
> the help of your friends, relatives, business associates, etc., go
> outside your own system and test your firewalls with nmap or nmapfe
> for the GUI. Failing this, go to:
>
> http://nessus.org/

Yes. Use Nessus. Read a little about it before you use it so you don't
burn your system. And automate the scans and plugin updates to run on
their own and email you the results - if possible. Helps save time.

btw - I just read the local RCMP report on Info. Security. Over 75%
security incidents are caused by insiders. Employees either incompetent
or malicious destroying or stealing IP (intellectual property). Makes
one wonder why we bother with pen tests.

There is this famous quote that reads, "Is the firewall there to protect
you from the *outside world*, or is the firewall there to protect the
outside world from *you*!"

Happy scanning

:-)

If I were you, I'd run nmap to ensure everything with firewalls is ok,
then check for a +s files (mode 4422 i think). This'll do for a
start... else there is a integrated security tool - saint (ex satan)
which could do integrated checks for you. Hope this helps

On Fri, 01 Apr 2005 05:49:21 -0600, Darko Gavrilovic wrote:

>> http://nessus.org/
>
> Yes. Use Nessus. Read a little about it before you use it so you don't
> burn your system. And automate the scans and plugin updates to run on
> their own and email you the results - if possible. Helps save time.

I'm sure it's a very nice program, but it's useless to many people:
You can't use it to test *A* Linux server. You need two or more
servers, and they need to be in separate locations (not on the same LAN)
to perform certain tests. And since the required client can't also be
the nessusd server, you actually need a minimum of THREE computers to
do anything with Nessus. There has to be a better way!

On 3 Apr 2005 20:18:02 GMT, Huge wrote:
> Julia Thorne <rimbaldi@nospam.tld> writes:
>>On Fri, 01 Apr 2005 05:49:21 -0600, Darko Gavrilovic wrote:
>>
>>>> http://nessus.org/
>>>
>>> Yes. Use Nessus.

>>I'm sure it's a very nice program, but it's useless to many people:
>>You can't use it to test *A* Linux server. You need two or more
>>servers, and they need to be in separate locations (not on the same LAN)
>>to perform certain tests. And since the required client can't also be
>>the nessusd server, you actually need a minimum of THREE computers to
>>do anything with Nessus. There has to be a better way!
>
> You cannot run a meaningful penetration test against the machine you are
> already on. It doesn't make sense.

I didn't say ANYTHING about "testing the machine I'm already on",
nor would I ever want to. Obviously, the computer running the
test software has to be outside the LAN, for all the tests to be
meaningful.

My objection is to the fact that Nessus won't run on *A* computer,
to test the target computer.

The docs on the nessus site are quite clear:
Nessus is a 2-component system: It requires the engine to be run
on a *nix server, and also requires a client application, which must
run on a second machine. The second machine can run Linux or Win*.

Perhaps the programmer felt that he had a good reason for doing
it that way. But my point still stands: You can't test a server
(or several servers on a LAN) with just ONE outside machine. Not
everyone has the resources to cart TWO computers (and the hardware
to network them) to a location where they can connect to the
Internet without being connected to the test server or it's LAN.

There's no valid reason why a test program can't be written to run
on ONE computer.

"Julia Thorne" <rimbaldi@nospam.tld> wrote in message
news:A1D4e.7310561$f47.1346110@news.easynews.com

> My objection is to the fact that Nessus won't run on *A* computer,
> to test the target computer.
>
> The docs on the nessus site are quite clear:
> Nessus is a 2-component system: It requires the engine to be run
> on a *nix server, and also requires a client application, which must
> run on a second machine. The second machine can run Linux or Win*.
>
> Perhaps the programmer felt that he had a good reason for doing
> it that way. But my point still stands: You can't test a server
> (or several servers on a LAN) with just ONE outside machine. Not
> everyone has the resources to cart TWO computers (and the hardware
> to network them) to a location where they can connect to the
> Internet without being connected to the test server or it's LAN.
>
> There's no valid reason why a test program can't be written to run
> on ONE computer.

Nessus does indeed have both server and client components, but there is no
reason whatsoever why they cannot be run on a single Linux laptop machine
and be used to check vulnerabilities on another machine(s) located elsewhere
on the Internet or the LAN.

Your "point" reiterated above is simply not valid, I'm sorry to observe. I
have used Nessus client/server on a single Linux laptop for over 5 years
now.

Julia Thorne <rimbaldi@nospam.tld> wrote:

: My objection is to the fact that Nessus won't run on *A* computer,
: to test the target computer.

Yes it will. In fact, it's running happily on the one I'm trying
this on.

You just install both components on one machine.


--
Arthur Clune PGP/GPG Key: http://www.clune.org/pubkey.txt
Don't get me wrong, perl is an OK operating system, but it lacks a
lightweight scripting language -- Walter Dnes