Free compusec pc security suite software for linux

Luke Macken Security LiveCD provides a fully functional livecd based on Fedora for use in security auditing, forensics research, and penetration testing.
Main features:
- All of the security features and tools Fedora has to offer
- Features from the FedoraLiveCD
- Ability to install directly to hard drive
Spinning your own
# yum install mercurial livecd-tools
$ hg clone http://hg.lewk.org/security-livecd
# livecd-creator --config security-livecd/fedora-security-livecd.ks --fslabel=Fedora-7-Security-LiveCD
Making changes to the LiveCD is as simple as modifying the fedora-security-livecd.ks configuration file.

Local Area Security is a research group focused on information security related subjects. We are most known for L.A.S. Linux. Our live-CD security toolkit.

Local Area Security is a project that was started in 2002 to research information security related topics. During that time there was no real live-CD toolkit focused on information security.

So Jascha, the project founder built one from a stripped down version of Knoppix called Model-K. Both of which were built from Debian Linux.

Up until version 0.4 L.A.S. Linux was command line only. Which made it limited to some of the tools it could contain since many require a GUI. Or at least for many it is preferable to have one. So FluxBox was added as the desktop since it is light weight and very feature filled.

It was during this time that Jascha came up with the idea of keeping the size of L.A.S. as small as possible, which lead to a target maximum size of 180MBs. The size of the original mini-CDs that were available at the time. This forced the selection of tools and features to be weighed heavily since unlike other live-CDs that throw in everything including the kitchen sink. L.A.S. was designed from the ground up to be a tool not a all-inclusive grab bag of applications.

As well as many advances for live-CDs came about, such as to-ram that allows booting a live-CD into the physical RAM of a computer. Which by chance L.A.S. was perfectly cut out for. With as little as 256MB of RAM people could boot L.A.S. and then free up their CD-ROMs for burring etc.

For forensics this was a big plus, along with many other uses. Plus L.A.S. ran very fast in RAM which helped with running Nessus, Nmap, or other tools. When compared to full size (700MB) CDs which would require 1GB of RAM to use the to-ram option, it was really no contest.

MultiAdmin security framework kernel module provides means to have multiple "root" users with unique UIDs.
This fixes collation order problems which for example appear with NSCD, allows to have files with determinable owner and allows to track the quota usage for every user, since they now have a unique uid.
MultiAdmin Security Module also implements a "sub-admin", a partially restricted root user, who has full read-only access to most subsystems, and additional write rights only to a limited subset, e.g. writing to files or killing processes only of certain users.
Enhancements:
- The NetAdmin user class has been removed since it can be handled in userspace.
- The code has been updated to work with Linux 2.6.22.

The Linux Security Auditing Tool (LSAT) is a post install security auditor for Linux/Unix.
Linux Security Auditing Tool checks many system configurations and local network settings on the system for common security/config errors and for packages that are not needed.
It (for now) works under Linux (x86: Gentoo, RedHat, Debian, Mandrake; Sparc: SunOS (2.x), Redhat sparc, Mandrake Sparc; Apple OS X).
Enhancements:
- The dependency on the popt library has been removed.
- This release adds extra passwd and group checks under Linux, a check for failed logins under Linux/Solaris, a check for kernel modules under Solaris, network interface stats, and routing checks. It fixes a problem in checknetforward giving false positives, and an issue where verbose output was not very consistent.
- The kernel module check under Linux has been modified.

Network Security Toolkit is a bootable ISO live CD and its based on Fedora Core 2.
The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86 platforms.
The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 75 Security Tools by insecure.org are available in the toolkit.
What we find rather fascinating with NST is that we can transform most x86 systems (Pentium II and above) into a system designed for network traffic analysis, intrusion detection, network packet generation, wireless network monitoring, a virtual system service server, or a sophisticated network/host scanner.
This can all be done without disturbing or modifying any underlying sub-system disk. NST can be up and running on a typical x86 notebook in less than a minute by just rebooting with the NST ISO CD. The notebooks hard disk will not be altered in any way.
NST also makes an excellent tool to help one with all sorts of crash recovery troubleshooting scenarios and situations.
Enhancements:
- We are pleased to announce the latest NST release: v1.5.0. This release is based on Fedora Core 5 using the Linux kernel 2.6.18. Here are some of the highlights for this release: the NST Web User Interface (WUI), has been greatly enhanced and cleaned up; extensive additions to managing and analyzing network packet captures; the ability to setup and manage printers; the ability to easily mount many different supported file system types; the ability to manage the NST as a file server (both NFS and CIFS); the addition of the Inprotect package (a Nessus manager); the addition of the Zabbix package (another network resource monitoring tool - similar to Nagios)....

Openwall tcb suite package contains core components of our tcb suite implementing the alternative password shadowing scheme on Owl.

It is being made available separately from Owl primarily for use by other distributions. Note that you need to have the password hashing framework introduced with crypt_blowfish patched into glibc to compile and use this.

The package consists of three components: pam_tcb, libnss_tcb, and libtcb.
pam_tcb is a PAM module which supersedes pam_unix. It also implements the tcb password shadowing scheme.

The tcb scheme allows many core system utilities (passwd(1) being the primary example) to operate with little privilege. libnss_tcb is the accompanying NSS module. libtcb contains code shared by the PAM and NSS modules and is also used by user management tools on Owl due to our shadow suite patches.

• A Firewall with stateful packet inspection and application proxies guards Internet communications traffic in and out of the organization.
• A Virtual Private Network (VPN) gateway assures secure communications with remote offices, road warriors and telecommuters.
• Anti-Virus defends computers from both email and web-bourne viruses.
• Intrusion Protection detects and stops hostile probes and application-based attacks.
• Spam Filtering eliminates the productivity drain of opening and deleting unsolicited emails.
• Surf Protection (Content Filtering) and Spyware Protection improve productivity by blocking inappropriate web activities, provide full protection from user tracking threats and violation of privacy.

Major Features:

1. Protects all types of networks Windows, Linux, Unix and others.
2. Delivers comprehensive features at low cost maximizing your ROI (return on investment).
3. Highly effective. Has won numerous industry awards. Beat Cisco and Checkpoint in InfoWorld magazine product review, Beat IBM and Computer Associates in Linux World for Best Security Application.
4. Integrated management platform features an intuitive browser-based interface and one-step updates for rapid deployment and easy management.
5. Can be installed in under 15 minutes or purchased pre-installed on security appliances.
6. Can start with firewall, VPN and spam protection and add other security applications as needed, seamlessly.
7. Runs as a dedicated application server on top of a hardened operating system, which relieves operating system management headaches.
8. Runs on systems ranging from small devices up to large multi-processor systems utilizing gigabytes of memory.
9. Redundant systems can be configured to provide high availability and automatic failover in case of hardware or network failures.
10. Load balancing improves performance traffic shaping can set priorities by network, service and protocol.
11. Logging, automatic backup, and diagnostic tools support high reliability.
12. Free online evaluation workshop to get you started.

Enhancements:

• This Up2Date addresses a few issues that did not make the 7.4 GA version in time.
• This is a pure bugfix/stability release that strengthens the quality of your installation.