|
Linux Network Security Toolkit (NST) for Fedora 16
|
Welcome to the Network Security Toolkit (NST). This bootable ISO live CD/DVD (NST Live) is based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms.
The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 100 Security Tools by INSECURE.ORG are available in the toolkit. An advanced Web User Interface (WUI) is provided for system administration, navigation, automation and configuration of many network and security applications found within the NST distribution. In the virtual world, NST can be used as a network security analysis, validation and monitoring tool on enterprise virtual servers hosting virtual machines.
What we find rather fascinating with NST is that we can transform most x86/x86_64 systems into a system designed for network traffic analysis, intrusion detection, network packet generation, wireless network monitoring, virtual session serving, or a sophisticated network/host scanner. This can all be done without disturbing or modifying any underlying system storage. NST can be up and running on a typical x86/x86_64 notebook in less than a minute by just rebooting NST Live. The notebook's hard disk will not be altered in any way.
NST also makes an excellent tool to help one with crash recovery troubleshooting scenarios and diagnostics.
When booted in the default manner, access to the running NST probe can be accomplished in the following manner after the default NST password has been changed for the "root" user. The default password for the "root" user is: "nst2003". Log in to the console and used the "nstpasswd" script to change the password for the "root" user. Both "SSH" and "HTTPS" services will be disabled until the default NST password has been changed.
Access methods to a running NST probe:
If you do not know the IP address assigned to the running NST probe, you can use the "ifconfig" config command to determine it.
Use the NST script: "nstliveinst" for installation of NST Live to a hard disk
Notes below contain summary briefs on NST aliases, functions, and custom scripts.
The following aliases are available to get various services up and going quickly (Note: some default settings may not apply to your environment. Please review associated configuration files prior to starting a service):
This function finds all files of size or greater and list them in descending order by size.
Usage: lsfindfilesize FINDDIR FILESIZE
Where: FINDDIR - Start file find from this top level directory
FILESIZE - Find all files of this size or greater in KiloBytes (KB)
Example:
lsfindfilesize /usr 400
-rw-r--r-- 1 root root 1096328 Mar 18 2005 /usr/lib/libslang-utf8.so.1.4.9
-rwxr-xr-x 1 root root 468940 Sep 30 2005 /usr/bin/mkisofs
|
Use this function to load in a NST site location custom configuration. A USB removable storage device, a file system on a hard disk, or a URL reference can be used to store custom NST probe system configurations for a site. The ${NSTHOME} environment variable will be set. The /root/bin/setup_nst_custom script will be used to find the appropriate location for any custom scripts to run. If the file: ${NSTHOME}/setup.sh is found, it will be sourced.
Usage: lnstcustom SITENAME [ DEV [ FSTYPE ] ]
lnstcustom SITENAME URL
Where: SITENAME - name of subdirectory under ${NSTHOME} of setup
(site name)
DEV - name of dev (default sda1) to mount
FSTYPE - type of file sytem (default auto)
URL - URL of tar.gz file to extract under ${NSTHOME}
Example:
lnstcustom home
lnstcustom home http://192.168.0.2/nst.tgz
lnstcustom work hdd1 ext2
|
This function will start the ssh-agent daemon (if it hasn't already been started) and update the necessary environment variables such that any future use of ssh-add and/or ssh will be able to make use of the ssh-agent daemon. This is done such that all logins will be able to share the same instance of the ssh-agent (you only need to execute this the first time you login).
This function will facilitate a system move and shutdown when your NST system is booting from writable and removable media (such as a USB memory stick), it will likely persist information between boots. If you then move the installation to new hardware, it is likely that the persisted information (e.g., MAC Address) will be incorrect for the new hardware. It removes hardware specific configuration files so that they will be recreated at boot time. You will be prompted prior to moving and shutting down the NST system. See the NST script: "nstboot --help" for more information.
This function will display the NST README in HTML format if the HTML version of the README file is available. If not, the text version of the README file will be displayed via the less utility.
This script will look for already defined swap space on the current NST probe system and use it. The 'fdisk -l' command is used to identify all disk drives that currently contain an existing Linux swap partition. All Linux swap partitions found will be used. This command is useful for systems that contain a small amount of physical RAM.
This script will create a RAM disk on the NST probe system. Type: "create_ramdisk --help" to display its usage.
This script will create a 64MB RAM disk at mount point: "/dev/ram4" on the NST probe system. It calls script: /root/bin/create_ramdisk with the following: "/root/bin/create_ramdisk -s 64 -d /dev/ram4"
This script searches the NST distribution for any unresolved symbolic links that point to files or directories that do not exist. The location of the unresolved symbolic links will be printed out. This script is useful for developers of the NST project.
This script is typically called by the lnstcustom shell function for loading in a NST site location custom configuration. A USB removable storage device (Ex: thumb drive), a file system on a hard disk, or a URL reference can be used to store custom NST probe system configurations for a site. The "${NSTHOME}" environment variable must be set prior to using this script. This script will find the appropriate location for any custom scripts to run. If the file: "${NSTHOME}/setup.tgz" is found, it will be uncompressed.
Usage: export NSTHOME=/mnt/nst/NAME
lnstcustom NAME [ DEV [ FSTYPE ] ]
lnstcustom NAME URL
Where: NAME - name of subdirectory under ${NSTHOME} of setup
DEV - name of dev (default sda1) to mount
FSTYPE - type of file sytem (default auto)
URL - URL of tar.gz file to extract under ${NSTHOME}
Example:
export NSTHOME=/mnt/nst/NAME
lnstcustom home
export NSTHOME=/mnt/nst/NAME
lnstcustom home http://192.168.0.2/nst.tgz
export NSTHOME=/mnt/nst/NAME
lnstcustom work hdd1 ext2
|
This script creates one or more zero filled files of a specified size.
Usage:
Usage: mkfile size[k|m] filename1 filename2 ...
This script creates one or more zero filled files of a
specified size. The file size will be a multiple of 1024.
Example: /sbin/mkfile 22m /tmp/largefile
- This will create the zero filed file: /tmp/largefile
with a size of: 23,068,672 bytes (22MByte file).
|
This script allows one to update the authorized_keys files for multiple users on multiple hosts with a single invocation. Use the following for additional information:
ssh-auth-keys --help | less |
This script is used to change the hostname of a NST system. All appropriate places within the Linux Operating System will be updated to reflect the hostname change.
nsthostname --help | less |
This simple utility returns the IP address of the selected interface. If no interface is specified, all IP addresses configured on this system including the public internet address will be displayed.
Help description for: getipaddr
getipaddr --help | less |
Examples for: getipaddr
getipaddr -i eth0 172.16.1.44 getipaddr -p 24.33.22.187 getipaddr 127.0.0.1 172.16.1.44 24.33.22.187 |
This script will continuously display the current NST probe time each second on the same line with scrolling disabled.