Linux penetration testing

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Basically what I am looking for is a list of recommended procedures
you would employ when performing penetration testing on linux systems.

 If you have good links or advice I am all eyes.


Re: Linux penetration testing

On Thu, 31 Mar 2005 16:09:43 -0500, wrote:

Quoted text here. Click to load it

You may possibly or even probably know all of this already, but to try to
answer the (_Frequently_Asked_) question, here is my humble attempt.

1.    Don't go by any "cookbook".  Guides are fine and can be helpful, but
the landscape changes too quickly now for any set rules or procedures to
be entirely comprehensive for any length of time.  Hopefully, some other
respondents can and will give you some very insightful and specific
recommendations, and I hope that they do that.  You really need to have an
intelligent, knowledgeable human brain checking this out every day (for
Linux or anything else!).  Lots of the apparent "penetration" really comes
from "inside", by one means or another, so you really have to be be
focused in all directions, if that is not an oxymoron.  One can hardly
avoid flirting with paranoia in these matters.  Here is hoping your brain
is healthy. For perspective, read this diary every day:

2.    Unknown avenues of attack show up constantly.  The advice of updating
and patching remains a valid method of minimizing any impact of recently
discovered methods of penetration.  Don't avoid the freely available and
widely distributed "conventional wisdom".

    And YES, I do realize that I haven't yet addressed your focus on
    penetration testing.  ... Which follows:

3.    Here is the meat.  If you are able to do this yourself or with the help
of your friends, relatives, business associates, etc., go outside your own
system and test your firewalls with nmap or nmapfe for the GUI.  Failing
this, go to: /

4.    Your firewall is only the first line of defense against penetration.
There are already many known ways that firewall protection can be
bypassed.  Your intelligent human brain (not some static computer code)
should be evaluating that for yourself, independently.

5.    The saying goes:

    Don't believe anything that you read, and no more than half of what you
    see and hear with your own eyes and ears.

.    There are scams of all sorts today.  And there are ways to compromise
systems that do not rely on breaking through firewalls.  I hope that does
not happen to you or me.

That was my very best tonight.  Address additional questions in the
newsgroup, please.  And thank you.

Best wishes

Re: Linux penetration testing

Quoted text here. Click to load it

I don't believe you!


(try just my userid to email me)
see X- headers for PGP signature information

Re: Linux penetration testing

On Thu, 31 Mar 2005 21:52:52 -0800, Keith Keller wrote:

Quoted text here. Click to load it

hi keith,

    I really do know what you mean, and appreciate it, too.  

Wait, ... Maybe I shouldn't say this ...

Paranoia is *such* a demanding discipline. ...

But it is so close to absolute security.  Just because you're not paranoid
doesn't mean that they are _not_ out to get you.  

ps. I don't believe me either.  Or you, for that matter.  

Best wishes and all in good spirits.

wish that i had a name to sign with :(

o well

Re: Linux penetration testing

Quoted text here. Click to load it

Yes. Use Nessus. Read a little about it before you use it so you don't
burn your system. And automate the scans and plugin updates to run on
their own and email you the results - if possible. Helps save time.

btw - I just read the local RCMP report on Info. Security. Over 75%
security incidents are caused by insiders. Employees either incompetent
or malicious  destroying or stealing IP (intellectual property). Makes
one wonder why we bother with pen tests.

There is this famous quote that reads, "Is the firewall there to protect
you from the *outside world*, or is the firewall there to protect the
outside world from *you*!"

Happy scanning


Re: Linux penetration testing

If I were you, I'd run nmap to ensure everything with firewalls is ok,
then check for a +s files (mode 4422 i think). This'll do for a
start... else there is a integrated security tool - saint (ex satan)
which could do integrated checks for you. Hope this helps

Re: Linux penetration testing

On Fri, 01 Apr 2005 05:49:21 -0600, Darko Gavrilovic wrote:

Quoted text here. Click to load it

I'm sure it's a very nice program, but it's useless to many people:
You can't use it to test *A* Linux server.  You need two or more
servers, and they need to be in separate locations (not on the same LAN)
to perform certain tests.  And since the required client can't also be
the nessusd server, you actually need a minimum of THREE computers to
do anything with Nessus.  There has to be a better way!

Re: Linux penetration testing

Quoted text here. Click to load it

You cannot run a meaningful penetration test against the machine you are
already on. It doesn't make sense.

       "The road to Paradise is through Intercourse."
        [email me at huge [at] huge [dot] org [dot] uk]

Re: Linux penetration testing

On 3 Apr 2005 20:18:02 GMT, Huge wrote:
Quoted text here. Click to load it

I didn't say ANYTHING about "testing the machine I'm already on",
nor would I ever want to.   Obviously, the computer running the
test software has to be outside the LAN, for all the tests to be

My objection is to the fact that Nessus won't run on *A* computer,
to test the target computer.

The docs on the nessus site are quite clear:
Nessus is a 2-component system: It requires the engine to be run
on a *nix server, and also requires a client application, which must
run on a second machine.  The second machine can run Linux or Win*.

Perhaps the programmer felt that he had a good reason for doing
it that way.  But my point still stands:  You can't test a server
(or several servers on a LAN) with just ONE outside machine. Not
everyone has the resources to cart TWO computers (and the hardware
to network them) to a location where they can connect to the
Internet without being connected to the test server or it's LAN.

There's no valid reason why a test program can't be written to run
on ONE computer.

Re: Linux penetration testing

Quoted text here. Click to load it

Nessus does indeed have both server and client components, but there is no
reason whatsoever why they cannot be run on a single Linux laptop machine
and be used to check vulnerabilities on another machine(s) located elsewhere
on the Internet or the LAN.

Your "point" reiterated above is simply not valid, I'm sorry to observe. I
have used Nessus client/server on a single Linux laptop for over 5 years

Re: Linux penetration testing

: My objection is to the fact that Nessus won't run on *A* computer,
: to test the target computer.

Yes it will. In fact, it's running happily on the one I'm trying
this on.

You just install both components on one machine.

Arthur Clune  PGP/GPG Key:
Don't get me wrong, perl is an OK operating system, but it lacks a
lightweight scripting language -- Walter Dnes

Re: Linux penetration testing

Hash: SHA1

On Tue, 05 Apr 2005 21:02:24 GMT,
Quoted text here. Click to load it

Where does it say that?

Nessus runs fine, server, and client, from a single machine. You *can*
split them up, use multiple clients, etc, but you don't have to.

Quoted text here. Click to load it

It does. You are in error.

Version: GnuPG v1.2.5 (GNU/Linux)


Jim Richardson
"A lie can go round the world before the truth has got its boots on."
                                                   Terry Pratchett

Site Timeline