Hack 86 Download Local Area Security

Similar to the scope of INSERT, Local Area Security Linux (L.A.S. Linux) aims to put many great security tools all on a single mini-CD.

Local Area Security Linux (L.A.S Linux) began as a personal project: to learn more about live CDs and to create a security toolkit. Over two years ago, L.A.S. Linux began as a command-line-only distribution, which was less than 50 MB in size, so it would fit on a business-card CD. My coworkers encouraged me to make it public and release it. At the time, I had owned the domain localareasecurity.com for a few years but had no use for it. I decided to put it to good use by creating a web site to make my Linux distribution available to the public.

The first versions were based on a stripped-down 35-MB version of Knoppix, to which I added a long list of security tools. Within about two months of the initial public release of v0.3, I was receiving hundreds of thousands of hits per month and was Slashdotted for the first time, which made the web site hits skyrocket. During this time, many generous people contributed mirrors of the distribution. These mirrors were sorely needed, because at that time, I was running the site on a shared host in Argentina.

With the increasing popularity of L.A.S. Linux, I made drastic improvements to the distribution over the next few versions and shifted the base to a highly modified version of Damn Small Linux (DSL). The biggest improvement was the addition of the Fluxbox window manager. The addition of many GUI-based security programs, such as Ethereal, Etherape, Nmapfe, and so forth, made the ISO size jump to 185 MB.

One of the rationales for keeping the ISO size limited to 185 MB was to narrow the focus of the distribution. While other distributions had begun using a full-size 700-MB CD for their ISOs, I didn't feel a need to have large desktop environments, games, and full office productivity suites. Each tool was evaluated and weighed for its positives and negatives, which ensured that these high-quality tools wouldn't duplicate the efforts of other tools.

During this time, I added the toram boot option [Hack #5] to allow the entire ISO image to be copied into the physical RAM of the computer. This was a revolutionary addition because it freed up the CD-ROM for burning CDs and other uses. (This addition also speeds up the entire distribution. The distribution is under 185 MB in size, so users with 256 MB of RAM can still use this functionality, whereas a full Knoppix user requires 1 GB of RAM.)

When the web site started receiving close to a million hits a month, I realized there was a need for a dedicated server. I redesigned the entire web site and added a large download section (over 20 GB) to the server with mirrors to http://wiretapped.net and other security tools and projects. After adding many more mirror sites all over the world, LocalAreaSecurity.com had officially become a hobby that had gotten way out of hand. With my work schedule expanding and the needs of the site also growing, I felt it was time to find talented people to help contribute to the development of L.A.S. Linux, as well as to the content of the web site. Today, the L.A.S. team has grown to four people, with numerous partnerships with other information security organizations and groups.

To satisfy the requests of our users, we have also created a slightly larger version of L.A.S. Linux to fit on 210-MB mini-CDs. This allows for the addition of the Mozilla Firefox web browser and a handful of additional tools not on the 185-MB version, while still being small enough to fit into 256 MB of RAM using the toram option.

We pride ourselves on our somewhat regular release schedule for new versions. The security tools L.A.S. Linux contains are continuously being improved with new releases, and our users always have an up-to-date version of a tool with the latest signatures (unlike a lot of other security toolkit live CDs, which have come and gone or are updated very seldom).

People have found many interesting uses for L.A.S. Linux. Some of my favorites are:

• One user dropped me an email that informed me how L.A.S. Linux had "saved the day" at his place of employment. It seems that its NT Primary Domain Controller went down. So he booted L.A.S. Linux and used Samba to mount the drives to get the server up and running [Hack #41] until they could rebuild the server.

• In my previous jobs, I have often carried a copy of L.A.S. in my back pocket, so if I am at another site, I can boot to the CD and use VNC tunneled over SSH to connect to my desktop in my office [Hack #37] .

• Countless users have informed me of how helpful they find L.A.S. Linux when network troubleshooting in various locations using Ethereal and other tools to ascertain the cause of problems.

• The ability to run nessusd from RAM to create a temporary node for network vulnerability assessments [Hack #45] .

• The ability to recover files from corrupted hard drives or to use tools such as SleuthKit to perform forensic analysis.

• The ability to set up temporary Snort IDS nodes running off of L.A.S. Linux.

These are just a sampling of the countless uses of L.A.S. Linux. Many times, your imagination is the only stumbling block to the variety of hacks you can use the distribution to perform.

The future holds many new additions to the L.A.S. Linux family. We are currently rebuilding a new version of the distribution from the kernel up, as well as adding a 400 MB+ "Desktop Auditor" version with the help of one of our partners—ISECOM (the Institute for Security and Open Methodologies), makers of the OSSTMM (Open Source Security Testing Methodology Manual).

8.8.1 See Also

• The Local Area Security Linux home page at http://localareasecurity.com.

• The Institute for Security and Open Methodologies at http://isecom.org.

• Open Source Security Testing Methodology Manual at http://osstmm.org.

—Jascha Wanger