Plan-B 2003

PLAN-B
-=# 2003 Edition #=-

Summary:

Plan-B is a Live CD, bootable Linux environment without the need for a hard drive, runs entirely in ram or from the cd, based on a basic, stripped installation of Red Hat® Linux and the fundamental workings of the SuperRescue CD. A list of tools and utilities are also included for projects such as:

#   Forensics/Data Recovery
# System/Network Analysis and Security Scanning
# Temporary Network Device/Server
   #   IDS / NIDS System
   #   Network Status Report Creation

My reason for it's creation came about due to finding other similar projects (SuperRescueCD, Biatchux(F.I.R.E.), Trinux, Knoppix) to be geared toward only a single area of the broad spectrum I was looking for. The first of which by H. Peter Anvin, the author of Syslinux, Isolinux, and zisofs, was the only one close to the concept I had in mind which is why I chose it as the foundation for this cd. After not finding what I was really looking for, the "All-in-One", I decided the only way to get it was to build one myself.

So here you have it, Plan-B.

Errata/Changes/Versions:

05/22/03 v1.0(Final/Current):

Kernel support for i386+ single and multi processor w/optional support for optimized i686+ kernel
ntfs drivers updated to version 2.1.4a
Bug/Sec Updates: apache, cups, foomatic, gnupg, hpijs, nessus, nmap, autopsy, sleuthkit, lsof, CPAN, postgresql, ethereal, samba, hotplug, nscd, LPRng, tcpdump, sharutils, glibc
Added: p0f, ntop, tara, nikto, fwlogwatch, snort2, portsentry2
26 Security Policy Templates added /usr/doc/sspp From the SANS Security Policy Project, along with a template for an Incident Response Form may be edited with openOffice Writer
Working with NSRL Foundation at NIST for a closer view of the forensic capabilities of Plan-B
Created RDS(1.4 - 2.0) iso images with zisofs; the databases can be used straight from cd while using autopsy; requires access to separate cdrom.see /opt/How2/rds_how2 for setup procedures
New Help pages at boot to explain boot options
Designed Custom CD Kit

ToDo:

BackRest: Utility Used for backing up and restoring configuration settings to removable device(Started 6/22/03)
QDS: A scripted setup utility to help generate the configuration files for different servers
Establish a system to use for a network node that serves as an NIDS from Plan-B
Finish How2 section for the areas of Plan-B that differ from normal procedures in Linux or useful features of Linux that may be particularly helpful when running Plan-B

Abstract:

Below is intended to be a list of software not included with Red Hat® release 9.0 or were installed separate from the
Red Hat® installation. The links work assuming an internet connection is established. The file /root/package.lst contains a list of installed rpm packages

Notice: The installed version of anything listed may not be the most current. Visiting any of the sites in the right column should give the most current information. The list is no where near complete yet. Soon I hope to get them all included here.

Name	Description(Interface)
AirFart 0.2.1	Wireless Signal Strength requires wireless connection / supported hardware(gui)
Autopsy 1.73	Frontend to Sleuthkit(web)
BCwipe 1.2	File/Drive Eraser Utility DoD Compliant(cmd)
CmosPwd 4.3	Find/Remove Cmos Password(cmd)
Crack 5.0a	Password Cracking Utility(cmd)
DCFL-DD v1.0	An enhanced dd with MD5 hashing(cmd)
Ethereal 0.9.11	Network traffic packet capture utility(cmd,gui)
Ettercap 0.6.b	Sniffer/Interceptor/Logger(tui)
FWBuilder 1.0.10	GUI for building firewall rule sets in iptables, PIX, etc...(gui)
fwlogwatch 0.9.3	Packet filter/firewall/IDS Log Analyzer/Pager/Report Creation(cmd, automated to text or HTML)
Foremost v.62	File Recovery Utility(cmd)
fping 2.4b2	TCP/IP Ping Utility(cmd)
Hping2	TCP/IP Ping Utility(cmd)
Hunt 1.5	TCP/IP Exploits(cmd)
IP Calculator 1.3	Calculate IP Addresses(web)
IP Sorcery 1.7.5	Packet Generator(gui)
IPTraf 2.7.0	A console-based network statistics utility(tui)
John The Ripper 1.6	Password Cracking Utility(cmd)
nbtscan 1.0.3	Scan Windows® systems though the CIFS protocol(cmd,gui)
Nessus 2.0.7	Security Auditing Utililty Server/Client(gui)
Nikto 1.30	Exploits Against Web Servers based on Whisker(cmd)
Nmap 3.28	Network Scanning Tool(cmd,gui)
ntop 2.2.0	Network Monitoring Tool(web)
p0f 1.8	Network Scanning Tool(cmd,gui)
access 0.7beta	Remote Access Session(cmd)
Sara 4.1.4c	Network Security Auditing Utility(cmd,web)
Snort 2.0	The Open Source Network Intrusion Detection System(cmd,web)
Sleuthkit 1.62	Data Retrieval/ Forensics Suite(cmd)
Tara 3.0.3	System Security Auditing Utility(cmd)
Wellenreiter 1.8	Wireless network discovery and auditing tool requires wireless connection / supported hardware(cmd)
More...	added/removed as development progresses or as requested

References:

Information Systems Audit and Control Association(ISACA)
Standards for Information Systems Auditing
     IS Auditing Guidelines
        060.020.070 Use of Computer Assisted Audit Techniques (CAATS) (Effective 1 December 1998)
        050.010.030 Use of Risk Assessment in Audit Planning (Effective 1 September 2000)
        030.010.010 Irregularities and Illegal Acts (Effective 1 July 2002)
     IS Auditing Procedures
        Document #1: IS Risk Assessment Measurement
        Document #3: Intrusion Detection System (IDS) Review
        Document #6: Firewall
The NSRL RDS Databases versions 1.4 and 2.0
DoD Computer Forensics Laboratory (DCFL) Intrusions and Information Assurance

Acknowledgements:
In No Special Order

Red Hat is a registered trademark of Red Hat, Inc. in the United States and/or other countries
Linux is a trademark of Linus Torvalds
Flash is a trademark of Macromedia, Inc. in the United States and/or other countries
Java is a trademark of Sun Microsystems, Inc. in the United States and/or other countries
Windows, NT and Microsoft are registered trademarks of Microsoft Corporation in the United States and/or other countries
ISACA is registered trademark of Information Systems Audit and Control Association in the United States and/or other countries
NSRL is a project of Nation Institute of Standards and Technology
SuperRescue CD, ISOLINUX and zisofs are the creation of H. Peter Anvin http://syslinux.zytor.com
Biatchux (F.I.R.E) http://biatchux.dmzs.com
Trinux http://trinux.sourceforge.net
Knoppix http://www.knopper.net/knoppix
DoD Computer Forensics Laboratory (DCFL) http://www.dcfl.org
Linux-Forensics http://www.linux-forensics.com/links.htm
GNU Free Software Foundation http://www.gnu.org
CERT Carnegie Mellon University http://www.cert.org
SANS Institute http://www.sans.org
SuperHac http://www.superhac.com

Download:
Hosted at Kernel.org
Plan-B ISO tar/gzip
Custom kit - DIY - tar/gzip

Hosted Locally
Plan-B ISO tar/gzip
Custom kit - DIY - tar/gzip

Plan-B (C)2003 Jeremy McDaniel
email: mcdaniel.j@gmail.com