Knoppix-STD FAQ
"Take it
friend. Arm yourself with knowledge"
--Paperboy,
SpongeBob SquarePants
What is Knoppix-STD?
Knoppix-STD is a bootable CD packed with the Linux OS, KDE Windows Manager, with an emphasis on information security tools.
What are the minimum requirements to run Knoppix-STD?
Knoppix needs lots of RAM and a x86 architecture (Intel, AMD, etc.). You could probably boot it up on an old 486 with at least 48MB RAM., but don't expect much (like gui). You're better off with a pentium class machine with at least 64-96MB RAM. Knoppix-STD is very reliant on RAM, the more the better. You will also need a SCSI or IDE CDROM drive (or at least SCSI or IDE emulation).
How do you install it?
No installation required really.
1) Burn the cd image
(knoppix-std-XX.iso) to a CD.
2) Make sure that your machine
can boot to CD. (hint: check the BIOS settings)
3) Reboot the
machine with the CD in the CD-ROM drive.
4) Welcome to
Knoppix-STD. Play nice.
If you want a permanent installation of STD you also have the option of putting it on your harddrive.
1) Open up a terminal shell and
run 'rootme'
2) run 'knx-hdinstall'
3) choose the partition
to install on (This will destroy all existing data on that
partition).
4) follow the prompts and reboot
My old machine doesn't have a harddrive and can't boot from a CD. Can I boot from a floppy?
But of course. We're not neanderthals. There's a file /cdrom/KNOPPIX/boot.img you can use to create an STD boot floppy. Put a blank floppy in your drive and...
Linux: run 'dd if=/cdrom/KNOPPIX/boot.img of=/dev/fd0'
Windows: Browse to the Knoppix directory on the CD and run mkfloppy.bat.
It doesn't boot.... I see some stuff then the screen goes blank... I built my own computer out of tinfoil and can't get STD to run....
O.K. First off check the cheatcodes. Cheatcodes are options you can provide STD when it first starts to boot. My primary machine is a Toshiba laptop. When I boot STD up I have to use the following cheatcodes:
boot: knoppix screen=1024x768 home=/dev/sda1
This gives me proper resolution (for some reason, knoppix defaults to 800x600 on these machines) and mounts my permanent home directory. There's all sorts of fun to be had with cheatcodes so read up on them. You can find them over on the wonderful knoppix.net site.
Which cheatcode should I try first? Where should I start?
I'm ripping the answer for this straight from another Knoppix FAQ. This is from the Knoppix MIB website. It was worded so perfectly I didn't feel it needed any real editing. Knoppix-MIB is a great Knoppix customization with a focus on privacy. Aside from some formatting changes this is from http://www.bouissou.net/knoppix-mib/doc-html/Knoppix-Mib.html
Video and Boot Problems
At bootup, my computer displays "Loading vmlinuz....." and "Loading miniroot.gz....." then my monitor goes off...?
Your system probably doesn't support the VESA FrameBuffer 1024x768 mode that Knoppix selects at bootup. Try booting specifying one of the following options:
knoppix
vga=788 (To select 800x600 FrameBuffer mode)
or
knoppix
vga=normal (To initally start in 80x25 text mode)
The "X" graphic environment doesn't start properly on my system. My monitor goes off, or displays weird stripes...
1) If your monitor is not quite recent, it may be unable to report its supported frequencies to Knoppix, and may not support the default frequencies that Knoppix will select in such a case. If you know your monitor's characteristics (see its manual), you can specify the maximum horizontal frequency it can handle at boot time, using the boot option:
“knoppix maxhsync=65" for example.
If you don't know your monitor's max frequency, you can try the "knoppix oldscreen" boot option, that is equivalent to "knoppix maxhsync=54"
2) Your hardware may not support the screen resolution or vertical refresh rate that Knoppix tries to use. You can try to specify a mode which you think your system will support, using boot options like:
knoppix
screen=800x600 (selects a 800x600 X display)
or
knoppix
xvrefresh=60 (selects a 60 Hz vertical refresh rate)
You can combine such options, for example:
knoppix
xscreen=800x600 xvrefresh=60
or even:
knoppix
xscreen=800x600 xvrefresh=60 maxhsync=54 vga=normal
3) The X driver may not work with your graphics board. You can try to use the generic "FrameBuffer" X driver, that simultaneously specifies the desired resolution, by booting with one of the options:
fb1024x768
or
fb800x600
NOTE: If you use one of these options, you MUST NOT combine this option with other display or graphics options, especially the "vga=" option. For example, do not try to boot with "fb1024x768 vga=normal". On the other hand, you can combine FrameBuffer options with other options that don't concern display, for example you can perfectly use something like "fb1024x768 home=/dev/sda1". In such combinations, the "fb....." option must always come first.
The graphical environment doesn't start on my system. I get messages such as:
retrying with Server
Xfree86(vesa)
retrying with Server Xfree86(fbdev)
Error : no
suitable X-Server found for your card.
Or the screen just goes
blank
On some machines, or with some graphics boards, Knoppix cannot determine which graphics X server to use with your hardware. It is then necessary to specify it manually as a boot option, using "xmodule=". For example, some NVidia boards are not correctly detected. To use them, you must specify at the boot prompt:
knoppix xmodule=nv
I have found the correct options for booting Knoppix with my graphics card and monitor. Is it possible to memorize them, so I don't need to type them at each boot?
Yes, if you have a persistent home directory. In this case, after having booted with your persistent home directory and the correct options, you just need to "save configuration", specifying that you want to save your graphics (XF86Config) configuration. Simply use the "K > KNOPPIX > Configure > Save configuration" menu option.
At bootup, my computer displays "Loading vmlinuz....." and "Loading miniroot.gz....." then my monitor goes off or my system hangs...? And YES, I've gone through all of the video trouble-shooting above!
One of your peripherals, or motherboard components, may be incompatible with the drivers that Knoppix auto-loads at bootup, or with Knoppix's autodetection and autoconfiguration system.
Try booting, typing at the boot prompt:
knoppix failsafe
If the system starts, there was such a problem. To isolate the problem more precisely, note that booting with: failsafe is equivalent to booting with the following combination of options:
knoppix vga=normal noapic noscsi nodma noapm nousb nopcmcia nofirewire noagp nodhcp xmodule=vesa
It is quite probable that only one of these options is necessary to allow your particular system to boot, so you should try to determine which one, by trying all of them successively, for example:
knoppix
noapic
then
knoppix noscsi
then
knoppix noagp
...and
so on, until your system boots properly, once you have found the
"good" option. One option may not be enough, and you may
need to combine 2 or 3 of them depending upon your particular
system. In such a case, you can proceed in the reverse order,
starting booting with the complete series of options, then
removing them one by one until your system won't boot properly:
Then you know you have just removed a necessary option.
At bootup, I get an error message "ERROR: Only one processor found" ...?
This message doesn't matter. Just ignore it. The Knoppix kernel can handle multi-processor systems, and can in some situations think that your system may be multi-processor when it is not (especially on AMD processor systems). Then, as it founds a single processor, it issues this message, but this is not a problem.
And that is the end of the section from Knoppix-MIB. Good stuff, eh?
I get the error “Can't find Knoppix filesystem.” then it drops me to a “limited shell”. What the hell?
This means you are not using a SCSI or IDE CDROM drive. After Syslinux starts up the first thing Knoppix wants to do is find and uncompress the filesystem (that big KNOPPIX file on the CD). Knoppix only probes for the CD on all SCSI and IDE buses. If it can't find it you'll get the error above.
For Transmeta laptops and some Sonys with PCMCIA cd drives try:
knoppix ide2=0x180 nopcmcia
Will it wreck my computer?
Knoppix-STD has the potential for severe damage, but not unless you want it too. By default Knoppix-STD simply borrows RAM and peripherals and leaves the hard drive alone. Take the CD out, reboot and you'll never know Knoppix ever ran.
Still, be careful. I provide no guarantees or warranties. Use at your own risk.
[forensics folks note that you
need to boot with the 'noswap' option to NOT touch an
existing Linux partition. See the forensics readme in
/usr/bin/forensics/rtfm/]
How is Knoppix-STD licensed?
STD is based off of the original Knoppix distribution and retains all of the original licenses from that distribution. All additions that I have made are covered under GPL.
What can I do with Knoppix-STD?
Turn it into a firewall, a web
server, an IDS box, a honeypot. Use it to do data recovery on an
dead or locked computer, perform a vulnerability assessment, a
penetration test, perform an autopsy on a compromised machine,
test your incident response team. Listen to your MP3 collection
and play gnuchess while waiting for that five hour nessus scan to
complete.
What tools does Knoppix-STD have?
I set up the STD toolset into specific categories as follows:
authentication: PAM,
freeRADIUS
encryption utilities: gpg, freeSWAN,
openssl
firewalls: iptables, shorewall, guarddog
penetration
tools: dsniff, irpas, ADM*, warscan
vulnerability assessment:
nessus, whisker, nmap, chkrootkit
forensic tools: autopsy,
task, fenris, wipe
honeypots: honeyd, labrea
intrusion
detection: snort, aide, syslog
packet sniffers and assemblers:
ethereal, paketto, ettercap, tcpreplay
network utilities:
etherape, cheops, arpwatch, ntop
wireless tools: airsnort,
kismet, wardrive
password auditing (crackers): john
servers:
dns, xinetd, irc, tftp, apache, smail, snmp
Check STD
Tools for
more details.
Why not just use F.I.R.E.?
What? Is this a competition? F.I.R.E. is a great distribution. It depends on your needs. Besides, how hard is it to carry around two cds? Sheesh... You might also want to try out the Penquin Sleuth.
What's the root password?
There is no root password. This is built into the default Knoppix distribution that STD is based on. If you need root access, you can:
1) run the command using 'sudo'
(like 'sudo ifconfig eth0 172.18.1.3')
2) run the 'Root Shell'
option under the Knoppix menu
3) hit ctrl-alt-f2 to switch to a
different terminal. They are logged in with root access.
4) run
the command 'rootme' (which is just a script that runs 'sudo su
root'. It's just easier to type.)
How secure is Knoppix-STD?
Many linux security distributions are hardened versions of Linux to secure the host. This is not STD. STD is a security toolkit not a hardened OS. I would not consider Knoppix a secure distribution.
True, It runs off of a read only CD with minimal services running on boot. It only loads itself into RAM. Their are only a few viruses that affect it. The default boot shows only 68/tcp (dhcpclient) and 6000/tcp (X11) loaded from an nmap scan. A nessus scan shows only a low severity alert on X11 (It doesn't allow any client connections, but may be vulnerable to DoS attacks. CVE-1999-0526). dhcpclient instantly closes any connection attempts.
However many network services can be started with but a click on the menu and many of those services have known vulnerabilities. If your machine gets breached through these services, the network you are on and all data on any local hard drives are at risk. Before you play around with any Servers, learn the Firewalls and IDS tools first.
Actually I think this fits in perfectly with STD's educational model. Boot one machine with STD and load up some vulnerable services and then breach them using another boot of STD.
There is also a shortcut on the kicker panel and off the firewall menu to block all inbound TCP traffic [iptables -A INPUT -p tcp --syn -j DROP]. This will provide a modicum of protection.
As you discover vulnerabilities
in STD please post them to the vulnerability
forum or send an
e-mail to security@knoppix-std.org.
Why would you release this distribution when it's obviously a hacker tool? Or, If you love hackers so much why don't you marry them?
Strange fact, security professionals need the same tools, the same knowledge, the same skill sets as "hackers". In fact, often the only thing that distinguishes a security professional from a hacker is their motivation. I can't control people, I'm simply providing a tool that I hope will teach essential security skills that the user can put to good use in all aspects of the word.
I should also note that all of the tools provided in STD are publicly available outside of the distribution and it seems to me that those "evil hackers" out there have an edge up in understanding them. If you are concerned about the state of security on the internet, you should be. If you want to do something about it burn as many copies of STD as you can and pass it out to all of you friends and relatives.
So far as the “scr1pt
k1dz” go? They have to live off the work of others without
having the skills to give back to the community in even the
simplest way. They are leeches and parasites in the worst possible
form. I can't stop them from using STD, but unless they are interested
in learning from it they can piss off as far as I'm concerned.
Who are you?
I teach network security for a living and know that formal training in information security can be prohibitively expensive. I thought STD could be used as a bit of a self-study course to get people more familiar with the tools and concepts behind security. It was also obvious from the get go that it would be useful one stop shop for professionals already familiar with these tools.