User: Password:
Subscribe / Log in / New account


News and Editorials

A look at the BackTrack security distribution

April 4, 2007

This article was contributed by Jake Edge.

The BackTrack distribution, which just released its 2.0 version, helps organize security tools into a live CD package that will be helpful to anyone faced with security oriented tasks. Hundreds of open source security tools exist and it can be difficult to sort through them and determine what they are used for; BackTrack can help by providing one-stop shopping and a well organized interface that categorizes the tools by the task they are focused on. BackTrack seems well suited to its stated goal of being the distribution of choice for penetration testers and other security professionals.

BackTrack screenshot

Based on SLAX, a live CD version of Slackware, BackTrack can boot directly from CD or USB stick and once it is up, the user can start KDE or Fluxbox to provide a GUI interface. As part of a test drive of BackTrack, the author started up the KDE interface and found it to be well organized, especially the Applications menu (see screenshot). The Firefox and Konqueror bookmark toolbar customizations, with buttons for several security oriented websites, was quite useful as well. SLAX seemingly had no trouble with the author's off-brand laptop nor on several desktop machines that it was tried on. The X server handled high resolution screens (up to 1600x1200) with aplomb unlike other live CD distributions that have been booted over the years.

The selection of tools is where BackTrack truly shines. More than 300 up-to-date tools for everything from network mapping, through password cracking to digital forensics are available. Wireless network sniffing and packet injection are areas that BackTrack has clearly focused on. Using the 2.6.20 kernel and a variety of patched wireless drivers, BackTrack makes wireless penetration and fuzz testing easy. Bluetooth hacking is supported as well. The wiki provides a list of the security tools included for anyone who wants to ensure their favorite will be available before booting BackTrack.

BackTrack also provides the now standard ability to write to the ostensibly read-only root filesystem using unionfs, but it extends that to be able to write data back to the media itself if it has multi-session capabilities. It also has some other unique features including the ability to provide a BackTrack image for other machines to boot over the network via PXE. The PXE boot can be combined with 'John the Ripper' to create a password cracking cluster.

The BackTrack developers have also pre-configured some of the tools like Snort, kismet, Metasploit and others to allow folks to more quickly use those tools. Perhaps the 'swiss army knife' metaphor is overused, but this distribution certainly seems to fit that bill. There are other distributions with a similar focus (a year old list can be found here), but it will be hard to find one as up-to-date and as comprehensive as BackTrack 2.0.

Comments (1 posted)

New Releases

Fedora 7 Test 3

The third Fedora 7 test release is out. "Test 3 is for early adopters. Most things should work and we need to your help to find what is broken." Lots of packages have been updated, and a bleeding-edge 2.6.21-rc5 kernel is included.

Full Story (comments: none)

Mandriva Linux 2007 Spring RC3 released

Mandriva Linux 2007 Spring RC3 "Beijing" is now available. "Beijing features fixes to all major bugs in previous betas and release candidates, the final version of GNOME 2.18, and the full feature set intended for the final release."

Full Story (comments: none)

MontaVista Linux Professional Edition 5.0

MontaVista Software has announced the release of MontaVista Linux Professional Edition 5.0. "MontaVista Linux Professional Edition 5.0 release establishes a number of Linux firsts for real-time performance. Building on the highly successful real-time capabilities MontaVista pioneered in previous offerings, MontaVista Linux Professional Edition 5.0 is first to include the latest advancements in real time technology. These advanced capabilities include high resolution timers and other native Linux real-time enhancements lead by Linux kernel maintainer Ingo Molnar and enable developers to deliver a more reliable, higher quality end-user experience."

Comments (none posted)

SimplyMEPIS 6.5 Final Offers Many Updates For 6.0 Users

SimplyMEPIS 6.5 for 32 and 64 bit Intel and AMD based PCs and MacTels has been released by MEPIS. 6.5 started as a minor update to the Ubuntu pool compatible 6.0 release of SimplyMEPIS but the project quickly expanded to add the 7.1 X window manager, newer display and wireless drivers, Mac Intel support, Amarok music player with music store and mtp support, and the experimental Beryl 3D desktop.

Comments (none posted)

Distribution News

Debian Etch release schedule

Andreas Barth has an update on the Etch release, which should be soon. "The most important step that remains to be done is to finalize the release notes, skim through the update reports and - well, fix the last remaining few blockers. Etch is of a very good technical quality, and we just need to polish a few remaining issues."

Full Story (comments: none)

Debian security updates via IPv6

Martin "Joey" Schulze reports that security updates for Debian GNU/Linux are officially available via IPv6 in addition to the existing IPv4 mirrors.

Comments (none posted)

Fourth call for votes for the debian project leader election 2007

This is the fourth call for votes in this year's Debian Project Leader election. "At the time of writing, a couple of minutes into the third (and final) week of the vote, we are doing OK with regards to voter participation, all things considered. The big story in this election seems to be the debacle of the letter ë. This mostly impacts people sending in in-line OpenPGP signed ballots, since helpful MUAs and MTA in the path then "protect" the non-7bit clean message body, which mucks up the cryptographic check of the ballot."

Full Story (comments: none)

Announcing the Smith Review Project: proofreading English in Debian packages texts

The Smith Review Project is a new Debian project that aims to review all English texts associated with Debian packages, namely debconf templates, manual pages and package descriptions. "The project is named Smith because every nice project must have a name and Smith is a commonly accepted "common name" for people in English-speaking parts of the world. It also opens possibilities to play on words with "blacksmith", "wordsmith" and the like. The project also has a three-letter acronym name (SRP) which is mandatory in Free Software projects." Contributors with good skills in the English language and good writing ability are welcome to join the project by subscribing to the debian-l10n-english mailing list.

Full Story (comments: none)

DebConf7 - Reconfirmation phase started

Anyone who is planning on going to DebConf7 in Edinburgh should reconfirm their attendance by May 3, 2007.

Full Story (comments: none)

Mandriva Linux 2006 nearing EOL

According to the Mandriva End of Life Policy, Mandriva Linux 2006 will not be receiving security updates as of April 13, 2007.

Full Story (comments: none)

Distribution Newsletters

Fedora Weekly News Issue 81

This edition of the Fedora Weekly News covers the Fedora 7 Test 3 announcement, the March 27 meeting of the board, Presto debut, missing /dev/hdX devices, FC6 NetworkManager gets some love, LSB Compliance of Initscripts, and several other topics.

Full Story (comments: none)

Foresight Linux Newsletter Volume 1, Issue 1

The first edition of the Foresight Linux Newsletter is out. This edition covers March 2007 with reports on what's happening with Foresight Linux, including information on the latest release, security updates, tips and tricks, what's in development and Foresight in the press.

Comments (none posted)

Ubuntu Weekly News: Issue #34

In this edition of the Ubuntu Weekly Newsletter Canonical is looking to hire a user interface developer, a new way to ask for a program to be packaged, Ubuntu Receives PC Welt Editor's Choice Award, easy-to-install Codec Wizards, and much more.

Full Story (comments: none)

DistroWatch Weekly, Issue 196

The DistroWatch Weekly for April 2, 2007 is out. "April is traditionally one of the most exciting months on the distribution release calendar and this year will be no different - Mandriva, Debian, Ubuntu, Fedora, and possibly Gentoo and Slackware are all getting ready for delivering their latest and greatest later this month. In other news, Arch Linux 0.8 hits the download mirrors, Foresight Linux publishes its first monthly newsletter, the developers of GParted LiveCD have released a new "Clonezilla" edition, and Oracle prepares for the upcoming release of Enterprise Linux 5. Also in this issue: an overview of PCLinuxOS and MEPIS Linux as part of the update to our "Top Ten Distributions" page. Finally, we are pleased to announce that the recipient of the March 2007 donation is the CentOS project."

Comments (none posted)

Newsletters and articles of interest

Building DVD Images Of Ubuntu Repositories (HowtoForge)

HowtoForge has a tutorial on creating DVD images of Debian or Ubuntu. "Ubuntu doesn't offer DVDs ready to download with its main, universe, multiverse and/or restricted repositories. With the contents of this howto you can do it yourself. Having the Ubuntu or Debian repositories on DVD can be useful for those users who don't have access to the Internet where they have their Ubuntu installed but have access somewhere else to download the repository and build and burn the DVDs."

Comments (none posted)

Distribution reviews

Ubuntu 7.04 (Feisty Fawn) Beta Preview (Only Ubuntu)

The Only Ubuntu blog has a preview of the Ubuntu 7.04 (Feisty Fawn) beta. "The Ubuntu developers are moving very quickly to bring you the absolute latest and greatest software the Open Source Community has to offer. This is the Ubuntu 7.04 Beta and it comes packed with a whole host of excellent new features including the released GNOME 2.18, the 2.6.20 kernel and much more."

Comments (none posted)

Page editor: Rebecca Sobol
Next page: Development>>

Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds