News and EditorialsBackTrack distribution, which just released its 2.0 version, helps organize security tools into a live CD package that will be helpful to anyone faced with security oriented tasks. Hundreds of open source security tools exist and it can be difficult to sort through them and determine what they are used for; BackTrack can help by providing one-stop shopping and a well organized interface that categorizes the tools by the task they are focused on. BackTrack seems well suited to its stated goal of being the distribution of choice for penetration testers and other security professionals.
Based on SLAX, a live CD version of Slackware, BackTrack can boot directly from CD or USB stick and once it is up, the user can start KDE or Fluxbox to provide a GUI interface. As part of a test drive of BackTrack, the author started up the KDE interface and found it to be well organized, especially the Applications menu (see screenshot). The Firefox and Konqueror bookmark toolbar customizations, with buttons for several security oriented websites, was quite useful as well. SLAX seemingly had no trouble with the author's off-brand laptop nor on several desktop machines that it was tried on. The X server handled high resolution screens (up to 1600x1200) with aplomb unlike other live CD distributions that have been booted over the years.
The selection of tools is where BackTrack truly shines. More than 300 up-to-date tools for everything from network mapping, through password cracking to digital forensics are available. Wireless network sniffing and packet injection are areas that BackTrack has clearly focused on. Using the 2.6.20 kernel and a variety of patched wireless drivers, BackTrack makes wireless penetration and fuzz testing easy. Bluetooth hacking is supported as well. The wiki provides a list of the security tools included for anyone who wants to ensure their favorite will be available before booting BackTrack.
BackTrack also provides the now standard ability to write to the ostensibly read-only root filesystem using unionfs, but it extends that to be able to write data back to the media itself if it has multi-session capabilities. It also has some other unique features including the ability to provide a BackTrack image for other machines to boot over the network via PXE. The PXE boot can be combined with 'John the Ripper' to create a password cracking cluster.
The BackTrack developers have also pre-configured some of the tools like Snort, kismet, Metasploit and others to allow folks to more quickly use those tools. Perhaps the 'swiss army knife' metaphor is overused, but this distribution certainly seems to fit that bill. There are other distributions with a similar focus (a year old list can be found here), but it will be hard to find one as up-to-date and as comprehensive as BackTrack 2.0.
New ReleasesTest 3 is for early adopters. Most things should work and we need to your help to find what is broken." Lots of packages have been updated, and a bleeding-edge 2.6.21-rc5 kernel is included. Beijing features fixes to all major bugs in previous betas and release candidates, the final version of GNOME 2.18, and the full feature set intended for the final release." announced the release of MontaVista Linux Professional Edition 5.0. "MontaVista Linux Professional Edition 5.0 release establishes a number of Linux firsts for real-time performance. Building on the highly successful real-time capabilities MontaVista pioneered in previous offerings, MontaVista Linux Professional Edition 5.0 is first to include the latest advancements in real time technology. These advanced capabilities include high resolution timers and other native Linux real-time enhancements lead by Linux kernel maintainer Ingo Molnar and enable developers to deliver a more reliable, higher quality end-user experience." been released by MEPIS. 6.5 started as a minor update to the Ubuntu pool compatible 6.0 release of SimplyMEPIS but the project quickly expanded to add the 7.1 X window manager, newer display and wireless drivers, Mac Intel support, Amarok music player with music store and mtp support, and the experimental Beryl 3D desktop.
Distribution NewsThe most important step that remains to be done is to finalize the release notes, skim through the update reports and - well, fix the last remaining few blockers. Etch is of a very good technical quality, and we just need to polish a few remaining issues." reports that security updates for Debian GNU/Linux are officially available via IPv6 in addition to the existing IPv4 mirrors. At the time of writing, a couple of minutes into the third (and final) week of the vote, we are doing OK with regards to voter participation, all things considered. The big story in this election seems to be the debacle of the letter ë. This mostly impacts people sending in in-line OpenPGP signed ballots, since helpful MUAs and MTA in the path then "protect" the non-7bit clean message body, which mucks up the cryptographic check of the ballot." The project is named Smith because every nice project must have a name and Smith is a commonly accepted "common name" for people in English-speaking parts of the world. It also opens possibilities to play on words with "blacksmith", "wordsmith" and the like. The project also has a three-letter acronym name (SRP) which is mandatory in Free Software projects." Contributors with good skills in the English language and good writing ability are welcome to join the project by subscribing to the debian-l10n-english mailing list.
Distribution NewslettersForesight Linux Newsletter is out. This edition covers March 2007 with reports on what's happening with Foresight Linux, including information on the latest release, security updates, tips and tricks, what's in development and Foresight in the press. DistroWatch Weekly for April 2, 2007 is out. "April is traditionally one of the most exciting months on the distribution release calendar and this year will be no different - Mandriva, Debian, Ubuntu, Fedora, and possibly Gentoo and Slackware are all getting ready for delivering their latest and greatest later this month. In other news, Arch Linux 0.8 hits the download mirrors, Foresight Linux publishes its first monthly newsletter, the developers of GParted LiveCD have released a new "Clonezilla" edition, and Oracle prepares for the upcoming release of Enterprise Linux 5. Also in this issue: an overview of PCLinuxOS and MEPIS Linux as part of the update to our "Top Ten Distributions" page. Finally, we are pleased to announce that the recipient of the DistroWatch.com March 2007 donation is the CentOS project."
Newsletters and articles of interesttutorial on creating DVD images of Debian or Ubuntu. "Ubuntu doesn't offer DVDs ready to download with its main, universe, multiverse and/or restricted repositories. With the contents of this howto you can do it yourself. Having the Ubuntu or Debian repositories on DVD can be useful for those users who don't have access to the Internet where they have their Ubuntu installed but have access somewhere else to download the repository and build and burn the DVDs."
Distribution reviewsa preview of the Ubuntu 7.04 (Feisty Fawn) beta. "The Ubuntu developers are moving very quickly to bring you the absolute latest and greatest software the Open Source Community has to offer. This is the Ubuntu 7.04 Beta and it comes packed with a whole host of excellent new features including the released GNOME 2.18, the 2.6.20 kernel and much more."
Page editor: Rebecca Sobol
Next page: Development>>
Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds