STD 0.1
security tools distribution
MD5: de03204ea5777d0e5fd6eb97b43034cb

STD Tools


Knoppix-STD FAQ

"Take it friend. Arm yourself with knowledge"
--Paperboy, SpongeBob SquarePants

Q: Is this the Official FAQ?

A: Yes.

Q: Is this the forum rules/faq a.k.a "mini" faq?

A: No. The forum posting a.k.a "mini" faq (a must read!) is here

Q: What is Knoppix-STD?

A: STD is a Security Tool. Actually it is a collection of hundreds if not thousands of open source security tools. It's a Live Linux Distro (i.e. it runs from a bootable CD in memory without changing the native operating system of your PC). It's sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.

Q: What is Knoppix-STD not?

A: It's NOT a replacement for your windows box, server, firewall or router. It is not n00b friendly. It is ABSOLUTELY NOT an alternative to Knoppix. STD is NOT about Linux it is about security tools (i.e. STD uses Linux as a means to an end).

Q: What are the minimum requirements to run Knoppix-STD?

A: Knoppix needs lots of RAM and a x86 architecture (Intel, AMD, etc.). You might get it running on an old 486 with at least 48MB RAM., but don't expect much (like gui). You're better off with a pentium class machine with at least 64-96MB RAM. Knoppix-STD is very reliant on RAM, the more the better. You will also need a SCSI or IDE CD drive (or at least SCSI or IDE emulation). If you have 640MB or RAM or more you can also use the toram cheat code. boot: knoppix toram this will copy Knoppix completely to RAM and free up your CD drive.

Q: Will it wreck my computer?

A: Knoppix-STD has the potential for severe damage, but not unless you want it too. By default Knoppix-STD simply borrows RAM and peripherals and leaves the hard drive alone. Take the CD out, reboot and you'll never know Knoppix ever ran.

Still, be careful. we provide no guarantees or warranties. Use at your own risk.

[forensics folks note that you need to boot with the 'noswap' option to NOT touch an existing Linux swap partition.]

Q: How is Knoppix-STD licensed?

A: STD is based off of the original Knoppix distribution and retains all of the original licenses from that distribution. All additions that we have made are covered under GPL or one of the equally open source licenses [please see the licenses of individuals tools if your are unclear]

Q: Is the STD community white or black hat?

A: STD is VERY much white hat.

Q: What can I do with Knoppix-STD?

A: Turn it into a firewall, a web server, an IDS box, a honeypot. Use it to do data recovery on an dead or locked computer, perform a vulnerability assessment, a penetration test, perform an autopsy on a compromised machine, test your incident response team. Listen to your MP3 collection and play gnugo while waiting for that nessus scan to complete.

Q: What tools does Knoppix-STD have?

A: Check STD Tools for more details [this list is not definative].

Q: Is Knoppix-STD secure?

A: Many linux security distributions are hardened versions of Linux to secure the host. This is not STD. STD is a security toolkit not a hardened OS. We would not consider Knoppix a secure distribution.

True, It runs off of a read only CD with minimal services running on boot. It only loads itself into RAM. Their are only a few viruses that affect it. The default boot shows only 68/tcp (dhcpclient) and 6000/tcp (X11) loaded from an nmap scan. A nessus scan shows only a low severity alert on X11 (It doesn't allow any client connections, but may be vulnerable to DoS attacks. CVE-1999-0526). dhcpclient instantly closes any connection attempts.

However many network services can be started with but a click on the menu and many of those services have known vulnerabilities. If your machine gets breached through these services, the network you are on and all data on any local hard drives are at risk. Before you play around with any Servers, learn the Firewalls and IDS tools first.

Actually I think this fits in perfectly with STD's educational model. Boot one machine with STD and load up some vulnerable services and then breach them using another boot of STD.

There is also a script to block all inbound TCP traffic named, aptly enough, blockall. This will provide a good bit of protection.

As you discover vulnerabilities in STD please send an e-mail to fat [See Contact page linked from home]

Q: Why is STD less secure?

A: In order to make using the security tools easier in STD it sacrifices security. The first thing you will read in your Linux 101 text book is not to use the root user, well STD uses the root user virtually all the time. Also think about what a hacker does. Once they have root access to a box they upload a few tool that they think you wont notice and use them to escalate the breach. Should someone breach your STD box they instantly have access to every hacker tool under the sun. You just made it trivial for them to escalate their attack

Q: People on the forum tell me I should not be using STD?

A: Many people come to STD thinking it is just another Knoppix which is wrong. What they mean is that if you are a n00b you have allot of work in front of you before you even start. Also you have to realise that there are only a limited number of people on the forums and they are here to talk specifically about security stuff not Linux... so you may not get an answer to your n00b question. Remember, there is a reason why there are so many different Linux distro's out there. Think about what you are actually trying to achieve and pick the distro that best matches your needs and abilities.

Q: How do you install it?

A: No installation required really.

1) Burn the cd image (knoppix-std-XX.iso) to a CD.
2) Make sure that your machine can boot to CD. (hint: check the BIOS settings)
3) Reboot the machine with the CD in the CD-ROM drive.
4) Welcome to Knoppix-STD. Play nice.

If you want a permanent installation of STD you also have the option of putting it on your harddrive. There are two scripts that will accomplish exactly that. knx-hdinstall and knoppix-installer. The each have their fans.
Keep in mind that this will destroy all existing data on the partition you install on. Also keep in mind that since STD is not designed to be installed to a hard disk many things will need fixed. As such the forum does not officially support HD installs.

Q: Should I install STD to my hard disk as my primary OS ?

A: Almost certainly No. STD is not a suitable replacement for your windows box, server, firewall or router. If you need a distro that has hundreds of megabytes of security tools then STD is for you, otherwise think about a mainstream OS like Suse, Mandrake or Debian.

Q: Is the hard disk install supported?

A: No. STD is designed to run from CD. The hard disk install is unsupported and is not guaranteed to work in any way. You will see a hard disk section on the forum but this is purely as a courtesy.

Q: OK I understand but I am still going to do a hard disk install...

A: When you install most Linux distributions to hard disk you find that everything works. Understand that when you install STD to hard disk you will find lots of things that will not work until you fix them. Again this is a consequence of STD not being designed to be installed to hard disk.

Q: So when should I install STD to hard disk?

A: If you are using STD for security all the time and or you want to modify it to work in a particular way that cant be done with the Live CD then "perhaps" a hard disk install is for you.

Q: So when should I NOT install STD to hard disk?

A: If you are NOT using STD for security work all the time then make life easy for yourself, install a mainstream Linux distro and use STD from the live CD when you have a job to do. The best of both worlds.

Q: Once I have installed STD to my hard disk how do I ask questions?

A: If you have a hard disk install it is essential you say so when you post to the forum. We will try to help you but we do not support hard disk installs.

Q: I am new to Linux. Should I try STD?

A: No. If you're new to Linux STD will merely hinder your learning experience. Use Knoppix instead.

Q: OK I understand I am a n00b but I am going to use STD anyway

A: Hey it’s a world free but keep in mind that your n00b Linux questions will likely no get many responses on the forum.

Q: So what do I need to know to use STD?

A: Here is a quick list of ABSOLUTE MINIMUM skills you should have before you venture into STD.

Downloading and burning ISO's
Using MD5
Altering a PC's BIOS
What an IP address, subnet and default gateway are for and how to configure them
How to use/navigate around Linux using only the console
How to mount a partition using only the console

Q: What if I don't know this stuff?

A: Basically you are not ready for STD. STD is complicated and this list is not. Make things easy for yourself and spend a couple of weeks with Knoppix with its user friendly interface, subscribe to the Knoppix forums and practice using the command line and you should then be ready to use STD. We dont mean any offence by this but sometimes you need some skills just to get going.

Q: Can you point a n00b at a good place to start?

A: This cheat sheet will help with the basics here . In the future we will add more links as a courtesy but please remember STD is not about linux so these links are for you to use but not ask about on the forum.

Q: How do I ask a question? [short answer]

A: Follow the instructions on the mini posting faq here

Q: How do I ask a question? [long answer]

A: Read this this excellent document here. If you follow these general guidelines you will find that a larger percentage of your questions will be answered on the internet.

DO NOT ASK THESE GUYS ANYTHING.. they are not a help desk and not associated with STD!!

Q: What questions should I definitely not ask?

A: Stuff about Linux you can find on the internet already. Remember STD is about security not Linux.

Stuff that has been asked countless times before (that is what search is for).

Also please don't ask about, downloading, burning and checking the STD iso.

In gerenal it would take us longer to explain these things than it would take you to search google and find the answer

Q: What is the Personal Messenger for?

A: Off topic conversations and personal correspondence

Q: What is the Personal Messenger not for?

A: One-on-one support from the Ubers, Moderators or Admins. If you have a question that's on topic post it to the forum so that the whole community can contribute and it is available to future members to find with the forum search tool.

Q: What is the e-mail for?

A: Private/sesitive conversations, bug or vulnerabilty reporting, press requests, mirroring or dev offers etc. Please use PM in favour of e-mail where possible.

Q: What is the e-mail not for?

A: Absolutelty and under NO circustances unsolicted requests for one-on-one support from the Ubers, Moderators or Admins. If you have a question that's on topic post it to the forum so that the whole community can contribute and it is available to future members to find with the forum search tool. Help requests via e-mail will likely be ignored (sorry but thats what the forum is for).

Q: You never answered my e-mail?

A: If you never got an answer to your e-mail one of the following probably happened:

  • you completley failed to follow the faq ;)
  • you use html and our content filters binned it (always use plain text with no graphics i.e. RFC compliant)
  • you used a known open relay or a spammers server
  • you used rubbish free webmail that plasters adverts
  • your e-mail is written in Swaheli and we just dont understand you
  • it got lost (yes it does happen ;)
  • we missed it

You will almost always get an answer within minutes on the forum so try there instead.

Q: You replied with a canned answer to my e-mail, whats up with that?

A: The STD team get literaly dozens of e-mails from people a week wanting help or information that is usually already available elsewhere. Rather than us waste timeyou may just get a a canned answer.


Q: This is great so how to I contribute?

A: If you work something out, write it down, and post it to the forum.

  • Read the first point again... this is where we need help!
  • If you spot a bug, report it.
  • If you have a great idea, let us know.
  • Help others on the forum

Q: Can I become a developer?

A: The simple answer is yes if you have the skills but not this now. We are currently working on ways to handle multiple developers and will annouce when we are ready to accept no blood to the project. Thanks for being patient.

Q: What languages can I post in?

A: We would prefer if all posts were in English. English is commonly accepted as the standard for the internet and it keeps the forum tidy if it is all the same. Don't worry if English is not your native tongue. Have a go.

Q: What languages can I NOT post in?

A: Unless you want to pointed and giggled at don't try and use l33t sp33k. Its not big, its not clever and makes it hard for anyone to understand. Post in as much detail as you can and try to format your posts so that they are easily viewable.

Q: My bit of hardware does not seem to be supported (a.k.a tinfoil or high street windows PC does not work).

A: Try cheat codes. If that still does not work its likely you will have to do a remaster or a HD install. DO NOT EXPECT STD to support every bit of hardware, it won't. If your hardware is not supported essentially it is down to you to make it work.

Q: I want to use the old 0.1b version as it has KDE

A: By all means but it is not supported on the forum as it is so out of date. Please don’t ask.

Q: What's the root password?

A: There is no root password. This is built into the default Knoppix distribution that STD is based on. If you need root access, you can:

1) run the command using 'sudo' (like 'sudo ifconfig eth0')
2) run the 'Root ATerm' option under the Xshells menu
3) hit ctrl-alt-f2 to switch to a different terminal. They are logged in with root access.
4) run the command 'rootme' (which is just a script that runs 'sudo su root'. It's just easier to type.)

Q: The boot cd talks about DOS, Dr Dos and missing stuff?

A: You did not burn the CD correctly. When you burn you should NOT be using any bootable CD options when burning.

Q: What are these cheats codes all about?

A: Knoppix which STD is based on has cheat codes that can be entered at boot to change system settings. Google for a extensive documentation.

Q: The new version of Knoppix is out when will STD be updated?

A: STD is based on Knoppix but it does not follow new Knoppix releases. New versions of STD will be announced on the forum.

Q: Does STD support NTFS?

A: Yes but read-only. NTFS cannot yet be written to.

Q: Where are all the tools, the menu only has a few dozen?

A: 99% of all the tools on STD are command line only and can be found in the relevant shells

Q: How can I use STD to hack someone?

A: YOU DON’T ! We will not help you do anything illegal in any way. DO NOT ASK! EVER!

Q: Can i try and hack you or someone else?

A: Dont be a fool its not big and its not clever.

Q: Where do I start?

A: Read, read, read and then read some more. That’s where we all started. There is no short cut.

Q: What is a forum Uber Member?

A: Uber Members are the most senior forum members (with the exlusion of Mods and Admins). If you get help from an UM take them particularly seriously.

Q: How do I get promoted to a forum Uber Member?

A: Help out in the forum on a regular/long term basis. Know your stuff.

Q: When I asked a question on the forum load of people gave me abuse?

A: You never read or followed the basics in the posting minifaq here

Q: I want to remaster STD?

A: Excellent. Let us know how you get on when you are done.

Q: What is a re-master?

A: Mounting STD in a specific way that allows you to modify it and then create a new bootable CD. Google for "Knoppix Remaster" to see extensive documentation.

Q: What hardware is supported?

A: That’s a complicated question that cannot be answered. The is no definitive list of supported hardware and never will be. Try and see is the best advice.

Q: Is my wireless card supported?

A: We get alot of questions about this so the answer is almost certainly already on the forum.

Q: Can I add the drivers for my hardware device myself?

A: As STD is linux almost certainly although it will require either a remaster or clever use of a persistant home directory. The forum will not be able to help you alot with this as hardware is very specific.

Q: I want to donate?

A: Very much appreciated. You can do it with paypal here

Q: I want to buy STD stuff?

A: Excellent make sure you send us your action shots. Here is the current list of stuff to buy.

Q: I expect support. You don’t help me enough.

A: STD is free. Nobody gets paid to help you and as such there is no guaranteed support.

Q: I want the new kernel as it sounds better

A: Agreed but it almost certainly means we have to do a lot of work to fix the problems it creates for exisiting users. Don’t expect a new kernel soon.

Q: STD doesn't boot.... I see some stuff then the screen goes blank... I built my own computer out of tinfoil and can't get STD to run....

A: O.K. First off check the cheatcodes. Cheatcodes are options you can provide STD when it first starts to boot. My primary machine is a Toshiba laptop. When I boot STD up I have to use the following cheatcodes:

boot: knoppix screen=1024x768 home=/dev/sda1

This gives me proper resolution (for some reason, knoppix defaults to 800x600 on these machines) and mounts my permanent home directory. There's all sorts of fun to be had with cheatcodes so read up on them. You can find them over on the wonderful site.

Q: Which cheatcode should I try first? Where should I start?

A: Thats a tricky question. This faq contains a few scenarios for different cheat codes (taken from Knoppix-MIB) but we have found that google invariably gives you more relevant documentation. Here is a list of current Knoppix cheat codes to start. Also if you hit problems after trying cheat codes come to the STD forum and search/post.

Q: At bootup, my computer displays "Loading vmlinuz....." and "Loading miniroot.gz....." then my monitor goes off...?

A: Your system probably doesn't support the VESA FrameBuffer 1024x768 mode that Knoppix selects at bootup. Try booting specifying one of the following options:

knoppix vga=788 (To select 800x600 FrameBuffer mode)
knoppix vga=normal (To initally start in 80x25 text mode)

Q: The "X" graphic environment doesn't start properly on my system. My monitor goes off, or displays weird stripes...

A: 1) If your monitor is not quite recent, it may be unable to report its supported frequencies to Knoppix, and may not support the default frequencies that Knoppix will select in such a case. If you know your monitor's characteristics (see its manual), you can specify the maximum horizontal frequency it can handle at boot time, using the boot option:

"knoppix maxhsync=65" for example.

If you don't know your monitor's max frequency, you can try the "knoppix oldscreen" boot option, that is equivalent to "knoppix maxhsync=54"

2) Your hardware may not support the screen resolution or vertical refresh rate that Knoppix tries to use. You can try to specify a mode which you think your system will support, using boot options like:

knoppix screen=800x600 (selects a 800x600 X display)
knoppix xvrefresh=60 (selects a 60 Hz vertical refresh rate)

You can combine such options, for example:

knoppix xscreen=800x600 xvrefresh=60
or even:
knoppix xscreen=800x600 xvrefresh=60 maxhsync=54 vga=normal

3) The X driver may not work with your graphics board. You can try to use the generic "FrameBuffer" X driver, that simultaneously specifies the desired resolution, by booting with one of the options:


NOTE: If you use one of these options, you MUST NOT combine this option with other display or graphics options, especially the "vga=" option. For example, do not try to boot with "fb1024x768 vga=normal". On the other hand, you can combine FrameBuffer options with other options that don't concern display, for example you can perfectly use something like "fb1024x768 home=/dev/sda1". In such combinations, the "fb....." option must always come first.

Q: The graphical environment doesn't start on my system. I get messages such as:

A: retrying with Server Xfree86(vesa)
retrying with Server Xfree86(fbdev)
Error : no suitable X-Server found for your card.
Or the screen just goes blank

On some machines, or with some graphics boards, Knoppix cannot determine which graphics X server to use with your hardware. It is then necessary to specify it manually as a boot option, using "xmodule=". For example, some NVidia boards are not correctly detected. To use them, you must specify at the boot prompt:

knoppix xmodule=nv

Q: I have found the correct options for booting Knoppix with my graphics card and monitor. Is it possible to memorize them, so I don't need to type them at each boot?

A: Yes, if you have a persistent home directory. In this case, after having booted with your persistent home directory and the correct options, you just need to "save configuration", specifying that you want to save your graphics (XF86Config) configuration. Simply use the "K > KNOPPIX > Configure > Save configuration" menu option.

Q: At bootup, my computer displays "Loading vmlinuz....." and "Loading miniroot.gz....." then my monitor goes off or my system hangs...? And YES, I've gone through all of the video trouble-shooting above!

A: One of your peripherals, or motherboard components, may be incompatible with the drivers that Knoppix auto-loads at bootup, or with Knoppix's autodetection and autoconfiguration system.

Try booting, typing at the boot prompt:

knoppix failsafe

If the system starts, there was such a problem. To isolate the problem more precisely, note that booting with: failsafe is equivalent to booting with the following combination of options:

knoppix vga=normal noapic noscsi nodma noapm nousb nopcmcia nofirewire noagp nodhcp xmodule=vesa

It is quite probable that only one of these options is necessary to allow your particular system to boot, so you should try to determine which one, by trying all of them successively, for example:

knoppix noapic
knoppix noscsi
knoppix noagp
...and so on, until your system boots properly, once you have found the "good" option. One option may not be enough, and you may need to combine 2 or 3 of them depending upon your particular system. In such a case, you can proceed in the reverse order, starting booting with the complete series of options, then removing them one by one until your system won't boot properly: Then you know you have just removed a necessary option.

Q: At bootup, I get an error message "ERROR: Only one processor found" ...?

A: This message doesn't matter. Just ignore it. The Knoppix kernel can handle multi-processor systems, and can in some situations think that your system may be multi-processor when it is not (especially on AMD processor systems). Then, as it founds a single processor, it issues this message, but this is not a problem.

Q: I get the error "Can't find Knoppix filesystem." then it drops me to a "limited shell". What the hell?

A: This means you are not using a SCSI or IDE CDROM drive. After Syslinux starts up the first thing Knoppix wants to do is find and uncompress the filesystem (that big KNOPPIX file on the CD). Knoppix only probes for the CD on all SCSI and IDE buses. If it can't find it you'll get the error above.

For Transmeta laptops and some Sonys with PCMCIA cd drives try:

knoppix ide2=0x180 nopcmcia

Q: Why would you release this distribution when it's obviously a hacker tool? Or, If you love hackers so much why don't you marry them?

A: Strange fact, security professionals need the same tools, the same knowledge, the same skill sets as "hackers". In fact, often the only thing that distinguishes a security professional from a hacker is their motivation. I can't control people, I'm simply providing a tool that I hope will teach essential security skills that the user can put to good use in all aspects of the word.

I should also note that all of the tools provided in STD are publicly available outside of the distribution and it seems to me that those "evil hackers" out there have an edge up in understanding them. If you are concerned about the state of security on the internet, you should be. If you want to do something about it burn as many copies of STD as you can and pass it out to all of you friends and relatives.

So far as the scr1pt k1dz go? I can't stop them from using STD, but unless they are interested in learning from it they can piss off as far as we are concerned.

Q: Who are you?

A: T1ck_T0ck

I teach network security for a living and know that formal training in information security can be prohibitively expensive. I thought STD could be used as a bit of a self-study course to get people more familiar with the tools and concepts behind security. It was also obvious from the get go that it would be useful one stop shop for professionals already familiar with these tools.

A: fat (Mark Cumming)

A Scottish security bloke.

A: Corwin

An international man of mystery