Knoppix-STD FAQ
"Take it friend. Arm yourself with knowledge"
--Paperboy, SpongeBob SquarePants
Q: Is this the Official FAQ?
A: Yes.
Q: Is this the forum rules/faq a.k.a "mini" faq?
A: No. The forum posting a.k.a "mini" faq
(a must read!) is here
Q: What is Knoppix-STD?
A: STD
is a Security Tool. Actually it is a collection of hundreds if
not thousands of open source security tools. It's a Live Linux
Distro (i.e. it runs from a bootable CD in memory without changing
the native operating system of your PC). It's sole purpose in life
is to put as many security tools at your disposal with as slick
an interface as it can.
Q: What is Knoppix-STD
not?
A: It's NOT a replacement for your windows
box, server, firewall or router. It is not n00b friendly. It is ABSOLUTELY
NOT an alternative to Knoppix. STD is NOT about Linux it is about
security tools (i.e. STD uses Linux as a means to an end).
Q: What are the minimum
requirements to run Knoppix-STD?
A: Knoppix needs
lots of RAM and a x86 architecture (Intel, AMD, etc.). You might
get it running on an old 486 with at least 48MB RAM., but don't expect
much (like gui). You're better off with a pentium class machine with
at least 64-96MB RAM. Knoppix-STD is very reliant on RAM, the more
the better. You will also need a SCSI or IDE CD drive (or at least
SCSI or IDE emulation). If you have 640MB or RAM or more you can
also use the toram cheat code. boot: knoppix toram this will
copy Knoppix completely to RAM and free up your CD drive.
Q: Will it wreck
my computer?
A: Knoppix-STD has
the potential for severe damage, but not unless you want it too.
By default Knoppix-STD simply borrows RAM and peripherals and leaves
the hard drive alone. Take the CD out, reboot and you'll never know
Knoppix ever ran.
Still, be careful. we provide no guarantees or
warranties. Use at your own risk.
[forensics folks note that you need to boot with
the 'noswap' option to NOT touch an existing Linux swap partition.]
Q: How is Knoppix-STD
licensed?
A: STD is based
off of the original Knoppix distribution and retains all of the original
licenses from that distribution. All additions that we have made
are covered under GPL or one of the equally open source licenses
[please see the licenses of individuals tools if your are unclear]
Q: Is the STD community
white or black hat?
A: STD is VERY much
white hat.
Q: What can I do
with Knoppix-STD?
A: Turn it into
a firewall, a web server, an IDS box, a honeypot. Use it to do data
recovery on an dead or locked computer, perform a vulnerability assessment,
a penetration test, perform an autopsy on a compromised machine,
test your incident response team. Listen to your MP3 collection and
play gnugo while waiting for that nessus scan to complete.
Q: What tools does
Knoppix-STD have?
A: Check STD
Tools for more details [this list is not definative].
Q: Is Knoppix-STD
secure?
A: Many linux security
distributions are hardened versions of Linux to secure the host.
This is not STD. STD is a security toolkit not a hardened OS. We
would not consider Knoppix a secure distribution.
True, It runs off of a read only CD with minimal
services running on boot. It only loads itself into RAM. Their are
only a few viruses that affect it. The default boot shows only 68/tcp
(dhcpclient) and 6000/tcp (X11) loaded from an nmap scan. A nessus
scan shows only a low severity alert on X11 (It doesn't allow any
client connections, but may be vulnerable to DoS attacks. CVE-1999-0526).
dhcpclient instantly closes any connection attempts.
However many network services can be started with
but a click on the menu and many of those services have known vulnerabilities.
If your machine gets breached through these services, the network
you are on and all data on any local hard drives are at risk. Before
you play around with any Servers, learn the Firewalls and IDS tools
first.
Actually I think this fits in perfectly with STD's
educational model. Boot one machine with STD and load up some vulnerable
services and then breach them using another boot of STD.
There is also a script to block all inbound TCP
traffic named, aptly enough, blockall. This will provide a
good bit of protection.
As you discover vulnerabilities in STD please
send an e-mail to fat
[See Contact page linked from home]
Q: Why is STD less secure?
A: In order to make using the security tools
easier in STD it sacrifices security. The first thing you will read
in your Linux 101 text book is not to use the root user, well STD
uses the root user virtually all the time. Also think about what
a hacker does. Once they have root access to a box they upload a
few tool that they think you wont notice and use them to escalate
the breach. Should someone breach your STD box they instantly have
access to every hacker tool under the sun. You just made it trivial
for them to escalate their attack
Q: People on the forum tell me I should not
be using STD?
A: Many people come to STD thinking it is
just another Knoppix which is wrong. What they mean is that if you
are a n00b you have allot of work in front of you before you even
start. Also you have to realise that there are only a limited number
of people on the forums and they are here to talk specifically about
security stuff not Linux... so you may not get an answer to your
n00b question. Remember, there is a reason why there are so many
different Linux distro's out there. Think about what you are actually
trying to achieve and pick the distro that best matches your needs
and abilities.
Q: How do you install
it?
A: No installation
required really.
1) Burn the cd image (knoppix-std-XX.iso) to a
CD.
2) Make sure that your machine can boot to CD. (hint: check the BIOS
settings)
3) Reboot the machine with the CD in the CD-ROM drive.
4) Welcome to Knoppix-STD. Play nice.
If you want a permanent installation of STD you
also have the option of putting it on your harddrive. There are two
scripts that will accomplish exactly that. knx-hdinstall and knoppix-installer.
The each have their fans.
Keep in mind that this will destroy all existing data on the partition
you install on. Also keep in mind that since STD is not designed to
be installed to a hard disk many things will need fixed. As such the
forum does not officially support HD installs.
Q: Should I install STD to my hard disk as my primary OS ?
A: Almost certainly No. STD is not a suitable
replacement for your windows box, server, firewall or router. If
you need a distro that has hundreds of megabytes of security tools
then STD is for you, otherwise think about a mainstream OS like Suse,
Mandrake or Debian.
Q: Is the hard disk install supported?
A: No. STD is designed to run from CD. The
hard disk install is unsupported and is not guaranteed to work in
any way. You will see a hard disk section on the forum but this is
purely as a courtesy.
Q: OK I understand but I am still going to
do a hard disk install...
A: When you install most Linux distributions
to hard disk you find that everything works. Understand that when
you install STD to hard disk you will find lots of things that will
not work until you fix them. Again this is a consequence of STD not
being designed to be installed to hard disk.
Q: So when should I install STD to hard disk?
A: If you are using STD for security all the
time and or you want to modify it to work in a particular way that
cant be done with the Live CD then "perhaps" a hard disk install
is for you.
Q: So when should I NOT install STD to hard
disk?
A: If you are NOT using STD for security work
all the time then make life easy for yourself, install a mainstream
Linux distro and use STD from the live CD when you have a job to
do. The best of both worlds.
Q: Once I have installed STD to my hard disk
how do I ask questions?
A: If you have a hard disk install it is essential
you say so when you post to the forum. We will try to help you but
we do not support hard disk installs.
Q: I am new to Linux. Should I try STD?
A: No. If you're new to Linux STD will merely
hinder your learning experience. Use Knoppix instead.
Q: OK I understand I am a n00b but I am going
to use STD anyway
A: Hey it’s a world free but keep in
mind that your n00b Linux questions will likely no get many responses
on the forum.
Q: So what do I need to know to use STD?
A: Here is a quick list of ABSOLUTE MINIMUM
skills you should have before you venture into STD.
Downloading and burning ISO's
Using MD5
Altering a PC's BIOS
What an IP address, subnet and default gateway are for and how to configure
them
How to use/navigate around Linux using only the console
How to mount a partition using only the console
Q: What if I don't know this stuff?
A: Basically you are not ready for STD. STD
is complicated and this list is not. Make things easy for yourself
and spend a couple of weeks with Knoppix with its user friendly interface,
subscribe to the Knoppix forums and practice using the command line
and you should then be ready to use STD. We dont mean any offence
by this but sometimes you need some skills just to get going.
Q: Can you point a n00b at a good place to start?
A: This cheat sheet will help with the basics
here .
In the future we will add more links as a courtesy but please remember
STD is not about linux so these links are for you to use but not
ask about on the forum.
Q: How do I ask a question? [short answer]
A: Follow the instructions on the mini posting
faq here
Q: How do I ask a question? [long answer]
A: Read this this excellent document here.
If you follow these general guidelines you will find that a larger
percentage of your questions will be answered on the internet.
DO NOT ASK THESE GUYS ANYTHING.. they are not a help desk and not associated
with STD!!
Q: What questions should I definitely not ask?
A: Stuff about Linux you can find on the internet
already. Remember STD is about security not Linux.
Stuff that has been asked countless times before
(that is what search is for).
Also please don't ask about, downloading, burning
and checking the STD iso.
In gerenal it would take us longer to explain
these things than it would take you to search google and find the
answer
Q: What is the Personal Messenger for?
A: Off topic conversations and personal correspondence
Q: What is the Personal Messenger not for?
A: One-on-one support from the Ubers, Moderators
or Admins. If you have a question that's on topic post it to the
forum so that the whole community can contribute and it is available
to future members to find with the forum search tool.
Q: What is the e-mail for?
A: Private/sesitive conversations, bug
or vulnerabilty reporting, press requests, mirroring or dev offers
etc. Please use PM in favour of e-mail where possible.
Q: What is the e-mail not for?
A: Absolutelty and under NO circustances unsolicted
requests for one-on-one support from the Ubers, Moderators or Admins.
If you have a question that's on topic post it to the forum so that
the whole community can contribute and it is available to future
members to find with the forum search tool. Help requests via e-mail
will likely be ignored (sorry but thats what the forum is for).
Q: You never answered my e-mail?
A: If you never got an answer to your e-mail
one of the following probably happened:
- you completley failed to
follow the faq ;)
- you use html and our content filters binned
it (always use plain text with no graphics i.e. RFC compliant)
- you used a known open relay or a spammers server
- you used rubbish free webmail that plasters adverts
- your e-mail is written in Swaheli and we just dont understand you
- it got lost (yes it does happen ;)
- we missed it
You will almost always get an answer within minutes on the forum
so try there instead.
Q: You replied with a canned answer to my e-mail,
whats up with that?
A: The STD team get literaly dozens of e-mails
from people a week wanting help or information that is usually already
available elsewhere. Rather than us waste timeyou may just get a
a canned answer.
Q: This is great so how to I contribute?
A: If you work something out, write it down,
and post it to the forum.
- Read the first point again... this is where we need help!
- If you spot a bug, report it.
- If you have a great idea, let us know.
- Help others on the forum
Q: Can I become a developer?
A: The simple answer is yes if you have the
skills but not this now. We are currently working on ways to handle
multiple developers and will annouce when we are ready to accept
no blood to the project. Thanks for being patient.
Q: What languages can I post in?
A: We would prefer if all posts were in English.
English is commonly accepted as the standard for the internet and
it keeps the forum tidy if it is all the same. Don't worry if English
is not your native tongue. Have a go.
Q: What languages can I NOT post in?
A: Unless you want to pointed and giggled
at don't try and use l33t sp33k. Its not big, its not clever and
makes it hard for anyone to understand. Post in as much detail as
you can and try to format your posts so that they are easily viewable.
Q: My bit of hardware does not seem to be supported
(a.k.a tinfoil or high street windows PC does not work).
A: Try cheat codes. If that still does not
work its likely you will have to do a remaster or a HD install. DO
NOT EXPECT STD to support every bit of hardware, it won't. If your
hardware is not supported essentially it is down to you to make it
work.
Q: I want to use the old 0.1b version as it
has KDE
A: By all means but it is not supported on
the forum as it is so out of date. Please don’t ask.
Q: What's the root password?
A: There is no root
password. This is built into the default Knoppix distribution that
STD is based on. If you need root access, you can:
1) run the command using 'sudo' (like 'sudo
ifconfig eth0 172.18.1.3')
2) run the 'Root ATerm' option under the Xshells menu
3) hit ctrl-alt-f2 to switch to a different terminal. They are logged
in with root access.
4) run the command 'rootme' (which is just a script that runs 'sudo
su root'. It's just easier to type.)
Q: The boot cd talks about DOS, Dr Dos and
missing stuff?
A: You did not burn the CD correctly. When
you burn you should NOT be using any bootable CD options when burning.
Q: What are these cheats codes all about?
A: Knoppix which STD is based on has cheat
codes that can be entered at boot to change system settings. Google
for a extensive documentation.
Q: The new version of Knoppix is out when will
STD be updated?
A: STD is based on Knoppix but it does not
follow new Knoppix releases. New versions of STD will be announced
on the forum.
Q: Does STD support NTFS?
A: Yes but read-only. NTFS cannot yet be written
to.
Q: Where are all the tools, the menu only has
a few dozen?
A: 99% of all the tools on STD are command
line only and can be found in the relevant shells
Q: How can I use STD to hack someone?
A: YOU DON’T ! We will not help you
do anything illegal in any way. DO NOT ASK! EVER!
Q: Can i try and hack you or someone else?
A: Dont be a fool its not big and its not
clever.
Q: Where do I start?
A: Read, read, read and then read some more.
That’s where we all started. There is no short cut.
Q: What is a forum Uber Member?
A: Uber Members are the most senior forum
members (with the exlusion of Mods and Admins). If you get help from
an UM take them particularly seriously.
Q: How do I get promoted to a forum Uber Member?
A: Help out in the forum on a regular/long
term basis. Know your stuff.
Q: When I asked a question on the forum load
of people gave me abuse?
A: You never read or followed the basics in
the posting minifaq here
Q: I want to remaster STD?
A: Excellent. Let us know how you get on when
you are done.
Q: What is a re-master?
A: Mounting STD in a specific way that allows
you to modify it and then create a new bootable CD. Google for "Knoppix
Remaster" to see extensive documentation.
Q: What hardware is supported?
A: That’s a complicated question that
cannot be answered. The is no definitive list of supported hardware
and never will be. Try and see is the best advice.
Q: Is my wireless card supported?
A: We get alot of questions about this so
the answer is almost certainly already on the forum.
Q: Can I add the drivers for my hardware device
myself?
A: As STD is linux almost certainly although
it will require either a remaster or clever use of a persistant home
directory. The forum will not be able to help you alot with this
as hardware is very specific.
Q: I want to donate?
A: Very much appreciated. You can do it with
paypal here
Q: I want to buy STD stuff?
A: Excellent make sure you send us your action
shots. Here is
the current list of stuff to buy.
Q: I expect support. You don’t help me
enough.
A: STD is free. Nobody gets paid to help you
and as such there is no guaranteed support.
Q: I want the new kernel as it sounds better
A: Agreed but it almost certainly means we
have to do a lot of work to fix the problems it creates for exisiting
users. Don’t expect a new kernel soon.
Q: STD doesn't boot....
I see some stuff then the screen goes blank... I built my own computer
out of tinfoil and can't get STD to run....
A: O.K. First off check the cheatcodes. Cheatcodes
are options you can provide STD when it first starts to boot. My
primary machine is a Toshiba laptop. When I boot STD up I have to
use the following cheatcodes:
boot: knoppix screen=1024x768 home=/dev/sda1
This gives me proper resolution (for some reason,
knoppix defaults to 800x600 on these machines) and mounts my permanent
home directory. There's all sorts of fun to be had with cheatcodes
so read up on them. You can find them over on the wonderful knoppix.net site.
Q: Which cheatcode should I try first? Where should
I start?
A: Thats a tricky question. This faq contains
a few scenarios for different cheat codes (taken from Knoppix-MIB) but
we have found that google invariably gives you more relevant documentation. Here is
a list of current Knoppix cheat codes to start. Also if you hit problems
after trying cheat codes come to the STD forum and search/post.
Q: At bootup, my computer displays "Loading vmlinuz....." and "Loading
miniroot.gz....." then my monitor goes off...?
A: Your system probably doesn't support the VESA
FrameBuffer 1024x768 mode that Knoppix selects at bootup. Try booting
specifying one of the following options:
knoppix vga=788 (To select 800x600 FrameBuffer
mode)
or
knoppix vga=normal (To initally start in 80x25 text mode)
Q: The "X" graphic environment doesn't start properly
on my system. My monitor goes off, or displays weird stripes...
A: 1) If your monitor is not quite recent, it
may be unable to report its supported frequencies to Knoppix, and
may not support the default frequencies that Knoppix will select
in such a case. If you know your monitor's characteristics (see its
manual), you can specify the maximum horizontal frequency it can
handle at boot time, using the boot option:
"knoppix maxhsync=65" for example.
If you don't know your monitor's max frequency,
you can try the "knoppix oldscreen" boot option, that is equivalent
to "knoppix maxhsync=54"
2) Your hardware may not support the screen resolution
or vertical refresh rate that Knoppix tries to use. You can try to
specify a mode which you think your system will support, using boot
options like:
knoppix screen=800x600 (selects a 800x600 X display)
or
knoppix xvrefresh=60 (selects a 60 Hz vertical refresh rate)
You can combine such options, for example:
knoppix xscreen=800x600 xvrefresh=60
or even:
knoppix xscreen=800x600 xvrefresh=60 maxhsync=54 vga=normal
3) The X driver may not work with your graphics
board. You can try to use the generic "FrameBuffer" X driver, that
simultaneously specifies the desired resolution, by booting with
one of the options:
fb1024x768
or
fb800x600
NOTE: If you use one of these options, you MUST
NOT combine this option with other display or graphics options, especially
the "vga=" option. For example, do not try to boot with "fb1024x768
vga=normal". On the other hand, you can combine FrameBuffer options
with other options that don't concern display, for example you can
perfectly use something like "fb1024x768 home=/dev/sda1". In such
combinations, the "fb....." option must always come first.
Q: The graphical environment doesn't start on my
system. I get messages such as:
A: retrying with Server Xfree86(vesa)
retrying with Server Xfree86(fbdev)
Error : no suitable X-Server found for your card.
Or the screen just goes blank
On some machines, or with some graphics boards,
Knoppix cannot determine which graphics X server to use with your
hardware. It is then necessary to specify it manually as a boot option,
using "xmodule=". For example, some NVidia boards are not correctly
detected. To use them, you must specify at the boot prompt:
knoppix xmodule=nv
Q: I have found the correct options for booting
Knoppix with my graphics card and monitor. Is it possible to memorize
them, so I don't need to type them at each boot?
A: Yes, if you have a persistent home directory.
In this case, after having booted with your persistent home directory
and the correct options, you just need to "save configuration", specifying
that you want to save your graphics (XF86Config) configuration. Simply
use the "K > KNOPPIX > Configure > Save configuration" menu option.
Q: At bootup, my computer displays "Loading vmlinuz....." and "Loading
miniroot.gz....." then my monitor goes off or my system hangs...? And
YES, I've gone through all of the video trouble-shooting above!
A: One of your peripherals, or motherboard components,
may be incompatible with the drivers that Knoppix auto-loads at bootup,
or with Knoppix's autodetection and autoconfiguration system.
Try booting, typing at the boot prompt:
knoppix failsafe
If the system starts, there was such a problem.
To isolate the problem more precisely, note that booting with: failsafe
is equivalent to booting with the following combination of options:
knoppix vga=normal noapic noscsi nodma noapm nousb
nopcmcia nofirewire noagp nodhcp xmodule=vesa
It is quite probable that only one of these options
is necessary to allow your particular system to boot, so you should
try to determine which one, by trying all of them successively, for
example:
knoppix noapic
then
knoppix noscsi
then
knoppix noagp
...and so on, until your system boots properly, once you have found
the "good" option. One option may not be enough, and you may need to
combine 2 or 3 of them depending upon your particular system. In such
a case, you can proceed in the reverse order, starting booting with
the complete series of options, then removing them one by one until
your system won't boot properly: Then you know you have just removed
a necessary option.
Q: At bootup, I get an error message "ERROR: Only
one processor found" ...?
A: This message doesn't matter. Just ignore it.
The Knoppix kernel can handle multi-processor systems, and can in
some situations think that your system may be multi-processor when
it is not (especially on AMD processor systems). Then, as it founds
a single processor, it issues this message, but this is not a problem.
Q: I get the error "Can't find Knoppix filesystem." then
it drops me to a "limited shell". What the hell?
A: This means you are not using a SCSI or IDE
CDROM drive. After Syslinux starts up the first thing Knoppix wants
to do is find and uncompress the filesystem (that big KNOPPIX file
on the CD). Knoppix only probes for the CD on all SCSI and IDE buses.
If it can't find it you'll get the error above.
For Transmeta laptops and some Sonys with PCMCIA
cd drives try:
knoppix ide2=0x180 nopcmcia
Q: Why would you release this distribution when
it's obviously a hacker tool? Or, If you love hackers so much why don't
you marry them?
A: Strange fact, security professionals need the
same tools, the same knowledge, the same skill sets as "hackers".
In fact, often the only thing that distinguishes a security professional
from a hacker is their motivation. I can't control people, I'm simply
providing a tool that I hope will teach essential security skills
that the user can put to good use in all aspects of the word.
I should also note that all of the tools provided
in STD are publicly available outside of the distribution and it
seems to me that those "evil hackers" out there have an edge up in
understanding them. If you are concerned about the state of security
on the internet, you should be. If you want to do something about
it burn as many copies of STD as you can and pass it out to all of
you friends and relatives.
So far as the scr1pt k1dz go? I can't stop them
from using STD, but unless they are interested in learning from it
they can piss off as far as we are concerned.
Q: Who are you?
A: T1ck_T0ck
I teach network security for a living and know
that formal training in information security can be prohibitively
expensive. I thought STD could be used as a bit of a self-study
course to get people more familiar with the tools and concepts
behind security. It was also obvious from the get go that it would
be useful one stop shop for professionals already familiar with
these tools.
A: fat (Mark Cumming)
A Scottish security bloke.
A: Corwin
An international man of mystery
|