Wednesday 26 March 2014

NetSecL OS - discontinued?

After the last release v 5, I have decided to discontinue the project NetSecL OS. Mainly because there is not that big interest of using the distribution as a penetration testing platform, it is still available in Suse Studio so anyone wishing to continue the project is free to do so (under a different name) and clone the appliance. The project has become self-maintainable in a big part since anyone can upgrade already the packages in Suse Studio. Also not to mention that the popularity of other similar projects with bigger communities just make it unnecessary to continue the project.
When I began with ISlack it was based on Slackware and my motivation there was that it was not that user friendly, which I wanted to change and I believe I did to some degree - I got many mails about it and that made me personally happy. Also the development of the ISlack firewall was really an exciting experience which involved not only my own efforts and also other community members.
When I added GrSecurity to the ISlack project, everything changed. To be honest, I haven't had that much issues on any other operating system. The security that the GrSecurity provided was top notch, but also created many issue on the software that was being used - it was an effort to make it working on ISlack.
After this, the distribution was renamed to NetSecL many of the issues with GrSecurity were already resolved.
Suse Studio introduced a new way of creating distributions and this saved me a lot of time, that's why I later based the distribution on OpenSuse.
If you have any corporate/personal interest in the project let me know.
Some History:
About NetSecL Linux
NetSecL Linux is (maybe) the only Linux distribution with GrSecurity that was actively developed. There are some (abandoned) projects like Gentoo Hardened, Debian Hardened that used to implement GrSecurity model. GrSecurity has very strict rules and policies applied on kernel level for memory protection and against exploitation of the Linux system these is one of the reasons why it is very hard to get everything working.
NetSecL Firewall
The NetSecL firewall is part of NetSecL and is a script not a GUI application, it stealths all ports and protects against many scans, has snort if you would like to use it as IDS. You basically would not have to do anything just let it run (which also happens by default in NetSecL), unless you need to allow some server application trough the firewall or set some IP that the script was unable to fetch. Options are in the script itself, open it in a text editor and say Y or N to turn on or off available options.
The project started as a Linux distribution spread among friends and soon enough was spread in Internet by the name of ISlack. The focus of the Linux distribution was on security. Initially only configuration was hardened later on GrSecurity began playing a big role in the Linux distribution. The distribution used tgz (Slackware Linux) Packages, the current version of the Linux distribution uses rpm package management and is based on OpenSuse. Penetration testing became also one of the focuses of the Linux distribution - the distribution includes well know application as Metasploit, Wireshark, Etherape, OpenVas, Nmap as well as many console applications for penetration testing.
Version History
islack 1.0 03-May-2005 18:52
islack 1.1 02-Oct-2005 13:57
islack 1.2 17-Dec-2005 14:10
netsecl 1.3 5/20/2006
netsecl 2.0 12/17/2006
netsecl 2.1 7/16/2007
netsecl 2.3 9/28/2008
netsecl 2.4 5/17/2009
netsecl 2.6 2/23/2010
netsecl 3.0 8/17/2010
netsecl 4.0 2012/08/07
netsecl 5.0 2013/11/26   

Release Notes:
islack 1.0     03-May-2005 18:52
ISlack 's goal is to bring you a Secure System that's why servers were removed, ports were closed, all services listening for connection are closed, outgoing connections are not closed I advise you to close all ports you won't be using, for example IRC 6667 or something else, look at /etc/services.
Samba was left so you can mount Samba (Windows) shares. Many Security Related Programs for Penetration testing were included. ISlack comes with KDE 3.2.3, Gnome, Open Office, MPlayer (with almost all codecs),Mozilla FireFox and Plugins for Mozilla FireFox handling the most popular file formats (flash,pdf,avi etc.),Wine, Xmame, Hydra, Airsnort, Amap, Snort, Linux Kernel 2.6.11 and 2.4.26 and many more.
Historic: …
islack 1.1     02-Oct-2005 13:57

The Main Higlights of this release:
Tripwire, Nessus, Wifiscanner, Yersinia, Zebra, Kerberos, KDE 3.4.2, XOrg 6.8.2, Dsniff, Ettercap,
Fakeconnect, Tor, Slapt-get, Ngrep, Discover - Hardware Recognition, Open Office 1.1.4,
Kernel 2.4.31 and Kernel Many updates. Many othere goodies. Enjoy.
Note: To use Audio recognition with ALSA you should remove audio
from discover config file (/usr/etc/discover-modprobe.conf).
islack 1.2     17-Dec-2005 14:10
The Main Higlights of this release:
Grsecurity - kernels are patched with it by default, chpax, paxctl - control the
Grsecurity PAX feature, over 50 MB of new penetration tools, Open Office 2.0.0,
Kernel 2.4.32 and Kernel, many updates. Take a look at the Changelog (Changelog.txt)
netsecl 1.3     5/20/2006
NetSecL 1.3 is out smile. There are some important improvements in the security since ISlack 1.2. There are 2 Paranoia kernels 2.6.x and 2.4.x, they are very restrictive so please be carefull it is advisable to use them as a second kernel. I remind you that PaX Kernels are on CD 2, don't use the kernels from the bootme directory on CD 1 for a second kernel. Some of the libraries were recompiled so they can not use the stack, X was also recompiled and became a little bigger. Here are the results from paxtest:
bash-3.1# paxtest blackhat
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable anonymous mapping (mprotect) : Killed
Executable bss (mprotect) : Killed
Executable data (mprotect) : Killed
Executable heap (mprotect) : Killed
Executable shared library bss (mprotect) : Killed
Executable shared library data (mprotect): Killed
Executable stack (mprotect) : Killed
Anonymous mapping randomisation test : 16 bits (guessed)
Heap randomisation test (ET_EXEC) : 13 bits (guessed)
Heap randomisation test (ET_DYN) : 25 bits (guessed)
Main executable randomisation (ET_EXEC) : 16 bits (guessed)
Main executable randomisation (ET_DYN) : 16 bits (guessed)
Shared library randomisation test : 16 bits (guessed)
Stack randomisation test (SEGMEXEC) : 23 bits (guessed)
Stack randomisation test (PAGEEXEC) : 24 bits (guessed)
Return to function (strcpy) : Vulnerable
Return to function (strcpy, RANDEXEC) : Vulnerable
Return to function (memcpy) : Vulnerable
Return to function (memcpy, RANDEXEC) : Vulnerable
Executable shared library bss : Killed
Executable shared library data : Killed
Writable text segments : Killed

The remaining vulnarabilities are ment to fail:
protecting against this kind of attack in general is hard, but certain subtypes can be thwarted to an extent by randomization, stack layout changes (SSP and the like), etc. the general solution will need userland changes as outlined in the PaX future doc, but in the meantime and in the interest of not giving anyone a false sense of security, we included these tests and they are meant to fail.

There is also a default script with paxpermissions that is executade on the first boot to allow some kind of usability for the system when it is used with paranoia kernels so don't get scared if you get flooded with messages on the first boot. The list is still not full, but I hope to have it full for 1.4 and make all kernels paranoid.
Clamav, Klamav and Dazuko are there now - work perfect. For all other changes check the Changelog:
netsecl 2.0     12/17/2006
NetSecL 2.0 is out! This release has packages for i486 machines up to 64 bit, it includes the NetSecL firewall that has the ability to work with Snort Inline, more than 200 updates! The security was improved thanks to the new Binutils supporting PT_PAX_FLAGS - all i486_64 packages are compiled with it. Also I have included Tork and with it you can use tor to anonymize yourself on the web. Most hardened distros still go with the X.Org 6.8.2, well guess what - we have Xorg 6.9.0. I have finally fixed most problems with the PAX permissions and we now use a generic 2.6.x kernel which is also a paranoia kernel. The hardware recognition was also improved with the new version of Discover and some additional modules.
netsecl    2.1    7/16/2007
NetSecL 2.1 introduces GCC with Stack Smashing Protection, this increases the security of the compiled packages (i486_64). More than 250 Package Updates. Most networking packages are now i486_64 packages. This release fixes some unnoticed bugs in 2.0 version. Hardware recognition data was updated to the latest available. Enjoy NetSecL 2.1.
netsecl 2.2    2/17/2008
NetSecL 2.2 is out! As you can see I have shrunk the distribution to 1 CD. The default desktop is Xfce from now on, but you can still run KDE applications. In this release you will find 106 updates and 20 fixes, Linux kernel with GrSecurity also the pre-compiled kernel supports from 1 up to 8 processors. Major packages like Snort, iptables, firewall scripts and others were updated. The fixes in this release are updates as well. The mark i486_64 indicates that the package is executable from i486 machines up to 64-bit systems, it also indicates that it is compiled with Binutils that supports PT_PAX_FLAGS and with GCC with stack smashing protection
netsecl 2.3    9/28/2008
As the NetSecL Project developer - I am proud to announce the release of NetSecL 2.3. And now to the main highlights:
-More improved full setup using rsync - we were able to get a full install in 5 minutes this is the fastest result for now.
The results may vary depending on the RAM you have. As for the 2 tests we conducted we got 7 min for a full setup with 1 GB of RAM and 5 min with 8 GB. However we believe that 5 min installation can be achieved on 2 GB of RAM.
-Smaller size of the ISO file - another 100 MB got melted.
-A source based portage system CruxPorts4Slack - mainly suitable for upgrade of commandline utilities from source.
-A convertion system adding PT_PAX_FLAGS to ELF binaries.
-A more advanced kernel configuration and additional modules (ndiswrapper and dazuko - fixed).
-Xorg update thanks to the excelent packages from Zenwalk. Additionally with small modifications to the xorg ati drivers, we added support for the latest ATI videocards 4850/4870. As for the xorg.conf file generation - it is turned off since the current drivers don't fully support new videocards instead a xorg.conf file with vesa driver is used and of course you can try out the default driver for your videocard.
As for the rest of the changes. The Changelog:
In case someone is interested, the actual change in the code of the xorg driver - it is mentioned here: … p;tstart=0
netsecl 2.4    5/17/2009
*X.Org drivers are updated to the latest.
*X.Org autostart is now being delayed a few seconds so you could break to the console, if it is needed - mainly handy if you need to change the driver used.
*Metasploit is updated to its latest version; Ruby is re-included;
*New kernel configuration with better support for SATA drives (IDE is still available as a module).
*New tools, like 0trace, Dmitry and Evilgrade are included in the penetration package.
*Dazuko is removed and replaced by Dazuko_FS.
* The CruxPorts4Slack portage system was used for generating all packages tagged as NetSecL packages.
netsecl 2.6    2/23/2010
In the new release you will find QEMU, Servers, new penetration tools. We took our time to separate the usual network utilities and penetration tools and add them in a new section. Also you will find that now we have a section srv with some server packages in it. There are many updates to the libraries and additional bindings to perl and python that we hope will be useful for future programs included with the distribution. You will also find in the distribution ISO a VMX file that is created with VMmanager and that you can use for creating a Virtual machine - mount the ISO copy the VMX folder, unmount the ISO move it to the VMX folder (that you just copied) and start it with VMware Player. If you like to install it on a real hardware the ISO is writable on a mini DVD or DVD. For a full changelog please refer to:
netsecl 3.0    8/17/2010
It was time for a change and we at NetSecL realized that, the new version of NetSecL 3.0 is a live DVD + installation based on OpenSuse. Once installed you can fully enjoy the features of GrSecurity hardened kernel and penetration tools OR if you like to do some penetration testing you can directly run all tools from the live DVD. NetSecL firewall is included as always and most of the penetration tools are ported to the new platform. Also we'd like to mention that we've got many other programs up and running with GrSecurity enabled, which is great success especially when it comes to programs like wine, OpenOffice, Vuze, Qemu and many gnome applications. The password for both admin and root user on the DVD is linux.
Warning: when you install use ext3 (tested) for root partition.
Minimal System Requirements for running the live DVD: 512 MB of RAM
Minimal System Requirements for installing:  1 GB of RAM, 5 GB partition at least (SATA  - tested)
With that said we think that the new version of NetSecL is fully function as a Desktop, Server and Penetration testing environment. No Warranty - use it on your own responsibility. Enjoy.
netsecl 4.0 2012/08/07
NetSecL OS 4.0 comes with LXDE. Grsecurity kernel is updated to 3.2.21. Here is the work we have done: name change NetSecL to NetSecL OS; ported the whole system to 64-bit architecture; updated Exploit-db repository; Metasploit with GUI; Firefox; 0install integrated; Mixer, LibreOffice, GIMP, Dia, Inkscape, Evolution, Brasero and other packages included to provide the necessary tools for your office needs; Putty, Remmina, FileZilla, Pidgin and other applications for remote access and management; obsolete penetrations tools are removed.
netsecl 5.0 2013/11/26
It has been a while, but we like to present NetSecL 5.0 which comes with Xfce and is based on openSUSE 12.3. We bring a new installation media - installation from a USB media; we saw that the distribution grew on size which definitely made us change the medium. All packages are compatible and updated to openSUSE 12.3 and the grsecurity 3.9.4 kernel is finally integrated into the operating system properly. Metasploit is updated to 4.7, Firefox is removed and Chromium is added, exploit-db repository is updated. The performance is slightly improved by the Xfce environment. Besides the USB installation image you can try NetSecL OS out on a virtual machine (OVA appliance). The password for both the 'root' and 'tux' user is 'linux'.
Stay tuned, we will publish an archive with all the versions for which you can get support if there is big interest.