Sectoo--A Live Look at Gentoo
Why Make A Security Distro?
Live Linux CDs are popping up all over the place. Mainstream distributions like SimplyMEPIS let you try before you install, as does Ubuntu and Linspire. There are also specialized distributions like Knoppix and Dynebolic.
Anthony Rousseau, a native of France, created Sectoo so that penetration testers and consulting companies would have a toolbox designed to help them during their work.
"Another purpose may be for the network administrators who want to test their own network themselves and find security holes. White Hat Hackers can use it with the same purpose, and discover new vulnerabilities. And, anyone can take an old box, get the Sectoo Linux CD, and transform this box into an "out-of-the-box" intrusion detection system with Snort," Rousseau said. Check the list of network specific tools.
"I'm sure that other purposes can be found, let your imagination work!" he commented.
Rousseau wanted to make Sectoo Linux a lightweight system, in terms of minimal requirements. He said that 64MB or even 32MB of RAM should be enough to run Sectoo.
For a long time Rousseau liked Trinux and other "security related" distros. Unfortunately Trinux is no longer supported. Another problem was that he was always missing a needed tool or some of the tools just didn't work. "I also wanted to find a new challenge for myself and to learn some new things, explore different ways. That's what I try to do with Sectoo Linux, to be as much complete as possible. Since this is the very beginning of the story, there is still very much work to accomplish, but the challenge is very interesting."
Rousseau tried many distributions. He now uses Gentoo as his main OS, both for laptops and servers. It was natural for him to base Sectoo on Gentoo. Sectoo is not getting official support from Gentoo, although they are using their forum boards and bugzilla system. He said that this is quite sufficient, as the Gentoo forums are very reliable.
At the moment, Sectoo is only a "hobby among friends." The friends are not all that interested in making profits, but since they have some costs for hardware and test machines, all donations are certainly welcomed. He said that if Sectoo becomes a really big distro, the team might transform the "hobby" into a company, but this is not on the agenda, now.
The team has also set a priority of creating a "LiveUpdate" system for Sectoo. "We are thinking of a rsync system with a repository, just like Portage," Rousseau said. He also wanted to improve the graphical interface, make a better menu for Xfce, write all the manuals, and support their users. They are looking for someone who likes to write documentation.
Along with finding out about how Sectoo came to be and what the team had in mind for the future, I downloaded the distribution, burned it, then gave it brief whirl.
Sponsored by BlackBerry
BlackBerry® Enterprise Server Express enables businesses of any size to quickly and easily get started with the BlackBerry solution. It provides advanced BlackBerry smartphone features with no additional software or user license fees, and works with any Internet-enabled BlackBerry data plan or a BlackBerry enterprise data plan. Download now!