The Network Admin's Ultimate Custom Rescue CD
With our guide, your custom Linux-based rescue and troubleshooting CD will fit like a glove and hold all the tools you need when you're on the go (and under pressure).
In the beginning was tmsrtbt, "The most GNU/Linux on 1 floppy disk"- a complete bootable Linux-on-a-floppy disk. Perfect for rescue, testing, diagnostic, and maintenance missions of all kinds.
But computers continued to grow in ability and complexity, and the tiny floppy disk could not hold everything a network admin needed, and thus was born the first bootable Linux-on-a-CDROM, H. Peter Anvin's SuperRescue CD.
Then came Knoppix, which quickly became the glamor child of the live CD-based Linuxes, the darling of the rescue-CD crowd. Knoppix supplies fully-featured KDE and IceWM desktops, supremely excellent hardware detection, and fun tools for things like encrypted data storage on USB keys, disinfecting virus-plagued Windows PCs, wardriving utilities, and gobs more.
Knoppix also inspired a flood of specialized Knoppix-based knockoffs. It is amazing what is found here: language-localized, little tiny compact editions, clustering, medical, security, server, embedded- you name it, somebody probably already put it together.
Since Knoppix burst onto the scene in a blaze of glory, it seems like everyone has jumped on the bootable liveCD bandwagon; check out Frozen Tech's LiveCD List.
What this all means for the hardworking network administrator is a wealth of great bootable liveCDs to choose from for your toolkit. There are two indispensable tools in my personal rescue kit: an old laptop with a modem, 10/100 Ethernet NIC, and serial port with a null modem cable, and every software network diagnostic/monitoring/repair utility I could find; and my own custom liveCD that also contains a bale of software network utilities.
I created the CD back in the early Knoppix days, using the instructions for re-mastering Knoppix. It was great to be able to create a CD containing all the applications that I needed, but re-mastering Knoppix is not for the faint of heart. It's a complex process and it's too easy to make mistakes, as I did -- I built up quite a coaster collection. But once I figured it out I had my very own Ultimate Networking Rescue Disk, and that little disk has saved me more hassles and time than any other tool. While the customized laptop is essential and useful, a CD-ROM has one big advantage: It is non-writable, so it cannot be compromised.
These days you can find all manner of excellent ready-made network rescue disks; we'll look at my two favorites, and then we'll look at a couple of good programs for creating your own custom CD.
Linux LiveCDs for the Network Admin
Knoppix STD (Security Tools Distribution) is the powerhouse of network-oriented liveCDs. It has just about everything: honeypots, vulnerability assessment, forensics, all manner of crypto, password crackers, wireless LAN, and the usual firewall and TCP/IP utilities. It has one major weakness: it supports only the Orinoco (Prism chipsets) drivers for wireless NICs, which means it has no drivers for 802.11a/ab/ag/abg or Centrino cards. Since popping in a liveCD to test hardware is one of the main reasons to have a liveCD in the first place, this won't do you much good if you support a lot of wireless PCs.
If you need wireless drivers and still want to use Knoppix STD, you can re-master it to include the bits you need. (Follow the standard Knoppix Re-mastering Howto.)
Knoppix STD comes with a batch of useful utilities for Windows:
- LinNeighborhood, for browsing Samba shares.
- chntpw, for re-setting Windows passwords. Yes, even Administrator.
- pwl9x, for cracking Windows 9x passwords
- Samba server. Very useful for testing connectivity problems, or for testing before deploying.
- testdisk, for restoring deleted partitions
- readdbx, to convert Outlook Express .dbx files to mbox
- urlsnarf, for capturing HTTP requests. (Part of dsniff.)
- driftnet, for capturing images from TCP streams. Yeah, baby, now you can see what your users are looking at.
- msgsnarf, for monitoring IRC and ICQ traffic, like AIM, MSN Messenger, and AOL-IM. (Part of dsniff).
- webspy, which mirrors all the sites visited by a selected host in your own browser. (Part of dsniff).
KnoppixSTD requires some horsepower to run; at least a Pentium II with 128 megabytes of RAM. A lighter-weight alternative is INSERT (Inside Security Rescue Toolkit). At 50 megabytes it fits on a credit-card sized CD-ROM. Because it uses Fluxbox for a graphical desktop, you can have a nice graphical environment even on old feeble hardware. INSERT comes with more wireless drivers and a useful array of tools, including:
- Clam anti-virus
- ettercap, a multi-purpose sniffer/interceptor/logger for a switched LAN
- iproute2 (See Resources)
- ndiswrapper, for using Windows wireless drivers on Linux
- wakeonlan, for booting hosts with no floppy or CD drive
.. plus a nice selection of network monitoring and analysis utilities, disk management, and file recovery. INSERT gets my vote as best all-around lightweight system and network rescue CD.