The Auditor security collection is a GPL-licensed live CD based on Knoppix, with more than 300 security software tools. Auditor gives you easy access to a broad range of tools in almost no time.

How can Auditor help you with IT security?

Many security engineers arrive on a client's site and find that the network documentation required for solving the task properly is incorrect or even obsolete. In Auditor's Scanning submenu you'll find the Nmap network scanner. You can choose the traditional shell version or Nmap FE, which provides a graphical front-end for Nmap.

After you have gained a basic overview of the network you can use NBTScan, a NetBIOS name scanner, and Nessus, a vulnerability scanner. If the audit includes Web applications, try the Nikto and Amap application scanners.

Let's say you've been called in to examine a possible compromised server, and until the integrity of the server has been established you are not allowed to install any forensic software or even take the server offline. You can take your Auditor CD and start running the chkrootkit utility to see if any known rootkits are installed on the server. If you find any suspicious activity, you can take a disk image with the dd command and examine it for any possible rootkits or strange processes. You can also use the Autopsy Forensic Browser, a graphical interface that can analyze Windows, Linux, and BSD file systems (NTFS, FAT, Ext2/3) to search for files. If you are analysing a Linux or Unix system, you can use Nibbler to extracts known offsets from binaries to find hidden trojan horses.

The link for this article located at linux.com is no longer available.