Linux Network Security Toolkit (NST) for Fedora 24
Kernel Version: 4.10.15-100.fc24.x86_64 Type: x86_64
NST Version: 24
NST Build Date: Wed May 24 22:20:28 UTC 2017
http://www.networksecuritytoolkit.org
Authors: Ronald W. Henderson and Paul Blankenbaker

Welcome to the Network Security Toolkit (NST). This bootable ISO live CD/DVD (NST Live) is based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms.

The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 100 Security Tools by INSECURE.ORG are available in the toolkit. An advanced Web User Interface (WUI) is provided for system administration, navigation, automation and configuration of many network and security applications found within the NST distribution. In the virtual world, NST can be used as a network security analysis, validation and monitoring tool on enterprise virtual servers hosting virtual machines.

What we find rather fascinating with NST is that we can transform most x86/x86_64 systems into a system designed for network traffic analysis, intrusion detection, network packet generation, wireless network monitoring, virtual session serving, or a sophisticated network/host scanner. This can all be done without disturbing or modifying any underlying system storage. NST can be up and running on a typical x86/x86_64 notebook in less than a minute by just rebooting NST Live. The notebook's hard disk will not be altered in any way.

NST also makes an excellent tool to help one with crash recovery troubleshooting scenarios and diagnostics.

When booted in the default manner, there is no password set for the "root" and "nst" user accounts (just hit enter to log in). Remote access ("SSH" on port 22 and "HTTPS" on port 9943) to the running NST probe will be disabled until system passwords are set and services enabled via the "nstpasswd" script.

Access methods to a running NST probe:

If you do not know the IP address assigned to the running NST probe, you can use the "ifconfig" config command to determine it.

Use the NST script: "nstliveinst" for installation of NST Live to a hard disk

Notes below contain summary briefs on NST aliases, functions, and custom scripts.

ALIASES

The following aliases are available to get various services up and going quickly (Note: some default settings may not apply to your environment. Please review associated configuration files prior to starting a service):

cdnet
Change to directory: "/etc/sysconfig/network-scripts" for manual IP configuration settings.
com4800
Run minicom on /dev/ttyS0 4800 none81.
com9600
Run minicom on /dev/ttyS0 9600 none81.
com19200
Run minicom on /dev/ttyS0 19200 none81.
com57600
Run minicom on /dev/ttyS0 57600 none81.
com115200
Run minicom on /dev/ttyS0 115200 none81.
lshutdn
A fast halt and shutdown the NST system now.
lvnc
Start a VNC server session at: probe:6.0. see: "nstvncadmin --help" for advance VNC server setup.
lx
A quick way to start an X Window session.
nstpostupdate
Reapply the administrative password, update all NST menus and apply all "NST Tweak" scripts after a "major" update to the NST system.
mntsda1
Mount USB flash RAM device: "/dev/sda1" @ /mnt/flash0

FUNCTIONS

lsfindfilesize

This function finds all files of size or greater and list them in descending order by size.



  Usage: lsfindfilesize FINDDIR FILESIZE

  Where: FINDDIR  - Start file find from this top level directory
         FILESIZE - Find all files of this size or greater in KiloBytes (KB)

Example:
         lsfindfilesize /usr 400
-rw-r--r--  1 root root 1096328 Mar 18  2005 /usr/lib/libslang-utf8.so.1.4.9
-rwxr-xr-x  1 root root  468940 Sep 30  2005 /usr/bin/mkisofs


lsshagent

This function will start the ssh-agent daemon (if it hasn't already been started) and update the necessary environment variables such that any future use of ssh-add and/or ssh will be able to make use of the ssh-agent daemon. This is done such that all logins will be able to share the same instance of the ssh-agent (you only need to execute this the first time you login).

nstmove

This function will facilitate a system move and shutdown when your NST system is booting from writable and removable media (such as a USB memory stick), it will likely persist information between boots. If you then move the installation to new hardware, it is likely that the persisted information (e.g., MAC Address) will be incorrect for the new hardware. It removes hardware specific configuration files so that they will be recreated at boot time. You will be prompted prior to moving and shutting down the NST system. See the NST script: "nstboot --help" for more information.

nstusage

This function will display the NST README in HTML format if the HTML version of the README file is available. If not, the text version of the README file will be displayed via the less utility.

Scripts Found In: /root/bin

/root/bin/create_ramdisk

This script will create a RAM disk on the NST probe system. Type: "create_ramdisk --help" to display its usage.

/root/bin/create_ramdisk4-64

This script will create a 64MB RAM disk at mount point: "/dev/ram4" on the NST probe system. It calls script: /root/bin/create_ramdisk with the following: "/root/bin/create_ramdisk -s 64 -d /dev/ram4"

Other Useful NST Scripts:

/usr/sbin/mkfile

This script creates one or more zero filled files of a specified size.

Usage:




        Usage: mkfile size[k|m] filename1 filename2 ...

        This script creates one or more zero filled files of a
        specified size. The file size will be a multiple of 1024.

        Example:  /sbin/mkfile 22m /tmp/largefile

          - This will create the zero filed file: /tmp/largefile
            with a size of: 23,068,672 bytes (22MByte file).


/usr/bin/ssh-auth-keys

This script allows one to update the authorized_keys files for multiple users on multiple hosts with a single invocation. Use the following for additional information:



ssh-auth-keys --help | less


/usr/local/bin/nsthostname

This script is used to change the hostname of a NST system. All appropriate places within the Linux Operating System will be updated to reflect the hostname change.



nsthostname --help | less


/usr/bin/getipaddr

This simple utility returns the IP address of the selected interface. If no interface is specified, all IP addresses configured on this system including the public internet address will be displayed.

Help description for: getipaddr



getipaddr --help | less


Examples for: getipaddr



getipaddr -i eth0
172.16.1.44

getipaddr -p
24.33.22.187

getipaddr
127.0.0.1
172.16.1.44
24.33.22.187

/usr/local/bin/nowtime

This script will continuously display the current NST probe time each second on the same line with scrolling disabled.