Now you're ready to use the toolkit. You can use one of several ways—console, serial connection, or network—to access NST's security tools. You can use NST at the local console to access all the tools. You can use PuTTY to log on via another system on the network, or you can use X Windows to connect to NST using another system that supports X Windows sessions (e.g., Linux or Apple Computer Macintosh systems). Some tools, such as Ethereal, require an X Windows environment.
You can also run X Windows on the local NST system, if you prefer a windowing desktop. To open X Windows on the local NST system, enter
setup_x
at a command prompt, then enter
startx
With X Windows running, you can open the Mozilla Firefox Web browser (which is included with NST) on the local system and connect to the NST Web UI. To start Firefox, go to a command prompt and enter
/usr/local/run_firefox
To connect to the NST Web UI, point your browser to https://192.168.x.x/nstwui, where 192.168.x.x is the IP address of the system on which NST is running. You can also use https:// 127.0.0.1, if you're accessing the address from the local NST system. Use the same username and password you used to log on to NST (i.e., root and the root password).
The NST Web UI, which Figure 1 shows, provides the easiest way to access most of the commonly used tools from another system on the network. The Web UI presents links to Snort, Analysis Console for Intrusion Databases (ACID), Nessus, Nmap, Kismet, BandwidthD, Ettercap, Firestarter, and other tools, some of which are listed in Figure 1. The Web UI also provides a useful interface for some of those tools. For example, Nessus security scanner provides Web-based output, as does BandwidthD. The Web UI also includes tools that monitor and control the server. For example, you can use the Web UI to check the Web logs, run commands, view processes, view devices, reboot the server, or power down the server.
I was able to launch the Snort intrusion-detection tool on Ethernet interface 1 by using only two mouse clicks. Of course, you might want to download the latest Snort signatures or change the Ethernet interface, which will take more than two mouse clicks. With Snort running, I used the Web UI to locate and launch ACID so that I could access the Snort logs. The NST documentation contains more information about using ACID.
Changing and Automating the NST Boot Sequence
You might need to modify the resources available when NST boots. For example, you might need USB, PC Card, or serial connectivity support. Or you might discover that your CD-ROM drive doesn't support SCSI emulation, and you need to use native CD-ROM IDE instead.
You can choose from a variety of boot options when NST begins to load. The boot sequence will pause for a few seconds and present a screen on which you can select from a list of kernel boot configurations and boot options, as Figure 2 shows. If you don't press a key within 5 seconds, NST will boot with the default configuration settings. If NST fails to boot on your system, reboot and watch for the boot options menu because an alternative boot configuration might work for you.
You might also want to automate some of the NST procedures that you use routinely. For example, if you often assign a particular IP address, mount certain Windows-based shares, or start X Windows and launch Firefox, you can create custom scripts to automate those processes. You can't save the scripts to CD-ROM without modifying the CD-ROM ISO file, so you'll need to store your scripts on external media. NST supports the use of 3.5" disks, USB drives, hard disks, and even Web servers to host shell scripts, additional programs, and other items.
NST includes a script called lnstcustom that can help you automate certain tasks, such as accessing external media. The section of the NST documentation called "Automating Your Setup with lnstcustom" explains how to mount various file systems and store automation scripts on them. Then you can use Instcustom to launch the scripts.
Prev. page
1
[2]
3
next page 
