Problem solve Get help with specific problems with your technologies, process and projects.

Using BackTrack to check for Linux vulnerabilities

Through common security methodologies and a full array of security testing tools, BackTrack identifies and exposes flaws within your Linux systems.

Whether you've used the Bastille UNIX tool, hardened your Linux systems manually or just want to get a good snapshot of where your systems currently stand, you have to check out BackTrack. It's a Slackware Linux-based distribution that's ready to run via a bootable CD or virtual machine image (VMI). Officially in its third version (fourth if it you count the latest pre-release), BackTrack Linux is chock full of handy security tools for poking and prodding to bring out the worst in your Linux systems. In the spirit of ethical hacking, BackTrack integrates this common security testing methodology:

Figure 1 - BackTrack's security testing method (Click image to enlarge)

BackTrack contains niche security tools that would otherwise be a real pain to download, compile and install. Whether you're a Linux pro or just getting started, it's hard to argue against being able to download a fully-functional version of Linux with most, or maybe all, the security testing tools you'd want to use. BackTrack's main interface is shown in the following screenshot:

Figure 2 - BackTrack desktop and security tool categories (Click image to enlarge)

A typical security assessment scenario that used BackTrack to test internal Linux systems could consist of the following:

  1. Use fping to identify live hosts
  2. Use nmap to identify the operating system and detect open ports
  3. Use amap to identify running applications
  4. Use SAINT to seek out vulnerabilities in the operating system (OS)
  5. Use Metasploit to exploit OS and application vulnerabilities

The Linux-centric possibilities are endless. Furthermore, BackTrack has an extensive set of database, Web and wireless tools for finding and exploiting flaws in systems outside of the Linux realm. It even includes built-in HTTP, TFTP, SSH and VNC services that'll be necessary during your vulnerability identification and analysis. And if you ever have such a need, BackTrack also incorporates digital forensics tools. Playing around with tools like Autopsy and Sleuthkit, in fact, are great for "backing into" hacking techniques to further sharpen your security skills.

I've always been a proponent of using good commercial security testing tools, but you may no longer have that option these days. The BackTrack tools, in reality, aren't just "good enough" -- they're actually truly good, especially if fancy reporting and ongoing vulnerability management are not a top priority for you. I'm going to continue using commercial tools in my security assessments, but you can bet that my BackTrack virtual machine is going to be loaded and ready to roll for those niche tools we just can't find anywhere else.

ABOUT THE AUTHOR: Kevin Beaver is an information security consultant, keynote speaker, and expert witness with Atlanta-based Principle Logic, LLC. Kevin specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). He's also the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at

Dig Deeper on Linux servers

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.