Recent Posts


« | Main | »

VirtualBox – Security Tools – running Live CDs

By Dale Reagan | March 12, 2010

VirtualBox Security Tools – testing or installing Live CD images as virtual machines

I noted that this seems to be a popular approach for VMWare images and decided to try a few tools out using VirtualBox.   As with any such ‘security solution’ you should carefully evaluate the tools that you allow (or the OS builds that you allow) on your network(s).

In general (with VirtualBox) you can boot any OS for which you have media to install from (i.e. MS-DOS or MW Windows based OSes, Unix/Linux/BSD based OSes, or other operating systems or ‘distros’ which can be ‘mounted’ as ISO (CD/DVD) images.) Note that you can easily/quickly install from any viable (working) Linux ISO distro simply by setting the ISO as mounted prior to virtual machine startup – you should see the same window (content) that you would see if you were installing the distro on your PC instead of to a VM.  Provided that you have enough disk space, CPU and RAM resources you could create & install and run (simultaneously) as many OS virtual machines as your hardware will support…

The tools listed below typically contain:

A virtual machine can provide a means to both sandbox and evaluate such tools.  Until you have a comfort level with a tool being tested you might want to create your virtual machine without active (connected) network devices. Using Fedora 11, VirtualBox 3.14, some disk space allocated for virtual machine images, and a few spare CPU cycles you can quickly ‘run’ an ISO image designed as a ‘live-cd’ or ‘live-dvd’.  The typical variables would be:

Some possible ISO based Linux system and network security images include:

  1. nst-2.11.0.i586.iso – Network Security Toolkit – large (DVD only) image using the Fedora distribution including many tools as well as an ‘install-to-disk’ option.  You will need to consult the NST Wiki for current image password and access information.  For some reason the GUI install would not work with an 8GB disk so I increased it to 10 GB.
  2. security-onion-livecd-20090731.iso – Found on Biblio – Linux Distributions

The distros below presented install problems with VirtualBox – could be bad ISO images, could be a lower level distro problem, could be a VirtualBox issue – post a comment if you find solutions for running these with VirtualBox.  Note that I had no problems installing a ‘base’ Debian system with VirtualBox…

  1. EasyIDS-0.4.iso [ISO would not boot – could be a ‘bad’ ISO image OR it could be an incompatibility with VirtualBox…]
  2. samurai-0.8.iso [Ubuntu release, simple GUI, many tools, run from ISO image or install – would not install via VirtualBox.]
  3. alienvault-ossim-installer-2.2.amd64.iso – 32 & 64 bit editions – lengthy install (on my system – even in ‘un-attended mode’ requires input…)  – “AlienVault Open Source SIM (OSSIM) is a complete Security Management solution that detects and profiles attacks, and provides a comprehensive, intelligent Security Management platform and toolset.”… “OSSIM stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant network/security administrators with a detailed view over each and every aspect of his or her networks, hosts, physical access devices, server, etc.”  Note: the install fails under VirtualBox at ‘select software’ as well as with other install options – based on some search results it appears that this Debian install does not work (easily) with VirtualBox…  I tried:
  • increasing disk space
  • increasing RAM
  • all NIC options – with ‘wired’ working – many DNS queries during startup (blocked by my firewall…)  This appears to be where the install is ‘hanging’ – IMO outside network access should NOT occur until post-install and then only as allowed by the admin;  my guess is that many folks are using this tool without observing/noting this behaviour which I see as quite negative…

    An example:

    Since I do have limited hardware resources I decide to create an 8GB VDI or each tool that I select for testing.  I ‘build’ the VDIs (using the very concise, clear GUI to create the disk image and set hardware as desired), boot each ISO image to run/install the tool, gracefully shutdown the VM and wind up with an on-demand solution for using/testing each tool.  Note that you could simply by-pass the install and run most of these tools in a VM directly from the ISO image.  The advantage of doing an install is that you can then install the VirtualBox tools which provide more/better mouse/video integration.  You can also tweak resources prior to starting any VM (i.e. add RAM, increase video RAM, remove devices, etc.)

    If you need quite a number of VMs then you could script most of the above so give it try with your peta-byte storage, tera-byte RAM, 100 CPU system! 🙂

    Based on my experiences with desktop hardware (AMD Quad, 6GB RAM)  you should consider allocating at least 1GB of RAM for any VirtualBox Linux-based VM (performance is very bad with less RAM…)

    Note that this approach (installing OSes from ISO images can be used to evaluate any distro where a CD/DVD boot is used.)  It’s a simple way to limit headaches prior to ‘upgrades’ (which can still fail on the ‘real hardware’, i.e  Fedora 12 was fine as a VM but lacked appropriate video device support for my hardware so I had to ‘roll-back’…)

    Note – if you get ‘header’ errors when installing VBox Additions (Guest Additions) on Fedora:

    1. yum install kernel-headers kernel-devel gcc
    2. reboot
    3. now install the Guest Additions (boot the VM, mount the ISO image and run  the install script…)

    Topics: System and Network Security, Unix-Linux-Os | Comments Off on VirtualBox – Security Tools – running Live CDs

    Comments are closed.

    YOUR GeoIP Data | Ip:
    Continent: NA | Country Code: US | Country Name: United States
    Region: | State/Region Name: | City:
    (US only) Area Code: 0 | Postal code/Zip:
    Latitude: 38.000000 | Longitude: -97.000000
    Note - if using a mobile device your physical location may NOT be accurate...

    Georgia-USA.Com - Web Hosting for Business