5

I am a QA Engineer, but have been tasked with creating a security testing platform. I have many years with Backtrack/Kali and my primary OS are Arch and Ubuntu. The Systems guys here gave me a CentOS machine in the cloud to build out a machine that will be the hub for all of our security tests. Both systems level tests and application layer (I will be running the tests).

Has anyone else found that CentOS be a viable option to house all your security tools? Initially I had asked the systems team to spin up a debain/ubuntu server for me to start with. They subsequently laughed in my face. The problem I am facing is most of the security tools I am familiar with are debian dependent. Are there other security tools out there that work well out of the box for CentOS? Their main argument against using Ubuntu is the difficulty that creates with Xen Server and the instability/insecurity of ubuntu. Not sure I agree with ubuntu being unstable, I haven't had any issues and security is a matter of how good an Admin you are imo (tempted to hand them CIS benchmarks). Any advice?

user2120790
  • 151
  • 1
  • 2

3 Answers3

5

Linux is Linux is Linux. Quite a few commonly used tools (nmap, wireshark etc) are already in the package repository. Those that aren't, you can compile yourself.

Will it be more effort than simply spinning up Kali or Debian? Sure. Is it perfectly viable? Definitely.

4

Most of the security tools you use in Kali can be installed on CentOS. Maybe they will allow Fedora if not Arch or Ubuntu...

https://fedoraproject.org/wiki/Security_Lab

Personally I would push for debian and use the Kali repos to install whatever tools you need for the sake of simplicity if that is what you are familiar with, but you could the same tools in CentOS.

airloom
  • 366
  • 1
  • 5
1

If you are working in a corporate environment, it is best to stick to the tools and OS that are supported by the IT department. Since their main concern seems to be stability with even Ubuntu being "unstable", Kali is totally out of the window.

My recommendation would be to gather all info on which tools are needed for your tasks. Then you can evaluate the effort of setting up a good CentOS base image for your needs. If you discover, that there will be a significant overhead you can still present those findings to the IT department (or up the food chain, depending on your organization) and lay down why it would be feasible to look into easier distros as an alternative.

SeeYouInDisneyland
  • 1,428
  • 9
  • 20