The language for hacking is Russian. Review of unusual Linux distributions. Analysis of vulnerabilities in web applications
Kali linux – audit tool information systems. This distribution has dozens of built-in programs that can help you detect vulnerabilities in various services.
I hope you remember that using this distribution for malicious purposes is punishable by the Criminal Code of the Russian Federation.
Since we are not looking for easy ways, we will install it ourselves, download the image kali-linux-2.0-amd64.iso, 3.09 GB in size.
And so, we create a virtual machine in WMvare or virtualbox and begin the installation.
The first thing we see is the selection of installation options. These are several live installation options, such as:
- failsafe
- persistence – live version with changes saved on disk,
- encrypted persistence - with encryption
- forensic mode, “judicial mode”, when used, no changes are made to the connected devices
- Install with speech synthesis – installation with sound
We are interested in the graphical install menu - installation with a graphical shell.
Installation on the SSD took no more than 10 minutes. After the installation is complete, you are not prompted to use the network repository. Of course we agree, after which what happens automatic update packages.
The next step is setup GRUB bootloader, in my case, this is the only disk with one operating system, so we put the bootloader at the beginning of the only disk.
Reboot and go under user root and the password entered during the installation process, we are in the system.
Description of ALL kali linux utilities here – Kali Linux Tools Listing
01 – Information Gathering – Console and graphic utilities To collect information, you can test the ports.
The most popular utilities are nmap (console) and zenmap, also with a graphical shell.
02 – The next section is Vulnerability Analysis, or in our opinion, vulnerability scanners. For example, “OpenVAS”, as an analogue of the well-known Xspider scanner.
It takes quite a long time to install.
03 – Web application analysis – testing web applications.
04 – Database Assessment – everything for working with databases.
05 – Password Attacks – password guessing by hash, brute force.
06 – Wireless Attack – a set of utilities for auditing wireless networks.
07 – Reverse engineering – various debuggers and debuggers.
08 – Exploitation tool – exploitation of various exploits.
09 – Sniffing and spoofing utilities for working with traffic, mainly foreign traffic.
10 – Post Exploitation another portion of exploits.
11 – “Forensic utilities” will help you extract valuable information.
12 – Reporting tools – creating reports
13 – System services – start and stop application services.
In general, dozens of applications for brute force, searching for password hashes, searching for vulnerabilities in web servers, wi-fi networks, and web applications.
To use this system you will need experience using the Linux OS and working with the console. Do not use this software for illegal purposes.
Article 272. Illegal access to computer information
1. Unlawful access to computer information protected by law, that is, information on computer media, in an electronic computer (computer), computer system or their network, if this act entailed the destruction, blocking, modification or copying of information, disruption of the operation of the computer, system Computers or their networks are punishable by a fine in the amount of up to two hundred thousand rubles, or in the amount of the wages or other income of the convicted person for a period of up to eighteen months, or by correctional labor for a term of six months to one year, or by imprisonment for a term of up to two years.
2. The same act, committed by a group of persons by prior conspiracy or by an organized group or by a person using his official position, as well as having access to a computer, a computer system or their network, is punishable by a fine in the amount of one hundred thousand to three hundred thousand rubles or the amount of wages or other income of the convicted person for a period of one to two years, or correctional labor for a term of one to two years, or arrest for a term of three to six months, or imprisonment for a term of up to five years.
If you have questions, ask them at , or below in the comments.
Today, the most popular distributions for penetration testing are *nix-like distributions: , BlackArch Linux, Pentoo and many others. They can be used both in a virtual environment and as a live system, or even installed as a desktop OS.
Until recently, Windows users were deprived (we do not take virtual machines into account) of such assemblies, until a magic box appeared - the hacker distribution PentestBox.
PentestBox is not like other security distributions that run on virtual machines Oh. The idea of creating it came to the author Aditya Agrawal after studying statistics - more than 50% of users who downloaded distributions used Windows:
- Samurai Web Testing Framework -
- Santoku Linux -
- Parrot OS -
What makes PentestBox different?
Easy to use. Download 2.5 gigabytes from the site, unpack and everything is ready to use. Not as resource intensive as a virtual machine instance. There are no dependencies, all utilities, command standards - everything is installed. Also installed Mozilla browser Firefox with the most popular addons for auditing web applications.
PentestBox is quite easy to customize - add the utilities you need to the python/ruby/executable file and register aliases. Upgrades won't be difficult either. The interface is designed as command line with a “classic” green font on a black background, old school.
PentestBox contains enough a large number of popular utilities that facilitate the penetration testing process. Utilities are divided into groups to make them easier to find and use - from information gathering and reconnaissance, web scanners, bruteforce utilities to Android analysis applications and Wi-Fi.
The assembly does not contain one of the main "harvesters" used by security specialists and hackers - the Metasploit framework. The author indicates that there is already a completely working one for installation Windows version of this product, perfectly fulfilling its purpose in its native form.
On the author’s website, utilities are presented in sections; there are overlapping positions, so I arranged the utilities, classifying them according to the method of use/impact. Some utilities on the original site contain incorrect links/descriptions, please keep this in mind.
Collection and analysis of information
This section contains utilities for preliminary research of the target.
Forensics
Utilities for collecting “digital evidence”, forensic analysis, collecting evidence.
PDF tools- search and identification of suspicious objects in PDF documents,analysis of PDF elements.
PeePDF- analysis of objects, elements and flows contained in PDF files.
Origami- a utility for analyzing and working with infected pdfs (used for
I'll start my story with an anecdote. Once upon a time, Winnie the Pooh (VP) and Piglet (P) decided to interview Bigfoot. We went and looked, but we never found it. We reached the mountains of Siberia. There VP says:
“Piglet, let’s split up, otherwise you and I will never find him!”
And so they did. VP searched and searched, no one was there. I decided to find Piglet. He walked, wandered, and suddenly he saw Piglet lying dead with his mouth torn, and a voice recorder lying next to him. VP turned on the recorder and hears:
-Comrade Bigfoot, can I interview you?
-Take it!
-But...
-Take it!
-But this is not an interview!
-Take it!
-A-ah-ah!
...
So I decided to interview, not Bigfoot, of course;),
and from hackers, people who are quite difficult to find and who can tell a lot of interesting things. I asked everyone the same questions (I really wanted to find out how these invisible things differ from each other;), not all of which are related to computers. I won’t go into too much detail about how I found real hackers (I’ll leave this as a professional secret), I’ll just say that some of them are quite well known in narrow circles, others
were recommended by knowledgeable people, others had to be looked for on your own.
Interview No. 1 (Sidex)
1) Do you need fame?
I'm not interested in "mass" fame. Such that ordinary people talk about me and write in magazines far from computer security, and computers in general. For example, I don’t like the popularity of the notorious Mitnik, Levin or the latest “star” - Mafia Boy. Rather, one is interested in “narrow” fame among the most competent and authoritative people. As they say, “less is more.”
2) How to become a hacker?
Nobody asks: how to become a quilt cutter? Then why does the question have to do with “specialty”
- hacker? This is nothing more than a myth for feeding teenagers: you will become a hacker, we will teach you to be a hacker, you must become a hacker, the American “How become a hacker”. I wanted young people asking the question raised to change it to: how to become a computer security specialist? Here I would advise you to get as much fundamental knowledge as possible, such as: working with various operating systems, various programming, foreign languages (communications), communication protocols, hardware devices, etc. And having received what you need in the required volume, turn to more specific sources of information: news feeds/websites, security mailings, contacts with knowledgeable people in the field of interest, the same books, and, of course, current periodicals, like the same Hacker magazine.
3) What is your favorite book?
Irwin Shaw "Rich Man, Poor Man", "Bread on the Waters"; William Gibson
"Burning Chrome".
4) What is your favorite music?
Electronic "fundamental" music: Kraftwerk, Future sound of London, The Orb, Orbital. And modern experiments: Dust brothers, Chemical brothers (early and most recent works), Primal scream, Apollo 440, Paul Oakenfold, easy listening from Cafe del
Mar.
5) What is your favorite movie?
I was very moved by the movie "Fight Club". But its mass character and shallowness of ideas do not allow us to call it a favorite. Overall, I find it difficult to name my favorite movie, because... It would be logical to write a Western film here. I wouldn’t hesitate to name it - “Khrustalev, the car” from the super-director German, which, unfortunately, only occasionally pleases us with his works. From a completely no-budget movie - “The Iron Heel of the Oligarchy” by the “gentle” Bashirov.
Well, first of all, there is no need to confuse a hacker and a cracker.... I have broken various programs, but I don’t remember the “crowbars” - there is no interest in them. It's more interesting to create than to break.
9) Do you have a girlfriend?
A funny question, of course - Russians ;-). Although it's not a matter of nationality...
Linux, Solaris, WinNT
For different tasks - different OS, there is not and cannot be an unambiguous answer.
computer?
From 12 to 24.
15) What do you think of Gates?
A man who made a fortune from human laziness and stupidity. Gates's arrival was inevitable; if he hadn't been there, there would have been someone else.
Interview No. 4 (TEN)
1) Do you need fame?
2) How to become a hacker?
3) What is your favorite book?
"How to program in C++"
4) What is your favorite music?
5) What is your favorite movie?
"Ivan Vasilyevich is changing his profession"
7) The most memorable hack.
Hacking when you get caught is the most memorable hack :).
8) Who do you consider the most outstanding hacker?
Kevin Mitnick.
9) Do you have a girlfriend?
10) What nationality are the best hackers?
Russians, of course.
11) What operating systems are on your computer?
WinNT 4.0 Workstation and FreeBSD.
12) Which OS do you think is the best?
13) How many hours a day do you spend
computer?
Not less than 7.
14) What languages do you program in?
15) What do you think of Gates?
Hehe! What do I think of Gates? He's a goat!
Interview #5 (Blackhole)
1) Do you need fame?
No, it's not necessary at all.
2) How to become a hacker?
Love programming and masterly know its roots - Assembler.
3) What is your favorite book?
"War and Peace" by Tolstoy.
4) What is your favorite music?
Johann Sebastian Bach. Now, for example, the magnificent “French Suites” are being played.
5) What is your favorite movie?
The listing would take too long. I look at my mood.
7) The most memorable hack.
This is prohibited by Russian legislation 😉
8) Who do you consider the most outstanding hacker?
Kevin Mitnick and Robert Morris.
9) Do you have a girlfriend?
Of course have.
10) What nationality are the best hackers?
I don't have such statistics. I think that everyone can achieve success.
11) What operating systems are on your computer?
MS DOS and Windows NT.
12) Which OS do you think is the best?
13) How many hours a day do you spend
computer?
14) What languages do you program in?
Assembly, C++ and Java.
15) What do you think of Gates?
Well done. But I don’t like its (Microsoft) programming languages. And what he did with Java doesn’t do him any credit either.
Thank you.
Interview No. 6 (VirVit)
1) Do you need fame?
It depends on what area of life.
2) How to become a hacker?
Study and study again... And also practice...
3) What is your favorite book?
UNIX OS architecture.
4) What is your favorite music?
Rock-n-roll, rock, funk
5) What is your favorite movie?
8) Who do you consider the most outstanding hacker?
I'm not interested in famous personalities, although Mitnik...
9) Do you have a girlfriend?
10) What nationality are the best hackers?
11) What operating systems are on your computer?
Win98, Linux Black Cat 6.02
12) Which OS do you think is the best?
13) How many hours a day do you spend
computer?
14) What languages do you program in?
C, C++, Asm, FoxPro.
15) What do you think of Gates?
Nothing. He was in the right place at the right time.
Interview No. 7 (Myztic)
1) Do you need fame?
Among other hackers, it wouldn't hurt.
2) How to become a hacker?
You need to have great patience and desire to learn this.
3) What is your favorite book?
"Attack on the Internet."
4) What is your favorite music?
Hardcore techno.
5) What is your favorite movie?
7) The most memorable hack.
8) Who do you consider the most outstanding hacker?
9) Do you have a girlfriend?
10) What nationality are the best hackers?
Russians, of course.
11) What operating systems are on your computer?
Linux RH7.0 and Win98
12) Which OS do you think is the best?
It's hard to say that Unix-like OSes are generally good.
13) How many hours a day do you spend
computer?
14) What languages do you program in?
15) What do you think of Gates?
Smart guy, he thought of selling software, but in general he is greedy.
These are the pies 😉 It’s just a pity that they don’t sparkle with sincerity (you can see how they answer the question about the most memorable
hacking), but to get answers to such questions, you have to be one of them. But they don’t ask each other such questions...
The book is a systematic collection, including translations of English-language resources, books and websites dedicated to the topic penetration testing and the authors’ own experience.
Official description for the book:
Kali Linux is advanced Linux distribution for penetration testing and security audits. The information in this book is intended for informational purposes only or penetration testing of your own se tey.
To test third party networks, get written permission.
"Penetration testing (jarg: Pentest) - safety assessment method computer systems or networks by means of simulating an attack by an attacker." - WiKi.
All responsibility for implementing the actions described in the book lies with you. Remember that unlawful actions are subject to liability, including criminal liability.
The book consists of 8 parts, which include 62 chapters. Everything is explained in detail using examples. The book uses the most current information available today.
1. General information and installation Kali Linux
- What is Kali Linux?
- How to install Kali Linux: detailed instructions for installation on a computer and in a virtual machine
- Installing VirtualBox Guest OS Add-ons for Kali Linux 2.0
- How to install Kali Linux on a USB flash drive and external drive(easy way)
- Top 10 Tips on What to Do After Installing Kali Linux 2.0
- VMware Tools in Kali Guest
- How to enable VPN on Kali Linux - resolving the problem with the inability to add VPN
- Checking and restoring repositories in Kali Linux from the command line
- How to change desktop environment in Kali Linux
- How to add/remove a regular (non-root) user in Kali Linux
- How to reset root password in Kali Linux
- Restoring GRUB in Kali Linux after upgrading to Windows 10
- Increase your anonymity on the Internet with Tor in Kali Linux
2. Kali Linux Tools Overview
- Overview of Kali Linux tools sections. Part 1. a brief description of all sections
- Overview of Kali Linux tools sections. Part 2: Information Gathering Tools
- The best hacking programs
- Exploit database from Offensive Security (creators of Kali Linux)
3. Wireless penetration testing
- Best Kali Compatible Linux USB Wi-Fi adapters
- Hack Wi-Fi password (WPA/WPA2) using pyrit and cowpatty in Kali Linux
- Hacking Wifi WPA/WPA2 passwords using Reaver
- Modification of the Reaver fork - t6x - to use the Pixie Dust attack
- Cracking WPA2/WPA passwords using Hashcat in Kali Linux (brute force attack) Wi-Fi passwords by mask)
- Wifite mod with Pixiewps support
- Breaking Wi-Fi networks: Tools that didn't make it to Kali Linux
- Router Scan by Stas’M on Kali Linux (hacking routers and Wi-Fi on an industrial scale)
- Repairing Wifi_Jammer and Wifi_DoS in WebSploit
- Stress test wireless network with Wifi_Jammer: how to jam Wi-Fi
- Stress test of a wireless network with Wifi_DoS: how to finish Wi-Fi
4. Network stress tests
- Network stress test (Website DoS) with SlowHTTPTest in Kali Linux: slowloris, slow body and slow read attacks in one tool
- Network Stress Test: Website DoS in Kali Linux with GoldenEye
- Network stress test with Low Orbit Ion Cannon (LOIC)
- Network stress test: DoS using hping3 and IP spoofing in Kali Linux
5. Analysis of vulnerabilities in web applications
- WhatWeb instructions: how to find out the site engine in Kali Linux
- SQL Injection: A Simple Explanation for Beginners (Part 1)
- Using SQLMAP on Kali Linux: Hacking Websites and Databases Using SQL Injections
- Hacker plugins for Firefox
- Scan for WordPress vulnerabilities: WPScanner and Plecost
- New version of Plecost 1.0.1 - software for searching WordPress vulnerabilities
- Working with W3af in Kali Linux
- ZAProxy: Web Application Penetration Testing
- How to Run Metasploit Framework on Kali Linux 2.0
- How to Run Metasploit Framework on Kali Linux 1.1
- Metasploit Exploitation Framework and searchsploit - how to search and how to use exploits
- DIRB: Find hidden directories and files on websites
- Finding admin panels for sites running Kali Linux
6. Analysis of vulnerabilities in operating systems and server software
- Vulnerability scanning with OpenVAS 8.0
- Armitage instructions: automatic search and checking exploits in Kali Linux
- How to scan Linux for rootkits using rkhunter
- Linux Security Audit
- Installing Linux Malware Detect (LMD) on Linux
- How to FIND out your Windows password?
7. Network scanning. Interception of data in networks
- Emulate a network of several computers on one computer
- How to Use NMAP Security Scanner on Linux
- Book on Nmap in Russian
- Hacking a website password from using WireShark(and protection against it)
- FTP-Map: define software and its version for FTP servers and are looking for exploits for them
- ZMap or How to scan all IPv4 addresses in the world in 45 minutes
- 8. Attacks on passwords. Brute forcing
- Dictionary attack word lists: passwords, usernames, directories
- PW-Inspector: selecting passwords that meet the criteria
- THC-Hydra: A Very Fast Network Login Cracker (Part One)
- Bruteforcing websites with Hydra (part two of Hydra instructions)
- Crunch - Password Generator: Basics of Use and Practical Examples
- BruteX: program for automatic brute force of all services
JavaScript is disabled in your browser
In the Linux world, we are used to seeing only clones. Debian, Ubuntu, Red Hat, SUSE - all this different distributions, in which there is no fundamental difference. Half of the popular Linux distributions are forks of Debian or Ubuntu, others are forks of ancient Slackware with a modified package manager and beautiful configurators. There is no trace left of the former diversity, but maybe we are just not looking well?
Fork of the “Introduction” section from the previous article
Modern Linux users cannot understand, but earlier choice The distribution was a real epic. The distributions really differed in many respects, and due to the lack of high-speed Internet and virtual machines, these differences played a very important role. Slackware offered end-to-end simplicity, Red Hat was distinguished by its elaboration down to the smallest detail and built-in configurators, Mandrake was equipped with a graphical installer, and Debian's mega feature was APT, which allowed (you won't believe it!) to automatically download software from the Internet.
The greatest luck was to get a four-disc Red Hat set, which included all the graphical shells and a bunch of application software, but if this was not possible, Mandrake on two discs was quite suitable. In those days, only a few could download a disk image, so numerous blanks with the most popular distribution kits were passed around. The distribution itself was relatively simple and imbued with the spirit of just for fun, thanks to which numerous Frankensteins appeared, including my own, buried somewhere at the bottom of a 10 GB Seagate disk.
Years passed, Seagate was killed by Kingston, and the distributions turned into huge, complex machines created to pump money out of companies whose administrators suddenly persuaded their bosses to switch their servers to Linux. But somewhere among the numerous Ubuntu installations and Linux Mint those same Frankensteins continue to exist, bringing something new to the world of Linux, albeit in honor of the next money grab.
Slax and modular expansion system
At one time, Slax impressed me so much that I joined a group of developers who intended to create a distribution based on its ideas. The group, however, quickly ceased to exist due to the unrealizability of the idea, but Slax continues to exist and thrive.
Slax is not just a distribution, it is a purebred LiveCD, which, among other things, can be expanded with modules. This is done using an elegant mechanism that, I'm sure, is used in a bunch of other projects, but was used for such purposes here for the first time - the Unionfs file system. The essence of the method is as follows: not being able to change the file system of the distribution on the CD in order to install additional software, the Slax developers came up with a method for connecting file system images to it on top of the root.
All additional software for Slax is distributed in the form of modules with the sb extension. The module is an image of the Squashfs file system (a simple file system with compression), which contains the application and all the files it needs, located along the file system paths where they should be in the running system (usr/bin/abiword, for example). Just put this module in a special directory on a flash drive (/slax/modules) or cut it onto a disk, and the system will automatically pick it up and mount it on top of the LiveCD root when booting (Unionfs mounts file systems on top of each other, like layers of a pie). As a result, an application will appear in the system that is not physically there.
The beauty of this idea is not only its suitability for extending LiveCD, but also its absolute ease of implementation. No package managers, version conflicts, application remnants in the file system, absolute protection against FS failures, the ability to roll back to a clean version of the OS. In general, the list could take a long time. But the main thing is that all this is achieved using a very simple mechanism that can be implemented in a few lines in the command interpreter language.
There's just one problem: building a full-fledged distribution from hundreds of overlay file systems will come at a cost in both performance and stability.
GoboLinux and individual application directories
Another unusual approach for Linux (but standard in OS X and Windows) approach to installing third-party software is used in the GoboLinux distribution. Instead of the /bin, /usr/bin, /usr/share and other directories familiar to any Unixoid, containing installed applications“spread” across the system, GoboLinux uses a set of directories /Programs, /Users, /System, /Files, /Mount and /Depot.
In fact, the distribution follows the path of OS X. All system files are located in the /System directory, and applications user installed, - in /Programs, each in its own separate directory (for example, /Programs/Firefox). As a result, it becomes possible to install different versions of one application (or, as an option, libraries), and to remove the software, it is enough to physically erase the directory.
However, there is a flaw in this directory organization that forced the GoboLinux developers to use several crutches. The problem is that, unlike applications for OS X, software for UNIX is written in accordance with the FHS standard, which assumes the presence of a standard directory tree in the system, including the same /bin, /etc, /lib, /usr and etc. Applications expect to see this structure on disk and can behave unpredictably when it is violated.
To solve this problem, the GoboLinux developers used two hacks: a special kernel module and symbolic links. The module hides all standard directories (/bin, /etc and others) when listing the root directory, but leaves the ability to access them directly. This makes it possible to hide the real directory structure from the user.
Links, in turn, solve the compatibility problem. All system libraries and applications stored in /System have symbolic links in the /bin and /lib directories, which allows the system to function correctly. Compatibility third party applications provides an installer that creates new links for each application that is installed. Yes, when installing Firefox The file /usr/bin/firefox will appear, which actually links to /Programs/Firefox/bin/firefox, as well as a number of other links.
Yes, this is a typical representative of the Frankenstein family, but it has its fans, especially among those who like the standard file organization UNIX systems seems outdated and ineffective. And this, let’s not argue, is really so.
NixOS, its configurator and package manager
Speaking about package managers and file system organization, one cannot fail to mention NixOS, perhaps the most interesting and “correct” distribution in terms of the technologies used. NixOS is built around two main ideas: a declarative system configuration model and a modern package manager, devoid of almost all the problems associated with dpkg, rpm and the like.
Both of these technologies are closely related to each other and, working together, implement a very interesting principle of organizing a distribution, which allows you to describe any of its states (including all configuration files and a set of installed packages) using one central config. For example, I will give the following simple config /etc/nixos/configuration.nix:
# Loader location boot.loader.grub.device = "/dev/sda"; # Root partition of the system fileSystems."/".device = "/dev/sda1"; # Enable SSH by default services.sshd.enable = true; # Enable Apache (+ settings) services.httpd.enable = true; services.httpd.adminAddr = " [email protected]"; services.httpd.documentRoot = "/webroot";
This file describes the standard settings of a simple web server with SSH access. Yes, NixOS really allows you to keep the settings of different services in one file, but the point is not this, but the fact that, having this config, it is easy to clone the entire distribution. Just copy this file to a freshly installed NixOS instance and run the command
$ nixos-rebuild switch
And voila. In a few minutes we will receive a distribution with SSH and Apache pre-configured and running. But the most interesting thing is that this command not just installs, configures and launches the software, but actually brings the distribution to the described state. This means that after executing the command, only SSH and pre-configured Apache will really remain in the system and nothing except their dependencies and configs (essentially, an analogue of installing from scratch).
This functionality can be used to quickly deploy a distribution, switch between states, quickly transfer the system between physical or virtual machines, deploy clusters and much more. In addition, thanks to the package manager, NixOS guarantees the integrity of the system when updating and even allows you to rollback it to previous state.
This is possible because different versions(or assemblies) of one package have different paths on the system inside the /nix/store directory and are identified by the system by hash, so an update is just an operation of downloading new versions of packages, deploying them to a unique path and “switching” the system to them usage. Nobody forbids you to switch back at any time. Indirectly, this approach solves DLL problem Hell, allows you to roll back applications to previous versions and, of course, install two versions of the same software next to each other.
NixOS is an incredibly interesting system, and I recommend that everyone who is partial to Linux should definitely try it. And we move on to QubesOS and its virtual environments.
QubesOS or Xen as the basis for the OS
IN different times There have been many attempts to create a secure operating system based on application isolation and virtualization technologies. At one time, even Microsoft did this as part of the Singularity project, but none of these attempts were successful. No matter how good the ideas embedded in the OS were, in almost 100% of cases they became a “victim of the second system” - it was not possible to drag users and developers to the new platform.
The QubesOS project, started by the famous Polish security expert Joanna Rutkowska, compares favorably with them in that it proposes to use existing developments to build a secure OS, without the need to break compatibility with applications, drivers and write millions of lines of code from scratch. QubesOS is just a Linux distribution based on Fedora, but unlike others, it is initially built on the idea of tightly isolating applications and system components using virtualization.
The system is based on the Xen hypervisor, on top of which several virtual machines (domains) are launched, each of which is responsible for performing its own system function. In separate domains, the network stack (including a set of drivers) runs here, file systems and RAID drivers, as well as a graphics stack that includes the X server. To launch applications, separate domains are also used, but not one for each of them (otherwise the system would die from the rapid exhaustion of RAM), but divided into “interest groups”: entertainment, work, online banking, and so on.
The data transmission channel between domains is encrypted and has strict restrictions on the type of information transmitted and possible recipients. This means, for example, that if an attacker finds a hole in the Linux networking stack and is able to gain access to the network domain, then he will effectively be locked inside it, since all the network domain can do is process requests for network connections and transfer of data from authorized domains. This will not save you from sniffing and spoofing, but it will protect the data stored in the storage domain.
QubesOS uses KDE as a graphical environment, modified to hide the organization of the system from the user's eyes. Applications automatically run in different domains and the environment uses window frames different color to indicate which domain the application is running in.
Currently, QubesOS developers are preparing to release the second release of the system (RC2 is already available), which will feature a separate domain for Windows applications and a USB domain for secure work with USB devices.
ChromeOS
ChromeOS is one of the most atypical, strange and controversial Linux distributions. For most people, it's just a browser running on almost bare metal, but for someone familiar with Linux, it's a complete operating system, which has many of the standard features of regular distributions, interspersed with Google's own tweaks.
By and large, ChromeOS is a heavily stripped-down Ubuntu, on top of which runs a graphical environment based on the developments of the Chromium project. The same Ubuntu Upstart is responsible for loading the system, however, due to the need to launch a much smaller number of components, a cold start of ChromeOS occurs much faster (literally in a second). X.org is responsible for the graphics here, but it is used solely for the purpose of properly supporting hardware and input devices; the image itself almost always bypasses the X protocol directly into the video adapter (therefore, X will soon be replaced by Wayland or Mir).
Other components also include the Clutter graphic library, PAM, D-Bus, NTP, syslog and cron. There is no idea of packages in the system, and all OS updates occur during an OTA update “in one piece.” During the update, the system is never overwritten, but instead uses the second system partition, which becomes the first after reboot. Thus, ChromeOS can always be rolled back to a previous state, and the update itself cannot kill the system.
Due to the absence of many standard components of Linux distributions and its focus on running exclusively browser-based applications, ChromeOS is highly resistant to hacking. As with a desktop browser, each web application (read: tab) runs in its own sandbox, preventing the entire system from being compromised if an attacker finds a hole in the browser itself. The system partition is always mounted read-only. To confirm system integrity, Chromebooks use the TPM (Trusted Platform Module).
In general, ChromeOS is not a full-fledged operating system, but rather a very non-standard Linux distribution, which cannot be said about, for example, Android or Firefox OS.
Debian GNU/kFreeBSD or “why not?”
The Debian distribution has always been distinguished by its broad support for a wide variety of computer architectures. It is capable of running on ARM, MIPS, PowerPC, Sparc and a variety of other officially and unofficially supported machines and processors. However, one of the most interesting Debian ports was made... to the FreeBSD kernel.
At its core, Debian GNU/kFreeBSD is the same distribution, but modified to run on the FreeBSD kernel. There is the usual apt-get, a set of configurators, a System V-style initialization system, repositories of binary packages, KDE and GNOME, so the difference will be absolutely invisible to the end user. But the system administrator will find many interesting perks for himself.
The main reason for the existence of this project is to be able to use FreeBSD technologies that are not available in Linux kernel. These include native support for ZFS, a modular subsystem for working with GEOM data storages, a modular network subsystem Netgraph and, of course, a reference implementation of the TCP/IP stack. All this is available in Debian GNU/kFreeBSD along with the usual Debian goodies.
- Damn Vulnerable Linux - the most vulnerable distribution in the world
- Stali is a distribution based on the KISS idea from the famous Suckless project
Side stems: INFO
The model of installing applications in separate directories first appeared in the GNU Stow installer.
Interestingly, in addition to Debian GNU/kFreeBSD, there is also a port to the Hurd microkernel, but its condition leaves much to be desired.
Version Chrome browser for Windows 8 is nothing more than ChromeOS in miniature.