[LBo] Distros...

Jason Armstrong jarmstrong at gmx.net
Tue May 8 05:45:16 CEST 2007 

Hi Allen!

On Sun, 06 May 2007, Allen wrote:

> The questions I have are:
> 
> 	1) Xubuntu says a swap of 1 gig, but the old formula I
> 	   remember is 2x installed memory. I have a gig of
> 	   memory so should I really use a 2 gig swap?

With 1GB of RAM you'll likely never be using much swap.  That rule was defined
back in the day when RAM was more expensive than gold and peopel were running
servers with 16MB of memory.  1GB of swap, to hold active memory if you ever want
to debug a dump, will be sufficient, if you don't care about that 512MB should be
fine.

> 
> 	2) Xubuntu says only other partition needed one with a
> 	   mount point of /. Is this really the way to go or
> 	   should I have a partition for /boot as well? If so
> 	   how big, 128 meg?

This is subject to personal taste, but not what I would recommend.  You can get
by with just /, but your system will be far more scalable and secure, and disaster
recovery will be vastly simpler, if you make use of multiple partititions.  /boot
doesn't need to be particularly big, just enough to comfortably hold your working
kernels and config files, 32MB should be sufficient.

> 	
> 	3) Back to the distro question. I do a lot of information
> 	   security analysis work, some pen testing/forensics,
> 	   and some just straight documentation/writing. I think
> 	   that I might want to use LiveCDs for the pen testing
> 	   and other forensics work as the tools are changing
> 	   regularly so burning a new CD to use keeps me up to
> 	   date with those tools. Then use the laptop installed
> 	   distro for the grunt work of writing, analysis,
> 	   process analysis stuff and use it to store the pen
> 	   test logs. Does this make sense? If so is Xubuntu a
> 	   good choice? Others I've looked at include PCLinuxOS,
> 	   rPath, gNewSense, BLAG and DSL. I've even thought of
> 	   going with PC-BSD. My real goal is stability with a
> 	   minimum of fuss and constant fiddling with updates.
> 	   Suggestions?

If your intention is to be up-to-date on the system you are doing forensics on, a
system that easily allows you to synch sources and update software to current
releases (such Arch Linux, Gentoo, or any using APT) on the fly can potentially
keep you far more current than liveCDs, which by necessity are frozen at whatever
was available when the image was created. And this may ultimately be more convenient,
and less confusing, in the long run than switching between random systems on the fly.

> 
> 	4) Anybody familiar with the T40? I can't seem to figure
> 	   out how to boot from a USB key or such. The BIOS says
> 	   you have to enable the USB, but it doesn't say how.
> 	   It did come with a manual so does anyone have one that
> 	   I can get a copy of? Same for the original CDs.

I know nothing about the T40 specifically, but you probably need to play with
toggling the various options available in the BIOS boot menu, most likely USB hard
drive and USB floppy, but there's no hard and fast rule on what to use to boot USB
media with any specific BIOS, it's all at the whim of the manufacturer.
 
Cheers,

Jason

More information about the QnA mailing list