Difference between pages "Barnyard2" and "Kali Linux"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
(Created page with "== Features == Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development standards. All-new infrastructure has been put in place, all tools wer...")
 
Line 1: Line 1:
==About ==
+
== Features ==
Barnyard2 is an open source interpreter for Snort unified2 binary output files.
+
Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development standards. All-new infrastructure has been put in place, all tools were reviewed and packaged, and we use Git for our VCS.
Its primary use is allowing Snort to write to disk in an efficient manner and
+
leaving the task of parsing binary data into various formats to a separate
+
process that will not cause Snort to miss network traffic.
+
  
Barnyard2 has 3 modes of operation:
+
* More than 300 penetration testing tools: After reviewing every tool that was included in BackTrack,
  1. batch (or one-shot),
+
we eliminated a great number of tools that either did not work or had other tools available that provided
  2. continual, and
+
similar functionality.
  3. continual w/ bookmark.
+
  
In batch (or one-shot) mode, barnyard2 will process the explicitly specified
+
* Free and always will be: Kali Linux, like its predecessor, is completely free and always will be. You will
file(s) and exit.
+
never, ever have to pay for Kali Linux.
  
In continual mode, barnyard2 will start with a location to look and a specified
+
* Open source Git tree: We are huge proponents of open source software and our development tree is
file pattern and continue to process new data (and new spool files) as they
+
available for all to see and all sources are available for those who wish to tweak and rebuild packages.
appear.
+
  
Continual mode w/ bookmarking will also use a checkpoint file (or waldo file in
+
* FHS compliant: Kali has been developed to adhere to the Filesystem Hierarchy Standard, allowing all
the snort world) to track where it is. In the event the barnyard2 process ends
+
Linux users to easily locate binaries, support files, libraries, etc.
while a waldo file is in use, barnyard2 will resume processing at the last
+
entry as listed in the waldo file.
+
  
The "-f", "-w", and "-o" options are used to determine which mode barnyard2
+
* Vast wireless device support: We have built Kali Linux to support as many wireless devices as we
will run in.  It is legal for both the "-f" and "-w" options to be used on the
+
possibly can, allowing it to run properly on a wide variety of hardware and making it compatible with
command line at the same time, however any data that exists in the waldo file
+
numerous USB and other wireless devices.
will override the command line data from the "-f" and "-d" options. See the
+
command directives section below for more detail.
+
  
Barnyard2 processing is controlled by two main types of directives: input
+
* Custom kernel patched for injection: As penetration testers, the development team often needs to
processors and output plugins. The input processors read information in from a
+
do wireless assessments so our kernel has the latest injection patches included.
specific format ( currently the spo_unified2 output module of Snort ) and
+
Secure development environment: The Kali Linux team is made up of a small group of trusted
output them in one of several ways.
+
individuals who can only commit packages and interact with the repositories while using multiple secure
 +
protocols.
  
==History ==
+
* GPG signed packages and repos: All Kali packages are signed by each individual developer when
Barnyard is a critical tool for the parsing of Snort's unified binary files, processing and on-forwarding to a variety of output plugins. Unfortunately it has not seen an updated in over 4 years and is not going to be maintained by the original developers. With the new version of the unified format (ie. unified2) arriving we need something to bridge this gap.
+
they are built and committed and the repositories subsequently sign the packages as well.
To quote directly from the Snort FAQ:
+
Multi-language: Although pentesting tools tend to be written in English, we have ensured that Kali has
* "Barnyard is an output system for Snort. Snort creates a special binary output format called unified. Barnyard reads this file, and then resends the data to a database backend. Unlike the database output plug-in, Barnyard is aware of a failure to send the alert to the database, and it stops sending alerts. It is also aware when the database can accept connections again and will start sending the alerts again."
+
true multilingual support, allowing more users to operate in their native language and locate the tools
 +
they need for the job.
  
The SXL team love barnyard. So much so that we want it to stay and have been tinkering around with the code to give it a breath of new life. Here is what we have achieved to far for this reinvigorated code base:
+
* Completely customizable: We completely understand that not everyone will agree with our design
Parsing of the new unified2 log files.
+
decisions so we have made it as easy as possible for our more adventurous users to customize Kali Linux
*Maintaining majority of the command syntax of barnyard.
+
to their liking, all the way down to the kernel.
*Addressed all associated bug reports and feature requests arising since barnyard-0.2.0.
+
*Completely rewritten code based on the GPLv2 Snort making it entirely GPLv2.
+
  
== Sources ==
+
* ARMEL and ARMHF support: Since ARM-based systems are becoming more and more prevalent and
* [https://github.com/firnsy/barnyard2/ Github About page]
+
inexpensive, we knew that Kali’s ARM support would need to be as robust as we could manage, resulting
* [http://www.securixlive.com/barnyard2/about.php securixlive.com]
+
in working installations for both ARMEL and ARMHF systems. Kali Linux has ARM repositories integrated
 +
with the mainline distribution so tools for ARM will be updated in conjunction with the rest of the
 +
distribution.
 +
 
 +
* Kali is currently available for the following ARM devices:
 +
** rk3306 mk/ss808
 +
** Raspberry Pi
 +
** ODROID U2/X2
 +
** Samsung Chromebook
 +
 
 +
* Kali is specifically tailored to penetration testing and therefore, all documentation on this site assumes prior
 +
knowledge of the Linux operating system.

Revision as of 17:06, 13 March 2013

Features

Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development standards. All-new infrastructure has been put in place, all tools were reviewed and packaged, and we use Git for our VCS.

  • More than 300 penetration testing tools: After reviewing every tool that was included in BackTrack,

we eliminated a great number of tools that either did not work or had other tools available that provided similar functionality.

  • Free and always will be: Kali Linux, like its predecessor, is completely free and always will be. You will

never, ever have to pay for Kali Linux.

  • Open source Git tree: We are huge proponents of open source software and our development tree is

available for all to see and all sources are available for those who wish to tweak and rebuild packages.

  • FHS compliant: Kali has been developed to adhere to the Filesystem Hierarchy Standard, allowing all

Linux users to easily locate binaries, support files, libraries, etc.

  • Vast wireless device support: We have built Kali Linux to support as many wireless devices as we

possibly can, allowing it to run properly on a wide variety of hardware and making it compatible with numerous USB and other wireless devices.

  • Custom kernel patched for injection: As penetration testers, the development team often needs to

do wireless assessments so our kernel has the latest injection patches included. Secure development environment: The Kali Linux team is made up of a small group of trusted individuals who can only commit packages and interact with the repositories while using multiple secure protocols.

  • GPG signed packages and repos: All Kali packages are signed by each individual developer when

they are built and committed and the repositories subsequently sign the packages as well. Multi-language: Although pentesting tools tend to be written in English, we have ensured that Kali has true multilingual support, allowing more users to operate in their native language and locate the tools they need for the job.

  • Completely customizable: We completely understand that not everyone will agree with our design

decisions so we have made it as easy as possible for our more adventurous users to customize Kali Linux to their liking, all the way down to the kernel.

  • ARMEL and ARMHF support: Since ARM-based systems are becoming more and more prevalent and

inexpensive, we knew that Kali’s ARM support would need to be as robust as we could manage, resulting in working installations for both ARMEL and ARMHF systems. Kali Linux has ARM repositories integrated with the mainline distribution so tools for ARM will be updated in conjunction with the rest of the distribution.

  • Kali is currently available for the following ARM devices:
    • rk3306 mk/ss808
    • Raspberry Pi
    • ODROID U2/X2
    • Samsung Chromebook
  • Kali is specifically tailored to penetration testing and therefore, all documentation on this site assumes prior

knowledge of the Linux operating system.