Slashdot Mirror
Trustix, a Worthy Contender?
Linux.com (also owned by OSTG) is running a quick look at Trustix, a Linux distro designed for servers that focuses on ground up security and stability. From the article: "No operating system can claim to be completely secure. There will always be zero-day exploits, configurations errors, user errors, and other factors that can defeat the best security for any system. On the other hand, it's always good to start from a secure base and then add more security. Trustix provides a reliable and secure Linux distribution that you can build upon. There are no wasteful graphical displays and no wizards to set up your firewall. If you aren't comfortable with the command line, forget about Trustix. [...] That said, Trustix does a good job of keeping your system up-to-date, and if you have the required experience, you'll find that it's a robust distro. As a simple server distro with a high level of security and customizability, Trustix is a worthy contender."
Umm, I'd rather pick some other distros that are known for stable secure server platforms that have been around and tested than some new one that continues the string of terrible linux distro names.
... It's an OpenBSD wannabee without the proven track record?
Trolling is a art,
Didn't the NSA put out a distro specifically for high security applications a few years ago??
" Linux.com (also owned by OSTG) is running a quick look at Trustix, a Linux distro designed for servers that focuses on ground up security and stability."
I'm sorry. I like my security and stability in one piece. Thanks.
To add to the chorus, um.... OpenBSD is a known factor, rock solid stability, and although I enjoy linux for its desktop I always turn to OBSD as a server for security. If I want to recompile its kernel I don't have to research 20 different RPM's, I simply edit the conf file. OpenBSD is a slam dunk for a secure server solution.
- Greg
Start a happiness pandemic
...I coulda been a contendah! ;P
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
the name certainly bought my trust
Trustic website has no free version of this.
...it's always good to start from a secure base...
Fact is, Linux isn't really a secure base.
If you aren't comfortable with the command line, forget about Trustix.
Why not chose something really secure then, like OpenBSD?
http://www.trustix.net/
It would have been nice if the article went into a little more depth on what Trustix does differently to make it more secure/stable than something like a server install of Ubuntu or Debian, instead of spending a good chunk of the article on the installation and telling us how to do a system upgrade. But then again, I suppose it was a quick look at Trustix.
Distributions are open source. Why develop yet another distribution rather than build upon the security of existing OSes? Why not develop a fork of a more popular--and known--distribution and opt not to package it with X, etc? I'm sure almost any of the distributions out there would welcome additional developers that focus on security and stability.
Sounds more like an OpenBSD soon-to-be with a proven business model.
I'm all for the command line, and in fact like the flexibility of the command line, set-up files, etc.
But there's no doubt that with flexibility comes a lot of responsibility. And if you put responsibility in the hands of humans, then there will be an error somewhere along the way. If you want reliable security, not just potential security, it's a lot better to be able to just click the checkbox next to 'FTP' on a firewall dialogue than have to slog through iptable entries.
Sounds like these guys have the wrong philosophy. A server built for security makes sure that dumb administrators can't mess it up.
Sometimes it's best to just let stupid people be stupid.
I've used their FREE Enterprise Firewall built on their OS and it's great. Awesome GUI ap that can be used to configure it from anywhere on any platform (It's built in Java). If their distro is anything like their firewall ap, I'd use it.
Karma means nothing to me, so suck it...
"We know it sounds like a lame shareware puzzle game, but it's actually a really secure Linux distro."
I can just picture differently coloured keys and padlocks dropping into a well right now.
"When the atomic bomb goes off there's devastation...but when the atomic bong goes off there's celebraaaaation!"
Well according to that site:
:D
"Disclaimer: This site/server is not affiliated with Trustix, Comodo Trustix, the Comodo Group, or the Apache Software Foundation. It just happens to run software that we created."
I'm guessing that's wrong though, lol. I'd be worried if their official site is denying any affiliation with their software.
"If you aren't comfortable with the command line, forget about Trustix"
So this product is designed to be used by a tiny portion of the market. A portion so small that there is really no glory to be gained by hacking it. Even if one did crack it, you wouldn't get a fleet of bot nets out of it. Even if you do crack it, there isn't likely going to be a wealth of ransomable data on it. Nope, it is just some linux nut trying to be hard core about security. So.... Why bother trying?
It's all about the cost/benefit ratio. If it takes 4 weeks to come up with an exploit would it be better to spend that time focused on A) Trustix, B) Mac, or C) Windows? With Windows huge market penetration, it is significantly more profitable to spend time focused on it then some redheaded step child of the Linux kernal.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
But there has been major changes in the company behind Trustix as of lately. It was originally developed and maintained by several hard working people in the Comodo branch in Trondheim, Norway (E.Midttun, O.Viggen, C.H.Toldnes).s tix.org/msg03396.html
Then not so long ago, I saw one of the workers at Comodo carrying several computers from their office. Turned out that everyone had been laid off and the Norwegian branch was closed down.
At the same time this happened and for some time there was no information given about the status of Trustix:
http://www.mail-archive.com/tsl-discuss@lists.tru
We still have a few servers running Trustix, but are currently moving over to other distributions.
Anybody else find it funny that the Trustix website has their own Apache default page?
From trustix.net:
When all you have is a hammer, everybody looks like a Messiah.
On top of that, you have several methods of ensuring that the software is correct. The methods that are popular are:
Trustix does some of the auditing of OpenBSD, I believe, which is good. However, no auditing method will ever produce provable security. It can only ever produce probable security.
Linux (and so presumably Trustix) has various role-based mandatory access control systems, which provide a vastly higher level of protection against malicious use by someone already on the system. However, none of the mechanisms I am aware of provide mandatory access controls for packets or memory allocations. I am also very unclear if they provide additional security for shared memory or shared resources (using the P9000 filing system). As far as I know, OpenMOSIX and bproc have no mandatory access control support, so if you migrate a process, the rights do NOT migrate with it. (Also, if one node in a cluster has MAC, it should be impossible for threads to migrate from that to a non-MAC node, although the reverse should work, as MAC restrictions can be added but should not be removable outside of the established mechanism for doing so.)
MAC only appears on a very limited number of *BSDs, and most of those have vanished without a trace. SecureBSD and TrustedBSD are not exactly household names, and even those seemed to be limited to the narrow range of controls that SELinux supports. AFAIK, no other of the Open Source BSDs support mandatory access controls at all.
Note: MAC clusters would be wonderful for public server farms, as they would be a lot simpler and a lot safer than any of the other popular methods used.
Trusted computing and encryption often go hand-in-hand, but driver support for either is abysmal in the kernel. The number of trusted computing accelerators supported by Linux is feeble, and there's only one (RSA) crypto chip, even though many many others exist - and there's even specs and Open Source support for them. Why publicly specced devices aren't making it into Linux is beyond me, as that is the chief complaint of Linux driver developers. The way to reinforce that specs are good is to reward those who publish them. The way to reinforce that Linux doesn't matter is to have no impact.
(A good example is the Motorola S1 chip, for which the complete manual has been online for a long long time.)
Ultimately, until an Open Source system can beat the pants off an ancient closed-source system like Gemini, we've no business calling anything we have "secure" in any absolute sense. In a relative sense, most Open Source systems are infinitely more secure than any comparable system, but that only goes so far. It's about time we bit the bullet and gatecrashed the turf that has so far been reserved for the most secure of military systems.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
It's an OpenBSD wannabee without the proven track record?
EVERYTHING starts without a track record. The only way to accumulate one is to go down to the track and start running.
Happy belated zeroeth birthday, Trustix!
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
As long as it keeps all of those riff-raff button clicking windoze wizard software jockeys out of the club, I am all for it. Clicking on Next, Next, I Agree, Next, Next, Next buttons and not having a clue as to what is going on. They act so hoity-toity afterwards as if they accomplished something special...
they probably took note of this whole fiasco and changed their default apache index.
Stop Computers/Cars Analogies on S
I work for a software company and one of the distros we support is trustix, in my personal experiance, it tends to be buggy, takes stupid security measures that really do nothing to enhance the security of the system, if you want a good secure unix, use a BSD. simple as that, if you want a secure linux, go lock down your distro of choice, no need to use a new distro based off of an outdated OS (RH 7.3) that does things in a very microsoft-like approach to security.
I used this as my first Linux distribution a few years back. That machine ran happily for a good long time before the machine fried. Very easy to setup and maintain with secure default settings all over the place.
I'd recommend it to anyone looking to setup a low maintenance, high security linux server.
Happy belated zeroeth birthday, Trustix!
The first full release of Trustix was over five years ago. It isn't a new, untested Linux distribution by any stretch of imagination.
Systemd: the PulseAudio of init systems
Disclaimer: I am not a Trustix employee but do believe in using the best tool for the job. For example, I am writing this from a new iMac (which I love.)
I use Trustix on my servers because it is designed specifically for servers. Unlike other distros, Trustix is completely CLI and bloat is minimal. By default, a base system is installed (basic GNU Utilities, and sshd.) The default config files for any installed service were created with security in mind. For example, sshd does not allow root login. Also, services are disabled by default. If you installed Samba along with the base system, smbd would not run at boot. I don't like to spread marketing propoganda but this link provides some usable information among the marketing department's BS.
Swup is my favorite feature of Trustix. Swup is to Trustix as Apt is to Debian. Swup offers the same features of Apt, dependency checking, software removal, ect. but Trustix is an RPM based distro. Before updating the system, a PGP key is checked and compared on the system and the remote server. IIRC, Trustix can trace its roots to Red Hat, as many other distros are such as SuSE can. My first experience with a Linux distro was with Red Hat, many years ago. I could use Fedora or CentOS but IMHO, they are bloated when compared to Trustix.
Finally, Trustix has a basic roadmap for future releases. I know that a year and a half from now, Trustix will no longer be releasing packaged updates for my TSL (Trustix Secure Linux) version. Also, there is only one type of TSL version available. If you or your company decides to purchase support for TSL, your PHB will be able to feel warm and cozy. The product you will be using is the exact same product you can download from trustix.org for free. If you are the sysadmin and PHB like me, support is not needed. I am lucky because I am basically my own boss. My only two objectives are using minimal monetary resources and maintaining a secure and stable IT infastructure. My superior feels that the Sysadmin is able to choose the best products and tools to follow these objectives. I respect him, he respects me, and I am happy with my job.
Members of the trustix.org mailing list are always willing to give help when needed. Surprisingly, if an issue cannot be resolved by list members, Trustix.com employees often step in to help. If I were to leave or be moved to a different position (hopefully promoted), support could be purchased for the existing system if needed.
I know that Trustix is a funny name but give it a try. At home I've got a 300 Mhz Celeron with 64 MB RAM running Trustix 2.2. I has 2x200 GB drives using software RAID 1. I have it configured as a Samba PDC for the Windows boxes in the house my family uses. I'm currently working on connecting my new iMac to the Domain. We have four PCs which use it for authentication and home directories; performance is never an issue. I have a duplicate box minus the 2x200 GB hard drives which I use for testing and it also runs Trustix 2.2. Give it a try.
If you want a secure operating system, why the fuck are you bundling it with PHP?
Ah, I can already see the flaming responses this will get from people who don't understand what security is, or what a server is, or what a port is.
Anyway, if you want to patch your kernel so you can run your server procs as arbitrary users, this is it:
Edit the file /usr/src/linux/include/net/sock.h and change PROT_SOCK from 1024 to 0 and recompile.
This should have been done in the standard kernel YEARS ago. If we ran all of our daemons as separate, non-prived users, daemon buffer overflows would be a lot less of a problem, especially now that local user access is finally getting quite secure in Linux.
---------------
Calendar, contact management, multiple timezones, sales automation
You should probably contact the FBI immediately. This "Trustix" is preventing you from seeing your web site and is indicative of malicious activities having taken place.
... and the name of this one made me hopeful for a second, but it isn't.
In theory, using a Trusted Platform Module (TPM) allows you to configure a system so that encryption keys can be bound to a particular system state. I'd like to be able to use this for fairly high-security systems like, say, CAs, or RADIUS auth servers, etc., but I'll never have the time to do it myself.
The idea is that as pieces of software are loaded, they're fed to the TPM, which hashed them into a Program Control Register. Then, you can create encryption keys (symmetric or asymmetric) and "bind" them to the PCR register contents. Binding is simply a process of encrypting the keys with a combination of the TPM's master key and the PCR value, then storing the encrypted result on disk. That encrypted key value can then only be decrypted for use when the PCR contains the same state.
So, if you can thoroughly verify the system configuration, and ensure that all critical components are hashed into the PCR state, then bind your key to that state, you can have a high degree of confidence that no one can modify the system in a way that gives them access to the bound keys.
Since the TPM only hashes the data that's fed to it, though, it's necessary to construct a system that carefully hashes all of the appropriate components, and does it in a non-subvertable way. This means:
Obviously, an important step in constructing such a Linux distro is stripping out everything that isn't absolutely necessary and simplifying the boot process to the point where it can be verified that each step hashes everything that will be used in the next step (if it could be tweaked to subvert the system).
After all of that, it will still be necessary to lock the system down as tightly as possible, to ensure that traditional routes of attack are closed off. For the most important systems, it's a good idea to configure them so that even the system administrator can't snatch the crucial secrets out of RAM, so Mandatory Access Controls (ala SELinux) may be required.
Finally, since high-security systems still need to be patched, appropriate utilities for safely migrating keys from one configuration (PCR value) to another will be required, so that the system can be updated without losing access to the crucial keys.
I'm posting this primarily in the hope that someone who has more time than I do will think "That sounds like a really cool project" and start working on it.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
I installed the both the "stable" and unstable version of this distribution last year and none of them worked... well all of them fucked my MBR (and I installed many other distributions, I'm not that stupid), so yeah I won't even try again.
I've used just about every major package management system out there: yum, up2date, apt, portage, grimoire (the one from Sorcerer), and swup. I'm far more impressed with swup than I've ever been with anything else, apt included. I've been using Trustix for about 6 years now and I've never been disappointed with it. The solid, single command line executable aspect of it (swup --install, swup --search-[file|package|etc.]) compared to the variety of apt's executables (apt-get, apt-cache, etc.) reduce the complexity of the system greatly. I've used Ubuntu for almost 2 years and Fedora/Red Hat before that. Swup is solid, secure, quick, and fairly intuitive (as much as a command line program can be).
Colin Dean Go a year without DRM
When you say that sshd by default disallows root login, I just wanted to ask a clarifying question. Does it still allow you to log in as a regular user and then sudo (or sudo -s, if such things are kosher according to your rules) in order to do necessary maintenance activities? I'm just thinking in terms of installing it on a totally headless machine for which there wasn't a local console at all, and all admin tasks were done over SSH. As long as you could sudo, this would be fine, but if you couldn't, or had to use a local console in order to reenable root privs, then it would be a real pain.
I'm assuming that you can sudo, else the setup would be pretty braindead for a server, but I just thought I'd ask to be sure.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I used TSL (Trustix Secure Linux) 2.2 and 3.0 on various servers for some time. I liked where it was heading and how it provided a nice stable platform. I liked it's clean policy, and while not being as 'legacy' as Debian for using old versions, wasn't the first to jump on the bandwagon. I also liked that it didn't manage to link everything with the X libraries (*cough* RedHat *cough*)
What I didn't like was the upgrade path issues. Debian, for example was a breeze to do major upgrades of the distribution and core software. trustix struggles a bit more, requiring manual intervention and breaking things here and there. Trustix did offer swup to do so, but still lacked a certain perfection of some of its counterparts. Core system upgrades tells the men from the boys when you're trying to run a high-uptime server and only really want to throw one reboot into there and not break much.
It's package selection wasn't as high as I would have needed, even with a focus of servers, it still lacked core monitoring applications, and even packages like snmp. It lacks many libraries that you may need, so you may find yourself relying on source more often. For whatever reason, there were a few driver quirks as well that didn't exist in same kernel versions of other distros, such as counters for incoming traffic not working properly.
Overall, yes- trustix is a great distro and a good contender to anyone wanting a simple and small (150-250MB) distro to run a Web server, mail server, or equivalent on it. Trustix may not suit you if you need lots of libraries often, need to install almost any application quickly, need a larger community for support, or need a clean upgrade path to newer versions in the future and want to be more assured of a trouble-free upgrade.
I mix Trustix and Debian these days- Trustix was the popular choice in my shop when Debian 2.x was rather dated and 3.x was on the horizon. Trustix provided everything I needed. Now? Debian 3.x may be a better choice depending on your needs. Still a supporter of Trustix though.
-M
when you see the word 'Linux', drink!
I think people who made this creature were thinking along these lines: Let's make a distro that so few people use, that no hacker in conscious mind would even attempt to break into system that is running it. Seriously, what makes this distro different from, let's say, properly configured debian without X?
Fedora Core 5 does the job if you ask it to.
First, install the x86_64 version. This provides accurate memory permissions and more bits for address space randomization.
Enable the strict SE-Linux policy, or the MLS policy if you want military-style levels. (the default policy is "targeted", which is still better than the "off" setting)
During the install, or afterward via the setsebool command, change a few settings if not done already. Enable the policy that prohibits executing from files that are not specially marked, that were written to, or could be written to. Disable the app compatibility hacks.
SE Linux does that. Normally people would rather handle gigabit networking and run obsolete apps, but you can enable the protection if you want it. Fedora Core 5 even has a couple ready-made settings for the memory-related stuff.
Want the full power of the 2.6.16 kernel and a recent toolchain? See how you like this:
You may only execute files that are specially marked. (to mark them requires privilege) You may not execute from memory that has been written to. Executables which require text (code) segment modifications by the dynamic linker will no longer run; you need special library-like executables that don't require writing to the code segment. Any attempt to violate this via mprotect() will be stopped. Note that unprivileged users are not able to bless a binary, and thus have very little use for the compiler!
Cool, huh? BTW, Linux does aggressively audit for bugs (the "sparse" tool, coverity reports, lock checkers, valgrind) and does support MLS.
http://www.trustix.org/installation/index.php
http://www.trustix.net/
http://www.trustix.net/installation/index.php
WOW! Now that is secure.
At least you can reach this site, which looks awfully commercial-style with no community.
http://www.trustix.com/I am but a clueless n00b, but could somebody explain to me why this is any better than anything else?
It strikes me like anybody who is competent enough to use and maintain a secure Trustix distribution would be equally qualified to maintain a secure, say, RHEL 4 distro. RHEL 4 is also not burdened by a GUI, and supports SElinux. I'm sure you can also install Ubuntu without X, and I know you can for many other distros.
So, if you have the qualifications, why use Trustix? And if you don't, wouldn't a more user friendly distro that did have a GUI that tried to help you with security be more secure? A user that knows how a firewall works but doesn't know how to use IPtables would be better off using a GUI config program than trying (and failing) to manage the firewall by CLI.
That said, I know how to configure IPtables by the command line, but find it much easier to leave such things to APF. I'm less likely to make mistakes that way, and it saves me time. It is also probably more secure, since it will account for things that I might not have thought of on my own.
In my case (implementing a support server for the company I work at), I needed a Linux distro that would give me more or less what I needed right out of the box without too much fuss.
My first inclination was to try CentOS, but the machine I was attempting to install it on had a bad CD-ROM, which meant that most of the packages I tried to load got corrupted. I also had previously used Red Hat (before they did the Fedora/RHEL split) and disliked the fact that they tended to hook everything into X wherever possible.
Other distributions I considered briefly before installing Trustix were:
Debian -- did not use because debian-stable has very outdated packages, debian-unstable seems rather unsuited for a server, etc...
Mandriva -- I ran a Mandriva server once but again was encumbered by X libraries, and when those libraries were removed, most of the administrative tools (yes, even the command line ones) were messed up royally.
Gentoo -- I nearly went this way, since I now run a Gentoo server and like the ease of updates, but I did not have the time or resources on hand to do a complete install from source. Plus the machine is a bit slow...
I will mention that I did not consider any of the BSDs in this due to my general lack of experience with BSD. I mean to learn it eventually, but for now I'm mainly a Linux admin. (And a Windows admin, but that's by necessity rather than choice.)
I finally read about Trustix and liked what I saw. CLI tools only, no unnecessary services, Red Hat based configuration... it all drew on what I knew and didn't have Red Hat's accompanying fat.
There are some other caveats I have from running it. First, there is a distinct lack of pre-built Perl packages available in Trustix. This is somewhat remedied by the availability of CPAN, but CPAN is a kludged system at its best of times and there are a number of Perl modules that I still *cannot* install. Which basically axed the idea of using any Perl-based web software.
Hope that helps.
"On the other hand, it's always good to start from a secure base and then add more security."
Hell no. Security makes sense up to a certain level. A system's security can be increased into unusability. What could be more secure than a server which you need to dive into the Mariana trench, disarm the motion sensor embedded hydrogen bomb linked to the server, break through concrete and provide connectivity to that server? It's secure but unusable. A healthy balance is required.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
Goddamnit, this isn't offtopic. THE ARTICLE links to trustix.org, and has multiple links to trustix.org that (should) lead to downloads of trustix, but don't...
Nothing says "unprofessional job" like wrinkles in your duct tape.
*Clap*
10 Years later someone brings OpenBSD's philosophy to the Linux world.
Other distributions I considered briefly before installing Trustix were: ...
Gentoo -- I nearly went this way, since I now run a Gentoo server and like the ease of updates, but I did not have the time or resources on hand to do a complete install from source. Plus the machine is a bit slow...
I had begun building servers some time ago with Gentoo. It was not a pleasurable experience. Bugs in portage (yes portage itself) eventually crept in and royally messed the entire package database. It took a significant amount of time to fix. In addition, there were complaints about the time required to install updatedp packages (even though I used distCC across them). All in all It seems to me that Gentoo in any kind of largescale deployment is just not ready yet. It is too bad because I really wanted to go that route instead of an RPM based distribution. I loved BSD ports and that's half the reason I love Gentoo (Debian being too old as you mentioned and Ubuntu focusing on Desktop).
I wonder why you did not consider SUSE in your testing? I have yet to find an administrative tool in SUSE that requires X.. all GUI wizards are available from Console. SLES 10 is about to be released and looks extremely promising. Take a look next time your evaluating your enterprise Linux choices.
I will mention that I did not consider any of the BSDs in this due to my general lack of experience with BSD. I mean to learn it eventually, but for now I'm mainly a Linux admin. (And a Windows admin, but that's by necessity rather than choice.)
As for BSD I love it. However, it should be apparent at this point that BSD is improving too slowly. Latest benchmarks (especially of OpenBSD) show BSD as a poor performer in many ways. The security is huge, yes, and OpenBSD rises to this. Yet, it is becoming harder and harder to justify the performance losses and software compatibility (try getting third party applications to support BSD) versus Linux.
Of course all this depends on what you intend to use your servers for, and is just my personal opinion and experience.
Yawn.
Another supposedly "secure" distro with no differentiator between it and anything else other than someone turned on settings already there.
Wake me up when they do something that CHANGES Linux and ALL the OTHER distros stand up and take note.
+++OK ATH
I have assurances from people inside the company that the upcoming release will be the final released version that will be maintained by the company. After that, it will be handed over to the community (aka, will die).
The company will keep developing Trustix in-house, but will be writing proprietery code for it to use on their hardware products.