Slashdot Mirror
Trustix, a Worthy Contender?
Linux.com (also owned by OSTG) is running a quick look at Trustix, a Linux distro designed for servers that focuses on ground up security and stability. From the article: "No operating system can claim to be completely secure. There will always be zero-day exploits, configurations errors, user errors, and other factors that can defeat the best security for any system. On the other hand, it's always good to start from a secure base and then add more security. Trustix provides a reliable and secure Linux distribution that you can build upon. There are no wasteful graphical displays and no wizards to set up your firewall. If you aren't comfortable with the command line, forget about Trustix. [...] That said, Trustix does a good job of keeping your system up-to-date, and if you have the required experience, you'll find that it's a robust distro. As a simple server distro with a high level of security and customizability, Trustix is a worthy contender."
" Linux.com (also owned by OSTG) is running a quick look at Trustix, a Linux distro designed for servers that focuses on ground up security and stability."
I'm sorry. I like my security and stability in one piece. Thanks.
The NSA gave us SELinux.
What's the ugliest part of your body? Some say your nose, some say your toes, but I think it's your mind. -Zappa
Yup, this is especially valid since Trustix has been around since the late 90's.
- Greg
Start a happiness pandemic
the name certainly bought my trust
The NSA produced a kernel patch and a set of userland tools called SELinux which provided a much richer and more fine grained security model for Linux, but no actual distribution. In practice this was essentially done as a "proof of concept" by the NSA who were frustrated by the lack of serious security architecture in modern operating systems - they decided the easiest way to get the ball rolling was to take something freely available and modifiable, like Linux, add the better security architecture and hand it back to show how things could be done. Since then that work has been converted into the Linux Security Module which provides support for the general architecture suggested by the NSA in a more modular fashion, and SELinux was adapted to work within such a system.
What does SELinux actually buy you? To quote the NSA FAQ:
Jedidiah.
Craft Beer Programming T-shirts
Distributions are open source. Why develop yet another distribution rather than build upon the security of existing OSes? Why not develop a fork of a more popular--and known--distribution and opt not to package it with X, etc? I'm sure almost any of the distributions out there would welcome additional developers that focus on security and stability.
I'm all for the command line, and in fact like the flexibility of the command line, set-up files, etc.
But there's no doubt that with flexibility comes a lot of responsibility. And if you put responsibility in the hands of humans, then there will be an error somewhere along the way. If you want reliable security, not just potential security, it's a lot better to be able to just click the checkbox next to 'FTP' on a firewall dialogue than have to slog through iptable entries.
Sounds like these guys have the wrong philosophy. A server built for security makes sure that dumb administrators can't mess it up.
Sometimes it's best to just let stupid people be stupid.
But there has been major changes in the company behind Trustix as of lately. It was originally developed and maintained by several hard working people in the Comodo branch in Trondheim, Norway (E.Midttun, O.Viggen, C.H.Toldnes).s tix.org/msg03396.html
Then not so long ago, I saw one of the workers at Comodo carrying several computers from their office. Turned out that everyone had been laid off and the Norwegian branch was closed down.
At the same time this happened and for some time there was no information given about the status of Trustix:
http://www.mail-archive.com/tsl-discuss@lists.tru
We still have a few servers running Trustix, but are currently moving over to other distributions.
On top of that, you have several methods of ensuring that the software is correct. The methods that are popular are:
Trustix does some of the auditing of OpenBSD, I believe, which is good. However, no auditing method will ever produce provable security. It can only ever produce probable security.
Linux (and so presumably Trustix) has various role-based mandatory access control systems, which provide a vastly higher level of protection against malicious use by someone already on the system. However, none of the mechanisms I am aware of provide mandatory access controls for packets or memory allocations. I am also very unclear if they provide additional security for shared memory or shared resources (using the P9000 filing system). As far as I know, OpenMOSIX and bproc have no mandatory access control support, so if you migrate a process, the rights do NOT migrate with it. (Also, if one node in a cluster has MAC, it should be impossible for threads to migrate from that to a non-MAC node, although the reverse should work, as MAC restrictions can be added but should not be removable outside of the established mechanism for doing so.)
MAC only appears on a very limited number of *BSDs, and most of those have vanished without a trace. SecureBSD and TrustedBSD are not exactly household names, and even those seemed to be limited to the narrow range of controls that SELinux supports. AFAIK, no other of the Open Source BSDs support mandatory access controls at all.
Note: MAC clusters would be wonderful for public server farms, as they would be a lot simpler and a lot safer than any of the other popular methods used.
Trusted computing and encryption often go hand-in-hand, but driver support for either is abysmal in the kernel. The number of trusted computing accelerators supported by Linux is feeble, and there's only one (RSA) crypto chip, even though many many others exist - and there's even specs and Open Source support for them. Why publicly specced devices aren't making it into Linux is beyond me, as that is the chief complaint of Linux driver developers. The way to reinforce that specs are good is to reward those who publish them. The way to reinforce that Linux doesn't matter is to have no impact.
(A good example is the Motorola S1 chip, for which the complete manual has been online for a long long time.)
Ultimately, until an Open Source system can beat the pants off an ancient closed-source system like Gemini, we've no business calling anything we have "secure" in any absolute sense. In a relative sense, most Open Source systems are infinitely more secure than any comparable system, but that only goes so far. It's about time we bit the bullet and gatecrashed the turf that has so far been reserved for the most secure of military systems.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
It's an OpenBSD wannabee without the proven track record?
EVERYTHING starts without a track record. The only way to accumulate one is to go down to the track and start running.
Happy belated zeroeth birthday, Trustix!
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Happy belated zeroeth birthday, Trustix!
The first full release of Trustix was over five years ago. It isn't a new, untested Linux distribution by any stretch of imagination.
Systemd: the PulseAudio of init systems
Disclaimer: I am not a Trustix employee but do believe in using the best tool for the job. For example, I am writing this from a new iMac (which I love.)
I use Trustix on my servers because it is designed specifically for servers. Unlike other distros, Trustix is completely CLI and bloat is minimal. By default, a base system is installed (basic GNU Utilities, and sshd.) The default config files for any installed service were created with security in mind. For example, sshd does not allow root login. Also, services are disabled by default. If you installed Samba along with the base system, smbd would not run at boot. I don't like to spread marketing propoganda but this link provides some usable information among the marketing department's BS.
Swup is my favorite feature of Trustix. Swup is to Trustix as Apt is to Debian. Swup offers the same features of Apt, dependency checking, software removal, ect. but Trustix is an RPM based distro. Before updating the system, a PGP key is checked and compared on the system and the remote server. IIRC, Trustix can trace its roots to Red Hat, as many other distros are such as SuSE can. My first experience with a Linux distro was with Red Hat, many years ago. I could use Fedora or CentOS but IMHO, they are bloated when compared to Trustix.
Finally, Trustix has a basic roadmap for future releases. I know that a year and a half from now, Trustix will no longer be releasing packaged updates for my TSL (Trustix Secure Linux) version. Also, there is only one type of TSL version available. If you or your company decides to purchase support for TSL, your PHB will be able to feel warm and cozy. The product you will be using is the exact same product you can download from trustix.org for free. If you are the sysadmin and PHB like me, support is not needed. I am lucky because I am basically my own boss. My only two objectives are using minimal monetary resources and maintaining a secure and stable IT infastructure. My superior feels that the Sysadmin is able to choose the best products and tools to follow these objectives. I respect him, he respects me, and I am happy with my job.
Members of the trustix.org mailing list are always willing to give help when needed. Surprisingly, if an issue cannot be resolved by list members, Trustix.com employees often step in to help. If I were to leave or be moved to a different position (hopefully promoted), support could be purchased for the existing system if needed.
I know that Trustix is a funny name but give it a try. At home I've got a 300 Mhz Celeron with 64 MB RAM running Trustix 2.2. I has 2x200 GB drives using software RAID 1. I have it configured as a Samba PDC for the Windows boxes in the house my family uses. I'm currently working on connecting my new iMac to the Domain. We have four PCs which use it for authentication and home directories; performance is never an issue. I have a duplicate box minus the 2x200 GB hard drives which I use for testing and it also runs Trustix 2.2. Give it a try.
I've been using a Trustix box since the 1.1 release, so I guess that's about 4 years now. I recommend it to people all the time, but no one ever goes for for the same reasons as this parent poster makes their ignorant statement: brand recognition. Trustix, out of the box, is oodles more secure and "safe" than a Fedora or SuSE or BSD box. But, because people haven't really heard of it, they pass it by. Their loss, I suppose -- makes downloading the new ISO easier for me since few folks are grabbing them.
[move
Fedora Core 5 does the job if you ask it to.
First, install the x86_64 version. This provides accurate memory permissions and more bits for address space randomization.
Enable the strict SE-Linux policy, or the MLS policy if you want military-style levels. (the default policy is "targeted", which is still better than the "off" setting)
During the install, or afterward via the setsebool command, change a few settings if not done already. Enable the policy that prohibits executing from files that are not specially marked, that were written to, or could be written to. Disable the app compatibility hacks.