Trustix, a Worthy Contender? 107
Linux.com (also owned by OSTG) is running a quick look at Trustix, a Linux distro designed for servers that focuses on ground up security and stability. From the article: "No operating system can claim to be completely secure. There will always be zero-day exploits, configurations errors, user errors, and other factors that can defeat the best security for any system. On the other hand, it's always good to start from a secure base and then add more security. Trustix provides a reliable and secure Linux distribution that you can build upon. There are no wasteful graphical displays and no wizards to set up your firewall. If you aren't comfortable with the command line, forget about Trustix. [...] That said, Trustix does a good job of keeping your system up-to-date, and if you have the required experience, you'll find that it's a robust distro. As a simple server distro with a high level of security and customizability, Trustix is a worthy contender."
Benefits? (Score:1, Insightful)
Re:Benefits? (Score:5, Informative)
Re:Benefits? (Score:2, Interesting)
Re:Benefits? (Score:1)
As far as trusting only trusted distributions go, I don't see anyone mentioning the NSA's version LinuxSE.
Did they screw the pooch or is this a big secret?
Re:Benefits? (Score:2)
soo.... (Score:1, Interesting)
... It's an OpenBSD [openbsd.org] wannabee without the proven track record?
Re:soo.... (Score:2)
Re:soo.... (Score:2)
So do I. For all that wonderful PaX business, code auditing, and other hardening, you'd think de Raadt would code an "anti chain-yank" filter.
Re:soo.... (Score:1)
Gotta start sometime. (Score:3, Insightful)
EVERYTHING starts without a track record. The only way to accumulate one is to go down to the track and start running.
Happy belated zeroeth birthday, Trustix!
Happy 5th (Score:2, Informative)
The first full release of Trustix was over five years ago [google.com]. It isn't a new, untested Linux distribution by any stretch of imagination.
Re:Happy 5th (Score:2)
So how IS their track record?
Re:soo.... (Score:2)
Re:soo.... (Score:2)
Re:soo.... (Score:1)
As far as I know, Theo is also involved in OpenSSH. Does that mean we are not gonna use OpenSSH?
On the other hand, the glibc maintainer Ulrich Drepper has a similar personality as Theo, does that mean we should dump glibc for good?
Re:NSA Linux? (Score:1)
Re:NSA Linux? (Score:3, Informative)
Re:NSA Linux? (Score:2)
(It's a tool in the box, sure, but...)
Re:NSA Linux? (Score:2)
Re:NSA Linux? (Score:5, Informative)
The NSA produced a kernel patch and a set of userland tools called SELinux which provided a much richer and more fine grained security model for Linux, but no actual distribution. In practice this was essentially done as a "proof of concept" by the NSA who were frustrated by the lack of serious security architecture in modern operating systems - they decided the easiest way to get the ball rolling was to take something freely available and modifiable, like Linux, add the better security architecture and hand it back to show how things could be done. Since then that work has been converted into the Linux Security Module which provides support for the general architecture suggested by the NSA in a more modular fashion, and SELinux was adapted to work within such a system.
What does SELinux actually buy you? To quote the NSA FAQ:
Jedidiah.
Chop shop (Score:5, Funny)
I'm sorry. I like my security and stability in one piece. Thanks.
Comparing Secure Linuxes? (Score:5, Informative)
- Greg
Fedora w/ strict policy enabled (Score:4, Informative)
First, install the x86_64 version. This provides accurate memory permissions and more bits for address space randomization.
Enable the strict SE-Linux policy, or the MLS policy if you want military-style levels. (the default policy is "targeted", which is still better than the "off" setting)
During the install, or afterward via the setsebool command, change a few settings if not done already. Enable the policy that prohibits executing from files that are not specially marked, that were written to, or could be written to. Disable the app compatibility hacks.
Re:Comparing Secure Linuxes? (Score:1)
well... (Score:2, Funny)
Re:Free? (Score:2)
Re:Yea, but.. (Score:2)
It would have been nice... (Score:1)
As a Trustix User... (Score:3, Informative)
I use Trustix on my servers because it is designed specifically for servers. Unlike other distros, Trustix is completely CLI and bloat is minimal. By default, a base system is installed (basic GNU Utilities, and sshd.) The default config files for any installed service were created with security in mind. For example, sshd does not allow root login. A
Root disallowed, how about sudo? (Score:2)
Re:Root disallowed, how about sudo? (Score:1)
robert
Re:Root disallowed, how about sudo? (Score:2)
Re:Root disallowed, how about sudo? (Score:2)
All my servers are headless but I needed console access to do the install. There are two reasons this is needed.
1. sshd does not start by default on boot. You have to enable it (chkconfig sshd on)
2. In order to do administration t
Re:Root disallowed, how about sudo? (Score:2)
For some reason I thought that the sshd daemon was running by default, I realize now that the person who said that just meant that sshd was installed, but not running, by default.
Thanks.
TSL Pros and CONS - more review notes. (Score:2)
What I didn't like was the upgrade path issues. Debian, for example was a breeze to do major upgrades of the distributio
Why yet another distro? (Score:2, Insightful)
Re:Why yet another distro? (Score:1)
Re:Why yet another distro? (Score:1)
Re:Why yet another distro? (Score:2)
A minimal install +SSH is ~100 meg. MEGs. Nothing extra, unless you want it installed.
In short, they did what you were advocating.
Ummm (Score:3, Insightful)
I'm all for the command line, and in fact like the flexibility of the command line, set-up files, etc.
But there's no doubt that with flexibility comes a lot of responsibility. And if you put responsibility in the hands of humans, then there will be an error somewhere along the way. If you want reliable security, not just potential security, it's a lot better to be able to just click the checkbox next to 'FTP' on a firewall dialogue than have to slog through iptable entries.
Sounds like these guys have the wrong philosophy. A server built for security makes sure that dumb administrators can't mess it up.
Re:Ummm (Score:1)
Re:Ummm (Score:2)
I could not agree with you more so far. I'd just like to point out that ultimately all matters of security are up to flawed human beings.
Re:Ummm (Score:2)
And you're also trusting the iptable developers (or whatever firewall system you're using). Do you audit the code to make sure it does what it's supposed to do? Based on your philosophy, everyone should modify the TCP/IP stack source code to "make sure" security is implemented correctly.
Security does not come through pain and torment. Security comes through simple mis
Re:Ummm (Score:2)
On the other hand, there is no doubt at all that putting a layer of eye candy application between the administrator and the actual configuration adds risk and obscures what is going on.
Thanks, but I'll take the command line over menu-driven configuration tools for any configuration issue that might touch on security (which is essentially all of them, isn't it?)
I expect security tools designed to make it easy for the mousketeers to prod
Re:Ummm (Score:1)
Re:Ummm (Score:2)
Re:Ummm (Score:1)
I'm not an expert but I've used Trustix a lot in the past. What I like about it is that trustix leaves all but the most important services off by default, and then allows the administrator to start and install only what is needed. Rather than a server built for dumb administrators, it is built for administrators who don't want to have to go through the tedious task of disabling everything he/she doesn't use just to harden a server for production.
What i've used it for most in the past is running a simple
Well Duh... (Score:2)
So this product is designed to be used by a tiny portion of the market. A portion so small that there is really no glory to be gained by hacking it. Even if one did crack it, you wouldn't get a fleet of bot nets out of it. Even if you do crack it, there isn't likely going to be a wealth of ransomable data on it. Nope, it is just some linux nut trying to be hard core about security. So.... Why bother trying?
It's all about the cost/benefit
Re:Well Duh... (Score:2)
On the other hand, maybe we're having zombie nets continu
Been using Trustix for a few years... (Score:3, Interesting)
Then not so long ago, I saw one of the workers at Comodo carrying several computers from their office. Turned out that everyone had been laid off and the Norwegian branch was closed down.
At the same time this happened and for some time there was no information given about the status of Trustix:
http://www.mail-archive.com/tsl-discuss@lists.tru
We still have a few servers running Trustix, but are currently moving over to other distributions.
Re:Been using Trustix for a few years... (Score:2)
Re:Been using Trustix for a few years... (Score:1)
Noticed on the homepages of the former core developers that they are in fact using Ubuntu today. That really says a lot to me.
Unless Comodo issues some statment I would consider Trustix dead. It's sad, as I've used the distro for over 6 years and come to love it quite pationately. Even invested a lot of free time providing/taking free support on their mailing list. Starting
Apache Default Page (Score:1)
Anybody else find it funny that the Trustix website has their own Apache default page?
From trustix.net:
Re:Apache Default Page (Score:1)
In other news, a certain centOS flaming mayor seems to have found slashdot...
Trustix is supposed to be ok (Score:4, Interesting)
On top of that, you have several methods of ensuring that the software is correct. The methods that are popular are:
Trustix does some of the auditing of OpenBSD, I believe, which is good. However, no auditing method will ever produce provable security. It can only ever produce probable security.
Linux (and so presumably Trustix) has various role-based mandatory access control systems, which provide a vastly higher level of protection against malicious use by someone already on the system. However, none of the mechanisms I am aware of provide mandatory access controls for packets or memory allocations. I am also very unclear if they provide additional security for shared memory or shared resources (using the P9000 filing system). As far as I know, OpenMOSIX and bproc have no mandatory access control support, so if you migrate a process, the rights do NOT migrate with it. (Also, if one node in a cluster has MAC, it should be impossible for threads to migrate from that to a non-MAC node, although the reverse should work, as MAC restrictions can be added but should not be removable outside of the established mechanism for doing so.)
MAC only appears on a very limited number of *BSDs, and most of those have vanished without a trace. SecureBSD and TrustedBSD are not exactly household names, and even those seemed to be limited to the narrow range of controls that SELinux supports. AFAIK, no other of the Open Source BSDs support mandatory access controls at all.
Note: MAC clusters would be wonderful for public server farms, as they would be a lot simpler and a lot safer than any of the other popular methods used.
Trusted computing and encryption often go hand-in-hand, but driver support for either is abysmal in the kernel. The number of trusted computing accelerators supported by Linux is feeble, and there's only one (RSA) crypto chip, even though many many others exist - and there's even specs and Open Source support for them. Why publicly specced devices aren't making it into Linux is beyond me, as that is the chief complaint of Linux driver developers. The way to reinforce that specs are good is to reward those who publish them. The way to reinforce that Linux doesn't matter is to have no impact.
(A good example is the Motorola S1 chip, for which the complete manual has been online for a long long time.)
Ultimately, until an Open Source system can beat the pants off an ancient closed-source system like Gemini, we've no business calling anything we have "secure" in any absolute sense. In a relative sense, most Open Source systems are infinitely more secure than any comparable system, but that only goes so far. It's about time we bit the bullet and gatecrashed the turf that has so far been reserved for the most secure of military systems.
Linux can do it, right now (Score:2)
SE Linux does that. Normally people would rather handle gigabit networking and run obsolete apps, but you can enable the protection if you want it. Fedora Core 5 even has a couple ready-made settings for the memory-related stuff.
Want the full power of the 2.6.16 kernel and a recent toolchain? See how you like this:
You may only execute files that are specially marked. (to mark them requires privile
Re:The Privileged Ports Hole: plugged yet? (Score:1)
changes things to allow userland processes to bind to low-numbered ports,
then that might help one part of the problem (vulnerable local processes
are running with root privs) but doesn't address other parts of the
problem (untrusted local users may now be able to bind to low-numbered
ports [that may cause their own set of local or remote trust issues]
+ remote folks relying on historical practice of "privileged ports are
a useful differentia
I'm looking for a TPM-enabled distro... (Score:2)
... and the name of this one made me hopeful for a second, but it isn't.
In theory, using a Trusted Platform Module (TPM) allows you to configure a system so that encryption keys can be bound to a particular system state. I'd like to be able to use this for fairly high-security systems like, say, CAs, or RADIUS auth servers, etc., but I'll never have the time to do it myself.
The idea is that as pieces of software are loaded, they're fed to the TPM, which hashed them into a Program Control Register. The
No way (Score:1)
Package management (Score:2)
another linux distro for dumb admins? (Score:1)
WOW (Score:1)
http://www.trustix.org/installation/index.php [trustix.org]
http://www.trustix.net/ [trustix.net]
http://www.trustix.net/installation/index.php [trustix.net]
WOW! Now that is secure.
At least you can reach this site, which looks awfully commercial-style with no community.
http://www.trustix.com/ [trustix.com]
Forgive the n00b (Score:2)
It strikes me like anybody who is competent enough to use and maintain a secure Trustix distribution would be equally qualified to maintain a secure, say, RHEL 4 distro. RHEL 4 is also not burdened by a GUI, and supports SElinux. I'm sure you can also install Ubuntu without X, and I know you can for many other distros.
So, if you have the qualifications, why use Trustix? And if you don't, wouldn't a more user
Reasons for using Trustix (was:Re:Forgive the n00b (Score:1)
My first inclination was to try CentOS, but the machine I was attempting to install it on had a bad CD-ROM, which meant that most of the packages I tried to load got corrupted. I also had previously used Red Hat (before they did the Fedora/RHEL split) and disliked the fact that they tended to hook everything into X wherever pos
Re:Reasons for using Trustix (was:Re:Forgive the n (Score:2)
Gentoo -- I nearly went this way, since I now run a Gentoo server and like the ease of updates, but I did not have the time or resources on hand to do a complete install from source. Plus the machine is a bit slow...
I had begun building servers some time ago with Gentoo. It was not a pleasurable experience. Bugs in portage (yes portage itself) eventually crept in and royally messed the entire package database. It took a significa
Security and usability (Score:2)
Hell no. Security makes sense up to a certain level. A system's security can be increased into unusability. What could be more secure than a server which you need to dive into the Mariana trench, disarm the motion sensor embedded hydrogen bomb linked to the server, break through concrete and provide connectivity to that server? It's secure but unusable. A healthy balance is required.
LMAO (Score:2)
10 Years later someone brings OpenBSD's philosophy to the Linux world.
Linux is linux (Score:2)
Another supposedly "secure" distro with no differentiator between it and anything else other than someone turned on settings already there.
Wake me up when they do something that CHANGES Linux and ALL the OTHER distros stand up and take note.
Re:Heh... Trustix.org is down? (Score:1)
"Disclaimer: This site/server is not affiliated with Trustix, Comodo Trustix, the Comodo Group, or the Apache Software Foundation. It just happens to run software that we created."
I'm guessing that's wrong though, lol. I'd be worried if their official site is denying any affiliation with their software.
Re:Heh... Trustix.org is down? (Score:2)
Re:Heh... Trustix.org is down? (Score:1)
Re:Heh... Trustix.org is down? (Score:2)