Difference between revisions of "Trustix Linux Distribution Reference"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
(Created page with "Trustix Secure Linux was a Linux distribution intended for use on servers and focused on security and stability. It was a hardened and secure OS, meaning that non-essential se...")
(No difference)

Revision as of 13:48, 26 February 2014

Trustix Secure Linux was a Linux distribution intended for use on servers and focused on security and stability. It was a hardened and secure OS, meaning that non-essential services and binaries are not installed, while UNIX staples like Sendmail are replaced by programs like Postfix.

A sleazy company called Comodo Group bought Trustix Linux in 2003 and discontinued it. Updates and direct support for Trustix Secure Linux was ended December 31, 2007.

Trustix was based on Redhat Linux and used the RPM package manager model.

Trustix Secure Linux is a Linux distribution targeted at companies, of all sizes, in need of a low footprint and high security server operating system. Trustix Secure Linux includes the open standards based SoftWare UPdater, SWUP, which keeps all software packages up-to-date, resolves library dependancies and integrates public key cryptography to ensure safety and security.

Trustix Linux Configuration Tips

SSHD CONFIGURATION / REMOTE ACCESS

To Enable sshd remote login for your local area network Ensure you installed sshd Before you can start the sshd service for the first time, you have to generate keys. You only need do this once for the new installation.

Generate sshd keys

  # ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N 
  # ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N 
  # ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N 

root access

By default no root access is avaible on trustix via ssh. There are 3 options to allow root. 1) Direct ssh as root 2) ssh as a user then 'su' to root 3) ssh as user then use 'sudo'.

root 1 - To allow root direct ssh access modify the sshd_config file
  # vi /etc/ssh/sshd_config
  add or modify the line: PermitRootLogin yes
root 2 - To allow users to use 'su'; This requires user use the root password. When not configured, "su: incorrect password" even when the correct one is used. To enable
root 3 - To allow a user to sudo

start the sshd service

  # service sshd start

set sshd to start when system boots

  # mv /etc/rc3.d/K45sshd /etc/rc3.d/S45sshd

CHECK AND APPLY PATCHES AND UPDATES

It is security wise to make sure your installation of the distribution is up to date. Use the swup command to update Trustix.

  (see swup.txt for details)
  # swup --upgrade

DOWNLOAD TRUSTIX PACKAGES AND INSTALL WITH RPM

Use the RPM package manager to install or upgrade packages downloaded manually.

ENABLING IP FORWARDING FOR A FIREWALL CONFIGURATION

Trustix Network Configuration: If it is a firewall or router that you are using Trustix linux for then it will be necessary for you to enable ip forwarding. Test to see if it is enabled by typing:

  # cat /proc/sys/net/ipv4/ip_forward
  0=ip forwarding off, 1=ip forwarding on

In Trustix you shouldn't add "echo 1 > /proc/sys/net/ipv4/ip_forward" to the rc.local file such as was the practice in old distributions. Instead you should modify the sysctl.conf file.

  # vi /etc/sysctl.conf
  net.ipv4.ip_forward = 1
  (see firewall-router.txt Netfilter Firewall and Router for details)

UPGRADE VIM TO FULL VIM ENHANCED

Trustix comes with shitty vim based on a shitty RPM. In fact, the vim distributions in rpm pretty much all suck. The enhanced one requires X but we can get around this. First obtain gpm-1.20.1-2tr.i586.rpm

  # rpm -ih gpm-1.20.1-2tr.i586.rpm
  # rpm -ih vim-common-6.2.121-1.i386.rpm
  # rpm -ih vim-enhanced-6.2.121-1.i386.rpm
  # ln -s /usr/bin/vim /bin/vi

ABILITY TO TRANSFER FILES

There are some options, such as ftp, wget, scp, and zmodem to name a few. For CRT users on Windows, zmodem provides a fast way to upload and download files to and from your Trustix boxen. zmodem uses sz and rz in an RPM package called lrzsz-0.xx.xx-xx.i386.rpm

See also: Linux and UNIX Secure Copy

INSTALLING FROM SOURCES

Compiler must be installed for you to compile from sources. If you get the error "-bash: make: command not found" for example, get and install make-3.80-7tr.i586.rpm

  rpm -ih make-3.80-7tr.i586.rpm