Trustix Linux Configuration Tips

SSHD CONFIGURATION / REMOTE ACCESS

To Enable sshd remote login for your local area network Ensure you installed sshd Before you can start the sshd service for the first time, you have to generate keys. You only need do this once for the new installation.

Generate sshd keys

  # ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N 
  # ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N 
  # ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N 

root access

By default no root access is avaible on trustix via ssh. There are 3 options to allow root. 1) Direct ssh as root 2) ssh as a user then 'su' to root 3) ssh as user then use 'sudo'.

root 1 - To allow root direct ssh access modify the sshd_config file

  # vi /etc/ssh/sshd_config
  add or modify the line: PermitRootLogin yes

root 2 - To allow users to use 'su'; This requires user use the root password. When not configured, "su: incorrect password" even when the correct one is used. To enable

root 3 - To allow a user to sudo

start the sshd service

  # service sshd start

set sshd to start when system boots

  # mv /etc/rc3.d/K45sshd /etc/rc3.d/S45sshd

CHECK AND APPLY PATCHES AND UPDATES

It is security wise to make sure your installation of the distribution is up to date. Use the swup command to update Trustix.

  (see swup.txt for details)

  # swup --upgrade

DOWNLOAD TRUSTIX PACKAGES AND INSTALL WITH RPM

• ftp://ftp.trustix.org/pub/trustix/releases

• ftp://ftp.trustix.org/pub/trustix/releases/trustix-1.2/i586/Trustix/RPMS
• ftp://ftp.trustix.org/pub/trustix/releases/trustix-1.5/i586/Trustix/RPMS
• ftp://ftp.trustix.org/pub/trustix/releases/trustix-2.0/i586/trustix/rpms
• ftp://ftp.trustix.org/pub/trustix/releases/trustix-2.1/i586/trustix/rpms
• ftp://ftp.trustix.org/pub/trustix/releases/trustix-2.2/i586/trustix/rpms
• ftp://ftp.trustix.org/pub/trustix/releases/trustix-3.0/i586/trustix/rpms/
• ftp://ftp.trustix.org/pub/trustix/releases/trustix-3.0.5/i586/Trustix/RPMS

Use the RPM package manager to install or upgrade packages downloaded manually.

ENABLING IP FORWARDING FOR A FIREWALL CONFIGURATION

If it is a firewall or router that you are using Trustix linux for then it will be necessary for you to enable ip forwarding. Test to see if it is enabled by typing:

  # cat /proc/sys/net/ipv4/ip_forward
  0=ip forwarding off, 1=ip forwarding on

In Trustix you shouldn't add "echo 1 > /proc/sys/net/ipv4/ip_forward" to the rc.local file such as was the practice in old distributions. Instead you should modify the sysctl.conf file.

  # vi /etc/sysctl.conf
  net.ipv4.ip_forward = 1
  (see firewall-router.txt for details)

UPGRADE VIM TO FULL VIM ENHANCED

Trustix comes with shitty vim based on a shitty RPM. In fact, the vim distributions in rpm pretty much all suck. The enhanced one requires X but we can get around this. First obtain gpm-1.20.1-2tr.i586.rpm

  # rpm -ih gpm-1.20.1-2tr.i586.rpm
  # rpm -ih vim-common-6.2.121-1.i386.rpm
  # rpm -ih vim-enhanced-6.2.121-1.i386.rpm
  # ln -s /usr/bin/vim /bin/vi

ABILITY TO TRANSFER FILES

There are some options, such as ftp, wget, scp, and zmodem to name a few. For CRT users on Windows, zmodem provides a fast way to upload and download files to and from your Trustix boxen. zmodem uses sz and rz in an RPM package called lrzsz-0.xx.xx-xx.i386.rpm