LWN Weekly Edition
Front pageSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->One big page
This page
Previous weekFollowing week
| |||||||||||||
|
| |||||||||||||
DistributionsNews and Editorials Trustix Secure Linux 2.0[This article was contributed by Ladislav Bodnar] Trustix Secure Linux 2.0 was released last week, nearly two years after the previous stable version 1.5. The distribution is a product of Trustix AS, a Trondheim, Norway-based company, which has been developing secure server solutions since 1999. The latest version is a major upgrade and this warrants a closer look at some of the new features.Trustix AS started as a consulting company providing Linux-based solutions and support for Linux server deployments. The first stable version of Trustix Secure Linux was version 1.0, released in March 2000 and based on Red Hat Linux 6.x, but stripped of the X Window System and all graphical applications. The distribution maintained compatibility with Red Hat and kept providing security and bug fixes throughout the product's lifespan. In later years, Trustix AS expanded their product range to include complete hardware and software solutions for various server scenarios. Besides their headquarters in Norway, the company has offices in USA, UK and Asia. Version 2.0 has come a long way since the initial release. While the distribution is now developed independently of its original base, system administrators familiar with the Red Hat distribution will still feel instantly at home with Trustix. The installation program, which can be initiated from a CD-ROM or over the network, is a modified version of Red Hat's Anaconda in text mode, with several important changes. Among the more noticeable ones are the availability of most major journaled file systems, including ext3, JFS and ReiserFS, together with an option to set up RAID arrays. A choice between grub and lilo, as well as an option to set a boot loader password are given during the installation, and so are options to enable NIS or LDAP authentication. The simplified package installation screen presents 19 common scenarios for server setup, such as mail, web, FTP or DNS servers, firewall and database servers among many others. This can be fine-tuned by selecting a custom package installation option. The star feature of Trustix Secure Linux is SwUp, or SoftWare UPdater. Written in Python and released under GPL, SwUp is an excellent utility designed to keep a Trustix system up-to-date of all bug and security fixes with minimal effort. In fact, installing and configuring a package called "swupcron" ensures that the system is kept up-to-date without any human interference. SwUp provides for automatic resolution of dependencies, poll-only functionality (without any actual package installation), strong authentication with GnuPG, filter and search capabilities, caching of downloads and use of HTTP proxies. SwUp also allows for automatic kernel updates, although this ability is turned off by default. Other new additions in Trustix 2.0 include Courier and Cyrus IMAP daemons, CUPS printing system (replacing LPRng in earlier versions), fcron (replacing vixie-cron), xinetd (replacing inetd), hdparm, rdfgen and many others; see the release announcement for a complete list of changes. The system is based on kernel 2.4.21 and glibc 2.3.2, all compiled with the latest gcc 3.3. Most other packages included with the distribution are also highly up-to-date - Apache comes in version 2.0.46, Bind in 9.2.2 and MySQL is at 4.0.13. Although not even two weeks old, the developers were quick to issue several updates and fixes, so be sure to fire up SwUp right after the installation. What makes Trustix more secure than a standard Red Hat server? If you are expecting a long list of kernel patches guarding against buffer overflow exploits or stack smashing attacks, then you will be disappointed. The Trustix approach to security is very simple - provide only well-tested and widely used packages, as well as a system with sensible defaults and no unnecessary services running or ports open. Admittedly, these are not particularly earth-shattering qualities, but remember that in its default state, the distribution serves mainly as a base for the company's commercial products. Additionally, Trustix developers pride themselves on being extremely fast to apply patches to any known security issues. All this, combined with complete transparency and open beta testing guarantee a stable and secure operating system -- claims the document describing the company's security policy. Trustix Secure Linux 2.0 is available as a free download from many mirrors around the world.
Distribution News Debian GNU/LinuxThe Debian Weekly News for July 8, 2003 is out. This week's topics include the enforcability of the GPL in Germany with a rebuttal from the German Institute for Legal Issues on Free and Open Source Software; Linux use in the City of Austin, Texas; and much more.Benj. Mako Hill has announced a potential Debian subproject aimed toward desktop use in non-profit organizations. Right now the project is looking for developers who might be interested in working on this project. The Debian Project will be represented at several conferences, including Libre Software Meeting, LinuxTag, and Debian Conference 3. Speaking of DebConf, the schedule for talks and events has been posted here. KDE.News covers a new a new HOW-TO from KDE Hispano on installing KDE 3.1.2 in Debian Sarge. Debian Planet reports that the UK mirror open.hands.com has been replaced, and is now in need of some load testing.
Gentoo Weekly Newsletter -- Volume 2, Issue 27The Gentoo Weekly Newsletter for July 7, 2003 is out. This week marks a change in editorship for the GWN; Gentoo coming to Windows with Cygwin; Milestone reached in herds project; Infrastructure changes; Controversy about inappropriate content in ebuilds; GWN seeking additional contributors; and more.
10 Questions with Auke KokHere is an interview with Lunar Linux developer Auke Kok. "8. Who can benefit from using lunar? Lunar is for everyone. Though it may be extremely hard for the beginner to administer, it provides you with all the possible features you could want from a linux distro."
MontaVista LinuxMotorola, Inc. Semiconductor Products Sector (SPS) and MontaVista Software Inc. have announced that MontaVista Linux Professional Edition 3.0 will support the Motorola i.MX1 and i.MXL family of applications processors.
Red Hat LinuxRed Hat has released some bug fix advisories: This one fixes a common GNOME panel crash for RHL 8.0, and new redhat-config-printer packages and updated print-queue manager packages are available for RHL 9.
Trustix Secure LinuxLast week Trustix released TSL 2.0. This week they have some bug fixes available for many little bugs that cropped up. Users of TSL 1.2 or 1.5 might want to get these new GnuPG and gzip packages.
New Distributions distccKNOPPIXOpen Door Software created distccKNOPPIX, a small (~48MB) self-configuring Linux system running a distccd daemon. It is a simple remastering of Damn Small Linux (which is KNOPPIX-based) running a distccd daemon and some general cleaning up/removal of unneeded packages/apps. Its obvious target is for those who have other machines at their hands, and for some reason or an other can not get a distccd daemon running on it. It joins the CD-based section of our list at v0.0.4, released July 4, 2003.
OraluxOralux is a GNU/Linux distribution for blind or visually impaired people. It is based on Knoppix, and runs from the CD-ROM. An audio desktop replaces the graphical user interface. Initial version 0.03 was released July 3, 2003.
SalvareSalvare (from the Latin "to rescue") is a small Linux distribution designed for small, credit-card sized CDs which typically hold around 34MB. More Linux than tomsrtbt but less than Knoppix, it aims to provide a useful workstation as well as a rescue disk. Initial version 0.1.0 was released July 2, 2003.
stresslinuxstresslinux is a minimal Linux distribution that runs from a bootable CDROM or via PXE. It makes use of some utitlities such as stress, cpuburn, hddtemp, lm_sensors, etc. It is dedicated to users who want to test their system(s) entirely on high load and monitor the health of these systems. Initial version 0.1.5b was released July 4, 2003, swiftly followed by 0.1.5c. It has joined our list in the Special Purpose/Mini section of our List.
ThePacketMasterThePacketMaster Linux Security Server is a CD-based security auditing tool that boots and runs penetration testing and forensic analysis tools. It is handy for security auditors. Some tools included are nessus, ethereal, The Coroner's Toolkit, chntpw, and minicom. It includes modules for any Linux 2.4.20 SCSI driver. Initial version 1.0.0 was released July 5, 2003. It has joined the Secured Distributions section of our List.
Minor distribution updates Astaro Security LinuxAstaro Security Linux has released v4.009 with minor bugfixes. "Changes: This Up2Date improves the performance for POP3 and SMTP AntiVirus scanning, and fixes two POP3-related bugs."
Coyote LinuxCoyote Linux has released v2.0-rc1 with minor bugfixes. "Changes: Minor bugfixes for the PPP dialup disk creator scripts."
DIET-PCDIET-PC has released v1.1 with major feature enhancements. "Changes: This version converts DIET-PC from a special-purpose thin client framework into a general- purpose "embedded appliance" framework. This includes greater flexibility with regard to bootstrap methods (e.g. boot from PXE boot ROM, CD, or solid-state/conventional hard disk), and architectural changes permitting offline operation."
MoviXMoviX has released v0.8.0rc2 with major feature enhancements. "Changes: This release adds remote support for the MoviX menu, improves ISA audio cards and SCSI cards module autoloading, XCD and TV-in support, and subtitles support, gets rid of the Microsoft TrueType fonts for copyright reasons, adds two Open Source TrueType fonts, and adds support for serial remotes."eMoviX 0.8.0rc2 has been released with minor feature enhancements. "Changes: This version adds support for international kbds layouts and TrueType fonts, squeezes initrd.gz to 6MB, upgrades MPlayer to 0.90, updates and adds several translations, and improves DVD support."
SmoothWallSmoothWall has released v2.0 beta5 with minor feature enhancements. "Changes: This release includes a 2.4.21 kernel, NTP time sync, tweaks to the UI, several other updates, and bugfixes. The timezone is now set in the UI rather than the setup program. Updates lists can now be retrieved through a (passwordless) HTTP proxy."
ThinStationThinStation has released v1.0 beta 4 with major bugfixes. "Changes: Two unused XFree86 libraries were removed. Many binaries were recompiled with size optimizations. The lpr package was fixed by updating its modules. The thinstation.defaults file was added. An ongoing problem with rdesktop parameters was fixed, so now you can specify as many parameters as you want."
Trinity Rescue Kit 1.1Trinity Rescue Kit may be all you need to save your crashed computer. Now Trinity Rescue Kit 1.1, a major upgrade, has been released. Click below for details.
ttylinuxttylinux has released v3.2 with minor bugfixes. "Changes: The latest versions of e3 and LILO were included, and a status option was added to the ISDN init script."
Distribution reviews Dyne:bolic: A broadcast studio on a Linux CD (NewsForge)Russell Pavlicek reviews Dyne:bolic, on NewsForge. "There are Linux distributions galore that target office, home, and server systems. But a new Linux distribution promises to provide a multimedia studio -- complete with the ability to transmit Webcasts worldwide -- without ever installing any software on your hard drive. Sound impossible? Not for a new Linux distribution called Dyne:bolic."
FreeBSD 5.1 Shows Handy New Features (eWeek)eWeek reviews FreeBSD 5.1. "FreeBSD users can access a large number of software packages for the platform through FreeBSD's ports collection. We could either compile these applications ourselves or install them as precompiled packages. We could also install and run Linux applications on FreeBSD after installing a Linux application compatibility layer."
Savanna Says: Kneat Knoppix!KDE.News has this article on using Knoppix to try out the latest KDE3. "All you have to do is put it in your CD drive, boot up, and presto! you've got a Linux system -- and a beautiful KDE3 desktop -- running all from your CD drive. No install, no weird lines of code... try it out and you will see how beautiful KDE and Linux are, and you won't even have to get your hands dirty or look under the hood."
LindowsOS: Robust Linux with More than Rookie Appeal (eWeek)eWeek reviews LindowsOS 4.0. "Beyond its appeal to novices, LindowsOS also has a couple of things to teach bigger-name Linux distributions such as Red Hat Linux. I was particularly impressed by LindowsOS' handling of USB thumb drives, those handy devices for plug-and-play ferrying of data too large for floppies. These devices work with every recent Linux distribution, but most require some command-line fiddling to get going. With LindowsOS, you plug one of these drives into a USB port, and an icon for the auto-mounted drive pops right up on the desktop--just as it should."
Page editor: Rebecca Sobol |
|
||||||||||||