LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.

Recent Features

Notes on the Viacom ruling

LWN.net Weekly Edition for July 3, 2008

More DTrace envy

LWN.net Weekly Edition for June 26, 2008

Symbian to be another open mobile platform

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

OpenNA

OpenNA

Posted Mar 18, 2004 4:30 UTC (Thu) by yodermk (subscriber, #3803)
Parent article: EnGarde and Trustix - Distributions for the Paranoid

OpenNA should probably be included in discussions like this. My organization recently decided to standardize on it for all critical servers, especially ones with a public IP address.

It ships with quite paranoid policies. Root can only log in on the first virtual terminal -- all others must use sudo. I have been kicked off and denied access by doing things like attempting to mount an NFS partition. It insists that you set a password for GRUB to boot the system (which seems like a bad idea for servers). Most services are set to run in a chroot() jail, which is a good thing...something Red Hat and the others probably should have been doing from the beginning. It ships with the GIPTables firewall, a front-end to iptables with a relatively simple text-based config file. It's hardened in many other ways too, more than I can remember right now.

The 1.0 release has a few bugs, but they're being taken care of by updates. If you're used to Red Hat, you can expect to pull your hair out a few times while learning it. But if you want an ultra-paranoid distribution, it's worth looking into.

Oh, and it even ships XFree86 4.4! (In updates...the 1.0 CD ships with an RC.)

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.