LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

OpenNA

OpenNA

Posted Mar 18, 2004 4:30 UTC (Thu) by yodermk (subscriber, #3803)
Parent article: EnGarde and Trustix - Distributions for the Paranoid

OpenNA should probably be included in discussions like this. My organization recently decided to standardize on it for all critical servers, especially ones with a public IP address.

It ships with quite paranoid policies. Root can only log in on the first virtual terminal -- all others must use sudo. I have been kicked off and denied access by doing things like attempting to mount an NFS partition. It insists that you set a password for GRUB to boot the system (which seems like a bad idea for servers). Most services are set to run in a chroot() jail, which is a good thing...something Red Hat and the others probably should have been doing from the beginning. It ships with the GIPTables firewall, a front-end to iptables with a relatively simple text-based config file. It's hardened in many other ways too, more than I can remember right now.

The 1.0 release has a few bugs, but they're being taken care of by updates. If you're used to Red Hat, you can expect to pull your hair out a few times while learning it. But if you want an ultra-paranoid distribution, it's worth looking into.

Oh, and it even ships XFree86 4.4! (In updates...the 1.0 CD ships with an RC.)

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds