Trustix Secure Linux 2.0
[This article was contributed by Ladislav Bodnar]
Trustix Secure Linux 2.0 was released last week, nearly two years after the previous stable version 1.5. The distribution is a product of Trustix AS, a Trondheim, Norway-based company, which has been developing secure server solutions since 1999. The latest version is a major upgrade and this warrants a closer look at some of the new features.Trustix AS started as a consulting company providing Linux-based solutions and support for Linux server deployments. The first stable version of Trustix Secure Linux was version 1.0, released in March 2000 and based on Red Hat Linux 6.x, but stripped of the X Window System and all graphical applications. The distribution maintained compatibility with Red Hat and kept providing security and bug fixes throughout the product's lifespan. In later years, Trustix AS expanded their product range to include complete hardware and software solutions for various server scenarios. Besides their headquarters in Norway, the company has offices in USA, UK and Asia.
Version 2.0 has come a long way since the initial release. While the distribution is now developed independently of its original base, system administrators familiar with the Red Hat distribution will still feel instantly at home with Trustix. The installation program, which can be initiated from a CD-ROM or over the network, is a modified version of Red Hat's Anaconda in text mode, with several important changes. Among the more noticeable ones are the availability of most major journaled file systems, including ext3, JFS and ReiserFS, together with an option to set up RAID arrays. A choice between grub and lilo, as well as an option to set a boot loader password are given during the installation, and so are options to enable NIS or LDAP authentication. The simplified package installation screen presents 19 common scenarios for server setup, such as mail, web, FTP or DNS servers, firewall and database servers among many others. This can be fine-tuned by selecting a custom package installation option.
The star feature of Trustix Secure Linux is SwUp, or SoftWare UPdater. Written in Python and released under GPL, SwUp is an excellent utility designed to keep a Trustix system up-to-date of all bug and security fixes with minimal effort. In fact, installing and configuring a package called "swupcron" ensures that the system is kept up-to-date without any human interference. SwUp provides for automatic resolution of dependencies, poll-only functionality (without any actual package installation), strong authentication with GnuPG, filter and search capabilities, caching of downloads and use of HTTP proxies. SwUp also allows for automatic kernel updates, although this ability is turned off by default.
Other new additions in Trustix 2.0 include Courier and Cyrus IMAP daemons, CUPS printing system (replacing LPRng in earlier versions), fcron (replacing vixie-cron), xinetd (replacing inetd), hdparm, rdfgen and many others; see the release announcement for a complete list of changes. The system is based on kernel 2.4.21 and glibc 2.3.2, all compiled with the latest gcc 3.3. Most other packages included with the distribution are also highly up-to-date - Apache comes in version 2.0.46, Bind in 9.2.2 and MySQL is at 4.0.13. Although not even two weeks old, the developers were quick to issue several updates and fixes, so be sure to fire up SwUp right after the installation.
What makes Trustix more secure than a standard Red Hat server? If you are expecting a long list of kernel patches guarding against buffer overflow exploits or stack smashing attacks, then you will be disappointed. The Trustix approach to security is very simple - provide only well-tested and widely used packages, as well as a system with sensible defaults and no unnecessary services running or ports open. Admittedly, these are not particularly earth-shattering qualities, but remember that in its default state, the distribution serves mainly as a base for the company's commercial products. Additionally, Trustix developers pride themselves on being extremely fast to apply patches to any known security issues. All this, combined with complete transparency and open beta testing guarantee a stable and secure operating system -- claims the document describing the company's security policy.
Trustix Secure Linux 2.0 is available as a free download from many mirrors around the world.