User: Password:
Subscribe / Log in / New account



Posted Mar 18, 2004 4:30 UTC (Thu) by yodermk (subscriber, #3803)
Parent article: EnGarde and Trustix - Distributions for the Paranoid

OpenNA should probably be included in discussions like this. My organization recently decided to standardize on it for all critical servers, especially ones with a public IP address.

It ships with quite paranoid policies. Root can only log in on the first virtual terminal -- all others must use sudo. I have been kicked off and denied access by doing things like attempting to mount an NFS partition. It insists that you set a password for GRUB to boot the system (which seems like a bad idea for servers). Most services are set to run in a chroot() jail, which is a good thing...something Red Hat and the others probably should have been doing from the beginning. It ships with the GIPTables firewall, a front-end to iptables with a relatively simple text-based config file. It's hardened in many other ways too, more than I can remember right now.

The 1.0 release has a few bugs, but they're being taken care of by updates. If you're used to Red Hat, you can expect to pull your hair out a few times while learning it. But if you want an ultra-paranoid distribution, it's worth looking into.

Oh, and it even ships XFree86 4.4! (In updates...the 1.0 CD ships with an RC.)

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds