News and Editorialscoverage of SELinux and its implementation in the development releases of Fedora Core 2, several readers expressed disappointment about the complexity associated with this new security model: "SELinux may give administrators extra flexibility, and add some extra 'layers' of protection for critical files, but security pros usually consider complexity to be the enemy of good security - and this system is nothing if not complex," wrote one reader. Still, with several attacks on high-profile Linux servers during 2003, many system administrators are evaluating various security solutions for their mission-critical servers and firewalls. Those of them who are prepared to look beyond Linux might find that OpenBSD is exactly what they need.
Initiated by Theo de Raadt back in 1996, OpenBSD's primary goal is to build a free and highly secure operating system. The developers pride themselves for a remarkable achievement of eight years with only a single remote hole in the default install. Although OpenBSD doesn't support nearly as many processor architectures as NetBSD, its original parent, the latest release of OpenBSD is available for 13 platforms, including Alpha, AMD64, PowerPC, SPARC, as well as i386. But despite fundamental technical differences between Linux and BSD, a system administrator familiar with Linux will find it relatively easy to administer an OpenBSD box, especially after reading the project's online manual (which includes a section about migrating from Linux to OpenBSD), or the superb Absolute OpenBSD by Michael W. Lucas.
How is security in OpenBSD better than in other UNIXes? Let's take a look at some of the more interesting features found this BSD flavor: file flags, securelevels and systrace.
In many ways, OpenBSD is one of the most remarkable projects in the history of UNIX. With support for 13 architectures and its emphasis on security and integrated cryptography, any system administrator that overlooks OpenBSD where server security is of paramount importance is not doing a proper job. Even if most of us prefer to run Linux on our servers and desktop, there is no doubt that OpenBSD has a rightful place in the OS ecosystem, and a rightful place in every UNIX sysadmin's toolbox.
Distribution Newsannounced the release of Mandrakelinux 10.0 for the x86_64 architecture. "Mandrakelinux 10.0 for AMD64 delivers all the features and robustness of Mandrakelinux 10.0 Official to the 64-bit platform from AMD, with an average performance gain of 20% compared to the IA32 version."
Mandrakelinux 10.0 update advisories:
The Debian-Installer team has announced the fourth beta release of the Debian sarge installer. Improvements in this release include support for arm, hppa, and mipsel architectures bringing the total up to nine supported architectures; experimental support for the 2.6 kernel on i386; detection of existing operating systems; new translations; plus many bug fixes and user interface improvements.
This Bits from the DPL (Debian and OASIS) features a report from Mark Johnson, Debian's representative at OASIS (Organization for the Advancement of Structured Information Standards). "Through our membership we have direct influence into the process of standards development. This benefit has proved particularly beneficial in the development of the XML Catalogs specification. During a key period of work on this specification, two of the seven committee members were from the Debian project. As a result, the final specification will be more easily implementable on Debian than it otherwise might've been."announced a two-year roadmap for security in Red Hat Enterprise Linux. This press release highlights the work done by Red Hat to achieve government security standards, security certifications and with the NSA-developed SELinux. Slackware current has upgraded Xrender to 0.8.4 and Xcursor to 1.1.2 in XFree86 4.4.0, and qt-3.3.2 and x11-devel-6.7.0 are now in testing. There were also several security issues fixed in both -stable and -current.
New DistributionsAPAWS Linux with Gallery is a customized mini Linux distribution that runs mostly in RAM and includes everything you need to run a personal photo repository using Gallery. It is about 40MB in size and is configured with defaults to let you upload photos straight after booting it. A demo version of APAWS 1.0.0, that runs on Windows 2000 or XP, became available May 4, 2004. ariane is a console-only Linux system. It boots from CD-ROM into RAM and does not require a hard disk. It can also be booted from PXE or USB. It can be used for everything a minimal Linux system could be used for. ariane joins the list at version 434/51, released May 1, 2004. Ewrt is a Linux distribution for the Linksys WRT54G that was forked from the Linksys and Sveasoft code bases. It is designed to meet the needs of open wireless network operators by providing a captive portal based on NoCatSplash and large-scale management functionality on a stable and low-cost platform. The first public release, version 0.2 beta1, became available April 27, 2004. tinysofa is an enterprise grade operating system based on the Linux kernel. Optimized for i586 and up, tinysofa aims to be stable, secure, well-supported, easily managed and free. Trustix Secure Linux was used as a base for tinysofa. Version 1.0 was released April 29, 2004. (Thanks to Joe Klemmer) reports the release of a Tkfp Live! .iso image file. This bootable CD contains a configured and working copy of Tkfp running on Slackware 9.0 using WindowMaker as the window manager. Tkfp is an electronic medical record information system suitable for a solo or small group Physician's office for storing clinical information on patients.
Minor distribution updatesAstaro Security Linux has released v5.004 with major bugfixes. "Changes: This Up2Date added functionality to configure the WebAdmin packetfilter logging. It also fixed a DHCP client issue, a DSL reconnect problem, and a POP3 mail retrieving/deleting issue with Outlook Express 6, and corrected problems where the WebAdmin clock always showed GMT, the HTTP proxy restarted too often, and that WebAdmin needed a lot of RAM for large packetfilter rulesets." Aurox Linux has released v9.3.1 with minor bugfixes. "Changes: This version is an update release. Some bugs that were found in 9.3 were fixed. The distribution is contained in only two CDs, and it lacks localizations in languages other than English and Polish. The packages of this release are also available via FTP (yum and apt-get)." BasicLinux has released v3.20 with major feature enhancements. "Changes: Several enhancements for old laptops, including PCMCIA capability and MagicPoint (similar to PowerPoint)." Buffalo Linux has released v1.2.1 with minor feature enhancements. "Changes: Ximian Evolution (in the GNOME bundle), GIMP 2.0.1, MySQL 4.0.18, and a Buffalo version of 'swaret-1.6.2' are included. This release includes 55 minor package upgrades to synchronize with Slackware-Current (as of 24 Apr 2004). A 56MB upgrade (upgrade-1.2.1-buff-1.bz2) from 1.2.0 to 1.2.1 is available." Feather Linux has released v0.4.1 with major feature enhancements. "Changes: The list of documentation was updated, and the scripts were organized. bcrypt and xmms-cdread were added. Scripts were added to download Audacity and to remove the dpkg structure. A serial mouse option was added to X setup. Monkey was updated to 0.8.2, and the daemon script was changed accordingly. Memory checks were added to some scripts. An error with /opt on bootup was fixed. The dillo homepage was changed. The "xdef" boot option was added. XCDRoast was replaced with Gcombust. libpcap and tcpdump were added. wdict was updated." Fli4l (Floppy ISDN/DSL) has released v2.1.7 with minor feature enhancements. "Changes: Kernel 2.4.26 and uClibc 0.9.26 are now used. The RAM disks were replaced by tmpfs. The SSHD now supports TCP forwarding once again. Multiple W-LAN cards are supported, and WEP keys can be entered in a Windows-compatible form. raw-up/raw-down scripts similar to ip-up/ip-down were provided for raw ISDN circuits, and some minor fixes and changes were made." Franki/Earlgrey Linux has released v0.4.11pre1 with minor feature enhancements. "Changes: This disk release is built with latest Scripts (0.4.11) and previews changes in the forthcoming release's init scripts (in particular, a mount point for UMSDOS-formatted floppies in addition to VFAT)." Linux From Scratch has released v5.1-pre2. Linux LiveCD has released v1.9.3 with minor bugfixes. "Changes: This release has a new Webmin Web interface (version 1.140), new Web modules for network configuration and log rotation, and an ndiswrapper driver to use wifi Windows drivers in /opt/drivers. There are minor dbdif config bugfixes." Sentry Firewall has released v1.5.0-rc12 with major security fixes. "Changes: The Linux kernel was updated to version 2.4.26-ow1. The vsftp and SUSE Proxy-Suite (ftp-proxy) packages were added, and Snort was updated to version 2.1.2. There were also several changes to the rc.inet2 init script, and rc.inet2.conf was added." Trustix Secure Linux has a bug fix advisory for apache, cyrus-imapd, fcron, libpcap, and squid. Updated packages are available for TSL 2.1 and TSEL 2.
Distribution reviewsMad Penguin review of College Linux 2.5. "With a simple setup of username/password at configuration time, Apache, MySQL, PHP, Webmin, SQLite, and phpmyadmin have been installed and configured. This is something that I always set up when I install a new distribution, and it always takes more time than I expect it to (and a lot more time than I'd like it to). College Linux did all the hard work for me, and it was clear sailing for development from that point. I can't stress enough how useful this is to me (and many others) - web development is a very common practice among people who use Linux, especially college students. This, coupled with the inclusion of Quanta Plus, makes a complete web development environment simple for anyone." takes a look at Turbolinux 10 F, especially its ability to read Windows Media files its Apple iPod player support. "Among Linux distributors as Linspire (ex-Lindows) or Xandros Inc, Turbolinux emerges as the first to ship a media player that accepts proprietary formats."
Page editor: Rebecca Sobol
Next page: Development>>
Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds