|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Sunday, 15 July 2001||Author: Dave Markowitz|
|Published to: enhance_articles_sysadmin/Sysadmin||Page: 2/4 - [Printable]|
Building a Server Appliance with Trustix Secure Linux and Webmin
To command by line or GUI, that is the question. Or, hey, does it really matter? Linux.com contributor Dave Markowitz says it does if we want to get Windows admins using Linux. This week Markowitz takes us through an open-source server appliance installation that is secure, powerful and controlled from the GUI.
|Trustix||<< Page 2 of 4 >>|
With this in mind, I thought I'd give Trustix Secure Linux 1.2 a try. I downloaded the Trustix .ISO from http://www.linuxiso.org using my employer's OC3 line onto my laptop, then took it home and burned it onto a CD. Trustix's website is http://www.trustix.com.
Trustix 1.2 is a Linux distro based on Red Hat 6.x, but implemented in a security-conscious manner, and installs kernel 2.2.19-4tr. Only a bare minimum of services start up by default even when you install everything, as I did. The services enabled by default are:
That's a pretty bare system by anyone's standards. I even had to
Trustix also increase security by replacing insecure
applications with modern replacements. E.g., sendmail is replaced
with Postfix. Also, there is no telnet daemon (server) in Trustix;
as noted above, it's replaced with
Incidentally, Trustix has some good documents on their website about installing and configuring the OS. The docs are also included in a variety of formats on the installation CD. One thing that I was pleased with is that although Trustix hails from Norway, the English language documents are well done.
Installation is done the old fashioned way, in character mode.
In fact, anyone who's installed an older version of Red Hat, or a
current version in text mode, will be looking at something quite
familiar. I chose to install everything, to get a feel for a full
install. This took up about 485 megs or so on my disk. Compared
with most recent Linux distros, this is quite lean. Installation
took about 10-15 minutes on a P-III/450 with 256 megs of RAM, a 32x
CD-ROM drive, and a 10.2 gig Maxtor ATA-66 hard disk. This included
the time to set up my partitions using Disk Druid. You can use
One thing Trustix does not include is XFree86: in other words no graphical user interface. The authors of Trustix are avowed command line fans and feel that a GUI doesn't belong on a server, sucking up resources and introducing potential security holes. Instead, they intend for it to be administered from the command line.
While the "no GUI for servers" school of thought has its merits, I like having a GUI available for administration tasks. Even though I've been using Linux for a few years, and I can get around on the command line without problems, having a GUI helps me keep track of just where I am, and often reminds me of the various options associated with a command or service. And as mentioned above, many admins are more favorably disposed towards GUI systems. This is especially true of the Windows admins who Linux advocates are interested in converting to the Light Side. While XFree86 can be configured for remote use (due to its client-server design), it is big, slow, and was not designed with security in mind.
Another problem with X is that it is not easily cross-platform. Most decent X clients for Windows are commercial software, and expensive to boot. A better way to remotely administer a Linux box through a GUI would be to use software that's installed on any Windows PC: a Web browser.
|Trustix||<< Page 2 of 4 >>|