Originally Published: Sunday, 15 July 2001 Author: Dave Markowitz
Published to: enhance_articles_sysadmin/Sysadmin Page: 2/4 - [Printable]

Building a Server Appliance with Trustix Secure Linux and Webmin

To command by line or GUI, that is the question. Or, hey, does it really matter? Linux.com contributor Dave Markowitz says it does if we want to get Windows admins using Linux. This week Markowitz takes us through an open-source server appliance installation that is secure, powerful and controlled from the GUI.

Trustix  << Page 2 of 4  >>

With this in mind, I thought I'd give Trustix Secure Linux 1.2 a try. I downloaded the Trustix .ISO from http://www.linuxiso.org using my employer's OC3 line onto my laptop, then took it home and burned it onto a CD. Trustix's website is http://www.trustix.com.

Trustix 1.2 is a Linux distro based on Red Hat 6.x, but implemented in a security-conscious manner, and installs kernel 2.2.19-4tr. Only a bare minimum of services start up by default even when you install everything, as I did. The services enabled by default are:

  • crond
  • keytable
  • netfs
  • network
  • postfix
  • random
  • syslog

That's a pretty bare system by anyone's standards. I even had to enable sshd, which is included for remote admin, but is not enabled by default. This was pretty easy by issuing the command ntsysv at the prompt, then selecting sshd.

Trustix also increase security by replacing insecure applications with modern replacements. E.g., sendmail is replaced with Postfix. Also, there is no telnet daemon (server) in Trustix; as noted above, it's replaced with sshd. A telnet client is installed, however, since it is useful for connecting to those network devices, such as routers, which need it for remote administration.

Incidentally, Trustix has some good documents on their website about installing and configuring the OS. The docs are also included in a variety of formats on the installation CD. One thing that I was pleased with is that although Trustix hails from Norway, the English language documents are well done.

Installation is done the old fashioned way, in character mode. In fact, anyone who's installed an older version of Red Hat, or a current version in text mode, will be looking at something quite familiar. I chose to install everything, to get a feel for a full install. This took up about 485 megs or so on my disk. Compared with most recent Linux distros, this is quite lean. Installation took about 10-15 minutes on a P-III/450 with 256 megs of RAM, a 32x CD-ROM drive, and a 10.2 gig Maxtor ATA-66 hard disk. This included the time to set up my partitions using Disk Druid. You can use fdisk to partition your disk, by the way, but I find Disk Druid easier to use.

One thing Trustix does not include is XFree86: in other words no graphical user interface. The authors of Trustix are avowed command line fans and feel that a GUI doesn't belong on a server, sucking up resources and introducing potential security holes. Instead, they intend for it to be administered from the command line.

While the "no GUI for servers" school of thought has its merits, I like having a GUI available for administration tasks. Even though I've been using Linux for a few years, and I can get around on the command line without problems, having a GUI helps me keep track of just where I am, and often reminds me of the various options associated with a command or service. And as mentioned above, many admins are more favorably disposed towards GUI systems. This is especially true of the Windows admins who Linux advocates are interested in converting to the Light Side. While XFree86 can be configured for remote use (due to its client-server design), it is big, slow, and was not designed with security in mind.

Another problem with X is that it is not easily cross-platform. Most decent X clients for Windows are commercial software, and expensive to boot. A better way to remotely administer a Linux box through a GUI would be to use software that's installed on any Windows PC: a Web browser.





Trustix  << Page 2 of 4  >>