Trustix Secure Linux was a Linux distribution intended for use on servers and focused on security and stability. It was a hardened and secure OS, meaning that non-essential services and binaries are not installed, while UNIX staples like Sendmail are replaced by programs like Postfix.
A sleazy company called Comodo Group bought Trustix Linux in 2003 and discontinued it. Updates and direct support for Trustix Secure Linux was ended December 31, 2007.
Trustix was based on Redhat Linux and used the RPM package manager model.
Trustix Secure Linux is a Linux distribution targeted at companies, of all sizes, in need of a low footprint and high security server operating system. Trustix Secure Linux includes the open standards based SoftWare UPdater, SWUP, which keeps all software packages up-to-date, resolves library dependancies and integrates public key cryptography to ensure safety and security.
Trustix Linux Configuration Tips
SSHD CONFIGURATION / REMOTE ACCESS
To Enable sshd remote login for your local area network Ensure you installed sshd Before you can start the sshd service for the first time, you have to generate keys. You only need do this once for the new installation.
Generate sshd keys
# ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N # ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N # ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N
root access
By default no root access is avaible on trustix via ssh. There are 3 options to allow root. 1) Direct ssh as root 2) ssh as a user then 'su' to root 3) ssh as user then use 'sudo'.
- root 1 - To allow root direct ssh access modify the sshd_config file
# vi /etc/ssh/sshd_config add or modify the line: PermitRootLogin yes
- root 2 - To allow users to use 'su'; This requires user use the root password. When not configured, "su: incorrect password" even when the correct one is used. To enable
- root 3 - To allow a user to sudo
start the sshd service
# service sshd start
set sshd to start when system boots
# mv /etc/rc3.d/K45sshd /etc/rc3.d/S45sshd
CHECK AND APPLY PATCHES AND UPDATES
It is security wise to make sure your installation of the distribution is up to date. Use the swup command to update Trustix.
(see swup.txt for details)
# swup --upgrade
DOWNLOAD TRUSTIX PACKAGES AND INSTALL WITH RPM
- ftp://ftp.trustix.org/pub/trustix/releases/trustix-1.2/i586/Trustix/RPMS
- ftp://ftp.trustix.org/pub/trustix/releases/trustix-1.5/i586/Trustix/RPMS
- ftp://ftp.trustix.org/pub/trustix/releases/trustix-2.0/i586/trustix/rpms
- ftp://ftp.trustix.org/pub/trustix/releases/trustix-2.1/i586/trustix/rpms
- ftp://ftp.trustix.org/pub/trustix/releases/trustix-2.2/i586/trustix/rpms
- ftp://ftp.trustix.org/pub/trustix/releases/trustix-3.0/i586/trustix/rpms
- ftp://ftp.trustix.org/pub/trustix/releases/trustix-3.0.5/i586/trustix/rpms
Use the RPM package manager to install or upgrade packages downloaded manually.
ENABLING IP FORWARDING FOR A FIREWALL CONFIGURATION
Trustix Network Configuration: If it is a firewall or router that you are using Trustix linux for then it will be necessary for you to enable ip forwarding. Test to see if it is enabled by typing:
# cat /proc/sys/net/ipv4/ip_forward 0=ip forwarding off, 1=ip forwarding on
In Trustix you shouldn't add "echo 1 > /proc/sys/net/ipv4/ip_forward" to the rc.local file such as was the practice in old distributions. Instead you should modify the sysctl.conf file.
# vi /etc/sysctl.conf net.ipv4.ip_forward = 1 (seefirewall-router.txtNetfilter Firewall and Router for details)
UPGRADE VIM TO FULL VIM ENHANCED
Trustix comes with shitty vim based on a shitty RPM. In fact, the vim distributions in rpm pretty much all suck. The enhanced one requires X but we can get around this. First obtain gpm-1.20.1-2tr.i586.rpm
# rpm -ih gpm-1.20.1-2tr.i586.rpm # rpm -ih vim-common-6.2.121-1.i386.rpm # rpm -ih vim-enhanced-6.2.121-1.i386.rpm # ln -s /usr/bin/vim /bin/vi
ABILITY TO TRANSFER FILES
There are some options, such as ftp, wget, scp, and zmodem to name a few. For CRT users on Windows, zmodem provides a fast way to upload and download files to and from your Trustix boxen. zmodem uses sz and rz in an RPM package called lrzsz-0.xx.xx-xx.i386.rpm
See also: Linux and UNIX Secure Copy
INSTALLING FROM SOURCES
Compiler must be installed for you to compile from sources. If you get the error "-bash: make: command not found" for example, get and install make-3.80-7tr.i586.rpm
rpm -ih make-3.80-7tr.i586.rpm