Copyright © 2000 Trustix AS
A:
After installing other distributions on various servers we came to the
conclusion that it was just too much work. Many packages unneeded on a server,
like the X windows system and its libraries were included, and hard to remove.
Also most distributions come with many services running, which would have been
nice if the world consisted only of nice people, but as the internet of today
is plagued with both ``script kiddies'' and more evil computer criminals,
running unneeded services is a no-no.
We wanted something that an experienced sysadmin could install and have configured in as short a time as possible, while still going easy on the inexperienced user. We wanted less bloat and more focus on security. We wanted Trustix Secure Linux.
A:
As noted earlier, it is made especially for servers.
Perhaps most noticable we have included no X windows system. This makes sense as TSL is a Unix-like system and therefore very friendly to remote administration. A GUI would only waste memory, CPU cycles, and disk space.
We also try to maintain secure defaults. As it is easier to know what is needed than what is not needed, the default configuration for the system is not to run any services at all. An admin will know what services to run, but as admins are people too, not all admins would bother to close down the services they do not have to run.
As most other distributions we also strive to update our programs both for features and for security reasons. It is a goal that no known security problem in Trustix Secure Linux should be there for long.
A:
Get the iso image that should be on most mirror sites. All good CD
writing programs support writing a standard iso9660 image file to a CD.
A:
After a release, we still try to keep the current version up to date. This
means that, in a perfect world, every time we release an updated package for
the distribution, we will build an updated iso image. The dated file is just
a symbolic link to the "undated" version, so you do not need both the
trustix-1.1-20000724.i586.iso and the trustix-1.1.i586.iso. These two are the
same file.
A:
This is a known bug in the kernel, and thus TSL-1.2. It should be fixed
in the upcoming 1.5 release. The problem is that the kernel thinks it should
be disabling your PIII serial number, but since you do not have a PIII, this
does not work.
Until 1.5 is released, you can type `linux x86_serial_nr=1' at the boot
prompt when installing, and make sure to specify the x86_serial_nr=1
argument when the installer asks for special kernel arguments. This should
make the kernel behave better.
A:
Really... Go check the packages on the ftp site.
A:
Trustix Secure Linux uses a wheel module for PAM to limit the amount of
users that are allowed to su to root. Make sure your user is listed in group
root, edit the file /etc/group to do this, ie:
root::0:foo
Separate more users with commas:
root::0:foo,baz,quux
A:
Our reasoning is plainly and simply that the ISA architechture introduces
many possible errors on your system (for instance, unlike PCI devices, you
cannot reliably probe for devices, if you did, chances are your system
locks solid). In addition, the age of the ISA bus shows, both in speed
and reliability and since you already need somewhat a modern PC to run
TSL in the first place, we thought we should save you from even considering
it.
Why is speed an issue? An ISA network adapter can not keep up with a 100Mbps network. A SCSI controller on ISA is at best the bottleneck of your system, and will hurt you even more than the network card. You really don't want either on a server, and that is what TSL is made for.
Note that ISA video cards will probably work quite well, because these generally require no specific software support for just a text terminal.
A:
The standard telnet daemon for linux does not support any secure form of
authentication. We therefore encourage the usage of ssh instead of telnet and
include only the ssh daemon. (The telnet client, however, is a very
nice tool for example for interfacing directly with your mail server and other
everyday network debugging tasks, and is therefore included.)