LINUX SECURITY --- November 14, 2000 Published by ITworld.com, the IT problem-solving network http://www.itworld.com/newsletters -------------------------------------------------------------------------- ------ HIGHLIGHTS * A compact, well-designed package of security tools -------------------------------------------------------------------------- ------ Trinux - Linux Security Toolkit By Rick Johnson Every so often, you cross paths with a really eye-catching program. Trinux is just that sort of tool. Never before, has such a complete set of security utilities been found in such a well-designed package. So, what is Trinux? Trinux is a portable, micro-distribution of Linux that boots from a floppy disk. What sets Trinux apart is its complete dedication to security. Hear are just a few of the tools included: Ethereal, nmap, openSSH client and server, ntop, snort, firewalk, dsniff and many others. All of the packages are precompiled versions of popular Open Source network security and monitoring tools. Once booted, it loads the packages from a FAT/Ext2 partition, floppy disks, or HTTP/FTP servers, and runs entirely in RAM. Once loaded you have a versatile, ultra-compact network security workstation. Based on a stripped down version of Slackware 7.1, Trinux will run on virtually any 486 or higher PC with at least 12MB of RAM and it supports the latest 2.2.x kernels and glibc 2.1.x. The default kernel supports most common Ethernet cards but additional hardware support is possible through kernel modules. Trinux is available from http://trinux.sourceforge.net as a tarred archive and can be unpacked under Linux or using WinZip on a Windows system. Execute the install script (trinux.bat for Windows users or ./trinux for Linux) to create the initial floppy images. The initial boot floppy only supplies a bare minimum of functionality -- enough to boot the kernel, build the ramdisks, extract the minimum number of necessary utilities, and configure the network. The Trinux default configuration provides easy network configuration via DHCP; from there, the network package loading feature really proves itself. The packages are maintained on a centralized HTTP server and, after obtaining an IP address, a selection of packages automatically load and install through wget. This process saves you the trouble of building and updating floppies each time a new package is released. Network package loading is enabled by default on the boot disk. You can set floppy loading as the default by modifying the syslinux.cfg file on the boot floppy. If Trinux is unable to contact the server due to network problems, it will look for a floppy. If you are in the market for a flashy, aesthetically pleasing, GUI interface, then you are looking at the wrong distro. Trinux is a console based, in your face, no frills, cutting edge tool. To put it simply, Trinux just works. Every feature possibly wanted is available and, with practically no modification, you have a formidable tool to aid in the defense of your world. Now if only I had thought of this .... About the author(s) ---------------- Rick Johnson is currently the Manager of Security Services for FusionStorm, a remote managed services company. When not writing, he heads the development team for PMFirewall, an Ipchains Firewall and Masquerading Configuration Utility for Linux. Rick can be contacted via email at rick@pointman.org or on the web at http://www.pointman.org. -------------------------------------------------------------------------- ------ ADDITIONAL RESOURCES No one can trust Windows security again -- unless it's open source http://www.itworld.com/jlw/linsec_nl/lw-2000-11/lw-11-penguin_2.html Securing Linux, Part 1 Elementary security for your Linux box http://www.linuxworld.com/linuxworld/lw-1999-05/lw-05-ramparts.html Securing Linux, Part 2 Advanced Linux security http://linuxworld.com/linuxworld/lw-1999-07/lw-07-ramparts.html Securing Your Linux Box http://www.linuxgazette.com/issue34/vertes.html -------------------------------------------------------------------------- ------
<<attachment: winmail.dat>>