About Trustix Secure Linux

Recognition of the critical role of secure and stable mechanisms in enterprise operating systems led to the birth of Trustix Secure Linux in 1999. The fact that enterprises crave stability and security in Linux made Trustix go mission-critical in mainstream enterprises. Trustix Secure Linux is a security-enhanced and stability-augmented Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using SWUP, the automated software updater.


The Trustix Linux project was created by Erlend Midttun in 1999 taking inspiration from GNU guidelines of the freedom to use, study, copy, modify, and redistribute computer software, and to defend the rights of Free Software users. TSL is a secure Linux distribution aimed specifically at the enterprise server market, without all the unnecessary extra packages and desktop features typically offered by other Linux Distributions.


Comodo Group offers commercial support for Trustix Secure Linux to complement their existing product range of a Trustix Firewall to provide fast secure IT infrastructure connections. TSL is security-hardened and specifically optimized to maximize the performance and stability of enterprise servers without superfluous programs.


                                       What is Linux?

Linux is a freely distributed UNIX-like operating system which was originally designed for 386/ 486 / Pentium based PCs but now also runs on other systems as well. The Linux kernel has been written by Linus Torvalds with assistance from a number of developers around the world. Linux has no proprietary code in it and is available in both source and object form. Linux has number of UNIX utilities and a file system which follows the Linux File System Hierarchy Standard. It is an independent implementation of the POSIX operating system specification with System V and BSD extensions.


                  What are the main features of Trustix Secure Linux TSL?


Trustix Secure Linux combines the innovation of open source technology and the constancy of a true enterprise-class platform. Each new release supports i586 and other higher platforms.


Trustix Secure Linux was specifically designed for the server market. With a focus on security and stability, the whole system benefits from a fully automatic update agent known as SWUP, eliminating the most critical issue of server security - Patch management.

              Trustix Secure Linux (TSL) has the following main features:

    * Small and clean server distribution:
      The primary focus of TSL is a “Keep it simple” distribution which meets all the enterprise needs without superfluous packages which hinder easy installation on your machine.

    * No surprises
      Surprises are usually bad when it comes to system administration. In TSL, we go out of our way to make sure there are none and that you, the systems administrator, is the one in charge. We provide the tools, you use them as you see fit.

    * Stable
      Trustix Secure Linux has been designed with the two goals of stability and security as top priorities. TSL features a stable enterprise-grade operating system which can run for years with little or no hassle for the administrator. Because of its unrivalled stability, it is ideal for high-performance computing environments. We guarantee that your machines will be up for months at a time without a crash or need for rebooting.

    * Easy to install
      TSL is user-friendly and the VIPER installer makes it easy to install on your machine, even if you are not a Linux expert. Features like hardware detection and configuration, a nice interface for selecting what to install and how to configure it, make the installation process a very easy one.

    * Easy updates
      SWUP, the Trustix SoftWare UPdater, provides a convenient and secure way of keeping your system updated with the latest security patches as well as a host of other functionality. SWUP is an extension for existing software packaging systems to facilitate automatic and secure update and install. SWUP handles dependencies between software packages, and is able to fetch additional required software during install or upgrade.


    * Updated installation media
      The TSL media has since day one been kept up to date with the latest fixes. This saves you from downloading the additional 70MB of updates once your system is done installing and gets you up and running fast.


    * Well maintained
      The Trustix team takes great pride in being among the first to fix security holes and we cooperate with a number of other vendors and organizations to give you the best possible service.


    * Active TSL community
      The TSL community lives on the TSL mailing lists. It consists of a number of skilled people in addition to the TSL developers.


            What makes Trustix Secure Linux TSL better than other Linux distributions?

TSL better addresses the needs of corporate servers. Trustix Secure Linux includes the open standards based SoftWare UPdater, SWUP, which keeps all software packages up-to-date, resolves library dependencies and integrates public key cryptography to ensure safety and security.


These key features make TSL better than other Linux distributions.


    * Security hardened vs. Software Proliferation
      TSL believes in delivering the most efficient, stable and secure Linux distribution available by streamlining the distribution to include only the most secure server essential Linux packages. Whereas other distributions like Red hat offer multiple packages which means that there is always the possibility of more potential security holes, more server configuration, more dependency issues, more drain on system resources and less efficient server performance. TSL means better value for your money due to lower TCO from day one.


    * VERY Fast Security Updates
      Since Linux distributions are not static entities, the updates with new, patched packages are equally important as the original installation. TSL will help you maintain a secure system by providing fast security updates via fully automated Software Updater SWUP . SWUP is the more versatile and cost effective option when you need to upgrade your installation. Also the Trustix updates may be automatically downloaded for free using SWUP, whereas the updates for other distributions like Red Hat are only included with subscriptions to Red Hat Enterprise Linux.


   1. SWUP enables administrators to secure update installations of TSEL from any media (CD, Mirror Servers, FTP, Web Server etc) using GPG signature verification- free of charge. On the other hand, Red Hat, for example, offers the same functionality via their Proxy and Satellite Architecture Models but you have to pay for them.
   2. SWUP can, due to the verification of GPG signatures, use any mirror site securely which means that Trustix users are able to verify the integrity of each update, regardless of the integrity of the many distributed mirrors. On the other hand, Red Hat's up2date depends on the RH distribution servers which create dependency on the official Red Hat servers.
   3. SWUP maintains the privacy of the users by creating the list of packages to update locally. On the other hand, Red Hat's updates transfers a lot of information to the update servers (including, but not limited to your current hardware configuration and a list of all software installed). The arrangement is documented in their End User License Agreement.



    * Secure Default Installation
      Trustix Secure Enterprise Linux ships with only essential, server specific packages and no remote services running. This means that a default installation of Trustix is much less vulnerable to attacks than the default installation of other distributions. On the hand, Red Hat ships with a lot more packages with no real consistency, some services enabled, some not. Red Hat has no defined policy about the default status of installed services, and it’s up to the user to decide if a running service is a security threat

    * Secure Default Configuration
      Trustix provides secure defaults for its services by providing updated installation media, saving administrators from having to immediately update the installation. The latest security and bugfix updates are installed from the installation CD. On the hand, other distributions like Red hat make you download additional 400MB just to secure the software you just installed. In contrast, TSEL represents immediate security and functionality out of the box.


                      How does the TSL fit in the category of “Free Software”?

Trustix Secure Linux is one of the front line providers of Open Source Software worldwide and we are fully committed to the support and further development of the Open Source Community. Trustix Secure Linux TSL history is based on “free software philosophy” with the participation of a wide open source community. The purpose of the Trustix Secure Linux TSL is to create a high quality, open source operating system designed for the server share of the PC market by using carefully selected components from well-known reliable sources like the GNU Project and the Linux kernel in addition to software created specifically for Trustix.


                                What licensing model does TSL follow?

All code developed and distributed by Trustix are released under a set of guidelines which incorporate the main features of different licenses like General Public License and equivalent. Trustix will include any license that allows us to modify the sources, distribute, use, and everything else we may or may not like to do, without fee. We also include software with proprietary licenses as long as it's in-house developed software.


                                What is the latest version of TSL?

Stable Release TSL v 2.2


TSL 2.2 brings together enhancements in speed and security along with support for Serial ATA disk drives and the leading open source Anti Spam and Anti Virus solutions like Spam assassin and ClamAV. More importantly, updates and patches to the system are controlled via fully automated patch management system SWUP which keeps your server software constantly updated.

Development Release TSL v 3.0 Beta


The most important features of Trustix Secure Linux 3.0 are easy installation through VIPER and quick updates through SWUP (Software Updater). It has other automation tools such as CP+ which facilitates the quick and easy, web based administration of Trustix OS based server. This helps in simplifying the usually complex management of tasks such as Samba file sharing, MySQL databases, firewall configuration, web site hosting including DNS management and email.


Other more detailed enhancements include additions like X.org X11-libraries, GnuTLS,Hotplug, Memtest86+,Net-SNMP,FreeRADIUS. Major upgrades are Kernel 2.6, gcc 3.4, glibc 2.3.5 and bash 3.0. Also most of the packages have been brought up to their latest stable versions.

Crose cable untuk sambungkan :- PC --->PC , Hub ----> Hub
Straight Cable untuk sambungkan :- Hub ---> PC
Terdapat 2 standard piawaian iaitu:- British(B), American (A)
 

Firewall adalah satu bidang yang semakin menjadi satu minat kepada mereka yang berhubung ke Internet dan juga menjadi satu jenis aplikasi untuk menyediakan sistem keselamatan pada rangkaian peribadi (private networks). Saya akan cuba terangkan konsep firewall dalam bahasa Melayu dengan sebaik mungkin. Kalau ada silap, tolong betulkan pasal mata dah nak lelap.  

Perlu diingatkan di sini, adalah menjadi satu tanggapan global bahawa dengan adanya satu firewall antara rangkaian dalaman dengan Internet, ia akan menyelesaikan masalah keselamatan data. Tanggapan ini tidak benar sama sekali. Ia akan membantu tetapi firewall yang dipasang dengan cara yang tidak betul adalah lebih cenderung kepada risiko keselamatan daripada tiada langsung firewall. Firewall akan menambah satu aras keselamatan kepada sistem anda tetapi ia tidak akan menyekat cracker atau penggodam (siapa reka perkataan ini?) yang betul-betul nekad untuk masuk ke dalam rangkaian anda, sepertimana yang telah dibuktikan kepada kawan-kawan kita di Bincang.net. Jika anda membenarkan pendapat bahawa firewall anda kebal dan tiada siapa yang dapat memasukinya, anda hanya telah menyenangkan kerja si penggodam tersebut.  

Apa itu Firewall?  
Terdapat dua jenis firewall yang menjadi kegunaan umum di Internet pada hari ini. Jenis yang pertama lebih dikenali dengan nama packet filtering router, di mana kernel pada komputer/router multi-homed (dual-direction) akan menentukan sama ada untuk meneruskan (forward) atau memansuhkan (reject) berdasarkan kepada set-set arahan yang telah ditetapkan. Jenis yang kedua ialah pelayan proksi atau akronim bahasa Inggerisnya, proxy server di mana ia berfungsi dengan menggunakan daemon-daemon authentication (proses-proses penentusahkan yang berjalan di background dan berinteraksi secara terus dengan sistem) dan akan meneruskan paket-paket data kepada, antaranya multi-homed host atau hos-hos biasa yang mana tidak mengaplikasikan mana-mana mekanisme packet filtering.  

Pada kebiasaannya, kebanyakkan sites menggunakan kombinasi kedua-dua jenis firewall ini. Dalam hal ini, hanya sebuah atau beberapa hos yang dikenali dengan nama bastion host(s) dibenarkan untuk meneruskan paket-paket melalui packet filtering router ke dalam rangkaian dalaman. Servis-servis proxy dilarikan pada bastion host yang mana pada umumnya lebih selamat daripada mekanisme-mekanisme penentusahkan yang biasa.