From: Liam Helmer (linuxlists_at_thevenue.org)
Date: Mon 01 Nov 2004 - 19:15:36 GMT
I've mentioned this before, but, now that I've finally got my new site
up, I'll put in a proper plug.
I've been building a linux distribution over the last year that is based
on linux-vserver, called StrongBox linux. It's based around gentoo and
debian, running kernel 22.214.171.124. The basic idea of it is to create
servers that run like appliances: all of the major OS components are
read-only and pre-built, and only configurations are writable by
default. The main website for it is here:
StrongBox is the first general purpose OS I know of to integrate
mandatory Change Control into the system. Any changes that you make to
the configurations of various components must be saved, as you would
with an embedded router device. Any changes that are not saved with a
valid digital signature are wiped out the next time the OS/bundle is
booted. This use of digital signatures aims to prevent any external
tampering with the OS being persistent across a reboot.
At this point, this is a beta quality system. There's still a number of
areas that could be seriously improved. However, I'm currently using it
in production environments to a high degree of success, with occasional
tweaks to support particular functionality.
There should be another beta version coming out in a few weeks, which
will include the linux-vserver 1.9.3 patch, and some more improvements
in the UI. Current applications that have been prebuilt for StrongBox
are web and mail functions (apache, cyrus-imap, postfix, mysql,
postgres). On the way is a file services bundle (appletalk, nfs, samba,
ldap, nis, kerberos). I've deployed one for a client, and should be
releasing it in a few weeks, after I work out more of the bugs.
Anyways, if you have some time, please test it! Feedback, flames,
funding, etc are all welcome.
StrongBox Linux http://www.strongboxlinux.com "Making Security Friendly"