It finally dawned on me the other day – that instead of trying to install what most distributions call a minimal install (500+ Meg) and then trying to figure out what all I can remove afterwards, how about starting with a distribution that truly is minimal and then adding only what I need afterwards.
I started out looking at several projects that mainly built everything from scratch – such as LFS. Finally, I found mention of a distribution called Trustix, which seemed to address the minimalist approach – but at the same time keeping it simple.
There are a few ways to go about the installation:
1. You can download the install CD, which appears to contain all the optional packages. It still fits on one CD and comes in at around a 600Meg download.
2. Download a 30Meg image containing the files needed to setup a PXE installation. However, it turned out there was an additional package that had to be downloaded from another site for a file called pxelinux.0 . I have assembed a ‘no-nonsense’ package that includes everything already laid out to install using PXE. You can download the file here. Once downloaded, just extract to the root of your tftp server’s directory and that’s all you need to do. For a tftp server, I used tftpd32 which is a very small Windows tftp server.
Overall, I was very impressed with not only the installation – but also the overall outcome. During the install, you have the ability to select optional packages. The default is ‘minimal with ssh access’ and the only thing I added was the Apache http server. Approx. 15 minutes later, I had a fully working (and very secure) Linux server up and running.
The installation footprint turned out to be around 275Meg. I was very pleased to not see such stuff as Sendmail, NFS related stuff, Advanced Power Management services, Plug and Play mess, etc… The only thing installed was what I told it to install, imagine that!!!
Another very nice surprise was even though I selected to install ssh and http they were not set to startup at boot by default. At the very minimum, it had to be started manually or turned on to start at boot time. I like this – because now the administrator has the opportunity to decide what services to expose, rather than figuring out all the ‘extras’ that need to be turned off.
All in all – I give this experience a 5 out of 5 stars. Expect to see a detailed installation document of the entire process next…
Minimal Secure Linux Install using Trustix
It finally dawned on me the other day – that instead of trying to install what most distributions call a minimal install (500+ Meg) and then trying to figure out what all I can remove afterwards, how about starting with a distribution that truly is minimal and then adding only what I need afterwards.
I started out looking at several projects that mainly built everything from scratch – such as LFS. Finally, I found mention of a distribution called Trustix, which seemed to address the minimalist approach – but at the same time keeping it simple.
There are a few ways to go about the installation:
1. You can download the install CD, which appears to contain all the optional packages. It still fits on one CD and comes in at around a 600Meg download.
2. Download a 30Meg image containing the files needed to setup a PXE installation. However, it turned out there was an additional package that had to be downloaded from another site for a file called pxelinux.0 . I have assembed a ‘no-nonsense’ package that includes everything already laid out to install using PXE. You can download the file here. Once downloaded, just extract to the root of your tftp server’s directory and that’s all you need to do. For a tftp server, I used tftpd32 which is a very small Windows tftp server.
Overall, I was very impressed with not only the installation – but also the overall outcome. During the install, you have the ability to select optional packages. The default is ‘minimal with ssh access’ and the only thing I added was the Apache http server. Approx. 15 minutes later, I had a fully working (and very secure) Linux server up and running.
The installation footprint turned out to be around 275Meg. I was very pleased to not see such stuff as Sendmail, NFS related stuff, Advanced Power Management services, Plug and Play mess, etc… The only thing installed was what I told it to install, imagine that!!!
Another very nice surprise was even though I selected to install ssh and http they were not set to startup at boot by default. At the very minimum, it had to be started manually or turned on to start at boot time. I like this – because now the administrator has the opportunity to decide what services to expose, rather than figuring out all the ‘extras’ that need to be turned off.
All in all – I give this experience a 5 out of 5 stars. Expect to see a detailed installation document of the entire process next…