[ HOME ] [ Linux ] [ HAM Radio ] [ RAS ] [ Networks ] [ PC Hardware ] [ ISDN ] [ Cablemodems ] [ Eval ISPs ] [ Security ] [ Trinity Designs ] [ Who am I ] [ Bookmarks ] [ ChangesLog ] [ Email me ]

Linux is a freely available UNIX operating system that is gaining momentum every day. Often pronounced with a short ``i'' and with the first syllable stressed -- i.e 'LIH-nucks', it was originally released by Linus Torvalds. Linux has now become one of the best multi-platform operating systems in existence with support for single and multi-processor support for Intel x86 , Sun Sparc, Digital Alpha, Motorola 680x0, Motorola PowerPC, and Silicon Graphics MIPs microprocessors. Companies like BSDi, SCO (native and Unixware) aren't very happy about losing a significant amount of market share (which they WILL lose) to a FREE operating system!

Linux comes in several favors which you might have heard of before. All of these 'distributions' use free software from the GNU project but they differentiate themselves by user interfaces, file placement, etc. Some of these common distributions are:

Then toss in full networking support, X-windows, one of the fastest development cycles for software out there, and an amazing level of Internet support, Linux is here to stay!

Here are some links that I've either written or found to be very helpful:

Raspberry Pi logo Raspberry Pi Debian documentation - My new(ish) documentation focusing on the use of Debian for amatuer radio centric protects. This document is very similar in approach to the Centos-centric TrinityOS and HamPacket documentation working on the OS installation, hardening and tuning. After that, it covers various interesting radio centric applications via the Debian / SystemD way.
  Updated: 09/20/23

!TrinityOS Sharpened!

The TrinityOS documentation and TrinityOS-Archive Scripts

* The archive link below contains all of configuration files, firewall rulesets, etc directly from the TrinityOS documentation the with a step-by-step shell script to help the user along to semi-automatically tune and secure the Linux box quickly. You can get/view these files in one of two ways:

  • If you'd like to show your approval of TrinityOS and what it stands for, feel free to grab one of the following graphics and put it on your page!
    Thanks to j.f.gauthier for the graphics work!

    * Here is TrinityOS's current feature set.. 

    ------------------------------------------------------------------------------------

TrinityOS is a step by step, example driven, HOWTO on building a very functional 
Linux box with strong security in mind.


Current
Features:
=========

Master References and Recommended Guidelines
--------------------------------------------
    + An extensive URL library and current version list for all installed and 
        recommended Linux tools and applications 
    + Example guidelines on documenting the hardware and partition layout of 
        your specific hardware 

Linux Distribution Thoughts:
----------------------------
    + Thoughts and recommendations on picking a Linux distribution 
    + A common "Search & Replace" key to customize this doc to YOUR specific 
        environment for both better clarity and the ability to use Search and
        Replace tools to customize to your specific setup

Core OS setup:
--------------
    + Configuring, compiling, installing, and booting both a 2.2.x & 2.0.x kernel 
    + Lilo configuration, security, and recovery
    + PCMCIA / CARDBUS PC-Card Services 
    + Software RAID 0 (striping) hard drives 
    + 7-CD SCSI CD-ROM changer system 
    + Automated Patching via RPM notifiers 
    + EXT2 file system tuning 
    + IDE hard drive performance optimization 
    + Dual printing system support for both UNIX and Windows/Samba hosts 

Network Connectivity:
---------------------
    + Strong, comfigrable, and well commented IPCHAINS and IPFWADM packet 
        firewall rule sets for SINGLE, DUAL, and THREE NIC environments. This
        section also includes a complete intro on how Packet and Stateful 
        Inspected firewalls work 
    + Automated rollback script for the loading of rc.firewall rule sets so that if you 
        make an error in the firewall rule set and the rule set doesn't complete
        execution, a backup rule set will be automatically loaded to restore 
        connectivity.
    + Full LAN masquerading (NAT or Network Address Translation) using private 
        IP addressing 
    + Masq IP port forwarding support (PORTFW) 
    + Three Ethernet network card support setup and TCP/IP Performance optimization 
        (modem and cable modem users w/ DMZ support) 
    + DNS servers running both primary and secondary zones using Bind in a 
        CHROOTed and and SPLIT Zone configuration
    + Full Sendmail e-mail system support w/ domain masquerading & Anti-SPAM measures with support 
        for more than one Internet domain on one EMAIL server 
    + IMAP4 / POP3 remote email service 
    + DHCPd server for other LAN machines (laptops, etc) 
    + DHCPc client setup for TCP/IP addresses 
    + SAMBA : Full Microsoft Windows file & printing support 
    + NFS: Full Sun RPC-based Network File System support 
    + IPSEC (Swan) VPN [Almost Complete] 
    + PPTP VPN client and forwarding through IPMASQ
    + HTTPd WWW WWW server 
    + PPP connectivity for primary PPP connectivity AND backup PPP connections 
    + Dial-on-Demand (Diald) Internet connections (modem users) 
      - Automatic Internet connections every 15 minutes (modem users) 
    + Direct dial-in terminal / PPP access via a modem 
    + NTP time calibration 
    + Full UNIX LPR and SMB printing 

Security:
---------
    + Complete physical and OS-level security recommendations and guidelines 
    + Full SSHd (encrypted TELNET) support
    + Actively Updated Linux system security and patching (Shadow passwords, etc) 
    + Advanced SYSLOG logging and nightly filtered reports emailed to the root user 
    + Prioritized TrinityOS "CRITICALITY" rating system in the CHANGELOG section 
        to gauge the level of urgency of security vulnerabilities, system 
        mis-configurations, etc. 
    + NMAP port scanning to test your packet firewall 
    + Figuring out if you have been hacked.. Confirm it! 
    + Prioritized ChangeLog to let users know what changes are and are NOT too important 
    + Anonymized Sendmail Banners 

System backup:
--------------
    + Minimum backups to floppy 
    + Full tape backup to HD drives via a custom Local/NFS/Samba script
    + Full tape backups via BRU with emergency restore diskette creation 
    + Full APC SmartUPS power down support (APCUPSd) with both paging support
        and plotting power stats with GNU Plot to a graph which is emailed via
        "Sendlogs"
    + Backing up the server to a CD-R [not completed yet] 

More Extensive Guides:
----------------------
    + How to fix LILO, HD partitioning, and file system corruption 
    + How to obtain an Internet domain(s) via a domain registrar
    + How to successfully move Internet domains across DNS servers and/or 
        TCP/IP addresses
    + How to recover from your box being hacked and how to RE-secure it 
    + How to understand and fight SPAM email 
    + SSH encrypted PORTFW VPN tunnels for email, etc


Future 
Features: 
=========

(Won't be implemented in any particular order) 

* TrinityOS TO-DOs:
-------------------
    + Add more "Configuration via GUI tools" sections 

* Network stuff
---------------
    + Modularize the rc.firewall rulset so updates can be transparent and not 
        require additional tailoring for each update. 
    + Remove LPR and replace it with LPRng or CUPS 
    + IPv6: Configure and setup IPv6 and possibly setup a IPv6 tunnel via the 6Bone 
    + Dial Backup: Add automatic analog modem dial backup when the ADSL/Cable 
        modem goes down 
    + CODA: Replace NFS support with CODA 
    + Add a CACHING only setup for 8.1.x DNS 
    + Setup a email list server (MajorDomo, Petidomo, dunno yet) 
    + Email sent dynamic IP address exception requests for access through the 
        TCP Wrappers and the IPFWADM rule sets 
    + DHCPc client setup for Cablemodems 
    + 128-bit encrypted Apache SSL WWW server 
    + Move over to xinetd for better DoS protection 
    + WWW Proxy services 
    + WWW banner add filtering 
    + Give instructions on compiling Xntp

* Security Stuff
----------------
    + Replace the Sendlogs script to use either Swatch or LogSentry 
    + Automate the firewall hits logging for trend analysis 
    + Install PGP / GPG for secure and/or verified communications to: other users, Internic, 
        binaries/source code verification, etc. 
    + Tripwire Security Breech monitoring [not completed yet] 
    + SATAN / SAINT / Nessus / COPS / ISS security testing 

* Application stuff
-------------------
    + Get Sendmail to run in an SMRSH shell
    + Implement Procmail to do local email filtering 
    + Setup fetchmail to get remote email vs. setting up a remote .forward 

* Administration stuff
----------------------
    + Rotate the UPS logs 
    + Implement automatic weekly incremental tape backups to the TR4 tape drive. 

* System Stuff
--------------
    + Iomega parallel ZIP drive support

    IP-MASQ-HOWTO: The Official Linux Documentation Project (LDP) HOWTO Distribution site:

    These are the most current versions of the Linux IP Masquerading HOWTO. If you find any spelling mistakes, typos, unclear sections, etc., please let me know.

    NOTE: I have now made the DocBook version of the HOWTO the primary version and deprecated the obsolete LinuxDoc version. The LinuxDoc version did not support the 2.4.x kernels and no longer meets LDP document requirements. If you would like a copy of the old IPMASQ HOWTO in LinuxDOC format, please email me.

    * Installing and Configuring IPMI 2.0 on Linux:

    * Linux Audio CD ripping and encoding scripts for Grip:

    * Linux IEEE-1394 SBP2 Benchmarking:

    I recently ran some firewire benchmarks to better understand how the same IDE HD installed into a Compucable 525DX enclosure would run behind an Agere OHCI vs. Ti OHCI IEEE1394 Firewire cards vs. natively on a UDMA100 IDE controller. Testing was run using HDPARM, Bonnie++, and "dd" on EXT2, EXT3, and ReiserFS file systems.

    Function.S:

    * Securing Linux: Step by Step"

    * In addition to the IP Masq HOWTO, I wrote a decent magazine article for "Linux Magazine" on how IP Masq works.
    Click on the magazine's front cover below to read the HTML version of the article.

    Linux Magazine - August 99 Its unfortunate that the graphics within the HTML article are too small, fortunately, all the text is there. I'll try to get Linux Magazine to fix that.

    * Pre-TrinityOS documentation for PPP/MASQ and PPP/MASQ/Diald setups:

    Rocko! Rocko:

    Other excellent Linux documents and URLs:

    Mailing lists:

    Networking:

    Linux Books and Mags:

    Security:

    Kernels:

    System Optimization:

    GUI Configuration tools:

    Laptops:

    Special Drive setups:

    Last Updated: 09/20/23

    Page Views since: 2/17/2014

    Flag Counter

    [ HOME ] [ Linux ] [ HAM Radio ] [ RAS ] [ Networks ] [ PC Hardware ] [ ISDN ] [ Cablemodems ] [ Eval ISPs ] [ Security ] [ Trinity Designs ] [ Who am I ] [ Bookmarks ] [ ChangesLog ] [ Email me ]