More new experiences with Trustix

I have recently installed both TSL 2.2 (Sunchild) and TSEL (release 2) so I am no expert, but there don’t seem to be a lot of big differences, except for the no fee license distribution has a far spiffier release code name.
Sunchild. I just have to like something at least a little if it is called Sunchild. Not sure why, just but it just seems a happy name.
Both distributions use RPM packages to manage software, and the patch level revisions are a little higher (more recent) in the TSL (Sunchild) distribution. Those Debian users who are used to and like apt and friends will like the way swup, the Trustix SoftWare UPdater, handles RPM dependancies automatically.
RedHat users like myself will like some of the built in search and testing features of swup. It automatically gets and installs all the required RPMs to satisfy any package you ask to install. (I get so tired of RPM error messages.) Once you’ve used swup to put together your Trustix server, systems admins can easily keep either Trustix disro fully up-to-date with a simple swup –upgrade
I haven’t found all of the support resources yet. It appears, from this early vantage, that this distribution like some others I have used has that “Unix is user friendly, its just choosy about it friends” attitude. There is a mailing list for TSL, and some largely unused forums for the TSEL distro. (Why does everyone seem to want to use those ucky forums to support their products? What is wrong with mailing lists?) Otherwise you call England for phone support on a pay per minute basis I think.
As a RedHat guy for many years, I am pretty familiar with the layout so support in that sense isn’t a big issue for me. I know where chkconfig is and what service does. Converts from other Linuxes converts may need more support. I bought the entry level commercial license to TSEL and I was a bit dissapointed in the support that comes with that. If I had shelled out more bucks, there were other support options.
The main thing I need is committment to provide updates on a timely basis to patch against emergent issues.
Also from my RedHat administrator perspective, Trustix installs a lot (REALLY!) less cruft. This is important to businesses. We spend time every day updating out networks and computers. Time is money, and I don’t want to pay for updating software I don’t use, or worse yet for software I don’t use, but can’t uninstall because of some obscure interdepedancies that I can’t resolve.
There are no regular network services setup to listen on the network by default. The base install doesn’t start sshd, or put it into any init scripts. I had several extra trips up and down the stairs to the basement before I remembered to set sshd to start on boot.
One thing I wish they had also borrowed from RedHat is to include iptables in the base install. It’s not, and this may be the reason it doesn’t restart with the network. Both of these firewall features seem to me like perhaps they should be included in a secure distribution.
Finally for those of you who care about these things, a few version numbers:

  • Kernel 2.4.28
  • GCC 3.3.3
  • OpenSSH 3.8.0p1
  • Apache 2.0.52
  • MySQL 4.0.21
  • Postfix 2.0.18
  • Bind 9.2.3

Only the kernel, postifx and OpenSSH are installed as a part of the base install.
Other related AdvisorBits entries:
Our memories of Picasso
Trustix gives a good first impression

Comments are closed, but trackbacks and pingbacks are open.