by April 12, 2005 0 comments



Good things never come easy and that stands absolutely true for Adamantix Linux. A stripped down version of Debian Woody, specifically designed as a very secure Linux OS, but at the same time very difficult to install. Adamantix is largely used for firewalls and IDS systems but because of its secure nature you can even make it your file server or mail proxy. The problem with this distro is its installer. To install the OS, first of all you should know that it is completely text-based and doesn’t support multi booting. Plus, it completely removes all data from all your partitions. So be really cautious while installing it. 

To install Adamantix you have to boot the machine with the Adamantix CD (Adamantix CD ISO is available on this month’s PCQEssential CD). The CD will boot into a command line-based live Linux environment. Here, type the command as follows to run the installation process.

# adamantix-install

This will start up the installer. But at this point, you might come across a bug that can terminate the installer whenever you reach the Partition Manager screen and select any Partition Manager. The technique, which we adapted to work around the problem, is very simple. We came out of the installer, ran fdisk and added a Linux ext3 partition. Then we ran the installer again. But in this time we skipped the Partition Manager screen by selecting the ‘Continue’ option. And the installation went smoothly. 

Direct Hit!
Applies to:
Linux administrators
USP: Set up this secure distribution and understand its various components like
PaX, RSBAC, Zorp and Shorewall
Links:
www.adamantix.org
ON PCQEssential CD:
system\cdrom\adamantix

But we managed to figure out another easy or say, less complicated step to install Adamantix. This involves downloading and installing Adamantix directly from the Internet. For this, you’ll need to do a minimal install of any version of Debian on the system, such as Sarge or Woody. If you have a copy of the Debian Sarge distro (we gave it with our December 2004 issue), then you can use that. Leave the online updates part of the installation, and then start the Adamantix installation. For this, specify an Adamantix mirror such as
http://www.adamantix.org/mirror‘  and then issue the command like this.

#apt-get update.

To complete the installation, you also have to give the following command.

#apt-get distupgrade 

Please remember however, that you need to log in as root to execute this last command. The Adamantix repository includes about 1000 packages. You can get this list and other details from
http://www.adamantix.org/packages.  

The distribution currently uses a modified kernel 2.4.22 from Debian, which is the normal kernel with PaX patch but without the RSBAC functionality. PaX is a Linux kernel enhancement, which provides protection for buffer overflow attacks, primarily the stack or heap memory overflow types. For other Linux kernels such as RedHat and Debian, PaX is available as a separate kernel patch. However, Adamantix has it out of the box.

The RSBAC framework is based on GFAC (Generalized Framework for Access Control). All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions. Decisions are based on the type of access (request type), the access target and on the values of attributes attached to the subject calling and to the target to be accessed. Additional independent attributes can be used by individual modules, eg the Privacy Module (PM). All attributes are stored in fully protected directories, one on each mounted device. Thus changes to attributes require special system calls provided. But the feature is not there by default. You have to once recompile the kernel to make it working. But be careful when integrating RSBAC into Adamantix, because if it clashes with any of the policies you created on PaX, the system could lock out even the root user.

Other elements of Adamantix, which make it so secure, are the Zorp proxy firewall suite and Shorewall firewall. Zorp is the core framework of Adamantix, which allows the administrator to fine tune proxy decisions (with its built-in script language), and fully analyzes complex protocols (including SSH with several forwarded TCP connections, or SSL with an embedded POP3 protocol). FTP, HTTP, finger, whois and SSL protocols are fully supported with an application-level gateway. Zorp aims for compliance with the Common Criteria/Application-level Firewall Protection Profile for Medium Robustness
Enviroment.

The Shoreline Firewall, more commonly known as ‘Shorewall’, is a tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/ server or on a standalone GNU/Linux system. Shorewall does not use Netfilter’s ipchains compatibility mode and can thus take advantage of Netfilter’s connection state tracking capabilities.

Anindya Roy

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

<