Secure-SLinux Server V0.3.1stable source installation

AUTHOR: Sebastian Faulborn

DATE: 2006/09/10

UPDATE:

ALL PACKAGES: a list of all packages installed with Secure-SLinux can be found here

LICENSE: GPL (see the license of the individual software packages)

SYNOPSIS: Installation of source archive of Secure-SLinux Server (SSLX-Server)

CONTENTS:

...

Requirements:

To compile SSLX-Server you need at least:
  • 256MB RAM (recommended 512MB RAM or better)
  • i386 compatible architecture with i486 compatible processor or better
  • 5GB harddisk space and 256MB swap


    Download:

    Download the most recent SSLX-Server source archive from here.

    Documentation:

    Please read first the corresponding documentation for the binary installation. It will tell you how to configure Secure-SLinux. Please also have a look at Linux From Scratch - specifically LFS/HLFS, since it describes the compilation process.

    Compiling Secure-SLinux from source is supplied as is. It is not intended for installing Secure-SLinux. Use the binary archive instead. The sources were developed to generate the binary archives. Bugs in the source scripts will only be fixed if they lead to faulty binary archives on our development systems. Secure-SLinux is not a source distribution!

    The stable binary archives are generated in 3 steps:
  • Compile Secure-SLinux for the first time (Pass1)
  • Compile Secure-Slinux for the 2nd time using kernel grsec-sslx-single and all tests and full locales disabled from within the first pass
  • Compile Secure-SLinux for the 3rd time using kernel grsec-sslx-cd and all tests and full locales enabled from within the 2nd pass

    Then all logs are checked for unexpected errors. The binaries from pass2 and pass3 are checked whether they are identical. Then the same procedure is repeated on a different system (system1: amd, system2: intel pentium 4). Again the binaries are checked. Then the system is installed on a production machine and is tested. Finally Secure-SLinux is released first as dev, later as stable.

    Compiling Secure-SLinux:

    It is recommended that you compile Secure-SLinux from the most current SSLX-CD.

    Compiling Secure-SLinux is a three stage process:
  • Toolchain: needed to get away from the host system and to produce a minimal running system outside of the normal directory structure
  • hlfs: the core of the Secure-SLinux system
  • server: addons, mostly from the BLFS project. Complements the core to give you a full featured system for your everyday adminstrative work.

    By default the toolchain is compiled specific for your processor while the real system is compiled for i586 which can be changed in secure-slinux.conf and later in /etc/sslx-uname.conf.

  • make sure you have at least 256MB RAM and 256MB swap
  • create a single partition with at least 5GB
  • format it with ext3 and mount it (mount point /mnt/sslx)
  • un-tar the source archive to /mnt/sslx and cd into the newly created directory
  • edit secure-slinux.conf to suite your needs
  • ./setup-first.sh /mnt/sslx
  • ./toolchain.sh
  • ./hlfs.sh
  • ./setup-server.sh
  • now follow the instructions on the screen and configure Secure-SLinux for booting.
  • reboot into your new Secure-SLinux distro. Secure-SLinux will still be very basic - so don't be surprised if bash/vi etc. is still a bit minimalistic. When you login as root, use an empty password.
  • make sure that the network is working (ping web.de)
  • cd into /sources
  • edit /etc/sslx-uname.conf to suite your needs
  • edit server.conf to suite your needs
  • ./server.sh
  • ./server2.sh

    Thats basically all there is.

    You can create a binary distribution by booting into another linux distro, mounting the newly compiled Secure-SLinux partition, cd into the mount point (/mnt/sslx) and enter "tar cvfj secure-slinux-i586.tar.bz2 *". You may first want to remove the tools directory and the archive of the toolchain.



    		•