This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature: Distributions

Annvix: A stable, secure, no-frills server distro

By Preston St. Pierre on January 16, 2008 (4:00:00 PM)

Share    Print    Comments   

Annvix is a distribution aimed at providing a secure, stable, and fast base for servers. Be warned, however: Annvix is not for everyone.

When you boot the Annvix netinstall CD, you're greeted with a shell and informed that the root password is "root" and should be changed. It also advises that you set up your network and use lynx on another terminal to browse the documentation for the install. Already I could tell that this was not going to be your average user-friendly GUI installer.

Before doing that, however, I tried to switch my keyboard to Dvorak using loadkeys dvorak as usual. This did not work. I assumed that Dvorak wasn't included and continued, setting up my network and reading the documention. It assured me that Dvorak was installed, and after looking in the appropriate directory I found that to be true. I had to give loadkeys the full path for it to work, which is not the behavior I'm used to, but I guess that's why its one of the first things mentioned in the documentation.

After setting up my partitions with fdisk and adding the swap partition manually as instructed by the docs, I mounted the soon-to-be-Annvix partition and executed the install-pkgs command that the netinstaller uses to copy packages over. Despite my having done as the documentation told me and manually setting a new root password, the installer prompted me to change it again. It then copied all the packages over fairly quickly while I read a bit about Annvix on its Web site. The front end to the package manager is clearly APT, but the back end used is RPM. The developers feel that APT offers a more usable interface than yum, and that RPM is a good package manager.

When the copy was complete I rebooted. The initial boot was so surprisingly fast that I rebooted to time it. It took 17 seconds from the bootloader to a login prompt, including just over five seconds of waiting on DHCP, which could be avoided. This is much faster than any other vanilla install I've booted on my AMD Sempron 2800 with 512MB of memory. Certainly there didn't seem to be much bloat in Annvix.

When I logged in and ran apt-get update && apt-get dist-upgrade to pull down the latest code, it ran smoothly, and repeating it caused a kernel upgrade as well. I rebooted to the new kernel and everything ran properly except the loadkeys dvorak comand, which now worked without the full path but only if I added the extension to the file -- again, nonstandard behavior.

I tried to install nano, my preferred text editor for quick updates, only to find it wasn't in the repository. As a matter of fact, when I looked around, I found there were a lot of things missing from the repository, the most notable of which is probably X11/xorg. There are a few libraries referencing x11 but nothing complete, and no xorg packages. I could also find no window managers, which only reinforced my belief that the packages referencing x11 were ghost packages. Clearly the Annvix developers are keen on cutting unnecessary bloat.

There were, however, many important server packages available. While perhaps not containing the widest variety of each type of server, they cover a large range of requirements with Apache2, MySQL, PostgreSQL, NFS utils, Samba, OpenLDAP, OpenNTPD, SpamAssassin, Subversion, Pure-FTPD, Exim, BIND, Dovecot and OpenSSH. Also notable were gcc and all the related libraries, Perl, and Python. A package for Apache+Perl and one for Apache+PHP were both available, so I installed the Apache+PHP package as well as MySQL. I set up the users for MySQL, then attempted to run a test page. While PHP had been installed, Apache had not been automatically configured to use it. After all the manual configuration Annvix had required so far this didn't really surprise me. MySQL proved to work properly without any interference, and after I set up Apache, everything I required from my server seemed to work.

It was certainly as bare-bones as it could get. But was it secure?

Two important packages in the repository are Snort, a network intrusion detection system (IDS), and Aide, a host-based IDS made to replace Tripwire. A network IDS monitors network traffic for known attack patterns and possible security concerns. A host-based IDS monitors essential system files, such as the password and shadow files, to see if they have been modified. When they are modified in ways that don't meet the security policy (for example, a new user being added may be OK, but the root user's password changing may be flagged) the software contacts the system administrator. These are both essential tools, along with regular updates, involved in keeping a server secure. I installed both of them, then used Nikto and Nmap on a separate system to scan my Annvix server. Snort picked up on the regular scans as expected, but it surprisingly also picked up on and properly identified the scans which were specifically designed to evade detection systems. This, coupled with the fact that Nessus picked up no viable vulnerabilities while also being detected by Snort, gave me fair evidence that the Annvix install was relatively secure.

All in all, Annvix proved to be almost exactly what it advertised -- a stable, secure, server-oriented distribution providing a base platform for whoever needs it. It is very well documented and reliant on an administrator for configuration instead of scripts. If you have been wanting to get into the nitty gritty of GNU/Linux for some time and didn't know where to start, Annvix is a great base until you're ready to build your own distribution from scratch. It will force you to learn by doing, and it guides you each step of the way. Anyone looking for a server distribution might find Annvix a viable alternative to a solid but out-of-date Debian base. Either way, Annvix is worth looking into.

Preston St. Pierre is a computer information systems student at the University of the Fraser Valley in British Columbia, Canada.

Share    Print    Comments   

Comments

on Annvix: A stable, secure, no-frills server distro

Note: Comments are owned by the poster. We are not responsible for their content.

but no Sparc64 port

Posted by: Anonymous [ip: 195.224.196.100] on January 16, 2008 05:02 PM
meh

#

Annvix: A stable, secure, no-frills server distro

Posted by: Anonymous [ip: 68.149.51.213] on January 16, 2008 06:08 PM
Actually, you shouldn't have had to configure anything to get php working out of the box. You just need to execute "apt-get install httpd-mod_php" and everything should be installed and configured. What you may have done was install apache, then installed php after the fact; you would need to have to restart apache to get it to pick up the configuration changes.

In regards to X, the x11 libs that are there aren't ghost packages, but are the minimal amount required to build other packages that rely on some stuff from the x11 libs. But there has never been an X gui in Annvix, since day one. =)

#

Re: Annvix: A stable, secure, no-frills server distro

Posted by: Anonymous [ip: 70.78.129.157] on January 18, 2008 11:08 PM
> Actually, you shouldn't have had to configure anything to get php working out of the box.

I agree. But that wasn't the case. I installed the httpd-mod_php package as outlined on the website. PHP was not enabled by default. In addition to that, as an example of something that should have also been changed, "index.htm" was still the default page to load, and "index.php" was nowhere on the list.

-Preston

#

Annvix: A stable, secure, no-frills server distro

Posted by: Anonymous [ip: 217.216.157.2] on January 16, 2008 06:51 PM
Nice pamphlet but, man, 'out-of-date Debian base...' WTF?

Do yo know what 'stable' means?

#

Annvix: A stable, secure, no-frills server distro

Posted by: big bear on January 17, 2008 02:43 PM
One of the more interesting things that comes up in server base discussions is productivity vs 'bloat' aka, added apps and services.

So many "gurus" decry having anything but the most basic system and building a server up from scratch. While this does ensure that the system installed is tuned exactly to the needs of the network/system and the purpose of the server/machine, it costs in productivity.

Time used to make 'common' settings and adjustments could be better spent in having the server up and running. Stability takes no hit in using a base that has been 'pre-configured' to the most common standards.

All of this boils down to idealism vs productivity. in a school or education environment, it is good to 'start from scratch' to help the tech/admin know how things work and what to expect. In a 'production' situation, there is great savings in time and configuration in getting a server in use.

Bases like Annvix are good for educational/idealistic environments. but in a production environment, no company will spend the time to 'start from scratch' when there are perfectly viable offerings that provide basic 'pre-con' systems already.
[Modified by: big bear on January 17, 2008 02:44 PM]

#

Annvix: A stable, secure, no-frills server distro

Posted by: Anonymous [ip: 68.149.51.213] on January 17, 2008 04:46 PM
Annvix isn't Gentoo... =) You don't have to compile things on your own to get (most) of the goodies you'd expect in a server environment, which the author outlined above. Yes, there is no GUI, and no GUI configuration apps, but so what? It includes vim and all these server apps have well-documented configuration files. And it's also just as pre-configured as any other distro.. no one expects you to write the apache configuration files from scratch.

Bottom line is that Annvix is spartan in some areas, sure... it doesn't come with a dozen different text editors; it comes with one (although you can compile joe or nano via ports very easily). A lot of it will work "out of the box" with minimal configuration -- same as any other distro. There is no "start from scratch" with Annvix. It's pre-compiled, pre-configured, does quite a bit of hand-holding and setup during the install (despite no GUI installer). If it was a start from scratch distro, do you honestly think you could have a full-blown webserver with php, apache, mysql, etc. installed on a system in under 20 minutes? And that includes you manually partitioning and formatting the mount points (yeah, that part is a little old-school, but then again you don't have some GUI making dumb assumptions for you).

#

Re: Annvix: A stable, secure, no-frills server distro

Posted by: big bear on January 18, 2008 04:38 AM
"(yeah, that part is a little old-school, but then again you don't have some GUI making dumb assumptions for you)."

GUI interfaces don't make assumptions. at least not if they're good ones. Their job is only to graphically represent options and choices one would select for a given command or app that would normally be present from the command line.

I should have clarified myself, Annvix is not 'start from scratch' that is true, It does come across as such though. there is some pre con in regard to the startup of many services. Still, it is not as productive for a small business owner or relatively new tech to install and setup as it would be easy for an experienced Linux Tech who knows what to expect from a command line interface.

All in all, a good learning tool , perhaps a good tool for more experienced Linux folks, that's about it.

#

Annvix: A stable, secure, no-frills server distro

Posted by: Anonymous [ip: 68.149.51.213] on January 18, 2008 03:05 PM
You're completely right. Annvix was never meant to cater to the "noobs" or people who don't know the CLI. I don't believe the developer ever intended or marketed it as such. It's definitely a distro with a requirement of some experience (although, having said that, it's not hard to learn... *if* you want to learn).

#

Re: Annvix: A stable, secure, no-frills server distro

Posted by: Anonymous [ip: 65.24.146.151] on January 21, 2008 05:36 AM
It in fact requires quite a bit of experience if you want to get a number of packages working.

For instance, the Apache installer, and the mod_php installer through apt worked great, however apt did not set up the handler right for php files. Netfs was another application, that while it did come pre-installed, it was lacking a few of the programs that are required to make it work properly. Portmap being one of them, as was nfs-utils for rpc.

That being said the speed, and cleanliness of the distro more than outweighed the minor inconveniences in my opinion. I also do recommend this distro to anyone that much like me, learns a lot better when you need to get something working, rather than when it would 'just be nice'. I would have learned a lot more when I was just learning linux if the distro forced me into these steps. Whereas Red Hat 3.0 walked you through everything.

-Rob

#

Annvix: A stable, secure, no-frills server distro

Posted by: Anonymous [ip: 210.151.30.16] on January 31, 2008 01:10 AM
You don't have to keep complaining about dvorak, it's far from a show stopper... and is just a personal preference that never hurts without it and is only for small amount of people. And serious servers don't need fat bloat X11...

#

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya