3. Feature Sets

3.1 Current Features:

Master References and Recommended Guidelines

• An extensive URL library and current version list for all installed and recommended Linux tools and applications
• Example guidelines on documenting the hardware and partition layout of your specific hardware

Linux Distribution Thoughts:

• Thoughts and recommendations on picking a Linux distribution
• A common "Search & Replace" example template throughout the document for both better clarity and the ability to use Search/Replace tools to customize this doc to YOUR specific setup

Core OS setup:

• Configuring, compiling, installing, and booting both a 2.2.x & 2.0.x kernel
• Lilo configuration, security, and recovery
• PCMCIA / CARDBUS PC-Card Services
• Software RAID 0 (striping) hard drives
• 7-CD SCSI CD-ROM changer system
• Automated Patching via RPM notifiers
• EXT2 file system tuning
• IDE hard drive performance optimization
• Dual printing system support for both UNIX and Windows/Samba hosts

Network Connectivity:

• Strong, configurable, and well commented IPCHAINS and IPFWADM packet firewall rule sets for SINGLE, DUAL, and THREE NIC environments. This section also incluides a complete intro on how Packet and Stateful Inspected firewalls work
• Automated rollback script for the loading of rc.firewall rule sets so that if you make an error in the firewall rule set and the rule set doesn't complete execution, a backup rule set will be automatically loaded to restore connectivity.
• Full LAN masquerading (NAT or Network Address Translation) using private IP addressing
• Masq IP port forwarding support (PORTFW)
• Three Ethernet network card support setup and TCP/IP Performance optimization (modem and cable modem users w/ DMZ support)
• DNS servers running both primary and secondary zones using Bind in a CHROOTed and and SPLIT Zone configuration
• Full Sendmail-based SMTP and backup SMTP e-mail system support w/ domain masquerading & Anti-SPAM measures with support for more than one Internet domain on one EMAIL server
• IMAP4 / POP3 remote email service
• DHCPd server for other LAN machines (laptops, etc)
• DHCPc Linux client setup for getting TCP/IP addresses
• SAMBA: Full Microsoft Windows file & printing support
• NFS: Full Sun RPC-based Network File System support
• IPSEC (Swan) VPN [Almost Complete]
• PPTP VPN client and forwarding through IPMASQ
• HTTPd WWW server support
• PPP connectivity for primary PPP connectivity AND backup PPP connections
• Dial-on-Demand (Diald) Internet connections (modem users) - Automatic Internet connections every 15 minutes (modem users)
• Direct dial-in terminal / PPP access via a modem
• NTP time calibration
• Full UNIX printing via LPR

Security:

• Complete physical and OS-level security recommendations and guidelines
• Full SSHd (encrypted TELNET) support
• Actively Updated Linux system security and patching (Shadow passwords, etc)
• Advanced SYSLOG logging and nightly filtered reports emailed to the root user
• Prioritized TrinityOS "CRITICALITY" rating system in the CHANGELOG section to gauge the level of urgency of security vulnerabilities, system mis-configurations, etc.
• NMAP port scanning to test your packet firewall
• Anonymized Sendmail Banners

System backup:

• Minimum backups to floppy
• Full backups via Hard drives or to tape using BRU with emergency restore diskette creation
• Full APC SmartUPS power down support (APCUPSd) with both paging support and plotting power stats with GNU Plot to a graph which is emailed via "Sendlogs"
• Backing up the server to a CD-R [not completed yet]

More extensive guides:

• How to fix LILO, HD partitioning, and file system corruption
• How to obtain an Internet domain(s) via a domain registrar
• How to successfully move Internet domains across DNS servers and/or TCP/IP addresses
• How to recover from your box being hacked and how to RE-secure it
• Full documentation on how understand and FIGHT all that SPAM email
• How to understand and fight SPAM email
• SSH encrypted PORTFW VPN tunnels for email, etc

3.2 Future Features:

(Won't be implemented in any particular order)

* TrinityOS TO-DOs:

• Add more "Configuration via GUI tools" sections

* Network stuff

• Give instructions on compiling Xntp
• Modularize the rc.firewall rulset so updates can be transparent and not require additional tailoring for each update.
• Remove LPR and replace it with LPRng or CUPS
• IPv6: Configure and setup IPv6 and possibly setup a IPv6 tunnel via the 6Bone
• Dial Backup: Add automatic analog modem dial backup when the ADSL/Cable modem goes down
• CODA: Replace NFS support with CODA
• Add a CACHING only setup for DNS
• Setup a email list server (MajorDomo, Petidomo, dunno yet)
• Email sent dynamic IP address exception requests for access through the TCP Wrappers and the IPFWADM rule sets
• DHCPc client setup for Cablemodems
• 128-bit encrypted Apache SSL WWW server
• Move over to xinetd for better DoS protection
• WWW Proxy services
• WWW banner add filtering
• Give instructions on compiling Xntp

* Security Stuff

• Replace the Sendlogs script to use either Swatch or LogSentry
• Automate the firewall hits logging for trend analysis
• Install PGP / GPG for secure and/or verified communications to: other users, Internic, binaries/source code verification, etc.
• Tripwire Security Breech monitoring [not completed yet]
• SATAN / SAINT / Nessus / COPS / ISS security testing

* Application stuff

• Get Sendmail to run in an SMRSH shell
• Implement Procmail to do local email filtering
• Setup fetchmail to get remote email vs. setting up a remote .forward

* Administration stuff

• Rotate the UPS logs
• Implement automatic weekly incremental tape backups to a tape drive.

* System Stuff

• Iomega parallel ZIP drive support