Cover V09, I07
Article

jul2000.tar

Smaller is Better

Ron McCarty

Network and systems administrators often find themselves wishing they had 10 systems as opposed to the three at the office and two at home. To meet this need, many admins collect old systems and stack them around the office until they have time to track down the original OS, reinstall, and configure the system. We've probably all been stuck with cleaning up after such an admin after he leaves the company and doesn't take his unconfigured systems with him.

Small UNIX distributions can give you the flexibility of having customized versions of UNIX without having hardware stacked to the ceiling. Small UNIX distributions also allow you to try out an OS without a complete reinstall and create your own distribution for customized applications within your organization. Small UNIX distributions lend themselves well to being sniffers, routers, firewalls, mini-Web servers, and other network appliance-like applications.

This month I'll cover what to look at when picking mini-distributions. Additionally, I'll cover the mini-distributions that I've used and can recommend, as well as some pointers to other distributions for your own investigations. This article will be limited to Intel-based distributions since there is a wide choice of distributions for Intel hardware and very limited choices outside those running on Intel.

System-Centric Mini-Distributions

Although not limited to a single distribution, it is important to put together a check list of features you're looking for in small distribution. Generally, I think of distributions as either being system-(host) or network-centric.

System-centric mini-distributions typically include the necessary tools for file, data, and disk manipulation for system recovery actions ranging from resetting the root password, to uploading a file to replace a damaged file, to pulling down a backup before the system gives up its ghost completely. A general checklist for these distributions includes: vi, cat, more, grep, sed, dd, tar, fdisk, gzip, and the appropriate filesystem support. If shell scripting is required, be sure to check what the distribution includes as a shell. The “standard” Bourne shell is often not included.

System recovery is not the only application for system-centric mini-distributions. Any application requiring a small OS or read-only OS is an ideal application for such a distribution. These distributions can act as syslog servers (storage or a printer is still required), lab computers for UNIX beginners, and system monitoring tools.

Network-Centric Mini-Distributions

Network-centric mini-distributions contain tools for troubleshooting, analyzing, and auditing networks. In addition to the standard tools we expect from all modern UNIX systems like netstat, ping, and traceroute, your network mini-distribution should include the advanced tools to assist in networking tasks (including port scans, network sniffing, and vulnerability analysis). Many of these distributions have actually been put together to act as an Internet gateway with proxy or NAT capability, so PPP and NAT support are very common and are often the first to be removed by administrators customizing their distributions. Depending on the application, you may also wish to have some of the common services such as SMTP, telnet, and SNMP support.

Network-centric distributions also make ideal security tools (such as intrusion detection systems and sniffers) since permanent changes to the OS requires physical access to the box to remove the write protect from the disk. (Hardening and auditing the system is still required since a break-in may go unnoticed and can be harder to trace if the system reboots.)

Besides the included network tools, the network interface card support is a very important feature of the distribution. However, if your network interface card is not supported, and the network card is supported by Linux, then support can probably be added by you or one of the many supporters on the Internet.

BSD

FreeBSD has dedicated a page to its efforts to port the OS and utilities to small footprints: http://www.freebsd.org/~picobsd/, which is really a lead into its PicoBSD distribution at: http://www.freebsd.org/~picobsd/picobsd.html. PicoBSD is a one-floppy distribution that is easily created using a single dd command under UNIX, or the ever-popular rawrite.exe DOS command. (Most distributions are created using these commands.)

PicoBSD supports kernel configuration during bootup, but unlike the normal cryptic parameter passing on bootup, the PicoBSD supports a full screen visual mode that allows the devices and their configuration parameters (IRQ and I/O port) to be selected using the cursor keys.

PicoBSD is missing the vi editor but does include common network tools including netstat, ping, and traceroute. The network distribution of PicoBSD only has about 41-K free space available on the floppy, so there is not a lot of room to add programs. However, PPP and telnet daemons, as well as a network address translator, are included with the distribution and can be removed to make room for other tools.

Kevin Rose and Charles Davidson's article Embed Together: The Case for BSD in Network Appliances:

http://www.unixreview.com/administration/articles/9906of2.shtml
gives some good arguments for choosing BSD as an embedded systems. These arguments are also valid for small distributions with very specific applications.

With the large number of security Internet appliances, I hope we'll be seeing a mini-distribution based upon OpenBSD. (OpenBSD is well known for the hardening that its supporters have put it through.)

Linux

Linux's popularity and the abundance of Intel hardware has created a whole arena for Linux mini-distributions. A good starting point to see the number of mini-distributions available is:

http://freshmeat.net/appindex/console/mini%20distributions.html
Pocket Linux (http://pocket-linux.coven.vmh.net/) is a single-disk distribution that has gained widespread popularity. Pocket Linux is oriented towards the systems administrator with some network applications thrown in for good measure. Tools include dd, find, grep, and sed, as well as the partitioning tool cfdisk. Client network tools include custom ping and traceroute, secure shell client version 1.2.20. The PPP daemon is also included. Pocket Linux's toolbox includes such a wide choice of tools that it can act as the emergency boot disk for many systems. It is amazing how much the distribution's creator got on this one disk.

The current version of Pocket Linux is version 2.51, which includes the 2.0.35 kernel and supports 11 common network cards including 3Com and NE2000s. Pocket Linux also supports a large number of filesystems including vfat (Windows) and NFS. Pocket Linux can be downloaded at:

http://pocket-linux.coven.vmh.net/download.html.en
Be sure to download the image-2.51-fix.bin since the original 2.51 bootp support was broken.

Trinux: Linux Security Toolkit (http://www.trinux.org/) is a favorite among network administrators, because it includes such a wide range of networking tools. It is also a large distribution that typically includes three disks. Trinux does support a one-disk boot with limited functionality; however, the limited functionality does support limited file utilities such as vi, tar, gzip, and grep. Where Trinux really shines, of course, is with its network tools. nmap (http://www.nmap.org/) comes with Trinux, making the package work simply having quick port scanner available when traveling. Additionally, the basic network tools like ping and traceroute, tcpdump, ntop, and snmp tools (snmpget, snmpset, and snmpwalk) are included.

The Trinux distribution is modular in design, so as new packages are added, new floppies can be used with memory limiting the size of the RAM disks where the packages are loaded. Trinux also includes TinyX, a small X Window system. The current version of Trinux is version .051 and can be downloaded from:

ftp://sunsite.unc.edu/pub/Linux/distributions/trinux/images/stable/
Looking Around

Depending on the qualifications for classifying a distribution as a mini-distribution, there are anywhere from 20 to 80 mini-distributions of Linux. As mentioned, many of these distributions are Internet gateways and some are distributions that fit niche markets such as the Linux Router Project (http://www.linuxrouter.org/). Many of the newer mini-distributions are targeted toward the Windows user. These distributions allow Linux to be installed without repartitioning the disk drive, which scares many new users away from trying the OS.

To make the best distribution choice, check out Pocket Linux and Trinux and some of the other distributions and ask your colleagues and peers what they are using. If you find any that should make me reconsider my favorites, drop me an email. If you cannot find a distribution that meets your needs, then you can do like the other mini-distribution creators and roll your own.

About the Author

Ronald McCarty received his bachelor's degree in Computer and Information Systems at the University of Maryland's international campus at Schwaebisch Gmuend, Germany. After completing his degree, Ronald McCarty started his network career as network administrator at the Schwaebisch Gmuend campus. Ronald McCarty currently works for Software Spectrum, Inc. as a network engineer in the IT&S Network Services Project's team. He spends his free time with his two best friends in the world: his daughter, Janice, and his wife, Claudia. Ron can be reached at: ronald.mccarty@gte.net.
 

© 2002 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com