3. Feature Sets

3.1 Current Features:

Master References and Recommended Guidelines

• An extensive URL library and current version list for all installed and recommended Linux tools and applications
• Example guidelines on documenting the hardware and partition layout of your specific hardware

Linux Distribution Thoughts:

• Thoughts and recommendations on picking a Linux distribution
• A common "Search & Replace" key to customize this doc to YOUR specific environment

Core OS setup:

• Configuring, compiling, installing, and booting both a 2.2.x & 2.0.x kernel
• Lilo configuration and security
• PCMCIA / CARDBUS PC-Card Services
• Software RAID 0 (striping) hard drives
• 7-CD SCSI CD-ROM changer system
• Automated Patching via RPM notifiers
• EXT2 file system tuning
• IDE hard drive performance optimization
• Dual printing system support for both UNIX and Windows/Samba hosts

Network Connectivity:

• Strong, comfigrable, and well commented IPCHAINS and IPFWADM packet firewall rule sets with a complete intro on how Packet and Stateful Inspected firewalls work
• Full LAN masquerading (NAT or Network Address Translation) using private IP addressing
• Masq IP port forwarding support (IPportfw)
• Dual 10Mb/s Ethernet network card support setup and TCP/IP Performance optimization (modem and cable modem users)
• How to setup fully authoritative primary and secondary DNS servers (Bind v8.x) in a CHROOTed and and SPLIT Zone configuration
• Full Sendmail e-mail system support w/ domain masquerading & Anti-SPAM measures with support for more than one Internet domain on one EMAIL server
• IMAP4 / POP3 remote email service
• Masq IP port forwarding support (IPportfw)
• DHCP server for other LAN machines (laptops, etc)
• DHCP client setup for TCP/IP addresses
• Samba : Full Microsoft Windows file & printing support
• NFS: Full Sun RPC-based Network File System support
• IPSEC (Swan) VPN [Almost Complete]
• Apache WWW server
• PPP connectivity for primary PPP connectivity AND backup PPP connections
• Dial-on-Demand (Diald) Internet connections (modem users) - Automatic Internet connections every 15 minutes (modem users)
• Direct dial-in terminal / PPP access via a modem
• How to apply for a full Internet domain name via Network Solutions
• Full documentation on how understand and FIGHT all that SPAM email
• NTP time calibration
• Full UNIX (SMB) printing

Security:

• Complete physical and OS-level security recommendations and guidelines
• Full SSH telnet support [Future: X-windows encrypted tunnels]
• Actively Updated Linux system security and patching (Shadow passwords, etc)
• Advanced SYSLOG logging and nightly filtered reports emailed to the root user
• TrinityOS "CRITICALITY" rating in the CHANGELOG section to gauge the level of urgency of security vulnerabilities, system mis-configurations, etc.
• Tripwire Security Breech monitoring [not completed yet]
• NMAP port scanning to test your packet firewall
• Figuring out if you have been hacked.. Confirm it!
• Prioritized ChangeLog to let users know what changes are and are NOT too important
• Anonymized Sendmail Banners

System backup:

• Minimum backups to floppy
• Full tape backup via BRU with emergency restore diskette creation
• Full APC SmartUPS power down support (APCUPSd) w/ paging support
• Backing up the server to a CD-R [not completed yet]

More extensive guides:

• How to fix LILO, HD partitioning, and file system corruption
• How to obtain an Internet domain(s)
• How to successfully move Internet domains across DNS servers and/or TCP/IP addresses
• How to recover from your box being hacked into and how to RE-secure it
• How to understand and fight SPAM email
• SSH encrypted tunnels for email, etc

3.2 Future Features:

(Won't be implemented in any particular order)

* TrinityOS TO-DOs:

• Add more "Configuration via GUI tools" sections

* Network stuff

• Give instructions on compiling Xntp
• Add a WATCHDOG feature to the rc.firewall rule set so that if you make an error in the firewall rule set and the rule set doesn't complete, a backup rule set will be automatically loaded to restore connectivity.
• Modularize the rc.firewall rulset so updates can be transparent and not require additional tailoring for each update.
• Add a single interface IPCHAINS rc.firewall for eth0/1/2 and ppp0/1/2 users
• Remove LPR and replace it with LPRng or CUPS
• Mail Backup: Setup high cost MX records and ETRN email backup
• IPv6: Configure and setup IPv6 and possibly setup a IPv6 tunnel via the 6Bone
• Dial Backup: Add automatic analog modem dial backup when the ADSL/Cable modem goes down
• CODA: Replace NFS support with CODA
• Implement IMAP4 for a complete email subsystem
• Add a CACHING only setup for 8.1.x DNS
• Setup a email list server (MajorDomo, Petidomo, dunno yet)
• Email sent dynamic IP address exception requests for access through the TCP Wrappers and the IPFWADM rule sets
• DHCPc client setup for Cablemodems
• 128-bit encrypted Apache SSL WWW server
• Move over to xinetd for better DoS protection
• WWW Proxy services
• WWW banner add filtering

* Security Stuff

• Replace the Sendlogs script to use either Swatch or LogSentry
• Automate the firewall hits logging for trend analysis
• Install PGP / GPG for secure and/or verified communications to: other users, Internic, binaries/source code verification, etc.
• SATAN / SAINT / Nessus / COPS / ISS security testing

* Application stuff

• Get Sendmail to run in an SMRSH shell
• Implement Procmail to do local email filtering
• Setup fetchmail to get remote email vs. setting up a remote .forward
• Full SVGA X-Windows support w/ the WindowMaker window Manager (Xfree)

* Administration stuff

• Up the logging time on the UPS to 1 second increments and then plot all the stuff with GNU Plot to then be emailed via "Sendlogs"
• Rotate the UPS logs
• Implement automatic weekly incremental tape backups to the TR4 tape drive.
• BZip2 compression w/ tar patches

* System Stuff

• Iomega parallel ZIP drive support