April 7, 2010
I’m sure I’ve mentioned this before, but I maintain a repository of packages for Red Hat Enterprise Linux 5 (arguably these could/should be in EPEL but I’ve not had time to get into the Fedora side of things as of yet… someone will beat me with a wet noodle, no doubt). It’s a very small set of packages so I don’t feel too awful about it.
Anyways, one of my favourite features in Annvix was being able to run the entire system out of runit (Annvix used runit in place of SysVinit). This gave us nicely supervised services using runit (much like DJB’s daemontools). Feeling crappy with the first day of a head cold, I spent some time today over lunch to get runit working with RHEL5. I had to re-tool the package since I don’t want it to replace SysVinit, but run under init and just supervise services (like sshd, exim, etc. — call me weird, but runit/daemontools makes a fantastic watchdog and with sshd running from tcpsvd, I get some nice ACLs to use as well).
At any rate, runit now installs and works properly. Sorry to anyone who wanted to use it (I’ve been meaning to do this for the last year, ever since I switched all of my servers over to CentOS). The runit package also comes with a bunch of run scripts; I’ve not tested them all yet so if you do end up using it and have issues, let me know. I did have to fix a few minor things in a few of them.
At any rate, I’ve chkconfig’d off a few services and have them running supervised now:
# srv --list|grep -v '-'
service status pid started
crond up 2737 04/07/2010 02:16:32 PM
crond/log up 2735 04/07/2010 02:16:32 PM
exim up 2747 04/07/2010 02:16:32 PM
exim/log up 2746 04/07/2010 02:16:32 PM
mdadm up 2738 04/07/2010 02:16:32 PM
mdadm/log up 2736 04/07/2010 02:16:32 PM
ntpd up 2733 04/07/2010 02:16:32 PM
ntpd/log up 2731 04/07/2010 02:16:32 PM
smartd up 2739 04/07/2010 02:16:32 PM
smartd/log up 2734 04/07/2010 02:16:32 PM
sshd up 2732 04/07/2010 02:16:32 PM
sshd/log up 2730 04/07/2010 02:16:32 PM
One thing knocked off my TODO list. Replaced it with going to bed early tonight.
August 25, 2009
This week’s TechMail is Monitor your system for threats with rsec alerts which discusses the rsec tool I forked from Mandriva’s msec years ago (for Annvix). It’s been updated and is available for Red Hat Enterprise Linux 5 (and CentOS 5) as I think it’s still a pretty good tool and complements stuff like logwatch quite nicely. rsec essentially reports on various bits of your system… it lets you know if there are changes to suid/sgid files, points out unowned files, changes to firewall rules, indicates if there are new packages to install, if there are changes to listening services, etc. Basically it took all the best bits (reporting) of msec and got rid of all the crappy bits (that change things).
I have heard that msec now is much better, but have not had a chance to try it although I do try to keep up with the changes to msec related to reporting and fold those back into rsec.
March 17, 2009
Well, sort of.
Annvix is not coming back as an operating system like it used to be, but rather a repository of packages for RHEL/CentOS (currently just version 5). There is very little there right now: a new version of openssh and a new version of logwatch. It will increase as time permits. I do plan on “porting” some of the stuff I had done for Annvix to RHEL5; things like rsec, AIDE+GPG, runit, scripts to use with runit, etc. Essentially those things that were fun to deal with on Annvix, but without the pain of managing a whole OS.
If you feel like giving it a go, just execute:
# rpm -ivh http://repo.annvix.org/media/EL5/x86_64/annvix-release-1.0-2.el5.avx.x86_64.rpm
on your RHEL5 or CentOS5 install (change x86_64 to i386 if you’re using an x86 system). If you have the priority plugin setup on CentOS, make sure you edit /etc/yum.repos.d/annvix.repo and add:
priority = 1
or something suitable. The annvix.org web site will be updated at some point to reflect that Annvix is a repository add-on to RHEL5 now instead of a stand-alone OS.
January 16, 2008
This is quite exciting for me as no one (other than myself) has ever written anything about Annvix before. But today I saw that Linux.com had written a review of Annvix. The title was Annvix: A stable, secure, no-frills server distro and I don’t think the reviewer realized quite what he was getting himself into when he downloaded it, but the review was pretty good.
It’s exciting to see the first review of something you’ve spent four years working on, especially when you’re not the one to write it. =)
December 30, 2007
Just finished releasing Annvix 3.0-RELEASE. It’s been almost a year since the last release and while this one isn’t as significant (in terms of features) as 2.0-RELEASE was, it’s significant in that RSBAC is gone, AppArmor is default, new kernel, new glibc, and a whole host of other new stuff.
If anyone has an account on fsdaily.com, I’d love it if you could vote for the story and help make it hit the frontpage (shouldn’t be too hard, looks like it’s a fairly new site, kinda like digg).
March 30, 2006
I moved all the Annvix-related blog entries to the new Annvix Developer’s Blog since I’m “consolidating” all Annvix-related stuff there. That means this blog will be “Annvix clean” (at least as far as technical-ish stuff goes).
Just a heads up in case you wonder why a) a category was removed and b) why some entries seem to have disappeared.
