All operations performed require user privileges root.
Astra Linux uses its own utility to configure networks wicd. In general, it is quite convenient, but it has a fatal flaw - we did not write it, the network will not work until the user is authorized in the system. For ordinary computers, this is nothing to worry about, however, for a server this is a big problem, since sometimes it has to be rebooted via SSH.
Let computers be on the network with addresses 192.168.0.XXX , where XXX is a number from 1 to 254.
Configuration is done by editing the /etc/network/interfaces file. Each network interface (network card, although this is not quite the correct name) is configured separately. Server settings look like this:
/etc/network/interfaces
Auto lo eth0 iface lo inet loopback iface eth0 inet static address 192.168.0.1 netmask 255.255.255.0 gateway 192.168.0.1 # As a gateway - our server with IP=1 network 192.168.0.0 # Specify the network, this is required to work as part of ALD broadcast 192.168.0.255 # ALD server since Astra 1.5 will throw an error if it doesn't # see this parameter in the network settings. dns-nameservers 192.168.0.1
The first line auto lo eth0 specifies which interfaces should be running when the OS boots. I note that the local loop lo must be present there in any case.
Let's skip the description of the local loop and go straight to the network interface.
| iface | Keyword indicating that the description of the network interface will follow |
| eth0 | Specify that this network interface should be bound to the eth0 network card. You can view the list of maps with the command: lshw -class network |
| inet | We indicate that this will be a network setting. |
| static | In this case, all settings will be specified manually. |
| address | Computer IPv4 address |
| netmask | Subnet mask. |
| gateway | Gateway, i.e. the IP address through which the Internet connection is made. Usually, the address given by the provider is indicated on the server, but in our case (the segment closed from the world), let it be 192.168.150.1, i.e. the computer refers to itself. |
| dns-nameservers | Space-separated list of DNS server IP addresses. Useful when deploying EPP under Astra Linux and configuring the bind application. |
On client computers, the settings should be done in the same way, changing only the fourth octet in the address field.
The setup doesn't end there. Now you need to disable the autorun of the built-in utilities and stop the already running instance of the wicd service, and then restart the network support service.
Service wicd stop chkconfig wicd off rm /etc/xdg/autostart/fly-admin-wicd.desktop service networking restart
Astra Linux- specialized modification of the distribution kit Debian GNU/Linux, created for the comprehensive protection of information and the construction of secure automated systems. Releases of the operating system are named after cities of military glory, the names of hero cities Russia and countries CIS.
A secure operating system is in demand primarily in Russian law enforcement agencies, special services and government agencies. Astra linux being developed JSC "NPO RusBITech"and ensures the degree of protection of processed information to the level of state secrets" top secret" inclusive. The operating system is certified in security certification systems Ministry of Defense of the Russian Federation, FSTEC and FSB of Russia, included in " Single register" Russian programs Ministry of Telecom and Mass Communications of Russia.
Astra Linux available in spirit variants, as a free general purpose version (common edition) and as a commercial special-purpose version (Special edition) designed to process top secret documents. According to the developer " Astra Linux License Agreements"are developed in strict accordance with the provisions of the legal documents of the Russian Federation and" international legal acts", while not contradicting the spirit and requirements GNU General Public License (GNU GPL). The price of the commercial version includes the cost of its certification.
Astra Linux Common Edition intended for medium and small businesses, educational institutions and personal use. The system is designed to work on a hardware platform with architecture x86-64 and distributed as a fully functional live (LiveDVD) system, with the ability to install and installation disk (can be installed from a USB stick or over the network). Installing the system on a hard drive practically does not clothe from installing the original Debian GNU/Linux (differences are minor and insignificant).
Part Astra Linux Common Edition includes free applications (system and user) and author's solutions of developers Astra Linux Special Edition, allowing you to expand its use as a server platform, at user workstations, or use as a " home" operating system.
Astra Linux Common Edition has a fully functional Qt graphical work environment FLY, this is the own development of the authors of the project. All apps from fly-perfix are part of the environment, all utilities for setting up the working environment are collected in " Control Panel".
On operating systems Astra Linux implemented mandatory access control method (MAC - Mandatory Access Control) and is used along with the traditional POSIX-systems by discretionary method of access control (DAC - Discretionary Access Control). The mandate system effectively complements the discretionary method, the weak point of which is the dependence of access rights to objects on the wishes of their owners. The credential system provides a centralized definition of access rights to any system objects based on their sensitivity labels and ranking of all users according to the ability to access them.
Astra Linux has its own MAC-module, a compact and well-thought-out solution in administration, on the one hand, not inferior to SELinux in functionality, and on the other hand, taking into account the peculiarities of the operation of the system in the realities of processing Russian confidential information (which greatly simplifies the certification process). The development of our own module of the mandatory access control system made it possible to effectively modify other components of the system.
In addition to its own mandate system Astra Linux provides its own mechanisms for cleaning RAM and file system blocks that contained previously processed confidential data (this is one of the certification requirements for such systems). This is implemented as a stand-alone process, access to which is strictly limited, and none of the user applications can stop the cleaning process in order to secretly collect information about previously processed secrets.
Astra Linux Common Edition User Application Suite:
Astra Linux is a niche solution designed for government agencies and large companies with special information security requirements. For an SMB or home user, this distribution is unlikely to be of practical interest. A really poor repository, an extremely conservative update policy, a unique and unlike anything working environment...
At first glance, the meaning of the existence of the Astra Linux Common Edition, available for download to everyone, is not even clear. Why does an ordinary user, who is not burdened with the need to use exclusively certified solutions, need a system with a lot of limitations and inconveniences? Nevertheless, there is a reason for installing and studying this solution.
For a number of reasons, Astra Linux is the main candidate for the implementation of the import substitution program. It is possible that this particular system will soon be actively used in the public sector and large companies.
Therefore, knowledge of Astra Linux can become some competitive advantage in employment in such institutions. And, in any case, it will help you get started faster, even if this issue is not raised at the interview.
Of course, in this case we are talking about an ordinary user of the system, and not an administrator, who should hardly rely solely on self-education, and not on special courses. Moreover, even the ability to work in Linux is not a guarantee of a “quick start” with Astra Linux. The reason for this is the unusual and unlike anything Fly desktop, designed specifically for this distribution.
This feature of the solution is not at all a consequence of the desire of developers for self-expression, but a necessity caused by increased requirements for system security. Unfortunately, the usual work environments do not meet these requirements.
Obviously, the most effective way to master the desktop environment is to use it in practice to solve your daily tasks. There are two ways to do this.
The first is to use the system "as is". Which is not very convenient due to the extremely meager repository, which probably does not contain several familiar applications. And the programs have nothing to do with the Fly interface.
The second is to try to "equip" the system, if not to a state of convenience, then at least to an acceptable level in terms of usability. Probably the one to choose.
However, unfortunately, the Common Edition version is not without a number of errors and solutions that are simply unsuccessful for learning. Therefore, first you have to work a little to "bring the system to mind."
However, even its installation will require a certain ingenuity from the user. The problem is that the repository is incorrectly specified in the installation program. In order for the process to complete successfully, you need to enter the correct addresses: mirror.yandex.ru/astra/frozen/orel/1.10/repository/ for the fixed version or mirror.yandex.ru/astra/current/orel/repository/ for the current one.
Users will also probably be confused by the required password length - at least eight characters. From the point of view of information security, this is correct and justified, but for training it is absolutely not necessary. Therefore, there are no reasonable barriers to reducing the password to a user-friendly size.
To do this, open the /etc/pam.d/common-password file, where in the line "password pam_unix.so obscure sha512" delete the word "obscure" and add "minlen=N" (N is the desired number of characters in the password). You can then change the password with the passwd command.
After this small and optional warm-up (after all, it would be nice to get used to long passwords too, so that you don’t feel this discomfort later), you will have to deal with a serious localization error, which is easy to verify by entering the locale -c command. Or press the right button of the touchpad and see the "empty" context menu. Finally, you can just try to type Russian letters in the console and see what happens.
This error is corrected as follows. First you need to install the Russian locale with the localedef ru_RU.UTF-8 -i ru_RU -fUTF-8 command. And then write the following lines to the /etc/default/locale file that describe the environment variables:
LANG="ru_RU.UTF-8"
LC_ALL="ru_RU.UTF-8"
The system is updated by default from the installation media. That is, there will be no update. Activation of the repository specified in the settings, unfortunately, will fail, because here it is specified incorrectly.
Although, most likely, even if you specify the correct address, the system will report that all packages are up to date. Which will cause a fairly experienced user questions. In particular, Firefox 44 is installed in Astra Linux Common Edition, while the current version of the application is 47. This is the very conservatism that you have to put up with.
Advice to users who want to install applications missing from the repository was given by Yuri Anoshko, General Director of NPO RusBITech, in his interview: “If someone does not have enough programs included in the Astra Linux distribution, you can easily connect the huge Debian repository, with which we provide compatibility for functionality enhancements.
To do this, specify the repositories in the /etc/apt/source.list file:
deb http://mirror.yandex.ru/debian wheezy main contrib non-free
# Multimedia Wheezy
deb http://mirror.yandex.ru/debian-multimedia wheezy main non-free
Then you need to update the package lists with apt-get update and install the repository keys with apt-get install debian-archive-keyring deb-multimedia-keyring. After the list of packages is updated again, they will be available for installation.
Of course, you can install not only packages from the Debian repositories, but also any applications distributed through deb packages intended for this system. For example, the Opera browser.
After these operations, the system becomes suitable for solving most user tasks. Including the practical development of the Fly desktop.
Russia, as you know, is the birthplace of elephants. As well as missile systems, submarines, tanks and, as it turned out, no less armored operating systems. If you work in IS and live in Russia, then this is exactly the type of weapon that you can be interested in and even be proud of. Astra Linux SE is one such OS. Our author Evgeny Lebedenko is an expert on such systems, so get ready to take Linux security seriously!
Operating systems today are not just a set of utility functions that allow a computer to work. Operating systems have begun to play a huge role in the world of consumer electronics: Microsoft adapts Windows for all possible devices, Apple experiments with the interface of mobile and desktop systems, Google develops Android and at the same time turns Chrome into an operating system.
In a corporate environment, OS progress is also in full swing: software-defined networks (SDN), virtual servers, global and private clouds. Here, it is not usability that comes to the fore, but security and compliance with strict security requirements.
There is another area in which protection is paramount - OS for government and military needs. This is another parallel world of operating systems - insanely conservative, but there is progress in it too. And not only abroad, but also here. A case in point is the Astra Linux SE distribution.
Five years. Flight is normal
Astra Linux is not the only Russian secure distribution. There are others, and all of them have successfully passed the test in certification bodies and found their market niches. The brainchild of NPO RusBITech is no exception. Astra Linux SE with enviable regularity receives certificates of conformity in the certification systems of the FSTEC, the Ministry of Defense and the FSB. The current versions have an “expiration date” until 2018.
On the basis of Astra Linux, dozens of information systems have been deployed and are functioning - both in government and commercial structures. Among them, for example, are such large ones as a secure platform for the state automated system of state defense orders.
Astra Linux was also noted in the now popular topic of import substitution. It is likely that the state authorities of the most "sanctioned" Russian region - the Republic of Crimea - will use this OS as the basis for their IT infrastructure. In general, RusBITech managers have something to be proud of. But, of course, we are not most interested in those achievements that are associated with sales and success stories.
The first release of Astra Linux came out at the end of 2009. Since then, the distribution has been improving, following the main Debian branch, but at the same time, the developers do not forget about the main thing - increased security. The RusBITech enterprise is well equipped with scientific personnel and at the same time actively cooperates with universities and research institutes that specialize in information security.
The features that make Astra Linux 1.4 unique are related to this topic. The proprietary PARSEC security subsystem uses a formal access control model. It was developed at the Institute of Cryptography, Communications and Informatics of the Academy of the FSB of Russia, and the Linux OS Verification Center of the Institute for System Programming of the Russian Academy of Sciences took part in the quality assessment. The implementation of this model in Astra Linux SE is being phased in, and version 1.4 has added most of it, but not the last one.
MAC in LSM. Far from fast food in access control
Before analyzing the access control model in Astra Linux SE 1.4, some basics should be remembered. Obviously, users of information systems need access to data, as well as to the set of OS mechanisms that provide this access, for example, to file systems and network protocol stacks.
Continued available to subscribers only
Option 1. Subscribe to "Hacker" to read all the materials on the site
Subscription will allow you to read ALL paid materials of the site during the specified period. We accept payment by bank cards, electronic money and transfers from the accounts of mobile operators.
From time to time I test "Russian" Linux distributions. So I'm a fan of Live distributions, but this time there will be a review of the distribution with installation on the hard drive. For the simple reason that RusBITech does not have a Live version of the Astra Linux Common Edition distribution kit.
So, today on the Astra Linux menu, which is, further a quote from their website:
"It is a Linux-class operating system operating on a hardware platform with x86-64 architecture, which includes free software components and author's solutions from the developers of the Astra Linux Common Edition operating system, which allow expanding the possibilities of its use as a server platform or in the workplace users."
Spoon one
The installation started right off the bat. The first thing that the installer issues is a license agreement and a request to agree to this agreement. Just like in Windows :)
In principle, there is nothing wrong with this. The same, for example, in another "Russian" distribution kit - Alt Linux. But here the problem is that there are restrictions in the RusBITech license agreement: a ban on decompilation and a ban on rent and, apparently, on sale (clauses 3.1.1 and 3.1.2 of their license agreement).
No, of course, each software developer has the right to decide on what conditions to provide his program. But mine. Not someone else's.
And then the guys took the code of Ubuntu and Debian distributions, added some of their own code, and for all this generally impose their restrictions.
Meanwhile, the distributions of Ubuntu and Debian differ precisely in that they are reverent about the freedom of distribution of software. So reverent that all software packages under restrictive licenses are allocated to separate repositories. For every user to see - here is free software, and here is non-free software.
And most of the code of Ubuntu and Debian distributions is distributed just freely, under the GNU GPL license, in which there are no prohibitions on selling, renting or decompiling the code. In the context of the GNU Linux operating system, the very concept decompilation that's bullshit. Since any GNU Linux OS programs are distributed in source codes. That is, you do not need to extract the source code using the decompilation of the binary code :)
It is this - the availability of source codes and the absence of prohibitions on their use - that allowed the guys from RusBITech to create "their" operating system. And by the way - they themselves, with a clear conscience, sell someone else's code (the code of Ubuntu and Debian distributions) in their version of Special Edition. And we, the end users, are forbidden to do so. It's ok, yes :)
I would like to look at these "programmers" if there were such prohibitions in the GNU Linux community - on the use of source codes for example. How would they get "their" OS in this scenario? Would you really write the whole OS yourself? :)
Finishing this thread.
It would be correct, on their part, to indicate the list of programs that they actually wrote themselves, from scratch, and link this license agreement to these programs and only to them.
Without appropriating the results of the work of thousands of people from around the world :)
As an example of a normal license agreement, you can take those offered by the Alt Linux and Rosa Linux teams for their distributions. There, the free and non-free components of the distribution are separated and there are no restrictions on free components. And in the Rosa Linux distribution, developers also distribute their code under the GNU GPL license.
Spoon two - appearance
Again about tar. This time it's about design. At the first entry into the installed system, at the first movements in it, it becomes clear - the eclectic design of Astra Linux is a mixture of Windows XP and Linux KDE styles. In general, mixing styles is a well-known technique. But here the problem is that the people who created the design of the Astra Linux graphical environment are unprofessional. And as a result, the appearance of the Fly graphical environment makes a depressing impression.
If you live in Krasnodar and are passionate about installing Astra Linux- call, write:
Ivan Sukhov, 2015, 2018 .
If you found this article useful or just liked it, then don't be shy - support the author financially. This is easy to do by throwing money on Yandex Wallet № 410011416229354. Or on the phone +7 918-16-26-331 .
Even a small amount can help writing new articles :)
