Orb Home
Site Map

Daynotes Gang

Go read Brian and Tom's Linux Book NOW!

Orb Designs Test Labs
Install-O-Rama 2001 - Workstation Edition

 Email Brian Bilbrey Email Brian Bilbrey

2001.10.13.1543 - OK, I promised, now here it is, all on one page, the Linux Workstation Edition of my 2001 Install-O-Rama. I suppose this means that I might start doing the server stuff pretty soon, don't you? Herein find installation impressions and whatever else I felt like noting from the following distributions:

The testbed for the Install-O-Rama is the machine formerly known as Grendel, the Gateway PII-233, with a 20G Maxtor drive, 128M of RAM, CD, Floppy, and Colorado T-1000 Travan drive. The NIC is a Kensington card with a DEC chip. The video card is variously a Riva TNT, or a 3DFx Voodoo 3. I've swapped back and forth with those cards as I experimented with various features. The monitor is a Gateway EV-900. A Logitech iTouch keyboard and MS Explorer Optical mouse, routed through a Belkin OmniCube 2-Port KVM switch complete the hardware.

Debian 2.2r3

As a download or set of "Official" CDs, Debian (http://www.debian.org) is three discs of binaries. If you were to pull a complete Debian mirror from the web (stable, testing and unstable trees, source and binary), you'd have used over eight gigabytes of space. Not much these days, but nothing you'd do over a dialup line. Debian is known as the most conservative of the distributions under active development. This is evidenced by the continuing use of 2.2.19pre17 as the primary kernel, albeit with some important features like USB support and ReiserFS backported. On the other hand, the Debian is right on top of any security issues. Debian's package system is in a format different from RPM or TGZ, with what is arguably the best package dependency handling features, and my personal favorite tool in the Linux arena: Apt. Install virtually any version of Debian, point the /etc/apt/sources.list file at one of the mirrors and a specific development tree, then type apt-get update ; apt-get dist-updatedist-upgrade, answer a few questions from the installation scripts, and you've updated to the latest and greatest, as close to the bleeding edge as you desire.

Disk 1 of the Debian CD set is bootable. Debian has the most complete (a polite way of saying long) installation process, and user-handholding is not close to the highest priority with this installer. Some people have said the installer is actively user-hostile. I suppose that can be regarded as true, if you don't know your system, your hardware, or your goals for your system. Debian is not a beginner's Linux - It threw me a couple of curves the first time I installed it. The entire installation is done using text-based menus reminiscient of the old Turbo-C/Turbo-Pascal interface. Here in Linux, this is (and is known as) an ncurses-based interface, so called because ncurses is the library used to create a row/column addressable text screen interface.

There are LOTS of questions that need to be answered, steps to be done in this order and not that. It's not quite as daunting as it sounds, because the installer keeps track of where you are, and prompts you with the next step, almost every time. Here are the steps/screens for installing Debian, in overview:

When all the dust settles, I have a system that boots to a graphical login manager, and by default starts me off in WindowMaker, a capable and popular window manager. There are many other choices. My fully loaded system is ready to go, at a not-very hefty 400M - there's lots of room to grow.

From another machine, I run nmap:

bilbrey@garcia:~$ nmap 192.168.1.3

Starting nmap V. 2.54BETA28 ( www.insecure.org/nmap/ )
Interesting ports on  (192.168.1.3):
(The 1540 ports scanned but not shown below are in state: closed)
Port       State       Service
9/tcp      open        discard
13/tcp     open        daytime
22/tcp     open        ssh
25/tcp     open        smtp
37/tcp     open        time
111/tcp    open        sunrpc
139/tcp    open        netbios-ssn
6000/tcp   open        X11

Nmap run completed -- 1 IP address (1 host up) scanned in 6 seconds

Now SSH, smtp, and netbios-ssn (ports 22, 25, and 139 respectively) I know are supposed to be there - I set those up during the install... For the others, I'll want to disable them, or at least ensure that they're secured and not a vulnerability. For example, sunrpc is the portmap program running, to service remote program requests. I don't need it, so I stop it, then remove the startup script from that directory so it won't start on reboot. If I were wanting to run NFS, then I'd want it back, so I am not just removing the package entirely. I go through this process to remove the services that I don't want running, or configure them so that they don't offer external connections (like X11 on port 6000). Yes it's manual, and it's a lot like work, but in the end, I understand the system, what's running, and what I need to monitor and protect. As more worms and virii circulate around the net, vigilance and knowing your system and it's software are keys to maintaining effective security.

Yeah, I like Debian a lot, but until it's installed, it isn't for Aunt Minnie, for sure. But it installs properly, and all the bits that are configured work the first time through. High marks for that. After you've done the ease of use thing with Linux, if you want to get deeper, get Debian.

Suse 7.1 (Retail)

SuSE (http://www.susue.com) is the most popular commercial Linux distribution in Europe, according to most reports. It's a capable package, with LOTS and LOTS of documentation and discs - 4 books, 7 CDs and one DVD. I've installed SuSE in one version prior to this one, and the current revision on the retail set is 7.2 at this writing, and they tout support for Oracle databases on their website. Their available download sets are something called Live Eval, which to the best description of the people in the SuSE booth at LWCE, is for trying out Linux from a Windows platform. I don't have that option here, which is why I am using the version I have...

The installer is GUI-based, and effectively guides you through the following steps:

The install went like a dream. Clean screens, clear questions, decent guidance onscreen, and much more documentation in the box. Many, many window managers are available with a single click during the software selection step, which lets you try out a bunch of different look&feel designs for the GUI interface - warning: if you like Windows, you'll HATE most of them, until you've gotten to know them a bit better. KDE and Gnome are the most Windows-like in their mode of operation.

The big, big drawback for this 7.1 version of SuSE is the sheer number of services enabled by default - well over a dozen, including such baddies as telnet and rlogin. Aaaaaaaaaack. Admittedly, SuSE 7.1 is a bit old, and I'd expect that 7.2 has rectified this a bit. There are GUI tools to work with the services list and disable them, but you need to know they're there. I could probably talk my mom through this installation over the phone, but she wouldn't have a very secure box when she was done. If you install SuSE 7.1, do it while NOT connected to the internet, and shut off any services you don't need before connecting.

Stampede Linux 0.90

You'll remember that I went through the LinuxISO.org website collecting distributions for this set of tests... Listed there with many other distributions, large and small, is one called Stampede. Stampede Linux (http://www.stampede.org) is still an active project, but at version 0.90, this dog don't yet hunt. Based upon the Slackware distribution, Stampede's 0.90 CD isn't bootable, instead they recommend using their root disk and a Slack boot disk to bootstrap the installation. Sorry folks, if *I* can't install it (and you can't fool me - I am a professional village idiot), then work hard at putting out a version that works. Unfortunately, although development is still apparently active, the pace appears glacial. Keep trying, people, you'll get there yet. I'll check back in a year or so.

TurboLinux Esprit Beta2

It's a good thing that there's a beta of the new TurboLinux available, called Esprit. Otherwise I'd be stuck with posting about TL6.1, which is a capable package that competes head to head with Red Hat 6.0, or at least it did 18 months ago, when it was released. TurboLinux (http://www.turbolinux.com) is a solid Linux competitor, with strong ties into the Linux-on-IBM-Mainframes and clustering gigs. Additionally, they're strong in the Asian market.

On two discs, the Esprit Beta starts right up with a standard text-based linux boot screen, leading to an initial ncurses (text-based) menu screen, for selecting the installation language. Then after a longish and somehow disturbing delay, the GUI installer gets going, and leads you through the following configuration screens:

Once the install is complete, and the system up and running, you're presented with the Gnome GUI login manager, gdm, which offers more options than the original xdm. Incorporated into this beta of TurboLinux is Gnome 1.4 including Nautilus, the advanced file manager that killed Eazel a-borning. Also present is KDE 2.2, just one step back of the latest release. Most excellently, only two ports were open after installation: SSH and X11. I'd still turn off X11, but then, I try to operate in as paranoid a manner as possible, all the time - it means I can sleep better when the worms are roaming.

This Beta of the new TurboLinux Esprit was posted just a couple weeks ago, and bodes well for the distribution. I didn't have many problems, nor find any real flaws in the cursory walkthrough. I'll be coming back to this one when its released to the world as a final, for a much closer look.

Peanut Linux 9.0

Peanut Linux (http://www.ibiblio.org/peanut/) is an interesting distribution. The material on the site reads like... one guy's Linux distribution. He's really, really enthusiastic, though. I pulled down the 9.0 "Large" distribution CD. Now for the acid test... Um. Not yet. Let me pull down the last release but one, and see if I can have any better luck. Back later or tomorrow with more.

Corel Linux 1.2

Based upon the Debian distribution, Corel Linux (http://linux.corel.com/) made a fast, fast start out of the gate, but due to financial woes, Corel has now sold its distro to a new publisher, Xandros Corporation. According to the press release, there'll be a new Xandros-branded version out in early 2002. Meantime, here's Corel Linux 1.2...

The Corel installer takes advantage of aggressive hardware probing, and assumptions about your system and network configuration to ask less questions than any other installation I've experienced. In a very real way, it's disconcerting - I like having fine-grained control over my Linux installs, and there just isn't any way to get there during the install with Corel. But maybe this is Aunt Minnie's Linux... Here are the steps to a Corel Linux 1.2 installation:

This Corel Linux setup is a complete breeze. What throws me for a loop is that I keep expecting more questions, and presuming that something's wrong when they don't ask. And in at least one case, I think they should ask. The network setup defaults to DHCP, and it's not immediately obvious what needs to be done to make it work right. I made all the edits, and it should have been running properly but wasn't. I went back and checked then entries I made, they were all correct, then... well, then it was working. Very confusing.

Other drawbacks include the quantity of open ports in this installation, from ftp and http through snmp, printer, hylafax, X11, fontserver and more. This is likely my fault for selecting ALL packages. A "desktop" install is likely a bit more secure, but remember, this distro is nearly a year old - I'd do a security update of packages facing the world sooner than immediately if I were to put this in a production box.

It'll be interesting to see what Xandros does with this distro, as the few-questions installation could win over some mom-and-pop shops. Keep an eye on the future of this one - especially since it faces strong competition.

Progeny 1.0 Newton

Progeny Linux (http://www.progeny.com) is the brainchild of Ian Murdock, a former Debian Project Leader. Like Corel, Progeny produces a commercialized version of Debian, with a much more user-friendly interface for the installation than Debian presents.

Progeny Linux 1.0 boots into a standard text boot screen, where options can be entered prior to starting the system. Pressing Enter starts the boot process that works for me, and after the kernel boots, and the ram disk initializes, the GUI installer gets going, and there are the following steps:

I like Progeny Linux well enough, and it's a great way to get your foot in the door with Debian. Often when I want to take a machine up to Debian's unstable tree for testing out the latest and greatest stuff, I'll start with a Progeny install to seed the system - I like their defaults and configurations. Progeny's business model is leaning towards network update services, like virtually every other commercial Linux distribution. But I really like the basis of this distro, coming from Debian.

Red Hat Roswell

Following a rather odd announcement denying the release of this Beta distribution, Red Hat (http://www.redhat.com/) appears to have put together something of a winner. This beta incorporates some of the almost latest and greatest versions of the Linux package smorgasborg, from a 2.4.6 Linux kernel to KDE 2.2pre and XFree 4.1. We needs must remember that in assembling a distribution, a publisher has to freeze the packages at some point and make what's there all work together. Getting closer to the bleeding edge is your responsibility, even with Beta distributions. As with all of the major commercial players, Red Hat features a competent GUI installer that works well with assorted automated hardware detection tools to provide a reasonably painless installation, as compared to years gone by. The steps with Roswell are as follows:

There are only three open TCP ports, with the selections I made - sunrpc, X11 and kdm. With a workstation, I guess I am not surprised - I'd close all of these, and run the sshd server, and we'll go through that in the extensive later look. KDE 2.2 and KOffice 1.1 grace this Beta nicely. All the menus and fancy bits seem to work right out of the box, from text anti-aliasing to the GUI configuration tools that are the hallmark of Red Hat distributions.

The next release of Red Hat is going to get a long hard look in these pages. I'll hold off until at least the RC, if not the final, so as to give you a review of shipping product. However, if the fit and finish of this Beta is any indication, you're going to like what you see, as I do.

Caldera Workstation 3.1

Caldera (http://www.caldera.com/) opened a real can of worms when they went to a per-seat licensing deal. They've since backed it off a bit, and it's not clear that what they're doing is enforceable in any meaningful sense. It appears their goal is to have license fees paid per seat for sites that have support agreements. That makes business sense - you can't begin to afford to support a whole raft of workers when only one is paying license and support fees...

That said, Tom and I did write this little book that was oriented towards the Caldera distribution. Although I've been disappointed in the lack of upgrades for the distribution in between releases, and their fundamentally closed development process, I am almost impressed by the quality of the finished products. This includes the latest desktop distribution from their foundry - Caldera Workstation 3.1. The installer is an updated version of the Lizard - a solid GUI tool that works. Here are the steps to install...

Caldera Workstation 3.1 boots right into the system from the installation, without a complete reboot. Ten assorted services are visible from the network, and that's too many, but they can be shut off, I suppose. KDE 2.x is the only WM/DE installed, along with KOffice 1.0.x and the Linux 2.4.2 kernel. The CDROM icon on the desktop is borked. Other than that, it seems solid at first pass. I'll be back at this one later, as well.

Redmond Linux - Amethyst Beta 3

Redmond Linux (http://www.redmondlinux.org/)is hard at work in the Pacific Northwest, putting together a serious distribution with one goal in mind - make it EASY for people to transition from Windows. Personally, the lack of reboots in Linux made it easy for me. But Redmond Linux has build some nice tools that replicate a few standard desktop features that'll perhaps help a Linux newbie over the hump.

The installer is a modified Lizard (that is, the tool devised by Caldera). As this is a Beta of Redmond Linux, I won't hold it against them that the very first screen of the installation shows a Caldera Logo. So let's install this baby, GUI style...

Redmond Linux only offers KDE2 in this current incarnation, from a stunningly beautiful login screen (great screen wallpaper here). Once logged in, there are three tools on an otherwise barren desktop - Personal Files, Trash, Local Area Network, and My Linux System. Oh, that's four, isn't it? Heh. Personal Files is a directory on the KDE desktop inside your home directory. It corresponds to My Documents. My Linux System is equivalent to My Computer, and Local Area Network is a tool for accessing domain or workgroup computers, a reasonable facsimile of Network Neighborhood. You could probably jump into this one with both feet and give it a serious go...

I'm not sure what else Redmond Linux is waiting for before releasing a "complete" distribution. I might drop them a line and ask, as this is nearly ready for prime time, and might be a great foot in the door for Linux.

Slackware 8.0

Slackware (http://www.slackware.com/) is the only other major distribution aside from Debian that still installs via a series of text screens. From my perspective, it's all one - as long as all the right boxes appear to be filled in, and the questions and prompts are clearly written enough that you and I can both figure out what to do, in which order. The Linux boot screen directs you via a function key menu to determine which way to boot into the installer. The options are dependent on your hardware - for me the standard bare.i kernel, which works with IDE-only systems is just fine. Once running, the following steps lead to a running Slackware system...

Well. X isn't configured in the installer, so I was left to run xf86config on my own. That I can cope with, although a first time user's lost and gone running back to Redmond at this point. However that's not nearly as much of a problem as this: 

bilbrey@garcia:~$ nmap ghastly

Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on mail.orbdesigns.com (192.168.1.3):
(The 1526 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
23/tcp     open        telnet
25/tcp     open        smtp
37/tcp     open        time
79/tcp     open        finger
80/tcp     open        http
111/tcp    open        sunrpc
113/tcp    open        auth
139/tcp    open        netbios-ssn
513/tcp    open        login
514/tcp    open        shell
515/tcp    open        printer
587/tcp    open        submission
1025/tcp   open        listen
6000/tcp   open        X11

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

That's an awful lot of lockdown work that needs to be done. I'd want to be sure I wasn't on a live unprotected net connection before I put this box up - I'd get rooted before I could caulk half the cracks and holes. I mean... TELNET??? Sheesh. Yeah, I got it running, and I could learn to make this mine, as I've done with Debian. But this should be your third or fourth linux, after you are comfortable with administering your own box. Tom loves Slack, and so do a lot of others. I suppose it's the fine grained control that is given once you understand the setup.... Still, what's a mother to do? Go on to the next distribution? OK!

Best Linux 2000 Release 3

Best Linux (http://www.bestlinux.net/) is the product of Finnish software engineering firm SOT. Without having spoken to them, I have the impression that one of their early gigs was supporting Linux for their customers. They may have found that none of the distributions quite met their standards, so melded their own from several sources, in the same manner that VA had their own custom version of Red Hat for their hardware. It would appear from their webfront that SOT is also a whitebox manufacturer (assembler). Their big draw for Best Linux seems to be the extensive language customization that they've done for a variety of north and east European countries.

That said, Best Linux is beginning to get a bit long in the tooth. The GUI installer bears a strong resemblance to the version of the Lizard installer that came with Caldera 2.3 and 2.4. Let's run through it, shall we?

There are a few open ports, mostly related to KDE and X, along with the sunrpc portmapper, sshd, and a printer port. Not too bad, nor unexpected. However, Best Linux is ANCIENT, sporting KDE 1.1.2, and the 2.2.16 kernel. Unless you have a fetish for dry and dusty, I'd wait for SOT to come out with a new version before giving Best another try.

Mandrake 8.1 (Raklet)

MandrakeSoft (http://www.mandrakesoft.com/) once based their distribution upon the foundation of the latest Red Hat release, then tweaked it, and prebuilt binaries for 586 processors, which yielded a speed advantage for those running pentium and better boxen. Over the last couple of years, Mandrake has broken their dependence upon the Red Hat release cycle, and has forged ahead with new GUI tools, journalling file systems, and much more. I've always been a bit partial to Mandrake. Here we're looking at the official 8.1 release, that's just days old. I'm actually running it on both workstation and laptop at the moment, though the workstation's likely to return to Debian, soon enough. Here goes the install.

After installation and first boot, Mandrake has only two exposed services - X11 and KDM. Note that I didn't setup SSH. Also I am a tad surprised that those two are on outside ports... Mmmm. More investigation's warranted, as I'd think that "High" security should prevent those from running on external TCP ports. We've got the 2.4.8 Linux kernel, KDE 2.2.1pre, and LOTS of other window manager options for you experimentation and eddification. While some people don't like how Mandrake runs the KDE menus 4 and 5 levels deep, I kind of like it.

One problem I found in the RC3 that is fixed in the final is modifying the security level from the Mandrake Control Center now appears to work properly. Mmmm. I am going to spend some time living in Mandrake and reporting on it, so you'll hear more soon.

All Content Copyright © 1999-2001 Brian P. Bilbrey.