netbsd-users: NetBSD being used as the core for secure OS distro

Subject: NetBSD being used as the core for secure OS distro
To:
, <netbsd-help@netbsd.org>
From: Shane M. Coughlan <shane_coughlan@hotmail.com>
List: netbsd-users
Date: 09/25/2003 11:38:36
Dear All

I am currently developing a mock-up system that will be using a *BSD distro
for an automated install.  The system wil have a carefully selected set of
packages, but will not be intended to do a 'Linux' and litter the place.  It
will be built to boot into a GUI (test machines will run KDE 3.1.4 with
XFree), and to do so automatically after install.  KDE will include KOffice
and OpenOffice on the test machines.

The brief is to create a minimal Unix system based on a solid core.  It
would be intended to run desktop machines and workstations, and to be a
small and light as possible.  It should have the option of installing a
'server kit' module to put all the bits needed to run an Apache server onto
it, and it should be ready for the development of a 'security kit'.  The
security kit is the key part.  It is intended for the commercial development
of military-grade defensive and offensive tools.

It's a conceptual puzzle at the moment, though I hope to have perhaps a test
machine active before the end of October.

To make the test machine I was thinking of NetBSD 1.6.1 with an install that
will call source packages of XFree86 4.3.0, KDE 3.1.4, KOffice 1.2.1 and
OpenOffice 1.1.
GnuPG will be included and will be integrated into KDE using KPGP.

I think there will be two distinct stages to the development.  The first is
the creation of the test machine with the required packages.  The second is
working out how to automate the installation of the packages from CD.
Knoppex Linux is an example of a nearly totally automated install.  I'd like
something along these lines.

The end result will ideally be a BSD which has a controlled amount of
packages on it.  One of the first stages of the security kit will be the
creation of a file-checker to verify each of the applications and libraries
on the system when it boots.  Another will be the implimentation of
automatic file-encryption in certain areas of the system.  From a
clean-install security measures will be built to create a system that is
relatively secure.  I am examining TCFS (transparent cryptographic file
system) as a possible way of making sure user-files are safe, and I'm
looking with interest at Reiser4, though I am aware that it's a LONG way
from finished.

Now, my question...I was drawn to NetBSD because of its small size (not much
package litter in basic install...wonderful) and its portability.  However,
I notice the consensus online appears to be that NetBSD is mainly for
academic use, and that FreeBSD is better for commercial use, especially
things like servers.  Given that you guys are experienced in such things,
and honest, can you tell me what you think about that?  OpenBSD is
interesting, but it seems to have a lot of hiccups with things like laptops.
I'm not looking at it for this reason.

Regards

Shane Coughlan
http://gem.shaneland.co.uk
shane@shaneland.co.uk