jacl# cat jacl.txt

                     ##    ###     ######  ##
                     ##   ## ##   ##    ## ##
                     ##  ##   ##  ##       ##
                     ## ##     ## ##       ##
               ##    ## ######### ##       ##
               ##    ## ##     ## ##    ## ##
                ######  ##     ##  ######  ########

           ##       #### ##    ## ##     ## ##     ##
           ##        ##  ###   ## ##     ##  ##   ##
           ##        ##  ####  ## ##     ##   ## ##
           ##        ##  ## ## ## ##     ##    ###
           ##        ##  ##  #### ##     ##   ## ##
           ##        ##  ##   ### ##     ##  ##   ##
           ######## #### ##    ##  #######  ##     ##

 
01001010 01110101 01110011 01110100 01000001 01000011 01101111 01101101
01101101 01100001 01101110 01100100 01001100 0110100 101101110 01100101
01001100 01101001 01101110 01110101 01111000



About | Features | Components | News | Download | To Do | Acknowledgements





ABOUT
=====

JaCL Linux (Just a Command Line Linux) is a live CD distribution (a
Knoppix remaster) of the Linux operating system. JaCL Linux is
designed to be run as a command line driven server or utility
system. Most major command line applications or server software
available in a standard Linux distribution are available in JaCL
Linux. Most X11 server software and applications have been
intentionally removed from the distribution in order to streamline the
distribution for use as a server or utility system. Examples of server
or utility uses for JaCL include: web server, ftp server, DNS server,
SMB server, rsync server, syslog server, local disk mirroring utility,
remote rsync disk mirroring utility or hardware diagnostics
utility. The removal of the X server and X applications streamlines
the distribution, reduces maintenance, and may reduce the risk of
vulnerabilities.  Additionally other applications have been
intentionally removed or omitted from the distribution, including
applications which may pose a security risk if the server is user
level compromised (i.e. network scanning utilities and packet sniffing
tools). The result is a full command line live CD distribution which
is about half the size of a full Knoppix CD distribution.

When originally developing the JaCL Live CD, these were the primary goals:

1. an easily upgradable system 
2. a password protected system by default
3. security warning banners (a requirement in some work environments)
4. a security hardened base system
5. an easy mechanism for systems administrators to automatically configure 
   the system at bootup
6. most server and utility applications included (the fact that
   Knoppix <= 3.7 did not include rsync by default was a primary 
   motivation for developing JaCL)

While Knoppix was quite capable in these areas, JaCL was developed
with the systems administrator in mind.  A single tarball containing
configuration files and a startup script on a floppy or USB device is
all that is needed to have a fully configured system running on first
boot.  



jacl# perl -e 'print "-"x75'
---------------------------------------------------------------------------


FEATURES
========

JaCL Linux incorporates the following features:

o Live CD Linux distribution

  A live CD distribution has several advantages over conventional
  installations. A hard disk installation is not required to test or
  use JaCL Linux. The boot media is read-only, this adds an additional
  level of security as applications can not be permanently
  compromised.  System updates can be performed simply by burning a
  new ISO image to CD media and rebooting the system with the new CD.


o Always sets root password and creates a user account at boot for
  additional security

  At boot-up, the user is prompted to set the root password and create
  a user account for that session. JaCL Linux assumes that if someone
  has physical access to your system, little can be done to prevent
  malicious activity, but enforcing the root password and
  non-privileged user account creation can reduce the risk of remote
  compromises when servers are started. 


o Runs in run level 3 (no X-Windows)

  JaCL Linux is not intended to be run as a workstation distribution.
  As a generic server/utility distribution, the removal of X server
  and X applications has several advantages. By not running X at
  startup, the server has more resources available for performing
  server/utility functions. With fewer "moving parts" so to speak,
  fewer applications will break or develop security vulnerabilities
  and less distribution maintenance or security releases will be
  required. Removal of X applications also greatly reduces the
  distribution size.

o Security hardened 

  Bastille-Linux is installed on JaCL Linux and used to security
  harden the distribution. Unnecessary SUID permissions are removed,
  security warning banners installed, server configuration settings
  are tightened and access restrictions are implemented. No open ports
  are running in the default boot (including DHCP
  client). Additionally, specific applications which pose a
  significant network threat in the event of a compromise have been
  removed (i.e. ethereal, snort, ettercap, nessus).  Not that these
  applications can't be insalled by a cracker, but those are additional
  steps that might alert an administrator.

o Automatic installation of user customized, encrypted startup scripts
  and configuration files.

  JaCL Linux implements a scheme using a twofish encrypted tar ball
  which contains a rc.jacl startup script and any server configuration
  files, authorized_keys, known_hosts, etc. needed to properly set up
  the server and start applications on reboot. The rc.jacl file is a
  standard shell script run each reboot performing a similar to a
  standard BSD rc.local startup script. This scheme is intended to be
  instanty familiar to most system administrators. The encrypted
  configuration tarball can be stored on floppy or external USB device
  which can be physically set to read-only or removed after bootup.
  This greatly increases security in the event of a compromise as a
  reboot will result in a known good reinstallation of configuration
  files (on read-only or removed media) and startup applications (on
  read-only CD).



jacl# for i in `seq 1 75`; do printf -; done
---------------------------------------------------------------------------


COMPONENTS
===========

JaCL Linux is a remaster of the i386 Knoppix 3.8 release (as of May,
2005). Knoppix is based on Debian Linux, a purely Open Source
Software Linux distribution (the Knoppix distribution is released
under the GPU, which is also incorporated in the JaCL Linux
distribution). JaCL Linux is running Kernel 2.6 release which adds
excellent hardware support for modern systems. It has been
successfully tested on Pentium I, III, IV, Xeon, and AMD Athlon
computers. Several other base distributions were evaluated for the
JaCL Linux remaster, including Gentoo Live, CoolLinux, Trinux,
FreeSBIE, but Knoppix was chosen for its hardware support,
documentation and user base. 


jacl# python -c "print '-'*75"
---------------------------------------------------------------------------


NEWS
====

NOTE: JACL Linux is no longer being supported due to a lack of interest.
Over the years, the distribution was effectively used as an
ultra-secure log host, a useful system repair tool, and an effective
server cloning tool in fault tollerant environments.


-Thu Dec 15 14:43:43 EST 2005: 
 Will most likely build the next JaCL release off the Knoppix 4.1
 Lite, which should include several bug fixes.
 Tue May  9 10:00:26 EDT 2006:
 Make that 5.0.1 public release, which is in the works.  This will likely 
 be the base for the first official (non-beta) JaCL release.

-Fri Aug 19 00:35:13 EDT 2005:
 jacl.0.2005-08-16.beta1.iso released. 

-Mon Jul 11 15:19:12 EDT 2005:
 jacl.0.2005-07-11.beta1.iso released.  Applied squid and gzip patches.

-July 2005:
 JaCL will remain in beta for all Knoppix 3.X based releases.  
 Knoppix 4 Light will be the first base for a JaCL stable.




jacl# awk 'BEGIN{for(i=1;i<=75;i++){{ORS=""}print "-"}}'
---------------------------------------------------------------------------


DOWNLOAD
========

-Current ISO: jacl.0.2005-08-17.beta1.iso

-Original ISO: jacl.0.2005-07-11.beta1.iso
(thanks to ibiblio.com for hosting)

-README.jacl: describes how the rc.jacl tarball and file are loaded.  
 This file also contains the GPL License information.

Planned:

-ChangeLog
   
-Example rc.jacl scripts:
 -basic networking setup
 -rsync server
 -http server
 -local disk mirroring system via rsync
 -remote rsync disk mirroring
 -syslog server, with local syslog files to 




jacl# ruby -e 'a="-";print a*75'
---------------------------------------------------------------------------

TODO
====

-jacl.tar user picklist if multiple tarballs found on removable media
-selinux kernel patch and/or grsecurity
-pf firewalling
-transparent bridging
-stack-smashing protector recompile of key applications
-test ProShield


jacl# echo ---|sed 's/.*/&&&&&/'|sed 's/.*/&&&&&/'
---------------------------------------------------------------------------

ACKNOWLEDGEMENTS
================

In no particular order:
-Knoppix, of course
-Ibiblio
-Bastille Linux group
-Debian GNU/Linux
-All package authors and maintainers represented on this CD.
-The Open Source Community in general

Please email jacl@northsecure.com for questions, comments or 
suggestions.

jacl# wget -qO - http://www.northsecure.com/jacl/ |tail -4|head -1 
---------------------------------------------------------------------------