Installation: -
HP-LX appears to be a secure, cut-down version of Redhat 7.1.
I booted HP-LX from the installation disc into the very pretty graphical install.
There were then the usual Redhat prompts: - language, keymap, mouse. Next you have to manually partition your discs using either fdisk or disk druid – there is no option to simply use the whole disk which would have made things a bit easier.
You are no prompted to setup the system security. You can now enable tripwire, set the site password and configure tripwire alerts (can be delivered by e-mail).
Next is the network config and the option of which languages you wish to install support for.
Next you can set your timezone and the root password.
The system is now installed.
Next you can configure X, login mode (graphical or text) and create a boot disk.
You also have the option to import an existing SSH public key from a floppy.
The machine then rebooted into the graphical login.
Software content: -
There was very little software included with HP-LX but for a basic system designed for use by sysadmins this is not a problem and you can simply install anything you require manaully.
I believe that there was meant to be Apache included but I certainly could not find it and it was not running.
The desktop supplied with HP-LX is KDE 2.1.2.
There were also some files included that I can't see being much use on a secure server – Pilot-link for example would not usually be used on a server.
There is a SSH server included with HP-LX which is so secure that remote machines on the network cannot connect to it so it is a complete waste of space. I believe that it is meant to work though...
There was tripwire provided for system security which I must confess that I hate. It slows the system down (especially on bootup/shutdown) and is quite ineffective anyhow. I think Snort or some other intrusion detection system would have been much better.
There are also various packages made by HP to secure the system.
My Thoughts: -
I was very dissapointed with HP-LX. With it being made by such a large company I expected it to be really good – but it wasn't. The non-working web and SSH servers were especially annoying since I don't expect such poor configuration issues from HP – or any other company that distribute Linux for that matter.
I also felt that including X and KDE was a mistake. I think a more Smoothwall type approach would have been much better, where all the configuration is done remotely over a web interface without the need for X (which is also a security risk).
As I'm not a hacker I can't really assess or test the security of the system but I'd imagine it must be as good as they say it is.
Conclusion: -
If you want a very secure distro then this may be for you. The commercial version comes in a full box with manual(s) and support (they may even set it up for you – I'm not entirely sure) so they will fix any problems for you (or tell you how to fix them). However it is rather pricey at around 3000 (so I've heard).
If you want a more secure system rather than a mega secure system then you can do this yourself. You can simply download and apply the NSA secure Linux kernel patches to a kernel source and compile it for your system – easy and free. Of course HP-LX is more than just a patched kernel though...
Thanks to the various people at HP UK who organised a copy of the CD for us.
