TheSSS – The small server suite
Lightweight
The temporary workgroup you have set up wants to save its files on a dedicated FTP server; you want to try out a proxy to see if you can reduce the network load and set up a web server on the intranet to advertise the daily menu at the cafeteria. In other words, you need a small server – enter the smallest server suite in the world, TheSSS [1].
TheSSS runs as a Live system by default, but it can also be installed on the hard disk. You need to boot this lean Linux distribution on a server and then enable the services you require with a short command line. The fact that it runs in main memory is especially handy if you want, or need, to set up a service temporarily – for example, because the main FTP server is down.
Old Friends
TheSSS, which is based on the 4MLinux [2] mini-distribution and on top of the thttpd web server, also comes with the vsftpd FTP server, the OpenSSH SSH daemon, and a Telnet service. You can also enable the Polipo proxy, which can use the Tor anonymizer service, if so desired. The 4MLinux firewall based on iptables adds security.
As a bonus, administrators also have the Clam AntiVirus scanner and a rudimentary backup program. For the sake of completeness, TheSSS also throws in a couple of minor league monitoring tools that diligently gather information about the system and the network. Among other things, they can tell you which of the enabled services is causing a high load.
Of course, you'll encounter a couple of minor drawbacks: The new 8.0 version of the Linux distribution is still only available as a 32-bit distro and therefore cannot use more than 4GB of RAM. Additionally, it still does not support UEFI firmware, thus forcing admins to enable the BIOS emulator on newer systems.
Choice
SourceForge [3] offers three flavors of TheSSS: Although the ISO image (TheSSS-8.0.iso
) contains the normal 30MB variant, it adds PHP, the MySQL-compatible MariaDB database, and the Adminer database management tool (aka phpMinAdmin). Despite the fairly extensive additional components, the alternative ISO image takes up only 45MB. An 80MB multiboot CD (TheSSS-8.0-ToolBox.iso
) is also available. Besides TheSSS with PHP, it also contains Antivirus Live CD [4], BakAndImgCD [5], and FreeDOS [6]. The boot menu gives you the choice between these Live systems. FreeDOS is primarily used to start the TestDisk tool and Ranish Partition Manager.
You can either burn the selected image to a CD or create a bootable USB stick. The TheSSS makers recommend the UNetbootin [7] tool for the latter approach. If you are already using an older version of TheSSS, you can use the ZK package manager to upgrade to the current 8.0 version.
Launch Ramp
The boot menu only asks you whether TheSSS should use the VESA framebuffer or the Default display. If you want to pass in additional kernel parameters, press the Tab key. In any case, you boot into a console on a Linux 3.10.23 SMP kernel; TheSSS does not come with a GUI.
After starting the system, the all-powerful root user first needs to enter a new password. TheSSS initially rejects weak passwords, but it leaves them alone if you make a second attempt. Then, you log in as root with the previously assigned password (Figure 1). In our lab, TheSSS exhibited a strangely large vulnerability here: From time to time, say every seventh attempt, the system did not prompt for a password and simply logged root in.
The shell that welcomes the user here is BusyBox, which is tailored to mini-distributions. It includes many Unix commands such as tar
and gzip
as built-ins. They do not always fully implement the functionality of their GNU role models, but where the parameters do exist, they use the same syntax [8].
TheSSS automatically retrieves a network address via DHCP. If you prefer a static address or need special settings or a wireless connection, you can call on the netconfig
tool to help you (Figure 2). In a small question-and-answer session, it guides you through the network setup. Furthermore, TheSSS automatically mounts all the filesystems it can see at startup. The contents of the partitions it finds are then accessible below /mnt
.
Staff Entrance
The distribution comes with scripts that start the individual services and applications. For example, httpd start
launches the web server, whereas httpd stop
shuts it down. The default web server here is Tiny Server (thttpd); its configuration file is located below /etc/httpd/thttpd.conf
, and the files it serves are located below /srv/http
.
Alternatively, administrators can switch to the BusyBox web server. For this purpose, you delete, or simply move, the configuration file for thttpd and call httpd restart
. Settings for the BusyBox HTTP daemon, which is then enabled, are available in /etc/httpd/httpd.conf
.
Following the same principle, you can launch all the other supported services. Table 1 gives an overview of the main services, their start commands, and the locations of the configuration files. Using serverd start
starts all the supported services at once.
Tabelle 1: TheSSS Services
Type |
Name |
Start Command |
Configuration File |
Website |
---|---|---|---|---|
Firewall 4M |
Firewall |
|
|
|
FTP server |
VSFTPD |
|
|
|
Proxy |
Polipo |
|
|
|
SSH server |
SSHD from OpenSSH |
|
|
|
Telnet |
Telnet service from BusyBox |
|
||
Database |
MariaDB |
Automatically with the web server |
|
|
Web server |
Tiny Server (thttpd) |
|
|
|
BusyBox HTTP daemon |
|
|
The Polipo proxy server listens by default on port 8123 and stores any cached pages in /var/cache/polipo
. In addition to this in-memory operation mode, it can also swap out its data to the hard disk, as well as pass queries through to the outside via the Tor network. To do this, you simply set the mode
in the configuration file to disk
or tor
.
The FTP server by default only supports file downloads. Uploading is only possible if you modify the configuration with the upload
command. By default, the server allows anonymous access without a password and provides the files below /var/ftp/
.
The PHP version of TheSSS also includes the MariaDB database, which is automatically launched with the web server. You can then access the Adminer web front end on http://localhost/adminer.php. Incidentally, the same startup scripts are available for all variants of TheSSS. If a service is missing in your flavor, the script just notifies you.
Encore!
The antivir
script automatically downloads the ClamAV antivirus program from an archive hosted on Dropbox and updates the signature data. After the install, you decide how ClamAV should deal with suspicious files; it then automatically starts a scan of all files. The starting point is the root directory /
, and the virus scanner checks all connected hard drives.
TheSSS also offers a few well-known monitoring tools. Nmon provides general system information (Figure 3), and Netwatch observes network activity. The nmonitor
script serves up this and all the other monitoring tools for you to choose from.
Midnight Commander simplifies the process of working with files; you can launch it by typing mc
(Figure 4). Links is a rudimentary browser that runs in text mode, similar to Lynx.
Typing backup
starts a minimalist backup program, which first asks whether you want to store the files to be backed on a USB flash drive or an FTP server. Then, it simply starts Midnight Commander, in which the user then painstakingly copies the files to be backed up by hand. Using fsbackup
simply backs up the content of one partition on another.
If you take a liking to TheSSS, you can install it on your hard disk with install2hd
. You simply pass in an existing target partition to the script, in which it then creates a new ext4 filesystem – without any options for user intervention – and installs TheSSS. If you want to repartition your disk first, TheSSS provides the fdisk
and cfdisk
tools for this purpose. The target partition must be at least 1GB.
The bootloader TheSSS uses is the outdated LILO. If any other operating systems exist on your computer, the task of setting up a boot manager like GRUB is left to the user. The installation script installs LILO in the boot sector of the target partition.
Conclusions
TheSSS is the right choice if you need one of the services it provides in a hurry. Even if the THTTP web server cannot compete with Apache or Nginx, the range of functions is fine for most purposes on an intranet. In return, TheSSS – thanks to its small size – also runs on underpowered systems or systems working close to full load. Many administrators, however, are likely to miss their preferred tools.
The backup programs can also hardly be described as such; if you seriously want to back up your data, you would do better to choose a distribution that provides better support.