Lightweight

The temporary workgroup you have set up wants to save its files on a dedicated FTP server; you want to try out a proxy to see if you can reduce the network load and set up a web server on the intranet to advertise the daily menu at the cafeteria. In other words, you need a small server – enter the smallest server suite in the world, TheSSS [1].

TheSSS runs as a Live system by default, but it can also be installed on the hard disk. You need to boot this lean Linux distribution on a server and then enable the services you require with a short command line. The fact that it runs in main memory is especially handy if you want, or need, to set up a service temporarily  – for example, because the main FTP server is down.

Old Friends

TheSSS, which is based on the 4MLinux [2] mini-distribution and on top of the thttpd web server, also comes with the vsftpd FTP server, the OpenSSH SSH daemon, and a Telnet service. You can also enable the Polipo proxy, which can use the Tor anonymizer service, if so desired. The 4MLinux firewall based on iptables adds security.

As a bonus, administrators also have the Clam AntiVirus scanner and a rudimentary backup program. For the sake of completeness, TheSSS also throws in a couple of minor league monitoring tools that diligently gather information about the system and the network. Among other things, they can tell you which of the enabled services is causing a high load.

Of course, you'll encounter a couple of minor drawbacks: The new 8.0 version of the Linux distribution is still only available as a 32-bit distro and therefore cannot use more than 4GB of RAM. Additionally, it still does not support UEFI firmware, thus forcing admins to enable the BIOS emulator on newer systems.

Choice

SourceForge [3] offers three flavors of TheSSS: Although the ISO image (TheSSS-8.0.iso) contains the normal 30MB variant, it adds PHP, the MySQL-compatible MariaDB database, and the Adminer database management tool (aka phpMinAdmin). Despite the fairly extensive additional components, the alternative ISO image takes up only 45MB. An 80MB multiboot CD (TheSSS-8.0-ToolBox.iso) is also available. Besides TheSSS with PHP, it also contains Antivirus Live CD [4], BakAndImgCD [5], and FreeDOS [6]. The boot menu gives you the choice between these Live systems. FreeDOS is primarily used to start the TestDisk tool and Ranish Partition Manager.

You can either burn the selected image to a CD or create a bootable USB stick. The TheSSS makers recommend the UNetbootin [7] tool for the latter approach. If you are already using an older version of TheSSS, you can use the ZK package manager to upgrade to the current 8.0 version.

Launch Ramp

The boot menu only asks you whether TheSSS should use the VESA framebuffer or the Default display . If you want to pass in additional kernel parameters, press the Tab key. In any case, you boot into a console on a Linux 3.10.23 SMP kernel; TheSSS does not come with a GUI.

After starting the system, the all-powerful root user first needs to enter a new password. TheSSS initially rejects weak passwords, but it leaves them alone if you make a second attempt. Then, you log in as root with the previously assigned password (Figure 1). In our lab, TheSSS exhibited a strangely large vulnerability here: From time to time, say every seventh attempt, the system did not prompt for a password and simply logged root in.

Figure 1: The TheSSS login screen tells you the time and date.

The shell that welcomes the user here is BusyBox, which is tailored to mini-distributions. It includes many Unix commands such as tar and gzip as built-ins. They do not always fully implement the functionality of their GNU role models, but where the parameters do exist, they use the same syntax [8].

TheSSS automatically retrieves a network address via DHCP. If you prefer a static address or need special settings or a wireless connection, you can call on the netconfig tool to help you (Figure 2). In a small question-and-answer session, it guides you through the network setup. Furthermore, TheSSS automatically mounts all the filesystems it can see at startup. The contents of the partitions it finds are then accessible below /mnt.

Figure 2: The help command takes you to this help page, which briefly covers all the important commands.