CC BY
72TECHNICAL SCIENCES
FEATURES OF THE ASTRA LINUX OPERATING SYSTEM
Kononova N.,
North-Caucasus Federal University, assistant professor, candidate of physical and mathematical sciences
Grobova T.,
North-Caucasus Federal University, assistant professor, candidate of physical and mathematical sciences
Azarova E.,
North-Caucasus Federal University, 2nd year Master of Applied Informatics
Kononov M.,
North-Caucasus Federal University, 4th year student of the specialty Computer security
Grobova S.
North-Caucasus Federal University, 2nd year student of Software Engineering
Abstract
Astralinux is a Russian operating system based on the Linux kernel. Developed with the participation of JSC NPO RusBITech, the FSB Academy, the Institute for System Programming of the Russian Academy of Sciences and the Ministry of Education and Science. At the moment, among the hardware partners of Astra Linux, providing the necessary data for system optimization, there are all custom and professional solutions freely sold in Russia. Keywords: operating system, security, ease of use, ease of use.
Astra Linux is a special-purpose operating system based on the Linux kernel, designed for comprehensive information protection and building secure automated systems.
The initial development was organized for the Russian security forces, special services and government agencies. To reduce the threshold of entry and popularize the release, the release was divided into Astra Linux Common Edition (Eagle) (current version 2.12) and Astra Linux Special Edition (Smolensk) (current version 1.9)
The first is intended for ordinary users and developers. The second OS designed for intelligence agencies, security professionals and all standards.
An important feature of Astra Linux is the protection of the operating system, the data and programs used: the system ensures the degree of protection of the processed information up to the level of state secrets of "special importance" inclusive.
The developers of the system, represented by JSC NPO RusBITech, managed to link the legislative requirements of the Russian Federation to operating systems with the "spirit and requirements of the GPL license". [1]
Astra Linux unexpectedly turned out to be the most successful among the mass of protected Russian distributions: it will become the main one for the Ministry of Defense. Astra even has its own virtualization complex.
The first movements began already in 2018: then the military decided to abandon Windows in favor of Astra, and this year there were pre-production versions of tablets for use in specialized tasks.
The base distribution kit for Astra is Debian, which allows using standard packages for installation based on .deb.
Source codes for the custom version of the OS are available on the developer's website. Access to the
sources of the advanced protected variants is available upon request.
Thanks to this, Astra became an "officially recognized" Debian branch, and NPO RusBITech JSC entered into a partnership agreement with The Linux Foundation and The Document Foundation.
The system is optimized for all existing platforms, including distributions for
- desktops and laptops x86 / x64 ("Smolensk" and "Eagle"),
- ARM platforms (Novorossiysk),
- processors "Elbrus" ("Leningrad"),
- fault-tolerant servers with the IBM System z architecture ("Murmansk"),
- MIPS systems (Sevastopol),
- POWER systems (Kerch).
This provides a unified environment for the development and operation of the same packages on any computers, hardware and even integrated solutions. Unification is very convenient in such cases.
In addition, during the implementation of the partnership agreement with Huawei, in February 2019, an optimized version of the distribution was implemented at the Tianwan NPP in the server systems of a Chinese partner.
The start window does not issue a terminator among the OS. Astra Linux Special Edition considers the same user, depending on the action, as different users (mandatory access) and creates separate home directories for them, the simultaneous direct access of the user to which is not allowed.
In total, the system uses 256 access levels (from 0 to 255) and 64 access categories, delimiting access to various operations with files, file system, TCP / IP stack and much more. [2]
The decision to deny or allow a user or program to access a file or its block is made based on the type of
operation (read / write / execute) and a template security standard based on its own patented model, which applies to information flows in the system. The unique hierarchy included in the patent makes it possible to accurately distinguish the user from malware or unauthorized control from the outside and to independently determine the OS compromised (inappropriate to access rules) files and prevent such files or operations from accessing the distribution and file system. The system controls every step of the programs.
Astra Linux lacks most of the known vulnerabilities affecting operating systems: malware cannot work with memory, be embedded in OS code, or run directly from the network.
In the event that the executable code is downloaded, it is launched in a protected area of memory, which restricts access to data and the system at all levels.
The operating system, its files and individual elements are hashed, logged and compared with the reference ones, which allows you to completely exclude the substitution or change of the OS code.
Once installed, the Astra is ready for use without prior configuration.
For those cases when additional protection is needed, it is possible to create new users with certain rights and start working sessions in nested mode (win-dow-in-window).
In this case, the embedded content is completely isolated from the operating system and can be removed along with all active content, while the packages will return to their original state before work.
The session can be ended automatically by timer, or in the usual way.
Installation process: easier than Windows. You can download directly only the Custom Edition of the Common Edition, or the Special Edition for x86-64 Platform Developers.
For the end user, there is not much difference: the upgraded version has the certificates necessary for the defense industry, while Common does not. However, both work according to the general principles of Astra Linux, implementing separate access according to the laid down scenarios.
The installation process is extremely simple and is like two peas in a pod similar to other Linux distributions.
Of the major differences, it is worth noting the Russian documentation with pictures for installation and an understandable Russian-language interface with a choice of important details.
Among others, the same basic security elements, highlighted by a separate preset screen.
Installation is stable both on a regular hard disk and on a virtual machine.
Even a single-core processor with 512 MB of RAM and a 30 GB storage is enough for the system to work. Comfortable work assumes the presence of more than 1 GB of RAM and support for modern instructions for computing cores.
The appearance of Astra Linux is optimized as much as possible for ordinary users. Even the boot
screen and the login-password menu are familiar and simple.
The desktop is designed based on the familiar Windows interfaces, but uses many of the features of macOS / Linux by default. For example, the default action to launch a file or program is a single click instead of a double click.[3]
The user is offered 4 ready-made desktops, on each of which a set of icons is grouped to access a set of programs for a specific purpose.
There is a Win-shaped "Start" in the style of old OS versions with a grouping of built-in applications by type of activity.
The setting is carried out both in the proprietary terminal and using the graphical shell through a convenient control panel with a lot of settings.
The file manager inherits the dual-pane ideology of Windows Explorer, can mount archives as folders and calculate checksums, confirming the integrity of the components.
Browser - Mozilla Firefox or Chromium in standard Debian outfit.
The graphics editor is GIMP, EasyPaint, Inkscape and a number of proprietary applications for office work with images: scanning, recognition, screenshots.
LibreOffice with the GoldenDict dictionary was chosen as an office suite, and they are supplemented by the qpdfviewer viewer and the JuffEd text editor.
Multimedia programs are represented by VLC Media Pleer, QasMixer, Audacity, Clementine, guvcview.
In general, the system is ready for office use and does not require installation of additional applications, even providing certain alternatives.
Apt-get is used to install applications, but basic Debian applications require manual installation or adding them to the list of allowed repositories.
Almost everything is installed, but a number of applications will require additional permissions or will only function inside their own location folder.
There are no restrictions on the use of any applications: protection is carried out at the operating system level, so there are no restrictions and you can connect any repository. Likewise with installing from downloaded packages.
If necessary, you can install both a virtual machine (there is its own development from the Astra Dev.), And Wine to run Win-applications.
The only problem for novice users may be the lack of proprietary video drivers for Nvidia cards. But Open GL and Direct X support comes out of the box.
When the program tries to perform an "extra" action, for example, by independently accessing the file system outside its own directory, Astra will offer to confirm it with a password entry window with the details of the operation.
Full Russification and a convenient graphical interface allow you to make any settings of the operating system, up to fine debugging of permissions for a particular action.
Most of the settings do not require a terminal and are visible from under the user account. You can work with them by entering the appropriate password.
For selection, ready-made lists of basic user settings are prepared, such as conveniently changing the time, how to switch layouts or system actions when connecting a device.
You can cut off your computer from external resources or put your PC into fully protected mode from the terminal.
The only inconvenience is the strange implementation of hotkeys: although they completely duplicate their counterparts from WIndows by default, in some cases they stop working.
For example, Esc, which closes the active window on the desktop or in the active program, suddenly refuses to act in the settings panel.
Especially interesting are the additional operating modes of Astra Linux, which can be turned on right on the start screen of the system: "Tablet mode" and "Mobile mode".
Both the one and the other interfaces represent a basic shell, optimized for work on touch screens of large and small diagonals, respectively.
The cursor is invisible in tablet mode, the button for closing applications is moved to the taskbar. Fullscreen applications work a little differently; files in the file manager are also selected differently.
However, only the applications built into the distribution kit will start in the user-friendly interface.
The mobile mode offers its own "launcher" fly, reminiscent in appearance and use of Android: similar desktops, the logic of the widgets, a long tap to call the menu.
Huawei has abandoned the beautiful Deepin in favor of Astra. It is more reliable,apparently, Huawei will use Astra for its servers in Europe, and also plans possible sales of laptops with Astra. Chinese developers have a very good, beautiful and convenient Deepin Linux, also based on Debian with its own Deepin Desktop Environment and a set of utilities. However, in April 2018, Deepin Linux version 15.5 was compromised by spyware disguised as a standard utility from the system kernel. Therefore, Russia has become a "third party" for Huawei, a guarantor of security on the part of the operating system.
For those who have used popular Linux, Windows or macOS distributions, Astra Linux will become intuitive and will not require any significant time to get used to.
The interface is so close to the existing standards that grandma can handle it. Similarly, a set of basic applications is assembled: all of them are either already used by the user, or copy the interfaces of other popular applications.
"Hardware" detects instantly, so there will be no problems with installation and startup.
At the moment, all user and professional solutions that are freely sold in Russia are listed among the hardware partners of Astra Linux that provide the necessary data for system optimization.
The top lines on the corresponding page are occupied by Acer, HP, Dell and many other major suppliers.
Based on all of the above and our own experience, we can confirm that Astra is completely ready for mass implementation and can be used for any task.
One system for all platforms. But is it worth installing it now? Like any self-respecting Debian, Astra Linux boasts a fairly old kernel and outdated repositories. It will not be able to catch up with Ubuntu.
Accordingly, even for Linux, Ubuntu-compatible distributions are preferable. And even better-the latest versions of macOS and Windows (choose and combine to taste).
In the absence of the need for special secrecy of stored data and operations, they are faster and offer more opportunities in any scenario.
Backdoors and convenience against old versions of programs with full protection? Everyone chooses for himself. But with Astra, it's not scary, and it's quite convenient.
References
1. П.В. Буренин, П.Н. Девянин, Е.В. Лебе-денко и др.; Под ред. доктора техн. наук, профессора П.Н. Девянина. 3-е издание, перераб. и доп. М.: Горячая линия - Телеком, 2019. 404 с.: ил. ISBN 978-5-9912-0807-9.
2. Учебное пособие для вузов. Девянин П.Н. 3-е изд., испр. и доп. М.: Горячая линия — Телеком, 2020. 352 с.: ил. ISBN 978-5-9912-0866-6
3. Девянин П.Н., Ефремов Д.В., Кулямин В.В., Петренко А.К., Хорошилов А.В., Щепет-ков И.В. М.: ИСП РАН, 2018. 180 с.
