Linux

Overview of Astra Linux, an operating system for special services and security forces

While US sanctions threaten Huawei, the corporation is on the alert. The fate of Android on board its smartphones is not yet clear, but laptops for the Chinese market have already received Deepin Linux.

What will happen next? It seems that the Russian market also received its own distribution: the company announced that server solutions will ship with  Astra Linux on board.

What it is?

Astra Linux is a special-purpose operating system based on the Linux kernel, designed to comprehensively protect information and build secure automated systems.

The initial development was organized for the needs of Russian security forces, special services and government agencies. To lower the threshold of entry and popularization, the release was divided into

The first is intended for ordinary users and developers. The second is precisely the “military” OS, which meets all the necessary standards.

An important feature of Astra Linux was the protection of the OS, the data and programs used: the system provides a degree of protection of the processed information to the level of state secrets of “special importance” inclusive.

That is, even the most important documents will not leak , which confirms the presence of a certificate of the Ministry of Defense, FSTEC and the FSB of Russia. Even “Comrade Major” will not receive anything without physical contact with the computer.

It is included in the  Unified Register of Russian Programs of the Ministry of Communications of Russia , therefore it can be used to execute the transfer of the order to switch to domestic software in commercial and non-commercial organizations.

The developers of the system represented by JSC NPO RusBITech managed, according to them, to link the legislative requirements of the Russian Federation to operating systems with the “spirit and requirements of the GPL license ”.


Astra even has its own virtualization suite. Commendable

Astra Linux unexpectedly among the mass of protected Russian distributions turned out to be the most successful : it will become the main one for the Ministry of Defense.

The first movements began already in 2018: then the military decided to abandon Windows in favor of Astra, and this year pre-production versions of tablets for use in  especially demanding tasks appeared (we will talk about this below).

The basis of Astra Linux and its variants

Debian has become the base distribution for Astra, which allows you to use standard packages for .deb-based installations.

Source codes for the user version of the OS are available on the developer’s website. Access to the source of advanced protected options is available upon request.

Thanks to this, Astra became the “officially recognized” Debian branch, and NPO RusBITech JSC entered into a partnership agreement with The Linux Foundation and The Document Foundation.


Open source, protection and normal programs? Reality if there are serious partners.

The system is optimized for all existing platforms, including distributions for

  • x86 / x64 desktop computers and laptops (Smolensk and Oryol),
  • ARM platforms (Novorossiysk),
  • Elbrus processors (Leningrad),
  • fault-tolerant servers with the architecture of IBM System z (“Murmansk”),
  • MIPS-systems (“Sevastopol”),
  • POWER systems (“Kerch”).

This provides a unified environment for the development and operation of the same packages on any computers, equipment, and even integrated solutions. Unification in such cases is very convenient.

In addition, during the implementation of the partnership agreement with Huawei, in February 2019, an optimized version of the distribution kit was introduced at the Tianwan NPP in the server systems of the Chinese partner.

How is OS protection implemented?


The start window does not issue a terminator among the OS

Astra Linux Special Edition considers the same user depending on the action as different users (the so-called “credential access”) and creates separate home directories for them, simultaneous direct user access to which is not allowed.

In total, the system uses 256 access levels (from 0 to 255) and 64 access categories, delimiting access to various operations with files, file system, TCP / IP stack, and much more.

The decision to prohibit or allow user or program access to a file or its block is made based on the type of operation (read / write / execute) and the template security standard based on its own patented model that applies to information flows in the system.

The unique hierarchy included in the patent allows you to accurately distinguish the user from malware or unauthorized control from the outside and independently determine the OS compromised (inappropriate access rules) files and prevent access to such files or operations to the distribution and file system.


The system controls every program step.

Astra Linux does not have much of the known vulnerabilities that affect operating systems: malware cannot work with memory, integrate into OS code, or run directly from the network.

In the event that the executable code is downloaded, its launch is carried out in a protected area of ​​memory , which restricts access to data and the system at all levels.

The operating system, its files and individual elements are hashed, logged and compared with the reference ones, which completely eliminates the substitution or change of the OS code.

User Modes

After installation, Astra is ready to use without any configuration.

For those cases when additional protection is needed, it is possible to create new users with certain rights and start working sessions in nested mode (something like “window-in-window”).


Nested Session

At the same time, the embedded content is completely isolated from the operating system and can be deleted along with all active content, while the packages will return to their original state before work .

The session can be completed automatically by timer, or in the usual way.

Installation process: easier than Windows

Directly, you can only download the custom version of Common Edition, or the Special version for developers of x86-64 platforms.

There is no big difference for the end user: the upgraded version has the necessary certificates for the defense, Common does not. However, both work according to the general principles of Astra Linux, implementing separate access according to the laid scenarios.

The installation process is extremely simple and like two drops of water is similar to other Linux distributions.

Of the major differences, it is worth noting the Russian documentation with installation pictures and an intuitive Russian-language interface with a choice of important details.

Among others, the very basic security features highlighted in a separate preset screen.

Installation is stable both on a regular hard drive and on a virtual machine.

Even a single-core processor with 512 MB of RAM and a 30-gigabyte drive is enough for the system to work. Comfortable work requires the presence of more than 1 GB of RAM and support for modern instructions of the computing cores.

Appearance: no need to get used to

Appearance Astra Linux as much as possible <g> is optimized for mere mortals . Even the boot screen and the login-password menu are familiar and simple.

The desktop is designed based on familiar Windows interfaces, but by default it uses many features of macOS / Linux. For example, by default, a single click instead of a double click is the action to launch a file or program.

The user is offered 4 ready-made desktops, on each of which a set of icons is grouped to access a set of programs for a specific purpose.

There is a Win-shaped “Start” in the style of old versions of the OS with a grouping of embedded applications by type of activity.

Setup is carried out both in the corporate terminal, and using the graphical shell through a convenient control panel with a ton of settings.

Basic set of programs: for all occasions

The file manager inherits the two-panel ideology of the Windows Explorer, can mount archives as folders and calculate checksums, confirming the integrity of the components.

Browser – Mozilla Firefox or Chromium in standard outfit for Debian. Modestly and tastefully.

The graphics editor is GIMP , EasyPaint , Inkscape and a number of proprietary applications for office work with images: scanning, recognition, creating screenshots.

We chose LibreOffice with the GoldenDict dictionary as an office suite, and complemented by the qpdfviewer viewer and the JuffEd text editor.

Multimedia programs are presented by VLC Media Pleer, QasMixer, Audacity, Clementine, guvcview.

In general, the system is ready for office use and does not require the installation of additional applications, even providing certain alternatives.

Where to get software?

Apt-get is used to install applications , but basic Debian applications require manual installation or adding them to the list of allowed repositories.

Almost everything is installed, but a number of applications will require additional permissions or will only function inside their own location folder.

There are no bans on the use of any applications: protection is carried out at the operating system level, so there are no restrictions and you can connect any repository. Same as installing from downloaded packages.

If necessary, you can install a virtual machine (there is a proprietary development from Astra Dev. ), And Wine to run Win-applications.

The only problem for novice users may be the lack of proprietary video drivers for Nvidia cards . But support for Open GL  and  Direct X  comes out of the box.

When an application attempts to perform an “unnecessary” action, for example, by independently accessing the file system outside its own directory, Astra will offer to confirm it with a password entry window with operation details .

Settings and features

Full Russification and a convenient graphical interface allow you to make any settings of the operating system, up to fine debugging permissions for a particular action.

Most of the settings do not require a terminal and are visible from under the user account. Work with them is possible by entering the appropriate password.

Ready-made lists of basic user settings are prepared for selection, such as a convenient change of time, a way to switch layouts or system actions when connecting a device.

You can cut the computer from external resources or put the PC in fully protected mode from the terminal.

The only inconvenience is the strange implementation of hotkeys: although by default they completely repeat the analogues from WIndows, in some cases they stop working.

For example, Esc , which closes the active window on the desktop or in the active program, suddenly refuses to act in the settings panel.

Mobile Modes


Tablet mode

Especially interesting are the additional modes of operation of Astra Linux, which can be enabled directly on the start screen of the system: “Tablet mode” and  “Mobile mode” .

Both interfaces represent the basic shell optimized for operation on touch screens of large and small diagonals, respectively.


Mobile mode

The cursor in the tablet mode is invisible, the application close button is placed on the taskbar. Full-screen applications work a little differently, files in the file manager are also selected differently. However, in the user-friendly interface, only applications built into the distribution kit will be launched.


Widgets

The mobile mode offers its own “launcher” fly, reminiscent of the appearance and use of Android: similar desktops, the logic of widgets, a long tap to open the menu.

Why not Chinese Deepin


Huawei has abandoned the beautiful Deepin in favor of Astra. She is more reliable

Apparently, Huawei will use Astra for its servers in Europe, and is also planning possible sales of laptops with Astra.

Why, after all, Huawei and Honor for the domestic market of China are equipped with the preinstalled Deepin?

Chinese developers have very good, beautiful and convenient Deepin Linux , also based on Debian with its own Deepin Desktop Environment and a set of utilities.

However, in April 2018, Deepin Linux version 15.5 was compromised by spyware disguised as a standard utility from the system core.

Therefore, Russia has become a “third party” for Huawei, a guarantee of security on the part of the operating system.

Astra Experience


You can write texts, process photos and work with documentation

For those who have used popular Linux, Windows, or macOS distributions, Astra Linux will become intuitive and will not require any significant time to get used to.

The interface is so close to existing standards that grandma can handle it. A similar set of basic applications is compiled: all of them are either already used by the user, or they copy the interfaces of other popular applications.


Resources need a little

“Iron” determines instantly, therefore, any problems with installation and launch are not expected.

Currently, among the Astra Linux hardware partners that provide the necessary data for optimizing the system, there are all user and professional solutions that are freely sold in Russia.

The top lines on the corresponding page are Acer, HP, Dell and many other major suppliers.

Based on all the above and our own experience, we can confirm: Astra is completely ready for mass deployment and can be used for any tasks.

Is it worth a try?


One system for ALL platforms. Dreams Come True

Another thing, is it worth it to install now? Like any self-respecting Debian, Astra Linux boasts a rather old kernel and outdated repositories. She will not be able to catch up with Ubuntu.

Accordingly, even for a Linuxoid, Ubuntu-compatible distributions are preferable. And even better – the latest versions of macOS and Windows (choose and combine to taste).


It is interesting to use Astra in work. She is not needed at home

In the absence of the need for special secrecy of the stored data and operations, they are faster and offer more options in any scenario.

Backdoors and convenience against older versions of programs with full protection? Everyone chooses for himself. But with Astra is not scary, and quite convenient.

Back to top button