What is CHAOS?
CHAOS is a CD or PXE based Linux and openMosix cluster distribution. The CHAOS
distribution fits on a single business card sized CDROM. This tiny disc will boot any
i586 class PC (that supports CD or PXE booting), into a working openMosix node, without
disturbing (or even touching) the contents of any local hard disk. Ideal for large-scale
adhoc clusters, once booted, CHAOS runs from memory allowing the CD to be used on the
next node (and allowing for automated rebooting into the host OS). CHAOS aims to be
the fastest, most compact, secure and straight-forward openMosix cluster platform available.
CHAOS is the supercomputer for your wallet.
Where can I download the latest version of CHAOS?
CHAOS is available from the primary site
http://itsecurity.mq.edu.au/chaos/isos/ The current release version is CHAOS-1.5.
There are no mirror sites for CHAOS.
NB: CHAOS is moving to midnightcode.org .. stay tuned ..
So, what does CHAOS stand for?
CHAOS is a word that ends in "OS". We found it on dict.org by
using regular expressions one day when we were looking for cool names for the distribution.
CHAOS could also be considered an acronym for "Check it out dude!", "Hmmephnuhermuph!",
"Ah, sweeeet." OS.
Why does CHAOS exist?
The IT Security group are expected to provide advice on fit-for-purpose
security (including cryptographic) solutions within the organisation. This function of risk
management, often turns out to be an expectation that the IT Security group will provide
demonstrable proof that an unsuitable security solution is really, truly,
unsuitable (after all, who's best practice does best practice really reflect?).
What inspired you to build it?
Inspired by the power of grid computing without code reauthoring, we set
about building an adhoc openMosix cluster environment; taking advantage of the night-time
power-cycles that are left unused by hundreds of desktop PCs. Exploiting this massive
capacity, we will effectively leverage our capabilities through existing infrastructure
assets. Alternatively, I guess you could say that we've stolen someone else's PC ROI ;-)
What inspires continued development is the value-add that the broader openMosix
community has come to take from CHAOS - the opportunity to expand small dedicated clusters,
securely, into the broader enterprise and public networks.
But, why create another openMosix cluster distribution?
The focus of our work is not the distribution, rather, it is the
work that is to be done on the cluster itself. All of the openMosix distributions
that we checked out were either clumsy or bloated. PlumpOS had the right idea, but
it was still too big to fit on a business card CDROM, too manual to allow for wide
distribution, and lacked some of the more gracious security features that have been
added to CHAOS.
CHAOS is a business tool, designed to remove the low level technical
complexity from dynamic cluster deployment, by providing a secure and stable platform
that can be readily deployed using existing network management technologies, in any
organisation, anywhere in the world.
What features does CHAOS have over other distributions?
$99.95 .. $9.95 .. $nuthin! .. you too can have;
- Live CD or PXE; runs from ram after loading from media - nil installation!
- 6Mbyte OS footprint; fits on a business card
- Feature packed Linux Kernel (2.4.26) - incl. mmap and mremap patches
- Latest openMosix software (kernel 2.4.26-20040706, user tools 0.3.6-2)
- Heterogeneous distribution support (ClusterKnoppix and Quantian)
- Support for high resolution consoles (1280x1024 - that's crazy)!
- Automatic IP configuration; boot with DHCP/BOOTP/RARP or manually
- 3DES encrypted network communications; IPSEC - fully meshed!
- Stateful packet filtering; only 80/TCP 500/UDP and ESP network accessible in IPSEC mode
- Custom INIT binary; fast, zombie-free, clear (color coded), and inflexible! ;-)
- World first Terrence-n-Phillip daemon (autodiscovery like you've never seen before)!
- New Terrence-n-Phillip helper daemon "get-m", means keyless clusters!
- Supports most i586/PCI hardware (apple schmapple)
What's changed since the last release version?
Since CHAOS 0.7, CHAOS 1.5 has had the following improvements made;
- Simplified boot options are very user oriented ("n1" to start a new cluster, "j1" to join a cluster)
- 5.8Mbyte ISO; down from the previous 8.1Mbyte ISO (30% size reduction)
- ACPI support;
- Advanced Computer Power Interface allows graceful node shutdown on power events
- GET-M support;
- tiny new daemon that works like sonar to detect nodes and add them to /var/run/get-m.info
- SETI@home support;
- a single boot option to run a host as a dedicated diskless SETI@home node
- SSH support;
- each node generates a uniqe key pair, shared by tyd for passwordless root ssh
- default users are included - u/p; [user/default 1.0] and [root/default 2]
- HTTPD goes massive;
- option to start an http admin interface (HTTPD=2)
- gracefully reboot nodes remotely with http://[node]/admin/reboot.cgi
- default user is included - u/p; [operator/wellsandlake]
- web content authored to better support more browsers
- INIT goes massive;
- improved boot performance (system boots and finds a cluster faster than a CD eject)
- implemented correct run level facilities
- implemented virtual terminals 1-4, and one key reboot for lock down mode
- improved network detection; kernel configured interface is now passed to tyd
- improved CDROM support, no system-wide seeking, and ejecting CHAOS media only
- improved power support, shutdown (RL0) shuts down and reboot (RL6) reboots
- implemented provision for user generated start/stop script; /etc/rc.local
- implemented comprehensive boot-prompt option support
- TYD goes massive;
- automatically pre-shares all public keys for passwordless root ssh
- reading /var/run/get-m.info, tyd automatically pre-fills the "-m" paramater
- improved support for modern VMware versions (v4.0.1 -> v4.5.2)
- improved support for coLinux via CosMos
- Other changes;
- implemented buffered syslog (use logread to read log entries)
- added CHAOS specific /etc/services
- added CHAOS specific /etc/protocols
- added reasonable /etc/profile for shell users
- added sample /etc/rc.local for third party start/stop option
- added more shell utils (vi, more, etc) for shell users
- up to ver 1.1, CHAOS did not have the mmap and mremap patches, CHAOS-1.2+ does
- added rough PCMCIA support, and then made some improvements
- added invalid TCP packet filtering
- added filtered packet logging for improved security/auditing
- Updated old packages - software currently included;
- acpid-1.0.3, busybox-1.00-pre10, chaos-utils-1.5, dhcp-3.0.1rc13, freeswan-2.05,
glibc-2.3.2, gmp-4.1.2, iptables-1.2.9, linux-2.4.26, ncurses-5.4, openmosix-2.4.26-20040706,
openmosix-tools-0.3.6-2, openssh-3.8.1p1, openssl-0.9.7d, pcmcia-cs-3.2.7, readline-4.3,
setiathome-3.08, tftp-hpa-0.36, thttpd-2.25b, tyd-1.5, web-content-1.5, zlib-1.2.1
- All source code is now published online; http://itsecurity.mq.edu.au/chaos/source/
Since CHAOS 0.7, CHAOS 1.5 has had the following negative changes made;
- All security assessment tools have been removed, to be added to a tiny USB add-on image
- Certaintyd, while still included, is no longer activated on any boot option.
Where are the screen shots?
We have produced an action-page of CHAOS screen shots
Where can I get the CHAOS Wallet that I heard about?
A small, reserved, page has been established to pay homage
to the masterfully-crafted, CHAOS Wallet.
Who are the authors?
Other than the thousands of open source developers who have contributed
software to this distribution; FIAT, 8o88yD1g1t4L and Gobbledok are just three guys
who were prepared to work outside of their regular office hours, to make something a
little bit special.
Who uses your software?
CHAOS has been downloaded more than twelve thousand times across dozens of
countries, world-wide. It has been retrieved by academic, research, commercial,
industrial, government and millitary organisations all over the world.
Is any version of CHAOS ITSEC or Common Criteria certified?
No. But, we would be happy to do what we could to assist someone who
may wish to attempt to gain ITSEC/Common Critera certification, on this distribution.
Future releases of CHAOS are planned to include dynamic clustering via
typically deployed secure gateways. This technology will be implemented in a manner that
will allow organisations to deploy dynamic, ad-hoc SSI clusters, compliant to any existing
ISO 17799:2003 policy structure.
And your source code is .. ?
Available online at
http://itsecurity.mq.edu.au/chaos/source/, and GPL. Note, though, that CHAOS is not maintained
by the Mosix, openMosix or Linux Kernel development groups; Please do not harrass these people
with your CHAOS problems - d'ey are likely to send da'boyz 'round t'break y'legs.