the Exocomm Linux Operating System
when we say full-stack, we mean full stack
The OS Exocomm OS is a complete Linux-based operating
system that has been purpose-built to meet the needs of Exocomm clients.
The Exocomm Operating System is a fusion of both open-source and
proprietary software, designed to provide a secure, high-performance
common platform suitable for mission-critical requirements.
We're pretty unique in that we can offer a "full stack"
solution (rather than being stuck with specific platform vendors like
Apple or Microsoft), enabling our customers to build any application
they can dream of -- you pick the device, we'll handle the entire
software stack. From tiny "Internet of Things" sensor nodes to
enterprise storage and information security applications, we've got the
whole stack for it, right here. We're big fans of open-source software.
The Exocomm OS powers firewalls,
compute nodes, routers, video displays,
infrastructure servers and many other applications.
Exocomm's ongoing role in maintaining the Operating System includes:
- auditing of all system configuration files such as password, protocol and service lists to reduce system complexity and mitigate
potential vectors for unauthorized use of services
- elimination of any software packages not necessary for delivery of product services, to produce an "embeddable" operating system
- development of an automated testing framework suitable for performance, build verification (BVT) and remote integrity checks
- isolation of privileged functions from non-privileged (end-user) services, including the use of "jail" environments
- evaluation and cross-product unification of the tool-chain utilized in product development, including compilers, revision control
systems and debugging utilities
- evaluation and implementation of third-party auditing tools such as StackGuard, Valgrind and dmalloc, designed to defeat common
remotely-exploitable error conditions including buffer overflows, memory leaks, resource exhaustion (Denial of Service) and privilege
- implementation of long-term plans to identify security-oriented audit policies, and plan work towards compliance with these
- architecture-specific builds which allow our software to leverage the unique features of our hardware components, for example
multi-core hyper-threading technology for high-performance enterprise variants versus energy-efficient, ultra-reliable processors
- optimization of the TCP/IP stack and memory-management components for DNS and DHCP services
- development of a fully automated build system capable of compiling and packaging both proprietary and third-party code
- protection of Exocomm intellectual property via run-time encryption algorithms
- evaluation and enforcement of a unified filesystem ACL (Access Control List) and storage quotas, to mitigate the risk of
access or software component failure
- creation of a universal installation/recovery media package, suitable for delivery to end-users on CD, USB key or portable hard
- introduction of HA (High Availability) modes of operation including redundant fail-over (FO), load balancing (LB) and multi-node
- creation of a common control API allowing common OS-level functions to be called by proprietary product code; for example
firewall access control policies, starting/stopping service daemons, or rebooting the system
- unification of system event/error logs into a single human-readable file, to support rapid diagnostics and end-user device
- placing responsible developers in direct contact with third-party software vendors, in order to foster a mutually beneficial
relationship in which software vulnerabilities and performance data are communicated rapidly and accurately
- elimination of dependencies which could prevent or delay the future porting of our products to other operating systems or
including RTOS (Real-Time Operating System) and virtualized environments
- complete and automatic auditing of software component licensing and copyright requirements
- streamlining of software installation, recovery, update and patch processes, eliminating the role of the end-user in maintaining
complex and interdependent software modules and providing the ability to respond more rapidly to emerging security risks
- implementation of unified system monitoring functionality, supporting both real-time and polling checks within Exocomm, to detect
potentially catastrophic conditions such as storage component failure, ACL (Access Control List) violation attempts and process crashes
- formal implementation of the "agile" software development methodology
- optimization of file-system (FS) components for fault-tolerance and high efficiency
- automation of data back-up, integrity verification and restoration procedures
When the Exocomm OS boots up, you can select one of
several modes from the menu.
For cloud-based installations, the entire installation
and configuration process will occur automatically. This requires a
licensed copy of the Exocomm OS. When this mode is used, all of your
basic configuration options are burned in to your installation image no
user input is required.
After booting your Exocomm OS media, select the
interactive installation menu option to install the Exocomm Linux
Operating System. This allows you to enter basic setup information from
the console. Interactive installation mode is always available on
licensed or generic media. If you have a licensed image, the automatic
installation mode can be used to install your device without entering
any configuration information.
We've designed the installation process to be fast and
easy. Most machines should take no more than a few minutes to
During installation, the primary storage device
(generally the SDA SCSI device, or primary flash chip) will be securely
erased. Nothing from the previous operating system will remain. This
ensures no artifacts from a previous operating system remain on the
storage medium (for example, sensitive data from a previous
installation). The process also ensures the storage device is working
correctly (that there are no bad blocks on the device). This
pre-allocation of storage blocks also tends to improve performance in
some virtualization environments, because the machine is more likely to
allocate a contiguous set of blocks, rather than scattering them around
different discs or regions of the disc).
This operation can take some time, since every block on
the storage device is written but by doing this, the installer ensures
that the node is clean no sensitive data remains from previous
installations, and that the storage device is in perfect working
condition. Its far better to discover a faulty hard drive or flash chip
at installation time than to find out weeks later when the machine is in
WARNING : Please be careful! Make sure you are
installing the right image on the right machine! All existing data on
the computer will be erased. It is not possible to recover any data from
the computer after this operation! Back up all data before booting the
Exocomm OS installer!
Enter the host name for your machine.
Enter your desired root password.
Select the type of link (ethernet or wifi) you wish to
use for your default gateway.
Select the address allocation mode for your default
If using a static address, enter the IP address,
netmask, gateway and DNS server information.
Now that you've entered basic configuration
information, the installation begins.
You're done! Remove your installation media and press
ENTER to boot up your device.
Select the "text" option to start the Exocomm OS.
The hardware diagnostic mode will test the machines RAM
and storage devices. This operation is destructive!
forensics / recovery mode
The forensic boot mode is designed for the extraction
or recovery of data from a running machine. Its useful for forensic
work, for data recovery for debugging of kernel crashes. This mode will
permit the capture of raw memory (for example, to recover a key or other
evidence from a running machine). The kernel will use only 64 MB of
memory; thus there is a risk that some data will be overwritten by the
running kernel, but in most cases this is sufficient to recover most or
all of the desired data from a running machines memory or hard
When booted in this mode, no storage will be touched,
no network devices
are available, and only a small amount of RAM will be tainted. However,
you can attach USB-based storage devices on which to store recovered
data. You must mount the storage and perform the recovery procedure
accessing the memory of a warm-booted machine
Weve had some customer requests to allow forensic examination of a
systems RAM (a malicious employee had encrypted the filesystem, locked
the workstation and left, customer needed the encryption key from memory
to access critical company data).
The Exocomm OS supports this, but it is important to realize that some
memory will be tainted during the boot process. To access the machines
memory, you must insert the fmem module :
Module: insmod fmem.ko a1=0xc104d530 : OK
----Memory areas: -----
reg00: base=0x07d000000 ( 2000MB), size= 16MB, count=1: uncachable
reg01: base=0x07e000000 ( 2016MB), size= 32MB, count=1: uncachable
reg02: base=0x000000000 ( 0MB), size= 2048MB, count=1: write-back
reg03: base=0x079e00000 ( 1950MB), size= 2MB, count=1: uncachable
reg04: base=0x0d0000000 ( 3328MB), size= 256MB, count=1:
recovering data from a failed storage device
The Exocomm OS provides a number of tools for data
recovery. The diagnostic boot mode can be used to identify problem
devices, and the recovery mode can be used to fix things. Here are some
general suggestions for using the Exocomm OS in a data recovery
First, examine a SMART report for the failed device.
This information can be useful, but is not absolutely definitive the
device may still die even if SMART reports that everything is okay!
SMART can tell us how long the storage device has been in service, how
many power on/off cycles it has endured, the highest operating
temperature it has sustained, and so on. Based on MTBF and other
parameters, SMART can give you some indication as to when the device can
be expected to fail in the future. If the device cannot be seen at this
point, you probably have a hardware failure.
Next conduct a read-only, block-level test of the
device (preferably a copy, to a rescue storage device such as a portable
USB hard disc). If this succeeds, your storage device is healthy. You
can then optionally conduct a write test as well. If this also succeeds,
your device is fully functional at the block level. If this test/copy
fails, youve got problems such as a worn-out flash disc or damaged
media. Use the ddrescue tool to run a block-level copy which will
tolerate these read errors, making a copy to a rescue media. You then
have a block-for-block copy of the failing device, minus any blocks
which could not be read (these blocks will be forever lost).
Once you have rescued the block-level filesystem image,
try and mount the image. If the image does not contain the data you
expect (it has been reformatted or otherwise damaged), use the testdisk
tool to search for partitions. If appropriate, recover the partition
table on the device, then extract files of interest from those
partitions (by mounting the appropriate partitions).
If no partition tables / filesystems are found, your
filesystem is very seriously damaged. Your last resort is to run a
signiture-based restoration using the photorec tool. This will recover
the undamaged files from the damaged filesystem, but you will lose all
filesystem metadata in the process this includes the file names,
directory structure, timestamps and so on!
You can then perform specific recovery tasks on the
restored files. It is unrealistic to rebuild an entire filesystem from
these recovered files in most cases at this point you will probably need
to target specific critical data for recovery; for example if you have a
MySQL database, you may be able to extract table data from recovered MYI
Once your filesystem has been restored, use the fsck
tool on an ongoing basis to monitor its integrity.