Using GUPI to Create A Box

This whitepaper introduces GUPI, a tool that helps administrators recognize removable packages. They can use it to create the Box, a Linux server administrators can use as a base for secure servers.The most efficient and secure Linux machines only run the software necessary to fulfill their assigned task, no more. Therefore, the goal of a security-minded administrator is to build machines to that standard. While it is easy to understand this concept, it is difficult to realize it. Unfortunately, the normal Linux distribution is a rat's nest of interdependencies, making it difficult to determine which packages to remove. This paper introduces Gremlin's Unnecessary Package Identifier, or GUPI, to solve this problem. GUPI identifies packages upon which no other packages depend, and designates these removable. GUPI then allows the user to mark these packages Remove or Keep. Given the user's input, it recalculates the new list of removable packages and presents it to the user. This tool allows the administrator to create the Box, a Linux-based server that has only enough software to boot and install additional packages as necessary. This machine provides a base from which administrators can build secure machines for their networks.