This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature: Linux

Test drive: EnGarde Secure Linux

By Irfan Habib on November 23, 2005 (8:00:00 AM)

Share    Print    Comments   

EnGarde Secure Linux is a server-based distribution developed with security in mind. It comes with a minimal set of services so that the server is not unnecessarily exposed, and no superfluous software -- including no X Window-based window manager. Even compilers, such as GCC, are not included. Yet EnGarde enables you to run any sort of Web presence, from a simple mail server to a complete e-commerce site.

EnGarde's hardware requirements are modest. The developers recommend a system with at least a Pentium class processor, with 32MB of RAM or greater, a hard drive of 2GB, and one PCI network interface card.

Since EnGarde is made for servers, it comes with just a simple command-line installer, which asks for a little information from the admin -- except when it comes to setting up the network -- and mostly does hardware detection by itself. EnGarde does not detect exotic hardware devices such as high-end graphics cards or any peripheral devices not common on servers. It just detects essential hardware for servers, such as network interfaces, SCSI peripherals, and RAID controllers.

A common complaint with previous EnGarde versions was that it did not allow an admin to partition the drives manually. This feature has been added to the latest version, while the old automatic partitioning option has been retained.

After the partitioning section, the administrator can select the packages he wants to install. EnGarde comes with MySQL 5.0.13, Apache HTTPD 2.0.55, and PostFix MTA SMTP server 2.5.5.

To manage EnGarde after it has been installed you can use either of two interfaces: one is the shell, and the other is a secure, user-friendly Web-based administration utility called the Guardian Digital WebTool (GD WebTool). With this tool you can administer a server from any platform with a browser and control every aspect of the system. That offers great potential for servers' physical security. It enables you to administer a server without having physical access to it, so you can lock the server in a secure place and manage it from any network-connected device. Remote access to the distribution is limited to SSH and the WebTool.

The GD WebTool is always running through its own personal Web server, which allows connections only via SSL and can be accessed on port 1023. When you enter the main screen, you see a page with a menubar on top. The second menu item, called Service, is the most important one. This menu contains links which lead to pages where the admin can control all the services EnGarde can host. You can view general server configurations, configure the DNS server, manage email services, and configure SMTP and POP/IMAP servers. You can also set up an FTP server, manage SSH, and manage the Web server, all from the browser.

Through the System menu, you can access a variety of security-related settings, backup, and maintenance functions such as specifying the machines that can connect to the server, or which machines can access the GD WebTool. Through this menu you can also navigate to the firewall configuration page. Configuring the EnGarde Firewall through the GD Webtool is a snap: you can configure global firewall settings, shut down and restart the firewall, add trusted and un-trusted interfaces, enable or disable firewall modules that enable or disable services such as FTP and PPTP to be transferred through the firewall, set up port forwarding rules, and set blacklists of hosts and networks from which to block access. From here you can access the Guardian Digital Secure Network page, which allows organizations to manage the software configuration of their EnGarde installations within its domain. It includes access to software updates, technical support, and security information alerts.

In the System Backup section the admin can create and restore backups and view the changes since the last backup was made. Nearly everything can be backed up, from user home directories and Web server files to DNS configurations. You just specify what is to be backed up, in what frequency, and what to exclude from the backup.

If you want to restore from a backup, you can see a list of available backups with the dates they were made, and of what type they are. Select one and click Restore Backup. After restoring a backup, you'll see a report of what was restored and what was changed in the system.

One feature I would like to see in this section is the SELinux configuration. EnGarde ships with SELinux, but the user is not provided with a user-friendly interface to compile SELinux policies.

Through the Auditing menu you can access the system logs, including PHP, mail, Apache, and MySQL logs. Finally, this section also lets you generate, schedule, and view Tripwire reports.

The GD WebTool is innovative and well-designed and lets you get productive quickly. I would like to see other distributions adopt such a tool, as it allows transparent access to the system from any platform for which a Web browser has been developed.

Conclusion

Guardian Digital's EnGarde Secure Linux is a well-rounded server distribution that pays attention to even the smallest details. Anyone considering establishing a secure server or Web presence should consider it, as it offers tight security, and everything you need to configure a server out of the box is built into it.

The EnGarde Community Edition is licensed under the GPL and free to download. Guardian Digital offers three different "Media Kits," which amount to support plans. The Basic Media Kit, which is priced $299, offers the following perks: a downloadable ISO link, annual subscription to Guardian Digital Secure Network Update Module, access to online installation and configuration guides, and 15-day email incident support dealing with basic installation and configuration only.

The $729 Standard Edition Media Kit brings the user a source and binary CD-ROM of EnGarde, an annual subscription to Guardian Digital Secure Network Update Module, printed and online installation and configuration guides, and 60-day phone, email, and Web support. Support requests can deal only with basic installation and configuration.

The $1,629 Corporate Media Kit brings the most perks to the user, including all of the above and one year of priority phone, email, and Web support, where support requests can deal with anything.

Share    Print    Comments   

Comments

on Test drive: EnGarde Secure Linux

Note: Comments are owned by the poster. We are not responsible for their content.

Engarde is a great distro

Posted by: Anonymous Coward on November 23, 2005 10:30 PM
Our mail servers have been on Engarde since it was on Version 2, prior to that we where using MS Exchange, which crashed several times a month and we had a big issue with the user authentication, which locked everyone out. Engarde is simple and stable, and yet very powerful. Guardian Digital has done well, and so far I cant think of any feature that Guardian could add to improve the product.

#

EnGarde Community site

Posted by: Anonymous Coward on November 24, 2005 09:17 AM
Check out the community site to download EnGarde at <a href="http://www.engardelinux.org/" title="engardelinux.org">http://www.engardelinux.org</a engardelinux.org>

#

engarde woes

Posted by: Anonymous Coward on April 30, 2006 03:22 PM
downloading the iso from the website took me two days non-stop. i wondered if guardian digital did that on purpose so you could buy a cd off them. after the download, i tried the livecd version. you have to login from a remote machine, and guess what? the username/password did not work. i thought i had got the password setup incorrectly, but i was wrong. then after scouring the net for an answer, another reviewer said the only way they could get in was after installing the software. so i thought i'd do that, but lo and behold, the partitioning stopped me dead in my tracks. when i first saw the screenshots of the product i was impressed. now i have given up trying to install engarde. (i was using v 3.0.5.)

#

Requirements

Posted by: Administrator on November 29, 2005 04:27 PM
I like that EnGarde's hardware requirements are modest, should be a fun ride!

#

Test drive: EnGarde Secure Linux

Posted by: Anonymous [ip: 88.96.222.110] on August 10, 2007 10:30 AM
Excellent article, fully agree with it. EnGarde is stable and fully functional Linux.

Oliver
www.bross.eu

#

Test drive: EnGarde Secure Linux

Posted by: Anonymous [ip: 206.230.48.34] on January 16, 2008 03:50 PM
Best secure distro I've ever used.

#

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya