Linux Today: Linux News On Internet Time.

DukeOfURL: EnGarde Secure Linux 1.0.1

Jul 18, 2001, 01:41 (1 Talkback[s])
(Other stories by Daniel Christle)

[ Thanks to Patrick Mullen for this link. ]

A positive review is one that calls its two complaints "nits," and that's what gets delivered by the DukeOfURL here in its look at EnGarde Secure Linux, an e-commerce oriented distribution that's been picking up positive evaluations from a number of reviewers lately:

EnGarde Secure Linux by Guardian Digital is one of the many new distributions of Linux dedicated to providing security on a network. Guardian Digital was formed in 1999 and is the primary sponsor of LinuxSecurity.com. They also provide a series of security-focused products, of which EnGarde Linux is one. Yet, EnGarde plays a key role in their overall product line. One of the more notable products it can be found on is their Lockbox products, a series of network server appliances which are engineered with a focus on security.

EnGarde, which is a secure e-commerce solution, is managed by a web-based interface, aptly named Webtool, via a 512-bit SSL connection. It is a great way to manage a system, one that I prefer over the multitude of installable, proprietary, management systems that need to provide support for multiple operating systems.

In fact, SSL plays a large part in the design of their system. OpenSSL is integrated right into the system so that customers can build secure e-commerce site. On top of that, they have also successfully integrated OpenSSH to provide administrators a secure shell to manage data and the the system remotely.

Other security features are intrusion detection (what system doesn't need this?), extensive system logging, and security policy enforcement. The intrusion detection is fine-grained and easy to setup. If a service is accessed by unauthorized means the administrator is notified immediately. Logging can be configured to be general or specific and is event-based. You can also configure your logs to be stored on the server in one, or several, locations on the network. Security policies such as password length and password expiration are easily enforced and automated. It's just a matter of clicking a few options and things are completely set up. You can also restrict the commands that a user may access.

As part of the focus on security, EnGarde comes with Postfix as its mail transfer agent of choice. The reasons cited on their web site are that Postfix is both easy to secure and easy to administer mail. Guardian Digital manipulated Postfix somewhat so that only the privileges required to run the mail program are active and so that it can not be easily compromised.

Apache web server is the basis for the web services on EnGarde Secure Linux, and it is fully manageable through the WebTool interface. You can create virtual domains, set up site-specific logging, implement secure server services on each domain, and provide Perl and PHP access for CGI scripting.

Complete Story - 7 Pages
Complete Story - 1 Page (Printable Version)

Related Stories: