A positive review is one that calls its two complaints "nits,"
and that's what gets delivered by the DukeOfURL here in its look at
EnGarde Secure Linux, an e-commerce oriented distribution that's
been picking up positive evaluations from a number of reviewers
lately:
EnGarde Secure Linux by Guardian Digital is one of the
many new distributions of Linux dedicated to providing security on
a network. Guardian Digital was formed in 1999 and is the primary
sponsor of LinuxSecurity.com. They also provide a series of
security-focused products, of which EnGarde Linux is one. Yet,
EnGarde plays a key role in their overall product line. One of the
more notable products it can be found on is their Lockbox products,
a series of network server appliances which are engineered with a
focus on security.
EnGarde, which is a secure e-commerce solution, is managed by a
web-based interface, aptly named Webtool, via a 512-bit SSL
connection. It is a great way to manage a system, one that I prefer
over the multitude of installable, proprietary, management systems
that need to provide support for multiple operating systems.
In fact, SSL plays a large part in the design of their system.
OpenSSL is integrated right into the system so that customers can
build secure e-commerce site. On top of that, they have also
successfully integrated OpenSSH to provide administrators a secure
shell to manage data and the the system remotely.
Other security features are intrusion detection (what system
doesn't need this?), extensive system logging, and security policy
enforcement. The intrusion detection is fine-grained and easy to
setup. If a service is accessed by unauthorized means the
administrator is notified immediately. Logging can be configured to
be general or specific and is event-based. You can also configure
your logs to be stored on the server in one, or several, locations
on the network. Security policies such as password length and
password expiration are easily enforced and automated. It's just a
matter of clicking a few options and things are completely set up.
You can also restrict the commands that a user may access.
As part of the focus on security, EnGarde comes with Postfix as
its mail transfer agent of choice. The reasons cited on their web
site are that Postfix is both easy to secure and easy to administer
mail. Guardian Digital manipulated Postfix somewhat so that only
the privileges required to run the mail program are active and so
that it can not be easily compromised.
Apache web server is the basis for the web services on EnGarde
Secure Linux, and it is fully manageable through the WebTool
interface. You can create virtual domains, set up site-specific
logging, implement secure server services on each domain, and
provide Perl and PHP access for CGI scripting.