is a relatively old name in the world of Linux
distributions. In development since 1999 by Guardian Digital, the product
was originally based on Red Hat Linux, but reduced in size to include
server-only applications and enhanced with a web-based system
administration utility called "WebTool". Besides its high-end enterprise
range of products, the company has also released several "Community"
editions - somewhat limited in features but free for non-commercial use.
EnGarde's previous versions were frequently praised by reviewers so when
the company announced a new version 3.0 late last week (its first new
release in over two years), we were eager to take it for a test drive.
EnGarde Secure Linux 3.0 "Community" comes on a single CD available for both
the i386 and x86_64 architectures. Its default installation method starts
rather unconventionally - with setting up the root password and networking,
before proceeding with package installation. This might seem like an odd
sequence for a "secure" distribution; given that all the necessary packages
are on the CD, why would anyone want to perform a system installation with
networking enabled? Soon the reason becomes apparent: the EnGarde
installation CD also serves as a live CD so users can evaluate the product
without having to install it to their hard disks. Since all system
configuration is performed remotely through a web browser, having
functional networking on the system running EnGarde is essential.
Nice idea in theory, but in practice we couldn't get it to work. While we had
no trouble connecting to the EnGarde system with https://ip_address:1023,
after typing in the user name ("admin") and password ("lock&%box"), we
were greeted with an error message - an undefined subroutine in sysstat.pm.
So much for trying to evaluate EnGarde Secure Linux in a "live CD" mode!
Next, we decided to do a full installation, hoping for better luck.
Disappointingly, bugs continued to plague us here as well; although the
installer detected both hard disks, it did not acknowledge the presence of
any of the several Linux partitions on the first one, claiming "no
partitions defined" and forcing us to create new ones. However, not wanting
to repartition the first disk, we couldn't find a way to create new
partitions on the second disk - the installer insisted on
creating /dev/hda1, no matter which hard disk we had selected! Only after
physically unplugging the power supply from the first hard disk and
disabling it in the BIOS, we were finally able to install EnGarde on the
second disk (/dev/hdc).
Granted, most users who intend to use EnGarde Secure Linux in a production
environment are unlikely to dual boot their system so they won't face these
kinds of problems. Nevertheless, if the installer has options which they
don't work as advertised, then something is not quite right.
Eventually we installed the system where we wanted it. The package selection
screen gave us an option to select one or more installation classes from a
short list containing "Databases", "DNS", "Firewall", "Mail Services",
"Network Intrusion Detections" and "Web Services", before proceeding to the
network configuration part. Here, the opening screen promised support for
network configuration with a static IP address, DHCP or PPPoE, but once we
pressed the "next" button, we were forced to set up a static IP address,
with options for DHCP or PPPoE nowhere to be seen (presumably because the
machine only had one network card, which would have a static IP address in
most common configurations). After this final step, we were prompted to
reboot the system.
Up until this point our experiences with EnGarde Secure Linux 3.0 were mixed
at best. Fortunately, things improved dramatically once the system was
installed and when we finally had a chance to investigate the
distribution's web-based administration interface - Guardian Digital
WebTool. Written in Perl, WebTool has obviously been inspired by Webmin,
although it sports a considerably different (and arguably more pleasant)
user interface (see screenshots).
After the first login, we were required to change the system's root
password and WebTool's login password, set up IP address(es) with
permissions to connect to the EnGarde system, and effect a few other
configuration changes. Once completed, we had the first taste of what it
feels like administering a remote system from a web browser when we
rebooted the system with a single mouse click.
Shortly afterward we were once again logged into WebTool. Due to a few early
bugs reported on the distribution's mailing lists (and impressively fast
responses by EnGarde developers), we decided to start with updating the
system. This can be done through the free and convenient Guardian Digital
Secure Network (GDSN), but before we were allowed to proceed, we had to
obtain an activation number and password by registering the product on the
company's web site. After the update, we continued looking through the user
interface and checking out all the configuration and reporting options.
Although not as comprehensive as we had expected, WebTool had pages for
most important server administration tasks, including a backup and restore
utility, a UPS configuration module, as well as the usual pages for
managing DNS, web, mail, SSH and FTP servers. Certain services had
extensive configurations options (we especially enjoyed the Firewall
configuration page), while others were very basic (e.g. the Apache
configuration page only allowed adding, modifying and deleting Virtual
What does the word "Secure" represent in EnGarde Secure Linux? By default,
the distribution installs in "secure" mode, with SE Linux and Mandatory
Access Control (MAC) enabled. It has carefully tuned file permissions of
important system, configuration and log files so that they are not
accessible to unprivileged users who might login to the system. There are
other small enhancements, such as the unavailability of a "single user
mode" and the presence of several intrusion detection and network
monitoring tools, with real-time reporting facilities in WebTool. The
company also maintains the very useful LinuxSecurity.com portal. On the
negative side, the documentation on the distribution's web site has not
been updated since version 1.5, so most new features in the latest release
are not yet documented.
Overall, EnGarde Secure Linux 3.0 "Community" is a mixed bag. Obvious bugs
in the installer and lack of up-to-date documentation are two big
negatives. On the other hand, the developers have been very responsive to
bug reports and the updated WebTool, combined with new security
enhancements in the distribution, will appeal to those users who need an
intuitive and easy-to-administer server system. Perhaps the product could
have been much more impressive if it had been given a longer beta testing
period, rather than just one rushed week between the only release candidate
and the final release. With version 3.0 looking more like an unfinished and
poorly tested beta release, perhaps a bug fix version won't be too far
away; hopefully, by that time the developers will have also updated their
documentation and completed the help files.
to post comments)