LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

LWN Weekly Edition

Front page
Security
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->One big page

 

This page

Previous week
Following week

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Distributions

News and Editorials

New 1.0 Releases: OpenNA Linux, Gibraltar Firewall, Devil-Linux

November 12, 2003

This article was contributed by Ladislav Bodnar

Three distributions have reached their 1.0 releases over the last two weeks - OpenNA Linux, Gibraltar Firewall and Devil-Linux. Despite the version number, none of these three are new projects as all of them have been in development for over a year. OpenNA Linux is a Red Hat-based secure distribution for servers, while the Debian-based Gibraltar Firewall and independently developed Devil-Linux are live firewalls running directly from bootable CDs.

OpenNA Linux 1.0

OpenNA Linux is a product of Canada's OpenNA Incorporated. It is a Linux distribution, originally based on Red Hat Linux, designed for servers and with emphasis on strong security. This is achieved by patching its Linux 2.4.22 kernel with the GRSecurity patch to protect against buffer overflow exploits, with all server services made to run in chroot jail environment mode and other security features. The installation program allows the user to choose from a selection of pre-defined server classes, depending on the server's purpose, with all unneeded services turned off by default. For those who intend to install and test drive OpenNA Linux, beware that it cannot be installed on a pre-selected partition - the OS takes over the entire first hard disk.

If you are wondering about the developers' authority on security matters, then you can rest assured that you are in a company of experts. Besides the OpenNA distribution, the company also produces an authoritative, 1200-page technical book entitled Securing & Optimizing Linux: The Hacking Solution. The book is written for system administrators and security-conscious users who wish to protect their Linux systems from unauthorized intrusions and other external attacks. All this expertise, together with a well-designed web site makes OpenNA Linux a serious contender for those who are looking for a secure and optimized Linux distribution for their mission critical servers. Although OpenNA Linux is available for free download, the developers would appreciate your purchase of a supported boxed edition for $47.95, with a 30-day email support and documentation.

Gibraltar Firewall 1.0

Gibraltar Firewall, in development since 1999, is a product of eSYS Informationssysteme GmbH in Austria. The Debian-based firewall runs directly from a bootable CD without any need for hard disk installation. One distinguishing feature of Gibraltar from other similar products is a Webmin-like web-based configuration utility called GibADMIN. "Gibraltar can be configured using a clear and intuitive web client called GibADMIN; Linux specific know-how is no longer required.", claims the Gibraltar product overview page. The firewall comes with kernel 2.4.22, IPSec, SSL wrapper, powerful packet filtering ability based on various criteria, Postfix mail server with SpamAssassin and many other server applications.

Gibraltar Firewall comes in two editions - a full-featured commercial edition (€990) and a free edition with disabled GibADMIN (except for a 30-day trial period, license for which can be obtained separately). This won't be a problem for expert Linux users who can configure the firewall directly from the command line, or remotely via an SSH connection. A comprehensive 72-page user manual with further links to user contributed tutorials are listed on the product documentation page, while a fairly active mailing lists in English and German can provide further help, if necessary.

Devil-Linux 1.0

Devil-Linux is an independently developed Linux-based firewall on a live CD with the ability to save configuration settings on a floppy disk or a USB pen drive. It was created by Heiko Zuerker, an IT manager in North Carolina, in 2001. One interesting feature of Devil-Linux is that, besides the live CD ISO image, the developers also provide a "build system", which enables building of custom editions of Devil-Linux with extra software not included on the original CD. When the custom system is compiled and ready, it can be burned onto a bootable CD and used the same way as an unmodified Devil-Linux. The Devil-Linux documentation provides detailed information about this and other aspects of the distribution.

Unlike Gibraltar, Devil-Linux is a non-commercial project. It can be used not only as a firewall, but also as a router, gateway or a general purpose server. Based on kernel 2.4.22 with the GRSecurity patch, it includes most server software, such as BIND, DHCP, Apache, MySQL, Postfix, Samba, OpenLDAP, Squid, as well as IPSec. Two recent reviews of the product can be found at Kalamazoo LUG and NewsForge, and an older interview with Heiko Zuerker at PortaZero. Despite its lighthearted name, Devil-Linux is a serious project with strong security as its utmost priority.

Comments (3 posted)

Two new Debian installers

November 12, 2003

This article was contributed by Joe 'Zonker' Brockmeier.

There are quite a few accolades heaped on the Debian GNU/Linux distribution, but "it has a great installer" is rarely one of them. While the current installer has its defenders, many users find it to be arcane and difficult -- particularly those who are new to Linux. The point that one only need install Debian once is well-taken, but the first attempt often befuddles new users to the point of abandoning Debian GNU/Linux before they can fully appreciate the strengths of the distribution.

Now users have not one, but two new installers to look forward to in the near future. The Debian Project has been working on a new installation system for the "Sarge" release for some time. Joey Hess announced the first beta release of the installer on November 9 and called for users to help test the beta. Ian Murdock had also announced in October that Progeny has ported Red Hat's Anaconda to Debian. Progeny has also ceased work on several projects, PGI, autoinstall, gnome-tasksel and python-parted, in favor of Anaconda for Debian.

We decided we would take a look at the new installation methods to see what the Debian community would be using in the future. We downloaded the Beta 1 installer ISO with Debian base and put it to the test by installing Sarge. The new installer still doesn't come with all the bells and whistles, or fancy GUI, but it does include a welcome feature in the form of hardware detection. This will be a relief for users who are eager to try out Debian but lack any idea about which kernel module is required for their network card, and so on.

The first stage of the installer detects hardware and attempts to configure the network settings via DHCP. Users without a DHCP server handy can manually configure their network after DHCP fails. (Assuming they have a supported Ethernet card, of course.) The user is also able to complete the first-stage install without a network connection if necessary. Next the user is prompted to use cfdisk to partition their hard disk, then the installer allows the user to configure and mount partitions. After this, the base system will be installed and the system is rebooted. Upon system boot, the user works through base-config to configure their system.

According to the HOWTO, base-config is not considered part of the installer. However, we went ahead and looked at the entire procedure required to install Debian Sarge, which includes running through base-config.

Overall, we feel that the new installation procedure promises to be an improvement. However, the user is still expected to know much more about the distribution and hardware when installing Debian Sarge than if they install Fedora, SUSE, Mandrake or even Slackware. Users are asked to make a lot of decisions during the installation, and if unfamiliar with the terminology, they will undoubtedly be intimidated.

The base-config procedure does provide detailed help text for most options, but if they are not familiar with the concepts being presented they will likely have a difficult time making the necessary decisions. Even worse, it does not provide a way to go back and change options during configuration. For example, if a user forgets the distinction between the various Exim configuration options, they cannot cycle back to re-read the descriptions of Exim's default configurations.

Though Progeny's installer has not been publicly released yet, we contacted Ian Murdock of Progeny and received a current snapshot of their work with Anaconda as a Debian installer.

It is, to say the least, not quite ready for prime-time. Some of the features have not yet been implemented or do not work, including Ethernet card configuration and adding regular users. However, the pre-release we were given was enough to get the general feel for the installer. While the graphics have been changed, using Progeny's Anaconda for Debian is very much like installing Red Hat Linux 9 or Fedora. The GUI procedure is very simple and straightforward, and doesn't require much knowledge on the part of the user doing the install.

As exciting as Anaconda for Debian may be to some, Murdock's announcement of Progeny's port of Anaconda produced some friction on the debian-devel mailing list. Many on the list were concerned that Anaconda would detract from debian-installer work and delay the release of Sarge, or serve as a waste of resources when Progeny could have been working on debian-installer.

Murdock replied that it was not Progeny's intent to detract from work being done by the Debian Project:

...this work doesn't aim to compete with/replace d-i. I strongly suspect it would be non-trivial to make Anaconda work on all 11 architectures. Could bits of Anaconda eventually be combined with d-i to give Debian an install process that millions of people are familiar with? Sure, but certainly not in the sarge timeframe. Could people use it in an unofficial capacity in the meantime to get up and running on IA-32 and IA-64? Sure. That's why we're putting it out there.

Debian-installer is definitely an improvement, and it looks to be very stable. The entire Debian installation routine, including base-config, needs some work before it will be ready for less experienced Linux users. Progeny's Anaconda, once it is finished, looks as if it will be an attractive alternative for those who would like to run Debian on x86 systems, but lack the chops to get past a non-GUI installation that requires a great deal of knowledge about their system and Linux.

Comments (2 posted)

Distribution News

Debian GNU/Linux

The Debian Weekly News for November 11, 2003 covers the latest Netcraft report (Apache gains ground); Exec-Shield for Debian?; a clarification of DFSG Clause 1; and much more.

The first beta release of the new debian-installer has been announced. Interested people are encouraged to try it out and help the developers find the remaining problems.

Debian has won several of the Linux Journal 2003 Readers' Choice awards, including "Favorite Distribution" and "Best Enterprise Distribution". Debian and Debian-based Knoppix received more than 60% of the votes.

The second revision of the current stable Debian distribution (woody) will probably be released soon. People are encouraged to check it out and make comments.

Comments (1 posted)

Gentoo Weekly Newsletter - Volume 2, Issue 45

The Gentoo Weekly Newsletter for the week of November 10, 2003 is now available, with a summary of the Gentoo Managers' Meeting, and more.

Full Story (comments: none)

Xandros Desktop 2.0 announced

Xandros has announced the forthcoming release of its Xandros Desktop 2.0. "With a strong user focus, Xandros Desktop 2.0 offers an intuitive, elegant, graphical environment that's easy to use, and installs with 4 clicks of a mouse." This distribution, which Xandros claims to be built on "Debian Linux 4.0", will be available on December 9.

Full Story (comments: 8)

New Distributions

BLAG Linux and GNU

From the announcement: "BLAG Linux And GNU by the Brixton Linux Action Group is an operating system. It comes with everything you need to get a computer up and running--it needs no other software. It has Internet, graphics, video, sound, office, security, file sharing, and more applications. It's fast, reliable, runs on older machines, and flies on fast boxes. You can install miniblag (the smallest install at less than 350 Megs), deskblag (includes a Gnome desktop with all the typical apps), serverblag (all the server daemons but no GUI) or get it all with blagblagblag." BLAG9000 is the current version.

Full Story (comments: none)

Linux LiveCD Router

Linux LiveCD Router version 1.5 has been released under the GNU GPL. Click below for the announcement. Linux LiveCD is a small and simple LiveCD distribution aimed at broadband and wifi users. No installation or hard disk required.

Full Story (comments: none)

PLD Live CD

PLD Live CD is a bootable CD that contains a live Linux distribution based on the PLD Linux distribution. It uses squashfs transparent compression to fit huge amount of packages on a single CD, including OpenOffice, KDE, Gnome, WindowMaker, XFCE, and many more. It also includes a set of scripts for detecting hardware such SCSI and ISA devices, monitors, sound cards, and graphic cards. It also supports 'profiles' that let you store your settings on a floppy. PLD Live CD is currently at version 0.26.

Comments (none posted)

Minor distribution updates

Beyond Linux From Scratch

Beyond Linux From Scratch (BLFS) has released v5.0 with major feature enhancements. "Changes: This is the first concurrent release with LFS-5.0. It features XFre86-4.3.0.1, KDE 3.1.4, GNOME 2.2.2, Apache 2.0.47, and OpenOffice 1.1.0 plus a wide variety of current libraries and support programs. The book's layout has also been improved from the previous release."

Comments (none posted)

KNOPPIX

KNOPPIX has released v3.3-2003-11-03 with minor feature enhancements. "Changes: This version features a new background picture, the usual lot of updates, OpenOffice 1.1 (English and German), and KDE 3.1.4 (partly, some packages are still missing). It removes compressed changelogs for space reasons."

Comments (1 posted)

Onebase Linux

Onebase Linux version 2.0 has been announced. "OL has achieved a major breakthrough with version 2.0. This progress is result of the completely rewritten and new OLM framework. Not only the package management has become more powerful and flexible in this version but also it now makes Onebase both a source and/or binary distribution."

Comments (none posted)

Pingwinek GNU/Linux

Pingwinek GNU/Linux has released v1.0rc0 with major feature enhancements. "Changes: A new installation process was implemented. The Live CD version now automatically detects hardware. GNOME 2.4 and the 2.6 Linux kernel are now used, and new software was included."

Comments (none posted)

Sentinix

Sentinix has released v1.0 rc 01, the first beta release for this distribution, formerly known as Compledge Sentinel.

Comments (none posted)

Sentry Firewall

Sentry Firewall has released v1.5.0-rc6 with minor bugfixes. "Changes: snort, squid, Webmin, and dnsmasq were updated. The USB support in the kernel was also enhanced. The HOWTO was updated and a new documentation and reference guide were created to cover all other documentation not covered in the HOWTO."

Comments (none posted)

TopologiLinux

TopologiLinux has released v4.0.0 with major feature enhancements. "Changes: This version is based on Slackware 9.1 and can be booted from your existing Windows boot manager."

Comments (none posted)

TrinityOS

TrinityOS has released v11/08/03 with minor feature enhancements. "Changes: Various daemon versions were updated in the URL section. The thoughts about Redhat, Fedora, and SuSe in the distros section were updated. A Bash OCTAL math issue in the UPS graphing script was fixed."

Comments (none posted)

Distribution reviews

Fedora at a Glance (Linux Journal)

Linux Journal takes a look at the Fedora Core 1 release. "In summary, there are some promising new features in Fedora and it is reassuring to see it has the stability and slick interface we've come to expect from Red Hat, but it is not quite as polished as some of the recent Red Hat releases. If you know Linux already and don't mind installing some extra packages and changing some settings, then it's for you. If you are new to Linux or want it to all work perfectly "out-of-the-box" with an automatic package resolver, you might be better off to wait for the next Fedora release."

Comments (1 posted)

Fedora Core 1 Review (LinuxElectrons)

LinuxElectrons reviews the Fedora Core 1 release. "The Linux community will benefit tremendously from Fedora. With RedHat's expertise and knowledge combined with a strong community we should expect nothing less than a high performance desktop. So far, this has been the case. IMHO, this is the perfect strategy for RedHat. They have been battling two extremes, the corporate server market versus the bleeding edge desktop users at retail. These two camps are at odds with one another, corporate wanting slow gradual changes and retail wanting the bleeding edge feature set. Fedora is the ultimate compromise and one community in which I'm a willing participant."

Comments (none posted)

Page editor: Rebecca Sobol
Next page: Development>>

Copyright © 2003, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds