LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Distributions page

Recent Features

Shumway lands in Firefox

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

New 1.0 Releases: OpenNA Linux, Gibraltar Firewall, Devil-Linux

November 12, 2003

This article was contributed by Ladislav Bodnar

Three distributions have reached their 1.0 releases over the last two weeks - OpenNA Linux, Gibraltar Firewall and Devil-Linux. Despite the version number, none of these three are new projects as all of them have been in development for over a year. OpenNA Linux is a Red Hat-based secure distribution for servers, while the Debian-based Gibraltar Firewall and independently developed Devil-Linux are live firewalls running directly from bootable CDs.

OpenNA Linux 1.0

OpenNA Linux is a product of Canada's OpenNA Incorporated. It is a Linux distribution, originally based on Red Hat Linux, designed for servers and with emphasis on strong security. This is achieved by patching its Linux 2.4.22 kernel with the GRSecurity patch to protect against buffer overflow exploits, with all server services made to run in chroot jail environment mode and other security features. The installation program allows the user to choose from a selection of pre-defined server classes, depending on the server's purpose, with all unneeded services turned off by default. For those who intend to install and test drive OpenNA Linux, beware that it cannot be installed on a pre-selected partition - the OS takes over the entire first hard disk.

If you are wondering about the developers' authority on security matters, then you can rest assured that you are in a company of experts. Besides the OpenNA distribution, the company also produces an authoritative, 1200-page technical book entitled Securing & Optimizing Linux: The Hacking Solution. The book is written for system administrators and security-conscious users who wish to protect their Linux systems from unauthorized intrusions and other external attacks. All this expertise, together with a well-designed web site makes OpenNA Linux a serious contender for those who are looking for a secure and optimized Linux distribution for their mission critical servers. Although OpenNA Linux is available for free download, the developers would appreciate your purchase of a supported boxed edition for $47.95, with a 30-day email support and documentation.

Gibraltar Firewall 1.0

Gibraltar Firewall, in development since 1999, is a product of eSYS Informationssysteme GmbH in Austria. The Debian-based firewall runs directly from a bootable CD without any need for hard disk installation. One distinguishing feature of Gibraltar from other similar products is a Webmin-like web-based configuration utility called GibADMIN. "Gibraltar can be configured using a clear and intuitive web client called GibADMIN; Linux specific know-how is no longer required.", claims the Gibraltar product overview page. The firewall comes with kernel 2.4.22, IPSec, SSL wrapper, powerful packet filtering ability based on various criteria, Postfix mail server with SpamAssassin and many other server applications.

Gibraltar Firewall comes in two editions - a full-featured commercial edition (€990) and a free edition with disabled GibADMIN (except for a 30-day trial period, license for which can be obtained separately). This won't be a problem for expert Linux users who can configure the firewall directly from the command line, or remotely via an SSH connection. A comprehensive 72-page user manual with further links to user contributed tutorials are listed on the product documentation page, while a fairly active mailing lists in English and German can provide further help, if necessary.

Devil-Linux 1.0

Devil-Linux is an independently developed Linux-based firewall on a live CD with the ability to save configuration settings on a floppy disk or a USB pen drive. It was created by Heiko Zuerker, an IT manager in North Carolina, in 2001. One interesting feature of Devil-Linux is that, besides the live CD ISO image, the developers also provide a "build system", which enables building of custom editions of Devil-Linux with extra software not included on the original CD. When the custom system is compiled and ready, it can be burned onto a bootable CD and used the same way as an unmodified Devil-Linux. The Devil-Linux documentation provides detailed information about this and other aspects of the distribution.

Unlike Gibraltar, Devil-Linux is a non-commercial project. It can be used not only as a firewall, but also as a router, gateway or a general purpose server. Based on kernel 2.4.22 with the GRSecurity patch, it includes most server software, such as BIND, DHCP, Apache, MySQL, Postfix, Samba, OpenLDAP, Squid, as well as IPSec. Two recent reviews of the product can be found at Kalamazoo LUG and NewsForge, and an older interview with Heiko Zuerker at PortaZero. Despite its lighthearted name, Devil-Linux is a serious project with strong security as its utmost priority.

(Log in to post comments)

Getaway server!

Posted Nov 13, 2003 13:12 UTC (Thu) by xanni (subscriber, #361) [Link]

Devil-Linux can be used as a "getaway" server? Presumably you meant to write "gateway" but were thinking how much you'd like a holiday... :)

Cheers,
*** Xanni ***

Getaway server!

Posted Nov 13, 2003 13:23 UTC (Thu) by corbet (editor, #1) [Link]

Mmmm...holiday...wouldn't that be nice...but I guess I'll fix the typo first.

Getaway server!

Posted Mar 19, 2004 20:28 UTC (Fri) by Leonardo (guest, #20323) [Link]

con que instrucción hago que reconozca las eth0 y eth1

Copyright © 2003, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds