News and Editorials
IPCop Firewall, launched in 2001 as a fork of SmoothWall, is developed by Charles Williams and a small group of developers who found themselves disenchanted with the attitude of some of the SmoothWall developers on their support forums. Starting with the recently released version 1.4.0, IPCop is now built from ground up and based on Linux From Scratch. The developer's mission is simple: to provide a free, stable and secure Linux firewall that is highly configurable and easy to maintain. With some of the press reviews rating IPCop higher than certain expensive commercial firewall products, the IPCop developers have certainly succeeded in achieving their goal.
The size of the IPCop ISO image, at 40 MB, leaves little doubt about the specialist nature of this distribution. It offers packet filtering, VPNs, a caching web proxy, DNS, DHCP and time server, traffic shaping, and intrusion detection, but not much else. System administration is done through a web browser over the network using a secure connection. IPCop is designed to run on a dedicated box with as little as 300 MB of hard disk space and 32 MB of RAM, but it can also be installed on a compact flash card and run as a network appliance. The sophisticated web-based configuration interface provides many useful functions, including password modification and secure shell access settings, firewall and VPN configuration, and management of services. Security updates and fixes can also be installed through the web interface.
IPCop 1.4.0 is the project's first stable release in 18 months. A lot of work has gone into this version, which is now available for both i386 and Alpha processors. Hardware support has been extended considerably to include more network cards, USB and PCI DSL modems, as well as SCSI and PCMCIA hardware. ACPI and multi-processor systems are now also supported. In terms of new software, Snort has been included for intrusion detection and most packages are now compiled with the GCC Stack Smashing Protector. The web-based interface has been redesigned, offering enhanced log viewing, DHCP and host editing, as well as newly introduced system performance graphs. This version of IPCop has excellent multi-lingual capabilities, inclusive of some exotic languages, such as Hungarian and Vietnamese.
Devil-Linux started as a personal project of Heiko Zuerker in early 2001. It departed from the established ways of developing a Linux distributions in that Devil-Linux was a live CD, meant to be run directly from a bootable CD-ROM. As such, argued the lead developer, it offered more security, simply because it ran from a read-only file system. Therefore, certain common cracking techniques, such as installing a rootkit on the target machine for cracking passwords, were not available to intruders. Many users found this technique intriguing and Devil-Linux matured into a popular distribution.
The scope of Devil-Linux is a lot broader than that of IPCop. Besides the usual firewall and router software, Devil-Linux also ships with a web server (Apache 2 + MySQL + PHP), mail server with TLS support and spam and virus filtering (Postfix TLS + SpamAssassin + ClamAV), FTP server (vsftpd), and a number of other server applications. However, all services, including networking, are turned off by default. System configuration is accomplished via a ncurses-based menu. One of the most interesting features of this distribution is the ability to easily add or remove applications with the help of a Devil-Linux build kit, a well-documented procedure for customizing and building one's own live CD.
Devil-Linux 1.2 is the first major upgrade in a year. Besides kernel (2.4.27) and package version updates, there are several noteworthy security enhancements in this release - notably the Stack Smashing Protection for most binaries included on the CD, and the GRSecurity patch for the kernel, with chroot restrictions, address space modification protection, and randomization features. Additionally, Devil-Linux provides an easy way to setup chroot jails and supplies a number of Netfilter modules not found in the standard kernel.
Distribution NewsUbuntu is a new Linux distribution that brings together the extraordinary breadth of Debian with a fast and easy install, regular releases (every six months), a tight selection of excellent packages installed by default and a commitment to security updates with 18 months of security and technical support for every release." The Ubuntu folks even offer to mail a CD to interested users for free; click below for the details. Since the previous release four months ago, the OpenPKG package repository has grown by 10%. A subset of 528 packages were carefully selected for inclusion into the OpenPKG 2.2 release, including the latest versions of popular Open Source Unix software like Apache, Bash, BIND, GCC, INN, Mozilla, MySQL, OpenSSH, Perl, Postfix, PostgreSQL, Samba, Squid, teTeX and Vim." seventh issue of Ubuntu Traffic is out, with summaries of discussions regarding the Ubuntu distribution. Covered topics include "installer preseeding," the Ubuntu Preview live CD, and more (but no word on the controversy over the new artwork). announced the availability of the the first French book about Debian.
The Debian Weekly News for October 19, 2004 covers Raphaël's new book, a report about using Knoppix for system recovery, the launch of the Debian GIS sub-project, the debian-legal discussion of the Academic Free License, and several other topics.
The Debian project will be present at several conferences and exhibitions in Europe, including Systems in Munich, Germany, Berlinux in Berlin, Germany, OS04 in Graz, Austria, LinuxWorld Conference & Expo in Frankfurt/Main, Germany, and more.DistroWatch Weekly for October 18, 2004 looks at the Anaconda installer, features the Devil-Linux live firewall and looks forward to the release of FreeBSD 5.3, hopefully next week.
New DistributionsknopILS is a customized version of Knoppix that has an Italian boot prompt, default keyboard, and default language. Each .deb package installed belongs to the free tree of Debian GNU/Linux, or could be classified as such if it is not an official one. Localized .deb files are present when available, and minor changes were made to graphics. Version 0.7 was released this week. XenoLinux to our List of Linux Distributions, in the special purpose category. Xen is a virtual machine monitor for x86 that supports execution of multiple guest operating systems. Xen is Open Source software, released under the terms of the GNU General Public License. XenoLinux is a fully functional port of Linux, 2.4 and 2.6, running over Xen, for a virtual general purpose Linux server.
Minor distribution updatesDevil-Linux v1.2. The changes include Kernel 2.4.27, many program updates, printing support, 32 MB systems are supported again, Apache HTTP Server, PHP, and many many other changes. Ewrt, a Linux distribution for the Linksys WRT54G, has released v0.2-final. "Changes: Many build fixes and nocat fixes. PMTU, cron, and check_ps have been fixed."
Newsletters and articles of interesttakes a look at Trusted Linux. "TCS officials expect Trusted Linux to be certified under Common Criteria at Evaluation Assurance Level 4, [TCS COO Ed] Hammersla said. The EAL scale runs from 1 to 7, and 7 is the highest score. TCS officials plan to begin beta testing Trusted Linux this fall, Hammersla said. The operating system will form the foundation of a trusted computing base, a system of software, hardware and firmware that enforces a unified security policy."
Distribution reviewstakes the UserLinux beta for a test drive. "UserLinux is a Linux distribution with very high aspirations. Founded and backed by Linux luminary Bruce Perens, part of the UserLinux mission is to repair the economic paradigm of enterprise Linux. The recently released UserLinux Beta 1 is perhaps a tangible small step on the path toward achieving its lofty ambitions."
Page editor: Rebecca Sobol
Next page: Development>>
Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds