News and EditorialsEnGarde Secure Linux is a relatively old name in the world of Linux distributions. In development since 1999 by Guardian Digital, the product was originally based on Red Hat Linux, but reduced in size to include server-only applications and enhanced with a web-based system administration utility called "WebTool". Besides its high-end enterprise range of products, the company has also released several "Community" editions - somewhat limited in features but free for non-commercial use. EnGarde's previous versions were frequently praised by reviewers so when the company announced a new version 3.0 late last week (its first new release in over two years), we were eager to take it for a test drive.
EnGarde Secure Linux 3.0 "Community" comes on a single CD available for both the i386 and x86_64 architectures. Its default installation method starts rather unconventionally - with setting up the root password and networking, before proceeding with package installation. This might seem like an odd sequence for a "secure" distribution; given that all the necessary packages are on the CD, why would anyone want to perform a system installation with networking enabled? Soon the reason becomes apparent: the EnGarde installation CD also serves as a live CD so users can evaluate the product without having to install it to their hard disks. Since all system configuration is performed remotely through a web browser, having functional networking on the system running EnGarde is essential.
Nice idea in theory, but in practice we couldn't get it to work. While we had no trouble connecting to the EnGarde system with https://ip_address:1023, after typing in the user name ("admin") and password ("lock&%box"), we were greeted with an error message - an undefined subroutine in sysstat.pm. So much for trying to evaluate EnGarde Secure Linux in a "live CD" mode!
Next, we decided to do a full installation, hoping for better luck. Disappointingly, bugs continued to plague us here as well; although the installer detected both hard disks, it did not acknowledge the presence of any of the several Linux partitions on the first one, claiming "no partitions defined" and forcing us to create new ones. However, not wanting to repartition the first disk, we couldn't find a way to create new partitions on the second disk - the installer insisted on creating /dev/hda1, no matter which hard disk we had selected! Only after physically unplugging the power supply from the first hard disk and disabling it in the BIOS, we were finally able to install EnGarde on the second disk (/dev/hdc).
Granted, most users who intend to use EnGarde Secure Linux in a production environment are unlikely to dual boot their system so they won't face these kinds of problems. Nevertheless, if the installer has options which they don't work as advertised, then something is not quite right.
Eventually we installed the system where we wanted it. The package selection screen gave us an option to select one or more installation classes from a short list containing "Databases", "DNS", "Firewall", "Mail Services", "Network Intrusion Detections" and "Web Services", before proceeding to the network configuration part. Here, the opening screen promised support for network configuration with a static IP address, DHCP or PPPoE, but once we pressed the "next" button, we were forced to set up a static IP address, with options for DHCP or PPPoE nowhere to be seen (presumably because the machine only had one network card, which would have a static IP address in most common configurations). After this final step, we were prompted to reboot the system.
Up until this point our experiences with EnGarde Secure Linux 3.0 were mixed at best. Fortunately, things improved dramatically once the system was installed and when we finally had a chance to investigate the distribution's web-based administration interface - Guardian Digital WebTool. Written in Perl, WebTool has obviously been inspired by Webmin, although it sports a considerably different (and arguably more pleasant) user interface (see screenshots). After the first login, we were required to change the system's root password and WebTool's login password, set up IP address(es) with permissions to connect to the EnGarde system, and effect a few other configuration changes. Once completed, we had the first taste of what it feels like administering a remote system from a web browser when we rebooted the system with a single mouse click.
Shortly afterward we were once again logged into WebTool. Due to a few early bugs reported on the distribution's mailing lists (and impressively fast responses by EnGarde developers), we decided to start with updating the system. This can be done through the free and convenient Guardian Digital Secure Network (GDSN), but before we were allowed to proceed, we had to obtain an activation number and password by registering the product on the company's web site. After the update, we continued looking through the user interface and checking out all the configuration and reporting options. Although not as comprehensive as we had expected, WebTool had pages for most important server administration tasks, including a backup and restore utility, a UPS configuration module, as well as the usual pages for managing DNS, web, mail, SSH and FTP servers. Certain services had extensive configurations options (we especially enjoyed the Firewall configuration page), while others were very basic (e.g. the Apache configuration page only allowed adding, modifying and deleting Virtual Hosts).
What does the word "Secure" represent in EnGarde Secure Linux? By default, the distribution installs in "secure" mode, with SE Linux and Mandatory Access Control (MAC) enabled. It has carefully tuned file permissions of important system, configuration and log files so that they are not accessible to unprivileged users who might login to the system. There are other small enhancements, such as the unavailability of a "single user mode" and the presence of several intrusion detection and network monitoring tools, with real-time reporting facilities in WebTool. The company also maintains the very useful LinuxSecurity.com portal. On the negative side, the documentation on the distribution's web site has not been updated since version 1.5, so most new features in the latest release are not yet documented.
Overall, EnGarde Secure Linux 3.0 "Community" is a mixed bag. Obvious bugs in the installer and lack of up-to-date documentation are two big negatives. On the other hand, the developers have been very responsive to bug reports and the updated WebTool, combined with new security enhancements in the distribution, will appeal to those users who need an intuitive and easy-to-administer server system. Perhaps the product could have been much more impressive if it had been given a longer beta testing period, rather than just one rushed week between the only release candidate and the final release. With version 3.0 looking more like an unfinished and poorly tested beta release, perhaps a bug fix version won't be too far away; hopefully, by that time the developers will have also updated their documentation and completed the help files.
Distribution Newssplit the public frontend of security.debian.org. "After the release of an update to XFree86 (Debian Security Advisory 816) it became obvious that the old machine was not able to properly serve the needs of the large number of users anymore. The outgoing 100MBit/s connection was totally saturated during 70% of the day and the machine was throttling."
The release team is requalifying existing ports for etch. "To that end, I would like to invite you to join Anthony Towns and myself on IRC this Sunday, October 9 from 0000-0200 UTC in the #debian-tech channel on irc.oftc.net. The goal of this two-hour session is to come up with a "qualification declaration" for as many architectures as possible, and to further refine the architecture criteria as necessary."
New Distributionsintroduces the amaroK Live CD, version 1.3. The amaroK Live CD was developed as a way to demonstrate the features of the amaroK music player, not as a complete system. "Most of the music on the CD has been provided by Magnatune, a revolutionary music label which aims to reinvent the music business, applying the lessons learned from the open source movement to the recording industry. Fair use, remix rights, and musicians actually being paid!" introduces the first release of the FreeMED Live CD, version 0.1. It is based on Kubuntu 5.04 (Hoary) with FreeMED 0.8.0 and REMITT 0.3 configured for test use.
Distribution NewslettersFedora Weekly News covers the release of Mozilla Thunderbird 1.0.7, RealPlayer 10.0.6 and Helix Player 1.0.6 Security Update, /proc/acpi/sleep obsoleted and removed, an overview of Fedora based distributions, an updated Fedora Core 4 ISO for PPC and more. Gentoo Weekly Newsletter for the week of October 3, 2005 looks at the Python upgrade to 2.4, Gentoo/ALT revisited, the Kansai open-source conference in Japan, and several other topics. DistroWatch Weekly for October 3, 2005 is out. "We are at the start of an exciting week, with Mandriva Linux 2006, SUSE Linux 10.0 and Ubuntu Linux 5.10 RC all expected within the next few days. Fans of certain other distributions might not be so lucky, though, as last week's announcement about Libranet's "restructuring" leaves many wondering about the future of this once popular Debian-based project. Our featured distribution of the week is Puppy Linux, but we also introduce amaroK Live, a PCLinuxOS-based live CD that combines the power of the amaroK media player with Free Music."
Package updatesrp-pppoe (bug fix), nc (update from OpenBSD upstream CVS), squid (some minor fixes), system-config-users (require rhpl), kernel (big rebase, this time to 2.6.13), vino (keyboard handling fix), util-linux (bug fix), gtk2 (bug fix), unixODBC (bug fixes), pyrex (add patch to fix pyrex distutils), setools (bump for FC4), cpuspeed (use ACPI as a fallback driver), microcode_ctl (upstream 1.12 release), gnome-utils (update to gcalctool 5.6.31), ruby (fixed file list), termcap (new descriptions), policycoreutils (update to rawhide version), selinux-policy-targeted (bug fixes and merge from rawhide), selinux-policy-strict (bug fixes and merge from rawhide), system-config-users (fix variable names), postgresql (update to latest PostgreSQL community release), ncpfs (bug fixes), nfs-utils (bug fixes).
Newsletters and articles of interesttakes a look the Debian installation. "This article walks you through the Debian installation process. If you have special requirements, it almost certainly won't cover those, but it will tell you how to cater for them." talks about Ubuntu and other projects on the Ubuntu wiki site. "Why are you funding Ubuntu, instead of giving the money to Debian? I spent a lot of time thinking about how best to make a contribution to the open source world, and how best to explore the ideas I am personally interested in, such as the best ways to deploy open source on the desktop. One option was to stand for the position of DPL (I'm a DD, first maintainer of Apache in 1996 blah blah) and drive those ideas inside Debian. In the end I decided to create a parallel distribution, and invest in the infrastructure to make inter-distro collaboration a lot more efficient." covers Ubuntu and its growing pains. "There are some lumps, though. "Perhaps the worst of Ubuntu is that we are still a relatively young project, and having moved so quickly to the forefront of Linux, it's been a challenge to stay focused on our vision," [Ubuntu CTO Matt] Zimmerman said. "There is now a vast user community around Ubuntu, full of energy and excitement about a wide variety of different ideas, while realistically we can only pursue some of these at once."" reports that MEPIS has released the first distribution based on the Debian Common Core. "MEPISLite is an entry level version of desktop MEPIS designed for home users. It has been used successfully with as little as a 2GB hard drive and a Pentium 2 processor with 128MB of RAM. The distribution comes with a full complement of software including KDE's Koffice office suite and the Firefox Web browser."
Page editor: Rebecca Sobol
Next page: Development>>
Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds