New 1.0 Releases: OpenNA Linux, Gibraltar Firewall, Devil-Linux

OpenNA Linux 1.0

OpenNA Linux is a product of Canada's OpenNA Incorporated. It is a Linux distribution, originally based on Red Hat Linux, designed for servers and with emphasis on strong security. This is achieved by patching its Linux 2.4.22 kernel with the GRSecurity patch to protect against buffer overflow exploits, with all server services made to run in chroot jail environment mode and other security features. The installation program allows the user to choose from a selection of pre-defined server classes, depending on the server's purpose, with all unneeded services turned off by default. For those who intend to install and test drive OpenNA Linux, beware that it cannot be installed on a pre-selected partition - the OS takes over the entire first hard disk.

If you are wondering about the developers' authority on security matters, then you can rest assured that you are in a company of experts. Besides the OpenNA distribution, the company also produces an authoritative, 1200-page technical book entitled Securing & Optimizing Linux: The Hacking Solution. The book is written for system administrators and security-conscious users who wish to protect their Linux systems from unauthorized intrusions and other external attacks. All this expertise, together with a well-designed web site makes OpenNA Linux a serious contender for those who are looking for a secure and optimized Linux distribution for their mission critical servers. Although OpenNA Linux is available for free download, the developers would appreciate your purchase of a supported boxed edition for $47.95, with a 30-day email support and documentation.

Gibraltar Firewall 1.0

Gibraltar Firewall, in development since 1999, is a product of eSYS Informationssysteme GmbH in Austria. The Debian-based firewall runs directly from a bootable CD without any need for hard disk installation. One distinguishing feature of Gibraltar from other similar products is a Webmin-like web-based configuration utility called GibADMIN. "Gibraltar can be configured using a clear and intuitive web client called GibADMIN; Linux specific know-how is no longer required.", claims the Gibraltar product overview page. The firewall comes with kernel 2.4.22, IPSec, SSL wrapper, powerful packet filtering ability based on various criteria, Postfix mail server with SpamAssassin and many other server applications.

Gibraltar Firewall comes in two editions - a full-featured commercial edition (€990) and a free edition with disabled GibADMIN (except for a 30-day trial period, license for which can be obtained separately). This won't be a problem for expert Linux users who can configure the firewall directly from the command line, or remotely via an SSH connection. A comprehensive 72-page user manual with further links to user contributed tutorials are listed on the product documentation page, while a fairly active mailing lists in English and German can provide further help, if necessary.

Devil-Linux 1.0

Devil-Linux is an independently developed Linux-based firewall on a live CD with the ability to save configuration settings on a floppy disk or a USB pen drive. It was created by Heiko Zuerker, an IT manager in North Carolina, in 2001. One interesting feature of Devil-Linux is that, besides the live CD ISO image, the developers also provide a "build system", which enables building of custom editions of Devil-Linux with extra software not included on the original CD. When the custom system is compiled and ready, it can be burned onto a bootable CD and used the same way as an unmodified Devil-Linux. The Devil-Linux documentation provides detailed information about this and other aspects of the distribution.

Unlike Gibraltar, Devil-Linux is a non-commercial project. It can be used not only as a firewall, but also as a router, gateway or a general purpose server. Based on kernel 2.4.22 with the GRSecurity patch, it includes most server software, such as BIND, DHCP, Apache, MySQL, Postfix, Samba, OpenLDAP, Squid, as well as IPSec. Two recent reviews of the product can be found at Kalamazoo LUG and NewsForge, and an older interview with Heiko Zuerker at PortaZero. Despite its lighthearted name, Devil-Linux is a serious project with strong security as its utmost priority.