June 18, 2001

Software review: Engarde Secure Linux

Author: JT Smith

- By Jeff Field -

Security is a big issue in Linux. It's always in the forefront, whether users are talking about the latest security updates for the various distributions, or about which OS is more secure. What follows is a review Engarde Secure Linux, a distribution from Guardian Digital that was created with security in mind.The software
Engarde has very little in common with other distributions. First, it is not suitable for the average desktop user. It is targeted
solely to be a server. It has no GUI, few user programs and heavily restricted
system access.

A full installation takes up only 170 megs, a
testament to how focused this distribution is. I have a Mandrake installation
on this laptop that takes up nearly two gigabytes of space. Because Engarde is so
tightly focused on the server, it does not need all of the "fluff" that many distributions
include.

Installation
Installation is simple. You pop in the bootable Engarde Linux CD, and it boots
from that. It asks you what type of server -- mail server or web server -- you
intend the machine to be. Later, you can have it do both, when you select which
services to run. I suspect this selection merely affects the way disks are
partitioned. Setup attempts to detect your network card, and did so perfectly
with my RTL8139-based card. You then configure the network, add a user to the
system, and reboot. The installation routine is
very rigid -- you may not select how a disk is partitioned, what file systems to
use, what programs to install, or anything like that, but in a secure
environment such control is often necessary.

Once you are done with the first phase of the installation, the machine reboots to a root login prompt that you have no access to -- you do not set a root
password at any point, because there is a second
step to the installation. You must connect to the machine via SSL to the
hostname/IP you provided with a secure web browser. The address will be
something like http://machinehost.domain:1023. You then give the default
user name and password, provided by Engarde, and enter into the second part of
the setup with the "WebTool" that comes with the distribution.

The first step in the WebTool is to set up a root password for root access to
the machine. Then, you reset the password for the WebTool itself, and add
users, specifying whether or not they can access the machine remotely (the only
methods of accessing the machine remotely are FTP and SSH). Then follows network
configuration and selection of "trusted" hosts (hosts which should be allowed to
connect to the WebTool). You then select the proper time zone and setup what services
are to be activated at boot time.

Web interface
Once you have configured Engarde, you will now have to use its Web interface for
maintenance purposes. You access this through the same method (SSL) you did for
the initial configuration. Through this, you can manage all the various
functions of the system. Almost everything is done through this interface, with
the exception of the tripwire and FTP services, which must be initially setup
from the console (or from an SSH session).

When you enter the main screen, you see several sections. Virtual host
management
is where you manage the virtual hosts on the machine (many hosts can be attached to one machine). System management is where all the
basic configuration options are for things from system time to SSH
configuration. System monitor will show you the state of the system, and lets
you see logs, lists of running processes, and other useful information.
Security has a variety of security-related settings, such as certificates
for SSL, trusted IPs/hosts, and the ability to change the banner users get when
attempting to log in to the console. Guardian Digital update is a
not-yet-functional section that, once it is operational, will allow you to
update the software on your system, because keeping the system up to date is a key
to keeping it secure. Last is the system backup section, which allows you
to back up the files on the system. Through the Web interface, you may also use
the software provided to create a secure online store (you will need a merchant
account, and this software only works in the United States). This is a very nice
touch, making it so someone who wants to put up a quick ecommerce site with
little hassle can do just that.

The Web interface is nice -- it is well thought out, and easy to use. For
some people it might actually be easier than other distributions because nearly
everything is configured through this graphical WebTool within their browser of
choice. It's an interesting design from Engarde, and one that gets high marks in my
book.

Conclusion
With minimal system access allowed and every precaution taken, Engarde Secure
Linux just might be the best distribution for Web/mail servers yet. It doesn't have all the bells and whistles of other distributions or operating systems, but
it would seem that, unlike other companies that market server OSes, Guardian
Digital does not think Pinball is an appropriate application for a server. With
tight security and everything you need to configure a server out of the box
built into it, Engarde Linux is something you should consider if building a
secure Web site for commerce or any other purpose, or just needing a reliable
mail server. Engarde is available on at the
Web site
at no charge, or you may purchase it for $35, which includes shipping, 60 days installation support (though I very much
doubt you will need it) and a printed manual, as well as the Engarde CDs
themselves. Even at $35, Engarde is a steal compared to other ecommerce
solutions.

Category:

  • Linux
Click Here!