– By Jeff Field –

Security is a big issue in Linux. It’s always in the forefront, whether users are talking about the latest security updates for the various distributions, or about which OS is more secure. What follows is a review Engarde Secure Linux, a distribution from Guardian Digital that was created with security in mind.The software
Engarde has very little in common with other distributions. First, it is not suitable for the average desktop user. It is targeted
solely to be a server. It has no GUI, few user programs and heavily restricted
system access.

A full installation takes up only 170 megs, a
testament to how focused this distribution is. I have a Mandrake installation
on this laptop that takes up nearly two gigabytes of space. Because Engarde is so
tightly focused on the server, it does not need all of the “fluff” that many distributions
include.

Installation
Installation is simple. You pop in the bootable Engarde Linux CD, and it boots
from that. It asks you what type of server — mail server or web server — you
intend the machine to be. Later, you can have it do both, when you select which
services to run. I suspect this selection merely affects the way disks are
partitioned. Setup attempts to detect your network card, and did so perfectly
with my RTL8139-based card. You then configure the network, add a user to the
system, and reboot. The installation routine is
very rigid — you may not select how a disk is partitioned, what file systems to
use, what programs to install, or anything like that, but in a secure
environment such control is often necessary.

Once you are done with the first phase of the installation, the machine reboots to a root login prompt that you have no access to — you do not set a root
password at any point, because there is a second
step to the installation. You must connect to the machine via SSL to the
hostname/IP you provided with a secure web browser. The address will be
something like http://machinehost.domain:1023. You then give the default
user name and password, provided by Engarde, and enter into the second part of
the setup with the “WebTool” that comes with the distribution.

The first step in the WebTool is to set up a root password for root access to
the machine. Then, you reset the password for the WebTool itself, and add
users, specifying whether or not they can access the machine remotely (the only
methods of accessing the machine remotely are FTP and SSH). Then follows network
configuration and selection of “trusted” hosts (hosts which should be allowed to
connect to the WebTool). You then select the proper time zone and setup what services
are to be activated at boot time.

Web interface
Once you have configured Engarde, you will now have to use its Web interface for
maintenance purposes. You access this through the same method (SSL) you did for
the initial configuration. Through this, you can manage all the various
functions of the system. Almost everything is done through this interface, with
the exception of the tripwire and FTP services, which must be initially setup
from the console (or from an SSH session).

When you enter the main screen, you see several sections. Virtual host
management is where you manage the virtual hosts on the machine (many hosts can be attached to one machine). System management is where all the
basic configuration options are for things from system time to SSH
configuration. System monitor will show you the state of the system, and lets
you see logs, lists of running processes, and other useful information.
Security has a variety of security-related settings, such as certificates
for SSL, trusted IPs/hosts, and the ability to change the banner users get when
attempting to log in to the console. Guardian Digital update is a
not-yet-functional section that, once it is operational, will allow you to
update the software on your system, because keeping the system up to date is a key
to keeping it secure. Last is the system backup section, which allows you
to back up the files on the system. Through the Web interface, you may also use
the software provided to create a secure online store (you will need a merchant
account, and this software only works in the United States). This is a very nice
touch, making it so someone who wants to put up a quick ecommerce site with
little hassle can do just that.

The Web interface is nice — it is well thought out, and easy to use. For
some people it might actually be easier than other distributions because nearly
everything is configured through this graphical WebTool within their browser of
choice. It’s an interesting design from Engarde, and one that gets high marks in my
book.

Conclusion
With minimal system access allowed and every precaution taken, Engarde Secure
Linux just might be the best distribution for Web/mail servers yet. It doesn’t have all the bells and whistles of other distributions or operating systems, but
it would seem that, unlike other companies that market server OSes, Guardian
Digital does not think Pinball is an appropriate application for a server. With
tight security and everything you need to configure a server out of the box
built into it, Engarde Linux is something you should consider if building a
secure Web site for commerce or any other purpose, or just needing a reliable
mail server. Engarde is available on at the
Web site at no charge, or you may purchase it for $35, which includes shipping, 60 days installation support (though I very much
doubt you will need it) and a printed manual, as well as the Engarde CDs
themselves. Even at $35, Engarde is a steal compared to other ecommerce
solutions.

Maurice R writes: “Linux4us and RadioTux are relaunching with a new entry page.
On this new entry page, visitors will get an overview of all
articles, whether on RadioTux, or on the email-magazin Magazin42, or even articles Linux4us is promoting. And of course, visitors can also find news, events, and votes.”

RadioTux

In broadcast 6 you can find following articles

– Changes on RadioTux
– Report about the C64 emulator V.I.C.E
– A report about SuSE Linux 7.2
– Linux-news of the past 14 days
– and much more

Linux4us

The listeners of RadioTux should know Linux4us allready.
Linux4us offers linux-news and events. Besides workshops, interviews
and much more is offered.

Magazin42

Magazin42 is an email-magazin offering articles about GNU/Linux
Every four weeks it will be sent to the substribers.
Two types will be available a html and a plaintext-version
The first magazin will be published on June the 24th 2001″

From the Wall Street Journal: “Software connected with the FreeBSD open-source operating system
is used in several places deep inside several versions of Microsoft’s
Windows software, such as in the “TCP/IP” section that arranges all
connections to the Internet. The company also uses FreeBSD on
numerous “server” computers that manage major functions at its
Hotmail free e-mail service, whose registered users exceed 100
million and make it one of the Web’s busiest sites.”

GNU.org: “This version of GCC fully incorporates a native-code compiler for the Java programming language. This allows Java programs that run faster, while using
a completely Free Software system without depending on a proprietary Java compiler.”

Patrick Mullen writes: “The Duke of URL has posted its review of Red Hat Linux 7.1. The review covers installation, configuration, its features, and much more.”

“Galeon is based on two classic philosophies: “Do one thing and do it well” and “Don’t re-invent the wheel”. Unlike Mozilla
or Netscape, Galeon is just a browser and not an Internet suite. With an interface built with GTK and the Gecko browsing
engine, it truly combines the best of both the worlds–a light interface and a fast browser. Since they don’t bother with
re-inventing the wheel, i.e. writing a page-rendering engine, they have been able to come with an extremely attractive
alternative to Netscape/Mozilla. As they use the highly standards compliant and developed Gecko engine, Galeon can
view sites in all their glory, something which can’t always be said for the alternative browsers out there.” More at FreeOS.com.

Today, Voxel Dot Net announced its release of Ãœbersmith 1.0
(http://www.ubersmith.com/). Developed as a cross-platform web-based application,
Ãœbersmith is a revolutionary way to manage a growing web hosting company – it’s an integrated application that
streamlines both the large and small hosting business. By allowing a host to manage their clients, billing, and support
with a single solution, Ãœbersmith makes it easy for providers to manage and automate their back-office tasks.Matthew Toback writes:

VOXEL DOT NET RELEASES NEW BACK-OFFICE ADMINISTRATION AND CUSTOMER RELATIONSHIP MANAGEMENT SYSTEM

FOR IMMEDIATE RELEASE

CONTACT:

Matthew Toback
518-272-3658
matt@voxel.net

VOXEL DOT NET RELEASES NEW BACK-OFFICE ADMINISTRATION AND CUSTOMER RELATIONSHIP MANAGEMENT SYSTEM

TROY, NY · JUNE 18, 2001 · Today, Voxel Dot Net announced its release of Übersmith 1.0
(http://www.ubersmith.com/). Developed as a cross-platform web-based application,
Ãœbersmith is a revolutionary way to manage a growing web hosting company – it’s an integrated application that
streamlines both the large and small hosting business. By allowing a host to manage their clients, billing, and support
with a single solution, Ãœbersmith makes it easy for providers to manage and automate their back-office tasks.

Ãœbersmith is composed of two highly integrated components, a billing and client management system, as well as a
customer relationship management and ticketing system. The billing and client system allows the web host to keep track of
clients and manage the accounts that individual clients subscribe to. This component is largely automated, freeing up
valuable time spent managing renewals, sending invoices and charging credit cards. It enables the host to create services
on the fly with different pricing schemes, billing periods, and discounts. Notable features of this component include
automatic real-time and periodic billing, consolidated billing, support for child packages, and automatic invoice generation.

Ãœbersmith allows clients to login to the system to view their current account status, pay their bill online, project
usage into the future, see which packages will be coming up for renewal, and view their complete account history. Many
clients have billing problems with their hosts. According to a recent IDG study, billing disputes are one the top reasons
for clients leaving hosts. With the self-service billing feature, such disputes and confusion are all but eliminated.

Ãœbersmith also includes a ticketing and knowledge base system that greatly simplifies the management of customer
enquiries and support requests. Clients can use either email or an integrated web form, which automatically associates
their account with the support request. Issues can be assigned to internal staff, prioritized, closed, and automatically
reopened upon further communication. Support issues are automatically linked to a client?s information and can easily be
accessed directly from the client management component. Issues are displayed in an intuitive threaded format and staff
can leave comments viewable only by other staff members.

Raj Dutt, CEO of Voxel Dot Net, Inc. states, “Web hosting companies spend a significant amount of time doing back-office
administration. Ãœbersmith automates web hosting businesses. It increases profitability, streamlines operations and
keeps hosts open 24/7/365 — the three holy grails of the web hosting industry. And it does not tie hosts to a particular
provider or NOC. Many rapidly growing web hosting providers find their administrative overhead spiraling upwards.
Automation is the key. We created an open-source billing tool called CBMS. It was well liked by many hosts, and used
quite extensively. At about the same time, we released another open source tool called Ticketsmith, a support ticketing
software. Like CBMS, it was also extremely well received. The fusion of these two products combined with a truckload of
new features and improvements is what has resulted in Ãœbersmith.”

About Voxel Dot Net, Inc.

Voxel Dot Net (http://www.voxel.net/) is a leading provider of managed Linux solutions,
including dedicated servers and managed clusters. Recently, they became the first hosting company to support and offer a
load balancing solution based on the Linux Virtual Server (LVS) project. Voxel Dot Net is partnered with VA Linux Systems
(LNUX) and AboveNet Communications (MFNX) and offers solutions based on a true best of breed model. The price/performance
value of the company’s high-end Linux solutions has attracted clients such as Porsche Cars of North America and Phillips
International.”

CNET: “There’s more to Microsoft’s recent attacks on the open-source movement than mere
rhetoric: Linux’s popularity could hinder the software giant in its quest to gain control of a
server market that’s crucial to its long-term goals.” (This story is also at ZDNET.)

LinuxSecurity: “Steve Gibson, president of Gibson Research Corp.,
is developing a free tool that will hold ISP’s feet to
the fire if they have not implemented a security
technique known as “egress filtering.”

Gibson’s utility, which will be called Spoofarino,
enables Internet users to test whether their ISPs
allow them to send forged or “spoofed” packets of
data to Gibson’s Web site. A spoofed packet
conceals the true Internet protocol address of the
sender’s computer, making it appear to come from
another machine.”

feder writes: “As far as IBM is concerned Linux has become mainstream and it is doing mainstream business. It is selling Linux ready Intel-based hardware into major corporate sites. Big adopters include Shell, Deutche Bank and Morgan Stanley … A “straw in the wind” that IBM mentioned at the conference was the rate of Linux adoption in China and India – where it now dominates. Full story at IT-Director.com..”