Review : EnGarde Secure Linux

EnGarde Secure Linux is a Linux distribution that is tailor made with security in mind. This is a review of the Community edition of EnGarde Secure Linux which is freely available to download and use.

EnGarde Secure Linux is released by its parent company Guardian Digital in two forms - one is the Community edition which is available for free download and the other is the commercial Professional edition which includes support. The community edition of EnGarde is full featured, secure and is built entirely from open source and it contain many of the capabilities of the Professional edition.

Guardian Digital claims they have over 500 corporate clients across USA, Canada and the rest of the world who use EnGarde Secure Linux.

I decided to install the Community edition of EnGarde Secure Linux on my machine and take it for a spin.

One of the unique aspects of EnGarde Secure Linux is that it ships with only those packages that are absolutely necessary to function as a server. So you won't find software such as a X Windows server or other desktop utilities which is expected in any normal Linux distribution. What you will find are the necessary databases, web server, mail server and DNS server. You can configure EnGarde Secure Linux to function as any of those, or all of them.

Installation of EnGarde Secure Linux

EnGarde Secure Linux installs itself on your machine using a text based installer. If you just want to try out EnGarde Secure Linux, that is also possible because the ISO functions as a LiveCD as well. In the LiveCD mode, you can try out all the features that EnGarde Secure Linux has to offer without making changes to your hard disk.

Basically, These are the steps I had to go through in installing EnGarde Secure Linux on my machine.

Fig: Booting from the CD-ROM (Check out all of them)

Fig: Decide on the partitioning scheme. (Check out all of them)

• Change root and WebTool password - this is applicable only if you are using EnGarde as a LiveCD.
• Decide on whether you want DHCP or static networking
• Choose between running EnGarde in Installation mode or LiveCD mode - Here I chose Installation mode as I wanted to install it on my machine.
• Choose the language - English is default.
• Decide on the partitioning of your hard disk. You can either partition your hard disk automatically where the installer will create the necessary partitions - usually /,/var and /home. Or you can choose to do it manually.

EnGarde Secure Linux cannot reside next to another OS. If you choose to install EnGarde Secure Linux, it will wipe your hard disk prior to installing itself.

• Decide on the type of hard disk - whether IDE or SCSI.
• Choose the packages - The packages are broadly classified into 6 sections namely Databases, DNS, Firewall, Mail services, Network Intrusion Detection and Web services. I selected all the packages and pressed OK and the installer started copying all the files to the hard disk.
• Next I had to configure the network card and provide information such as the IP address, netmask, the default gateway and the network address.
• Then it prompted me to provide a fully qualified domain name for my machine.
• Lastly I had to enter the IP address of the primary and secondary name server.

That was it. EnGarde Secure Linux was now fully installed on my machine.

Facts at a glance

• Very secure out of the box.
• Cost effective - Helps companies & corporations reduce support costs.
• Comprehensive audit system - provides accountability.
• Can be fully configured from a remote location via any web browser.
• Around 220 packages are included with EnGarde Secure Linux. You can add another 300 of them using the customized WebTool.
• EnGarde is available for i686 and x86 64 bit architectures and uses RPM packages managed by the apt-get command line tool.
• Very well documented. Check out the video tutorials and documentation.

How secure is EnGarde Secure Linux

EnGarde implements security by following a number of rules.

It locks down the box in 3 ways namely -

1. Host level
2. Network level, and
3. Releasing up to date security patches for software.

At the host level, EnGarde Secure Linux implements a number of features such as TCP wrappers, restricted user rights at a global level, and SELinux policies in enforcing mode.

At the network level, EnGarde Secure Linux ships with a plethora of network tools which allow a system administrator to analyse the security level of his machine and take preventive measures. Among other things, it has a unique WebTool through which you can do any and all system administration tasks from a remote location including rebooting or shutting down the server.

This means that after installation, you can safely place the server in a locked room and not worry about its physical security.

Up to date security patches of software are released on a regular basis (more like every month) enabling system administrators to plug any security holes in the server software they run. This is automated to a certain level via the Guardian Digital Secure Network (GSDN). And you are prompted to register and create a GSDN account (for free) - it is not an option.

Guardian Digital WebTool

After installation, you can physically lock your computer running EnGarde Secure Linux away from prying eyes, behind closed doors.

This is because you can access it from any of your other computers in your network by typing the https://your-machine-ip-address:1023/ address in a web browser.

You log in to the Guardian Digital WebTool using two different passwords depending on whether you are using EnGarde as a LiveCD or if you have installed it on a machine.

For LiveCD : The login name is admin and the password is the root password you set while booting the EnGarde Linux CD.

When Installed : The login name is admin and the password is lock&box. And the first time you log into the Admin section, you are confronted with an initial configuration screen.

Here the first thing you need to do is register for a free GSDN account. The GSDN account provides up-to-date automated security fixes to your server. Next you have to change the root and WebTool password. Then specify the NTP servers as well as your geographic location. Lastly, you need to fine tune the services you would require to run on your remote server.

Fig: WebTool main page - View more images here.

WebTool is the pivot with which you can effectively administer the system remotely from within a web browser.

A few things you can do using the WebTool are as follows.

• Manage users
• Manage database servers
• Configure the web server (Apache)
• Implement DNS,
• View all the security logs
• Manage mail servers,
• Enable and disable system level services
• Configure firewall
• Run most of the security tools such as snort bundled with EnGarde and view their output in the web browser.

The WebTool is a one stop shop for troubleshooting and managing your server from a remote location.

To sum up, I found EnGarde Secure Linux to be a unique blend of a robust Linux server topped up with loads of security features coupled with the very powerful Guardian Digital WebTool which aids in administering the server remotely, all from within a web browser.