Slashdot Mirror

← Back to Stories (view on slashdot.org)

EnGarde Secure Linux v2 Out

Posted by Hemos on from the lock-it-down dept.

Chuck writes "I came across EnGarde Secure Linux about two years ago when it was first released, and I see they just released the newest version. Improved Mandatory Access Control using LIDS, awesome web-based manager, code from the Openwall Project and winner of the Network Computing Hardened Linux product of the year. I love EnGarde."

24 of 70 comments (clear)

  1. Commercial? by Anonymous Coward · · Score: 4, Interesting

    I thoght EnGarde was strictly commercial nowadays?? No?

  2. Advertising shmadvertising... by CoolVibe · · Score: 3, Interesting
    Guess this is one of those slashdot sponsored "advertisement" advertising stories huh?

    Anyway, LIDS is great. Played with it, and deemed it cool. Now I wish FreeBSD had something that cool (since that's my main OS of choice), but LOMAC comes pretty close.

    Heck, I just might give this a whirl on one of my testboxes...

    1. Re:Advertising shmadvertising... by DASHSL0T · · Score: 4, Funny

      Heck, I just might give this a whirl on one of my testboxes...

      So, the advertising worked, is what you're saying. :-D

      --
      Have you taken the SCO poll?
      Linux-Universe

      --
      Freedom Is Universal
      Linux-Universe
    2. Re:Advertising shmadvertising... by BSDevil · · Score: 2, Interesting

      At least Chuck is a real user, unlike last time (I don't remember the exact story) where no one could find any record of the user in the database and his domain belonged to an advertising company.

      --
      Cue The Sun...
    3. Re:Advertising shmadvertising... by caluml · · Score: 3, Interesting

      I prefer the GRSecurity patches to LIDS. They contain a lot more than just ACLs.

      --
      Get your own free personal location tracker
  3. Alternatives by schroet · · Score: 5, Informative

    We like Astaro a lot.

    http://www.astaro.de/php/statics.php?action=asl& la ng=gb

    Could anyone compare the 2?

    1. Re:Alternatives by warez · · Score: 5, Informative

      Astaro is a hybrid firewall (stateful packet filter, application proxy), with a bunch of other nifty features. I 'discovered' it a couple of months ago on freshmeat when I was about to put together my own security box. After playing with it, I am nothing short of impressed, and its FREE for home use. it is a refined product. Engarde is a hardened linux distro; it's most practical use is turning it into a secure pubic server. The two actually goes hand in hand, as they aren't competing products.

  4. "I love EnGarde." by MacOS_Rules · · Score: 5, Funny

    Quoth the poster: "I love EnGarde."

    The best part: it automatically uses protection! Just don't try a backdoor!

    ---OWWW! Stop hitting me!---

    --
    If a man's character is to be abused there's nobody like a relative to do the business. -Thackeray, William
  5. No skills required? by IO+ERROR · · Score: 4, Funny
    No Linux administration skills required.


    HUH? This is supposed to be an uber-secure system and you don't have to administer it? Somebody explain this to me like I'm a two year old, because I just don't get it.

    --
    How am I supposed to fit a pithy, relevant quote into 120 characters?
    1. Re:No skills required? by questamor · · Score: 4, Funny

      All ports are turned off by default, with no way to turn them on. Also, networking hasn't been compiled into the kernel.

      Not only that, no users are allowed. not even root.

      It's supplied preinstalled on a PC with no powerswitch. hell, no PSU even.

      They think of everything...

    2. Re:No skills required? by Anonymous Coward · · Score: 2, Insightful

      What they mean is you don't need to be a Linux guru to set up the box. Everything is using web browser with a few clicks, even updating your system. The only thing is you have to sign up with GDSN to keep up with updates and support. I believe they have 30 days trial for it on the new version just released few weeks ago. Originally one could update the system without signing up for GDSN account (they publish updates through ftp) but that doesn't seem like gonna happen with this new release. I could understand. They need to make $$$. The download version (Community version) does have some limitations as how many domains you could have. You could still update your system if you decide to use it by download the src packages and roll your own updates. It could be tedious.

      In short, if you are willing to pay $229, IIRC, for GDSN account per year then it is well worth it. From biz stand point, I don't think that is too much at all. If not, roll your own updates or use something else that fit you.

  6. Good stuff! by sokkelih · · Score: 2, Interesting

    I hope these guys do some co-operation with thingies like OpenBSD. I would love to see outcome of that. Great!

  7. Something Different by Ween · · Score: 2, Interesting

    Offtopic, but along the same vein, I would like to find a distribution of linux or *bsd that provides out of the box support for virtual mail hosting (many domains, 1 ip), name based virtual hosting, and the like. All with a simple to use console configuration. I've built my own several times, but thats time consuming. Anyone got any suggestions?

    --


    Tis better to be silent and thought a fool, than to open your mouth and remove all doubt --Abraham Lincoln
    1. Re:Something Different by 3.5+stripes · · Score: 3, Informative

      Have a look at e-smith

      http://www.e-smith.org

      --


      He tried to kill me with a forklift!
  8. EnGarde Linux Flavors by Anonymous Coward · · Score: 2, Informative

    Engarde comes in two flavors: commercial and community. Community is the free version.

  9. Distro Consolidation by The+Monster · · Score: 5, Informative
    wouldn't it be more competitve to merge certain distros?
    They tried that. It's called UnitedLinux. And one of the partners in that enterprise has decided to serially sue everyone else in the Linux business, based on an exotic theory of IP violation. You may have seen something about this recently here on Slashdot
    --

    [100% ISO 646 Compliant]
    SVM, ERGO MONSTRO.

  10. Re:We were considering implementing it by RedOregon · · Score: 4, Insightful

    What? You decided not to implement because it requires you to configure it? And if you don't, it gives a benign error?

    (Link points at an advisory stating that log check emails will bounce by default if not configured)

    --
    Skivvy Niner? Email me!
    HEY! Look left just ONE MORE TIME!
  11. Braino by wowbagger · · Score: 3, Funny
    While reading the summary, I misread
    Openwall Project


    as

    Orwell Project


    which, I personally feel would be an interesting name for a security enhancing project - right up there with Big Brother.

    ENOCAFFINE
    --
    www.eFax.com are spammers
  12. Re:We were considering implementing it by freuddot · · Score: 4, Informative
    OVERVIEW
    --------
    A bug was recently discovered in the default configuration of the
    daily log summaries. The default address is set incorrectly causing
    daily summaries to bounce until the system is ran through the initial
    configuration process or the admin e-mail address is changed.


    Err. That's probably the mildest bug/security problem I've ever seen. Care to explain me what is the problem of either

    - applying the update ?
    - running the initial configuration process ?

    Or were you simply googling for a defect to post and that's the ony one you found ?
  13. Pricing. by Qbertino · · Score: 4, Interesting

    What's this supposed to be?
    Is this such a big fat hairy deal that you have to charge a minimum of 800$ for a "oh-so-extra-special-secure-Linux" distro?
    Ok, if it's so easy to install that any Webdesigner could get it on right out of the box I say ok, let them Dreamweavers pay the price if they're to cheap for hiring a sysadmin to their team.
    But I seriously doupt that this one pulls the trick better than a securepatched SuSE, Debian or OpenBSD.
    Does anybody have solid expierience with this distro and can they testify that its bizar retail price is justified?

    --
    We suffer more in our imagination than in reality. - Seneca
    1. Re:Pricing. by div_2n · · Score: 2, Informative

      At a place I used to work we had two Engarde boxes sitting in a DMZ acting as DNS servers. In two years I was there they NEVER went down and as far as we could tell had never been cracked. Our IDS did record quite a few attempts though.

      I can't say the same for our Citrix servers . . .

      IMHO the price is definitely worth it. I have spoken with the CEO Dave Wreski many times and he has helped me through several tough problems. Hands down their tech support has been unbelievable. I recommend their product to every company that I believe has a need that their products can fill.

      For most /. users their products won't make much sense because they are targeted to an enterprise level customer.

      If you happen to work for one of these companies you will not find a more out of the box secure solution for Web, DNS, E-mail or file serving.

  14. "Pioneering OpenSource Security"? by Fefe · · Score: 2, Funny

    Ah, so these are the people OpenBSD learned everything from, right?

  15. What a great idea by The+Tyro · · Score: 4, Funny

    "turning it into a secure pubic server"

    That's truly a noble endeavor... From my experience, most insecure pubic servers are loaded with viruses and trojans.

    --
    Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
  16. Has it occured to anyone that... by Spleen · · Score: 2, Funny

    "Improved Mandatory Access Control" would be iMAC ?