EnGarde — Secure Linux Server
[ Tuesday, 7 August 2007, riklaunim ]
This will be an unusual review, due to the fact that the distribution under review doesn’t have an X server, and you don’t really need to login on it to work… This review is about the just released EnGarde Secure Server 3.0.16 developed by Guardian Digital company with the help of the community.
About EnGarde
EnGarde is a server oriented distribution equipped with WebTool — a web based interface for managing the system and various types of servers (HTTP, mail, FTP and many other). There are two editions of EnGarde – the free Community edition and the commercial Professional edition. EnGarde and all it components are published on the GPL license. EnGarde is available for i686 and x86_64 architectures, uses RPM packages managed by APT-GET. The package list is available on the distro web page, and as we can see most of server software is there but not all (like some python packages if we want to host, for example, a Django website). Excellent security is achieved thanks to SELinux and also good testing, and package selection. The Community edition is developed with the help of the community. Before each release community ideas and request are gathered and implemented where possible.
Off we go
We start by downloading an ISO image from one of the mirrors. We get a LiveCD EnGarde, which can run as LiveCD or can be installed onto the disk. If we install we have to register for free to get an activation code.
Pic 1. EnGarde at start
When the system boots from the LiveCD we can use the LiveCD session to install EnGarde. The installer is very simple, curses based, and consists of a few stages, which allow us to set the partitions, network connection etc.
Pic 2. EnGarde uses a curses text based installer
Pic 3. We can select some packages groups
WebTool
Under the URL https://[SERVER IP]:1023/ we will find the WebTool interface (EnGarde uses 192.168.10.100 by default). When we open the url in a browser we will see the login screen. Default login/password are: “admin”, and “lock&%box”.
Pic 4. Login to WebTool
After first login we will have to set new passwords for WebTool admin and the root user. After saving them the system will reboot. Next login will open all WebTool features.
Pic 5. WebTool main page
WebTool is an advanced tool for managing the server system and it’s services. We even find a java applet that will connect us to the EnGarde IRC channel. We will also get RAM and CPU usage statistics and the main part – management of servers and system settings. We can configure servers, firewall, detect intrusions and even manage packages though the web browser.
Pic 6. IRC client works
Pic 7. We can check working services
Pic 8. And also watch resource usage
Pic 9. We can install extra packages
Pic 10. And it even works 
Pic 11. A long list of features
Test Details
WebTool is accessible from other computers on the network. To test this distribution on a single computer I had to use QEMU with network support. There are a dozen ways to set the network to work with the emulated system but I tested a few and not all worked. I installed vde - ethernet network emulator for QEMU and other emulators. Also the kernel has to support TUN/TAP (”tun” module or build-in; Device Drivers –> Networking support –> Universal TUN/TAP device driver support), and of course ip tables and friends. When we have all that we execute few commands:
vde_switch -tap tun -daemon ifconfig tun 192.168.254.254 echo "1" > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # or if we use ppp connection iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
Now we can start the system using “vdeqemu“, and not “qemu“:
vdeqemu -hda had.img
When the Linux system starts we set some connection data:
- IP: 192.168.254.X
- Mask: 255.255.255.0
- Gateway: 192.168.254.254
- DNS: as on the host system
Full description can be found on the net. QEMU system will be available on the IP address we have given, 192.168.254.X.
Summary
EnGarde is an interesting server distribution. Compared to common SSH-only VPS servers, EnGarde VPS seems to be much easier to manage, although the admin still needs to know how all those bits and pieces work. Delivering more crucial packages would be nice. However, the overall rating is still positive.
On the web
- EnGarde Site
- Distrowatch
- Reviews: lwn.net, linux.com
Propagate this post
Subscribe to RSS feed for this article!
1 Comment
- A hyperlink: <a href="polishlinux.org">GNU/Linux for everyone!</a>,
- Strong text: <strong>Strong text</strong>,
- Italic text: <em>italic text</em>,
- Strike: <strike>
strike</strike>, - Code: <code>
printf("hello world");</code>, - Block quote: <blockquote>Block quote</blockquote>
I’ve tried Engarde and found it to be less than what I like or need as a home user. Therefore, I’ve used ClarkConnect since version 2.1.
I encourage you to take a look at this tool as it is similar to Engarde. I reviewed the previous 3.2 release of their fantastic product on my blog…a quick google search will get you there (I hate it when people comment with links to blog posts they’ve done)