With EnGarde Secure Linux Guardian Digital brings a Linux-distribution target at the use as a server which claims to be “secure by design”. Unlike most other distributions it contains SELinux by default which enhances Linux’s security-capabilities.
The free Community Edition can be downloaded on engardelinux.org. You have to register before the download in order get the an eMail with an activation-code.
On guardiandigital.com there’s also a commercial version of EnGarde Linux, called EnGarde Secure Linux Professional.
During my test I used the free community edition.
The installation is pretty straight forward, you set a few details and choose which kind of services (IDS, webserver, mail, database, …) will offer. According to your settings the packages will be selected and installed. Since no unnecessary software will be installed the finished system is pretty slim. My test-installation used less than 500MB.
After the installation and the following reboot a shell-login is not possible. EnGarde Linux has to be activated first in it’s web-interface. On activation you’ll also set the root-password, which enables you to login to the server, but usually this shouldn’t even be necessary since the configuration of the different services can be handled in the web-interface.
During my test this interface was pretty slow, but I guess this might be related to having EnGare Linux run in QEmu. I don’t think it’ll be that slow when you install it on a real machine.
Also package- and update-management can be done in the web-interface. There are a couple of additional packages available, but you won’t find X in that list. I don’t see this as a problem but wanted to mention it since some users still like having a GUI on the server.
The installed software mostly seems to be pretty new. The installed version, EnGarde Secure Linux Community Edition 3.0.13, comes with kernel 2.6.19, Apache 2.2.4, PHP 4.4.6 (PHP5 can be installed later via package-management), OpenSSH 4.5 and MySQL 5.0.33.
System-software like GlibC and GCC (which is not installed by default) comes in older versions (GlibC is 2.3.6 and GCC is 3.4.4). I guess the developers here prefer to have versions that are thoroughly tested and known to be stable. Though these packages are pretty old I am sure that all available security-patches have been applied.
The package-manager seems to be apt-get, which is suggested by the output during installation of new software in the web-interface. So it could be possible to add new repositories, though I’m not sure if it’s possible to find some with packages for EnGarde Linux.
Overall EnGarde Secure Linux leaves a good and solid impression.
The web-interface is really good to use and makes local or remote logins mostly unnecessary.
Only the forced registration in order to activate your installation is a little annoying, but totally bearable when you keep in mind that you get an easy to use and secure server-system for free.