Everyone is looking for more security. Recognizing all the public exploits to known vulnerabilities, we want reassurance that we won't be affected. Even more, we want preventative security in place. When a new virus is released into the wild, we want to know that the chances of being affected are next to none. Being affected by a vulnerability, even if it doesn't result in a remote root compromise and the defacing of our Web site, costs time and that costs money.
Vendors today are getting faster at releasing patches to known problems and many are taking steps to perform audits on some of the more suspect software they’re including. The trend has also turned to "secure" Linux distributions, such as Trustix and Immunix. Whether it’s applications written with security in mind, like GnuPG or OpenSSH, or updates that eliminate security flaws like the rash of buffer overflows we've seen in recent months, the reasoning is the same.
Another player has emerged with a bit of a twist. Guardian Digital, Inc., has released its secure Linux distribution, EnGarde Secure Linux, and you can also purchase hardware with its secure Linux preinstalled; this package is called the Linux Lockbox. In this Daily Drill Down, I’m going to focus not on the actual Lockbox hardware but the operating system, EnGarde Secure Linux 1.0.1, which powers the machines. While the hardware I used to test EnGarde was not quite as fancy, it was adequate to demonstrate that EnGarde’s easy installation and configuration, comprehensive Web interface, and strong monitoring tools add up to a secure e-commerce solution.
Installing EnGarde Secure Linux
If you don't have the Lockbox with EnGarde preinstalled or you've downloaded it to use on another machine, you'll be pleased to know that the installation is relatively painless, if not a little strange. Put the CD into the drive, boot from it, and you're off into a text install based on the old Red Hat text installer.
EnGarde allows you to install two classes of server: Web server or mail server. Take your pick and EnGarde will carry on with a warning that it’s going to create the partitions and will use the entire disk. Don't think about dual-booting EnGarde or putting it alongside another distribution. EnGarde will happily destroy your partition information and claim the entire disk for itself. Using a 2-GB drive, EnGarde created a 461-MB / partition, a 926-MB /home partition, a 465-MB /var partition, and a 102-MB swap partition.
After this, you’ll be asked to create a new user that will be added to the admin group. This user will be able to log in to the system at the console. The user you define here will also be able to log in to the system via ssh.
Finally, after a preselected package install, you’ll be asked to reboot the system. Once the system has rebooted, further configuration must be done. The next step is done from the Web administrative interface, which resides on port 1023 for the IP address you defined for the machine. For instance, if you defined the IP address as 10.0.0.50, you would go to https://10.0.0.50:1023/ in your favorite browser. Remember to use https:// and not http://. The administrative interface is only accessible over an SSL-encrypted session, which is a very nice touch.
Once you load the page, you’ll be asked for the administrator username and password. This is not the same as the user you defined previously in the install. And since you weren’t asked for a root password previously, it isn't the root user either. After perusing the manual, I found the login name defaults to admin with a password of lock&%box. Once you log in to the system, you’ll be asked to change the root password and to change the password for the admin user on the Guardian Digital WebTool (the interface you are currently logged in to).
You’ll also be able to define another new user here and you’ll be asked to reconfigure your network. You can then define some trusted hosts that will be able to access the GD WebTool by IP address or domain name. If anyone tries to connect to the WebTool from a machine not listed here, the connection will be refused.
After this, you’ll be asked to define the time zone your system is in and which services will be active at boot: DNS, mail, Web, IMAP, POP3, or the user password changer. Finally, you’ll be taken to a screen with a Reboot button to restart the machine.
It took me a while to figure out the ridiculous-seeming (at the time) order of installation. I couldn't determine why you would be asked for a root password from the Web interface and not during the actual CD-ROM installation. Finally, it clicked. Guardian Digital must have planned to sell EnGarde Secure Linux on special hardware all along. This order of events makes sense for rapid installation on any hardware with the postinstall configuration being done by the purchaser. While it seems silly and redundant if you’re installing EnGarde on your own, it makes sense from the standpoint that Guardian Digital expects people to purchase the Lockbox, plug it in, go to the GD WebTool, and configure their new server.
Using EnGarde Secure Linux
Once you have rebooted the Lockbox or the machine on which you’ve installed EnGarde Linux, you’ll want to go back to the GD WebTool (see Figure A). Now you’ll be able to perform a number of functions.
|A sample selection of icons you’ll see in the GD WebTool|
The main menu shows you six options: Virtual Host Management, System Management, System Status Monitor, Security, Guardian Digital Update, and System Backup.
Click on Virtual Host Management to configure your Apache Web server. Because EnGarde was designed to be an e-commerce Web solution, it also comes with the open source AllCommerce program, which allows you to create an online store on your system. The first part of the menu allows you to handle Virtual Hosts, while the second lets you configure multiple online stores using AllCommerce.
Virtual Hosts are a method of hosting multiple Web sites on a single system. With Virtual Host Management, adding a new Virtual Host is as easy as deciding whether or not the Virtual Host should be SSL-based. When you create a new Virtual Host, you’ll be asked for the IP address of the Virtual Host, the administrator's e-mail address, the server's name, the Webmaster's username on the system, and the group for this Virtual Host. All of the files for this Virtual Host will be owned by the user and group you select here. You’ll also be able to create a database for the Virtual Host using MySQL by selecting the option and defining the username and password for the MySQL database.
From the main menu, you can configure Web site log analysis for configured Virtual Hosts. This seems to be available only to non-SSL Virtual Hosts, however. The software EnGarde uses for the log analysis is the Webalizer program.
For more information on Webalizer, check out Vincent Danen’s ”Analyzing Web sites with Webalizer.”
Once you’ve made your changes, click on the Restart Web Server button to load the new configuration.
In the AllCommerce Management section, you can create a new store, edit or delete an existing store, or configure a store by creating products, variances, and other store items. EnGarde also allows you to use CyberCash CashRegister to handle payments for your store. This will allow you to accept credit card payments for merchandise on your store.
Discussing the ins and outs of configuring AllCommerce and CyberCash are beyond the scope of this Daily Drill Down. Suffice it to say that the manual seems to cover the setup and configuration of both programs in detail, which should be more than sufficient.
Management and monitoring
Back at the main menu, select System Management to manage local users on the system as well as create new users and groups (see Figure B).
|As the tool says, you only have to click on a current username to edit that user’s information.|
You’ll also be able to configure the network, set the system time, and configure your server to remain in sync with remote Network Time Protocol (NTP) servers. You can configure your mail server and DNS server here, as well. EnGarde comes with the Postfix mail server and a specially configured version of BIND 8.2.3 designed to run chroot for more security. I'm glad to see EnGarde take the steps to build BIND to run chroot due to the obscene amount of security flaws that have been found in the code in the past. You can configure OpenSSH here and generate user keys too.
Under the System Status Monitor at the main menu, you can view log files and other statistics about your system. You can view the OpenSSH log file, the mail warning log file, and the sudo log file. You can also view a list of all running processes, the services that your system offers and their current status, and some statistics about the server, including the disk and network usage.
Under the Security main menu option, you can define a number of settings dealing with system security. You can change the WebTool password here as well as access control for the WebTool. You can also define the administrator e-mail address, which will receive security alerts and a daily summary of the system. You can configure which systems are allowed to access services on your machine, configure Tripwire, and edit the login banner presented to users at the system console. EnGarde, by default, denies access to all machines for SSH, Secure IMAP, and Secure POP3 access, so you’ll need to define the systems in your LAN that will be able to access any of these particular services on your system. You can have one system set up to connect to the machine via SSH but not for secure e-mail, and vice versa.
The Guardian Digital Update main menu option allows you to fetch updated packages for your system. The option lists the updated packages and allows you to select which ones you wish to download. It's a good idea to go into this option on a fairly regular basis to grab updated packages that may contain fixes for known vulnerabilities.
Finally, under the System Backup main menu option, you can define a backup routine for your system. All backups are stored on the local hard drive, but when the backup is complete, you have the option to download the backup file. A few categories are defined that will back up user home directories, mail files, Web files, DNS files, or everything. The backups can be scheduled to run unattended.
Segregating the WebTool from the rest of the system is ideal. The way it’s set up, you can have one administrator with the root password and others with the WebTool password. This allows other administrators the ability to configure almost everything dealing with the system using the Web interface, without handing out the root password. This keeps the system safer and offers a buffer level between simple configuration directives and executing truly dangerous commands.
Finally, Guardian Digital has taken one further step by incorporating the Linux Intrusion Detection System (LIDS) into the kernel that comes with EnGarde. LIDS allows you to control all access to files, processes, binaries, memory, raw devices, drives, and so on. In short, LIDS is a comprehensive preventative security measure that allows you to grant explicit access to programs, applications, or any other aspect of your system to users. This means that users can’t inadvertently access something they don't have explicit access to. It also means that, should a vulnerability that could end in a remote root exploit be found in a program, your system may not necessarily be affected. Guardian Digital including LIDS in its distribution is just the icing on the cake.
I wasn't sure about Guardian Digital's EnGarde Secure Linux when I first received a copy of it. I was a little put out that I didn't get a Lockbox to play with, but I soon got over it. My first thoughts on EnGarde were that it simply aimed to be another Trustix or Immunix, but I was dead wrong. EnGarde aims to be a secure e-commerce solution and it has done this admirably. I was extremely impressed with how easy it was to install and configure and how comprehensive and clean the Web interface looked.
The options for the GD WebTool are intuitive and helpful, as well. In fact, it’s probably rare that anyone using EnGarde actually needs to log in to the actual box, since nearly everything you might want to do with the box can be done via the WebTool. I was especially impressed with the system statistics and process list. Those capabilities are something most sincere system administrators will look at occasionally, and Guardian Digital did an admirable job with including them in the WebTool.
With the inclusion of tools such as AllCommerce and CyberCash, I think Guardian Digital has a real winner on its hands. With the Lockbox, or with EnGarde Secure Linux on alternate hardware, you have in your hands all the tools required to build a comprehensive e-commerce site. And if you're in the Web hosting business, EnGarde allows you a safe and secure platform to allow others to run Web sites that suit their needs and offer them the ability to run online stores of their own.
Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.