EnGarde Secure Community 3.0.7 Released

Announcements from Guardian Digital

Moderators: scrumpy, Dave, leihog

EnGarde Secure Community 3.0.7 Released

Postby Efren on Tue Jun 13, 2006 4:40 pm

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.7 (Version 3.0, Release 7). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, and several new packages available for installation.

EnGarde Secure Community 3.0.7 Release Notes
--------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.7 (Version 3.0, Release 7). This release includes several
bug fixes and feature enhancements to the Guardian Digital WebTool and
the SELinux policy, several updated packages, and several new packages
available for installation.

The following reported bugs from bugs.engardelinux.org are fixed in
this release:

#0000067 SIMAP AND SPOP3 packages are built disabling plaintext auth

Several other bugs are fixed in this release as well.

New features include:

* A new package (hwlister) which can be used to generate an inventory
of all the hardware which comprises your system. This package is
now installed by default with EnGarde Secure Linux.

* PHP was re-build with cURL support and a race condition was fixed in
shadow-utils.

* The latest stable versions of: MySQL (5.0.22), apache (2.0.58),
asterisk (1.2.8), bacula (1.38.9), imap (2004g), openssl (0.9.8b),
php5 (5.1.4), postfix (2.2.10), snort (2.4.4), sudo (1.6.8p12),
syslog-ng (1.6.11), vim (6.4.010), and zaptel (1.2.6).

* Several new packages:
- binstats (1.08)
Binstats is a statistics generation tool for installed programs.
It is also useful for cleaning up a system by helping find
duplicate executables, unused libraries, statically linked
binaries and duplicate man pages.

- *beep* (1.1)
*beep* is an IRC (Internet Relay Chat) client that is based on
ircII (but heavily modified). It is ncurses based and allows the
user to get onto IRC without requiring the use of GUI client.

- bittorrent (4.9.2)
Bittorrent is a scatter-gather network file transfer protocol
used for distributing files. It works in the opposite method of
regular downloads with regard to the fact that the more people
are currently downloading a file using bittorrent, the faster it
will go.

- ethereal (0.99.0)
Ethereal is a network protocol analyzer. This version is ncurses
based and allows the user to examine and capture data from a live
network.

- hyperion (1.0.2)
Hyperion is an IRC daemon that allows clients to connect to it.
This is the server that is used by Freenode.

- john (1.7.0.2)
"John" is a password cracker whose primary purpose is to detect
weak passwords in order to strengthen the overall security of a
system.

- libapache-mod_fcgid (1.09)
mod_fcgid is an apache web server module that acts as a binary
compatibility alternative to mod_fastcgi. It comes with a new
process management strategy.

- libapache-mod_mono (1.1.14)
mod_mono is an apache web server module that provides ASP.NET
support for the apache web server.

- libapache-mod_security (1.9.3)
mod_security is an apache web server module that acts as an
intrusion detection and prevention engine for web applications.
It acts as another line of defense between improperly coded
applications and the webserver.

- makejail (0.0.5)
Makejail, in conjunction with binstats, determines which binaries
a program is going to need to be chrooted and creates a chroot
jail for it.

- mc (4.6.0)
Midnight Commander is a console based ncurses visual file manager
similar to Norton Commander. It has the ability to handle
archives, FTP site, and many other files built in.

- paketto (1.10)
The Paketto Keiretsu is a collection of tools that use new and
unusual strategies for manipulating TCP/IP networks. scanrand is
said to be faster than nmap and more useful in some scenarios.

- psad (1.4.5)
PSAD is a collection of utilities that work with the linux
firewalling code (IPTables) to detect port scans and other
suspect traffic. It also includes the ability to configure
threshold levels based on how stringent your ruleset is.

- slat (2.0)
SLAT provides a systematic way of determining if your SE Linux
policy achieves your desired security goal. This is a useful
tool when creating or modifying SELinux policy.

All new users downloading EnGarde Secure Linux for the first time or
users who use the LiveCD environment should download this release.

Users who are currently using EnGarde Secure Linux do not need to
download this release -- they can update their machines via the Guardian
Digital Secure Network WebTool module.

Downloading
-----------
Below are the MD5 sums for the i686 and x86_64 ISO images:

665031a99d89f21894441f33f634f863 engarde-community-3.0.7.i686.iso
ea3391b68e9bf39fb23fb4d0c607541e engarde-community-3.0.7.x86_64.iso

You may download this ISO image by following the "Download Now!" link
from engardelinux.org:

http://www.engardelinux.org/

(It may take several days for this image to make it to our mirrors,
please be patient).

Further Information
-------------------
New users are encouraged to subscribe to the engarde-users mailing list
and to explore our wiki:

# EnGarde Secure Linux Homepage
http://www.engardelinux.org/

# Subscribing to the engarde-users Mailing List
http://www.engardelinux.org/modules/ind ... _lists.cgi

# EnGarde Secure Linux Wiki
http://wiki.engardelinux.org/

# EnGarde Secure Linux Bug Tracking System
http://bugs.engardelinux.org/

# Installing Extra Packages on EnGarde Secure Linux
http://wiki.engardelinux.org/index.php/Extra_Packages

Release History
---------------
Jun 06 2006 EnGarde Secure Linux 3.0.7 (Community)
May 02 2006 EnGarde Secure Linux 3.0.6 (Community)
Mar 10 2006 EnGarde Secure Linux 3.0.5 (Community)
Feb 07 2006 EnGarde Secure Linux 3.0.4 (Community)
Jan 03 2006 EnGarde Secure Linux 3.0.3 (Community)
Dec 06 2005 EnGarde Secure Linux 3.0.2 (Community)
Nov 01 2005 EnGarde Secure Linux 3.0.1 (Community)
Sep 27 2005 EnGarde Secure Linux 3.0.0 (Community)
Efren
Site Admin
 
Posts: 1
Joined: Tue Jun 13, 2006 4:35 pm
Location: Allendale, NJ

Re: EnGarde Secure Community 3.0.7 Released

Postby J_K9 on Thu Jun 15, 2006 4:11 pm

EnGarde Secure Linux wrote:EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer.

Ok. I am sure it is, although I have yet to test it.

But, I ask myself this question: why are the following packages included in a distro renowned for being a secure server distribution?
Efren wrote: - *beep* (1.1)
*beep* is an IRC (Internet Relay Chat) client that is based on
ircII (but heavily modified). It is ncurses based and allows the
user to get onto IRC without requiring the use of GUI client.

- john (1.7.0.2)
"John" is a password cracker whose primary purpose is to detect
weak passwords in order to strengthen the overall security of a
system.

- paketto (1.10)
The Paketto Keiretsu is a collection of tools that use new and
unusual strategies for manipulating TCP/IP networks. scanrand is
said to be faster than nmap and more useful in some scenarios.

*beep*, an IRC client, on a secure server? I don't see why the server would ever need an IRC client - that seems an unnecessary security risk, especially when a server is NOT meant to be used for running client apps (for obvious reasons).

Let's move on to JtR and paketto. While these are undeniably very useful apps - what use do they have on a server? If the server gets compromised and you have weak access controls, then the attacker could use these tools against you and your own LAN. Surely this is not a good idea? The same goes for other applications like nmap, Ethereal, etc. In my opinion, these should not be part of the default install (or even on the CD) but should be available from the repositories, and during the installation there should be an extra screen in which you can choose whether to download these select few packages or whether to leave them off the system - whichever option the administrator decides to choose is up to him. I for one would leave those off my server..

I'm sure I could pick apart a few other applications included with EnGarde, but I think you can see where I'm coming from? Any justifiable explanation is welcome ;)
J_K9
 
Posts: 3
Joined: Thu Jun 15, 2006 3:49 pm
Location: UK

Postby eric on Fri Jun 16, 2006 12:13 pm

Your right, they all can potentially be security issues. However none of them are included in the default install. They are all useful tools that can be installed from the respository using apt-get from the command line or installing them through the package manager in the WebTool.

Programs such as JtR and paketto are included in the repository to test your networks. If they aren't needed, then they shouldn't be installed. As for *beep*, it is there as a matter of convenience. If the server is something that users spend time on, they might want a program like *beep* on there to server their IRC purposes.

The explanation stands as only the bare necessities are included in the core installation of EnGarde. The other packages are available as needed (or wanted). Hence the repositories. :)

Eric
eric
Site Admin
 
Posts: 234
Joined: Wed Jun 14, 2006 11:15 am
Location: New Jersey, USA

Postby J_K9 on Fri Jun 16, 2006 12:20 pm

Ah, right. My apologies - I assumed that you meant they were included in the default install when you said 'several new packages' ;)

I will download the new version of EnGarde this weekend.. I'll let you know what I think of it when my holidays come around (in about 2 weeks' time). Again, apologies for jumping on you - I made an incorrect assumption! :?
J_K9
 
Posts: 3
Joined: Thu Jun 15, 2006 3:49 pm
Location: UK

Postby Dave on Fri Jun 16, 2006 1:22 pm

J_K9 wrote:Ah, right. My apologies - I assumed that you meant they were included in the default install when you said 'several new packages' ;)

I will download the new version of EnGarde this weekend.. I'll let you know what I think of it when my holidays come around (in about 2 weeks' time). Again, apologies for jumping on you - I made an incorrect assumption! :?


What we'd really like to hear from you concerning, is recommendations for packages you would like to see available that aren't currently part of EnGarde.

Regards,
Dave
Dave
Site Admin
 
Posts: 107
Joined: Tue Jun 13, 2006 6:06 pm

Postby J_K9 on Fri Jun 16, 2006 1:48 pm

Sure thing.

I have looked at the package list but there is nothing separating the packages which are included by default and those which are available from the repositories.. Plus, it seems that the package list needs updating ;) I would probably be able to let you know which package(s) I'd like to see available from the repositories if the list was up to date, as I won't be able to try it myself for a short while.

I'd also like to point out that the Wiki's Documentation page is slightly outdated:
Below are release notes for the various releases of EnGarde Secure Linux 3.0. Each release note details the changes, bug fixes, and improvements since the previous release of EnGarde Secure Linux.

EnGarde Secure Linux 3.0.3 Release Notes (Jan 03 2006)
EnGarde Secure Linux 3.0.2 Release Notes (Dec 06 2005)
EnGarde Secure Linux 3.0.1 Release Notes (Nov 01 2005)

Cheers ;)
J_K9
 
Posts: 3
Joined: Thu Jun 15, 2006 3:49 pm
Location: UK

Postby Dave on Wed Jun 21, 2006 2:06 am

J_K9 wrote:Sure thing.

I have looked at the package list but there is nothing separating the packages which are included by default and those which are available from the repositories.. Plus, it seems that the package list needs updating ;) I would probably be able to let you know which package(s) I'd like to see available from the repositories if the list was up to date, as I won't be able to try it myself for a short while.

I'd also like to point out that the Wiki's Documentation page is slightly outdated:
Below are release notes for the various releases of EnGarde Secure Linux 3.0. Each release note details the changes, bug fixes, and improvements since the previous release of EnGarde Secure Linux.

EnGarde Secure Linux 3.0.3 Release Notes (Jan 03 2006)
EnGarde Secure Linux 3.0.2 Release Notes (Dec 06 2005)
EnGarde Secure Linux 3.0.1 Release Notes (Nov 01 2005)

Cheers ;)


Thanks for your interest in assisting. This is something we'll try and address for the next release.

Regards,
Dave
Dave
Site Admin
 
Posts: 107
Joined: Tue Jun 13, 2006 6:06 pm

Postby ryan on Wed Jun 28, 2006 10:16 am

J_K9 wrote:Plus, it seems that the package list needs updating ;)


Indeed it does -- I'll try to address that sometime next week, thanks!

J_K9 wrote:I'd also like to point out that the Wiki's Documentation page is slightly outdated:


Thanks, I've updated this and added a note to our release procedure to keep it updated :)

-r
ryan
Site Admin
 
Posts: 246
Joined: Wed Jun 14, 2006 9:15 am
Location: Allendale, NJ


Return to Announcements

Who is online

Users browsing this forum: No registered users and 1 guest

cron