EnGarde Community - The Whole story

Discuss general troubleshooting concerns.

Moderators: scrumpy, Dave, leihog

EnGarde Community - The Whole story

Postby deadbox on Wed Aug 15, 2007 6:04 pm

I've been an avid user of linux for the last 10 years, my distro of choice has been slackware, it's nice and clean and small and fast, if you can handle the manual configurations and kernel recompiling.

Recently I found myself re-evaluating my needs in a linux distro and what I would suggest to my small business clients who are setting up small office networks and services for their business and online presence. At the same time I realised how much of a mess my own personal testing/web development/playground private server was.

So now I've got my new pet project, re-install and reconfigure from scratch a system I would be able to recommend with confidence to someone else who hasn't much if any experience with linux or servers before that they would be able to use, and something I would be able to continue my own development on with the latest methodologies and tools from the last year.

So the search began, combing through reviews, distrowatch.com and many other review and user forums and resources to come up with a shortlist. Requirements were fairly simple. To find a distro with an active developer and user base, open source, support for SELinux, firewalls, web, mail, ftp, samba, and easy to maintain after install. So the focus was on security and useability as a server platform.

Fedora 7, Slackware, EnGarde and Ubuntu Server made the shortlist in the end. Since this is the EnGarde forums I'll skip the others and get right to the point. I would never recommend EnGarde to anyone and there are a whole slew of reasons. Let me shed a little light on the reason why not.

- The initial download of the livecd iso was painfully slow. Your company server had horrible download speed in the middle of the night. A torrent is with 1 seed and 1 peer is no better then an ftp server.

- You offer the community version as open source available to all but you HAVE to register to be able to use it AT ALL, without an approved code your going nowhere fast. Ive never run across any other project claiming to be open source that demanded I register to be able to use the product and get updates. Tying my server to yours with this licensing key is contradictory to the GNU and open source philosophy.

- Your documentation is scarce at best, the forums are bare and I havent even started to try and figure out how to compile my own packages yet and create SELinux policies for them.

- One of the most usefull developments in linux recently has been the support for LVM now packaged with almost every distro, except this one! In conjunction with smartd it lets you manage your drive space and resize and move partition across various drives for special circumstances or anticipated hard drive failures, saving valuable data. I did find lvm2 as a package once EnGarde had been installed but then it was too late the drives had been partitioned during the install. I decided to re-install so that I could use lvm.

- The package management needs help. In trying to install lvm support, I boot the live cd and try and download the package to repartition with lvm support before I the install and run into licensing problems because the secret key is wrong now (which goes back to my first issue) I make the change for the key and find myself unable to download the lvm2 package because I get repeated errors about not being able to satisfy the dependancies, I even try and download the device-mapper package by itself to fix it and get the same errors, I even try apt-get from the console and it cant find the packages I want AT ALL. They are listed in the webtool but when using apt-cache search lvm or apt-cache search mapper they are nowhere to be found and yes the /etc/apt/source.list file is pointing to the correct repository

- After much searching and frustration at tools that don't work as they should I decide to re-install. This time I leave most of the drive unpartitioned to be able to use lvm post-install and complete the partitioning and move the filesystems around afterwards. Again I run into the first licencing issue when my secret key is wrong again. This time it wont let me change it and decides I should wait 24 hours before I can change it again and use the activation code.

- Now I either wait a day until I can continue the installation, or I call and sit on the phone with a company I have no interest in talking to at this point. Even the advertised freenode irc channel is useless. By the indications on the webtool home page it would seem users and possibly staff or developer would be there during regular business hours. I finally got tired of waiting and watching the grass grow after 2 hrs of sitting in that morgue.

- Last but not least I took a quick inventory of a couple package to see if theyd been kept up to date, most were, a few were not, specifically the openldap 2.2. They stopped supporting 2.2 years ago! There have been over 30 minor releases to 2.3 since its initial release way back in june 2005. Without combing through all the security advisories for the last 2 years I'd have to venture a guess somewhere in there are at least a few important security updates and necessary functionality that have been patched.

In conclusion, I'm sure your business model works. If people want to pay for your expertise in configuring and managing a secure system for their enterprise they will get what they pay for. For your community version it leaves alot to be desired as a platform for an independant operator interested in true open source and GPL solution. Theres no reason why I should be forced to aquire any type of key or license subject to your approval system and lockouts. And if your actually interested in paying more then lip service to open source and GPL you'll have to make alot more information easily accessible for developers and for users to contribute and modify your distribution to suit their needs. Your community version now is simply another marketing tool designed to capture new customers nothing more.
deadbox
 
Posts: 1
Joined: Wed Aug 15, 2007 4:38 pm

RE: EnGarde Community - The Whole story

Postby jessc0 on Wed Aug 15, 2007 11:10 pm

I unfortunately have to agree with much of what deadbox says.

I originally picked this distro up over a year ago, and as soon as I hit the activation thing, I trashed it. Recently, I tried again, thinking "secure, easy-to-administer,....maybe" But I do have my problems here.......

Mainly the activation scheme thing, it's just silly and flys in the face of GNU and free software in general. This is not free, open source software, it's trialware, designed to sell the commercial product.
Through several re-installs (admittedly neccessitated by my own numbness) I
don't know how many times I thought "this reminds me of something....what?...
oh yeah, MS product activation..."
Not only is the three reinstall limit silly and aimed at steering people toward the commercial verions....it doesn't even work the way it claims....I reinstalled and
reset the "secret" twice.....upon which the "activation password" became permanently invalid (error 6)....same box, legitimate reinstall (not trying to install on multiple boxes[gee, imagine what happens then]) the only remedy for this, according to the sparse documentation is "contact guardial digital support"...so I did, via email, twice, and received *no* reply.

Also......
Another thing that concerned me was all the connections to IP 70.etc.etc....with
no apparent reason and on various ports....70.etc.etc even opened connections to a seemingly unrelated windows box of mine elsewhere in my network....could be that news ticker thingy on the main page of the webtool I 'spose....didn't investigate it much further...yet. Do we need the ticker thing anyway, except maybe for important software updates?

Better documentation on how to make a proper build environment is *really badly* needed, and yes, I question some of the choices of older branch software in the default install.....I mean, php5 is mature and stable, 4 is officially dead.......... and damnit I want suhosin...(trying to build now)

And *must* we install mail server software if we install web server software???
What if we just want to serve web pages and put the mail on another server.....?....or even not deal with mail at all?

And there's more problems,
BUT All this being said, I suppose I will surprise whoever reads and say, I'm still experimenting with this thing....it has much promise....I've forgotten about the updates and most of the public networking for now....just
to see if I can adapt and make this thing work for what I need....because for the
most part, it *is* secure and easy to administer....and who knows, maybe someday it will really branch, the community version will be truly open source,
the community will truly contribute, and the commercial version will thereby benefit........or not....who knows? maybe I'll end up with Trustix/Webmin just to avoid all the hassle.........

Just my 2c
jessc0
 
Posts: 1
Joined: Wed Aug 15, 2007 9:41 pm

RE: EnGarde Community - The Whole story

Postby zilli on Thu Aug 16, 2007 8:15 am

Again....I unfortunately have to agree with much of what deadbox says.

The best business model in the free software world is the Mysql. A lot of companies coudl learn form them. They don't have afraid to offer a really great product for free. To be honest...i don't like this "community" and "professional" versions. For my point of viewn, Guardian is losing the opportunity to make history, if really don't open the Engarde to community. Why two version ? Why do we need pay for a best product if all the base came from the free software?

Guardian could offer a single and power solution and still sell your services.
The people aren't silly.

Bests,
Daniel
zilli
 
Posts: 8
Joined: Tue Aug 07, 2007 2:03 pm

RE: EnGarde Community - The Whole story

Postby scrumpy on Fri Aug 17, 2007 3:03 pm

however,

Some of us are quite happy with the system and appreciate the hard work put into it enough to try and help improve the product.

So far, 4 machines running and only one has had problems due to a motherboard failure.

I checked out trustix and within a day dumped it due to the way that a money making scheme is integrated (hidden) to enable the (trial) web interface, you want to keep using it you pay.. Is that not correct?

EnGarde uses SELinux, does trustix?

With EnGarde you get a secure system to start with and you do not have to pay any money to anyone to use web interface on the community version.

"it's trialware, designed to sell the commercial product."
, er, I don't realy see how you can state that truthfully.

IT WORKS!

-S
Last edited by scrumpy on Fri Aug 17, 2007 4:01 pm, edited 1 time in total.
scrumpy
 
Posts: 108
Joined: Tue Nov 07, 2006 7:21 pm
Location: Scotland.

RE: EnGarde Community - The Whole story

Postby scrumpy on Fri Aug 17, 2007 3:52 pm

I will also add,

After using this system for some time my only gripe was with some of the available packages not being ready for implementation security wise.

I have spent a lot of time reading and trying to understand the whole SELinux implementation which has taken me away from EnGarde into other areas.

I fully understand he security model that is being used and have grown to understand and respect why some issues are slower than others to be resolved.

Now, I would not use anything else when I need a REAL secure system and one that just "stays running".

8)

btw, why does this link say "You have searched for packages that names contain webmin in suite(s) stable, all sections, and all architectures.

Can't find that package, at least not in that suite and on that architecture.
": http://packages.debian.org/cgi-bin/sear ... elease=all

Just checked the ISO download speeds :

22:54 GMT
3.0.16.i686 - average of 130kB/sec, same for x64.

-S
scrumpy
 
Posts: 108
Joined: Tue Nov 07, 2006 7:21 pm
Location: Scotland.

RE: EnGarde Community - The Whole story

Postby ungo on Wed Sep 26, 2007 11:41 am

1. Never seen slower download of distro (also torrent with 1 seeder :)
2. At First Install - if u know what u doin it looks fine at all
3. To install some more packages - i got to wait all day :)) - stupid by me
4. To make them run - its ok som dependencies not right, but its ok it runs all
5. As I Installed Samba, Clamav, dhcpd ... and so on - none of them can be configured trough webinterface given - also they dont corespond each other - U tellin Shorewall to give to locals ips by dhcp but dhcpd even not installed and iven installed - did not know about u :) same whit samba - some strange configs in it and how to rule the samba :) texmode again tnx
6. in default secure mode u even cant install a thing - just notin happens
7. and what was this trial-key R THEY MEAN IT WILL STOP WORKING ??!!!
6. same so many problems .. just PURE LOOSE OF TIME
DONT USE THIS DISTRO ITS STUPID AND BREAKS GNU AND UR FREEDOM
ungo
 
Posts: 1
Joined: Wed Sep 26, 2007 11:11 am

Re: RE: EnGarde Community - The Whole story

Postby Dave on Thu Sep 27, 2007 11:08 pm

Ugho, thanks very much for your feedback. It sounds like you're frustrated, but before drawing such conclusions, it would be more constructive to ask for help and see if there is a resolution, especially being a new user.

ungo wrote:1. Never seen slower download of distro (also torrent with 1 seeder :)

There are dozens of mirrors around the world. Find one that is closer to you. Here's one to start:

http://distro.ibiblio.org/pub/linux/dis ... so-images/

There are quite a few people seeding now. This is really a community project -- why not continue to seed after you've downloaded too? We randomize among a handful of mirrors, but depending on the current load and how many people are downloading, particularly immediately after the release, it may be slower than other times.

2. At First Install - if u know what u doin it looks fine at all

No doubt the installer could use some improvement, but how often do you need to install? It works, and the source code is freely available, so you're more than willing to jump in and help us improve it.

3. To install some more packages - i got to wait all day :)) - stupid by me

Why do you have to wait all day? The WebTool is pretty fast, it's all menu-driven, and securely transfers them through the GDSN. If you'd prefer the command-line, apt-get is also pretty fast.

4. To make them run - its ok som dependencies not right, but its ok it runs all

Be more specific, and if there's a package missing for you, let us know, and we'll work on making it available. We scrutinize each package for security and functionality, and only after they pass our tests will they be made available in EnGarde proper.

Other more developmental packages may appear more quickly, but are not included on the EnGarde CDROM.

5. As I Installed Samba, Clamav, dhcpd ... and so on - none of them can be configured trough webinterface given - also they dont corespond each other - U tellin Shorewall to give to locals ips by dhcp but dhcpd even not installed and iven installed - did not know about u :) same whit samba - some strange configs in it and how to rule the samba :) texmode again tnx

We've got a bug reporting system for this, and have a team of engineers dedicated to fixing these bugs. We make these packages available in hopes they are useful, and will continue to improve the features that are available in Guardian Digital WebTool. If you have some perl skills, we encourage you to get involved -- everything we do is open source, and it's fully documented in the EnGarde wiki.

6. in default secure mode u even cant install a thing - just notin happens

Again, if there's something that doesn't work for you, file a bug report. It sounds like you don't understand how SELinux works, however, and should probably read some of the beginner documentation, also available on the EnGarde wiki.

7. and what was this trial-key R THEY MEAN IT WILL STOP WORKING ??!!!

It's not a trial key. There is no expiration -- ask someone who's still using EnGarde v1.0.1, released nearly seven years ago. They server key is to alert you to security updates and system improvements.

6. same so many problems .. just PURE LOOSE OF TIME
DONT USE THIS DISTRO ITS STUPID AND BREAKS GNU AND UR FREEDOM

Again, we appreciate your comments, but how does it break UR freedom, or GNU, for that matter? All the source is freely available.

It's interesting that you haven't said anything about it not being secure, or how easy it is to build a secure web presence, or how refined WebTool is, or how effective it is for what it was designed.

If there are features you believe are missing, then please do let us know. We're continually improving it, and would like nothing more than to hear what you think needs to be improved.

I have to add that EnGarde is unlike any other Linux platform. Security is its primary focus, and because of that, there may be some functions that users are unfamiliar with either how to use, or how to adapt their normal Linux routine to that of how EnGarde works.

There are always tradeoffs with security, and EnGarde tries to make as few as possible -- inherently insecure protocols, such as samba, NIS/NIS+, and others, aren't included, in exchange for their more secure alternatives, even if it means some loss of functionality.

I'd encourage you to try out other so-called "secure" platforms first, and while they may have a prettier installer, and even perhaps fancier features, it is nothing that can't be added to EnGarde -- unlike what they would have to do to "bolt on" the security to their platform to match that of EnGarde.

Regards,
Dave
Dave
Site Admin
 
Posts: 107
Joined: Tue Jun 13, 2006 6:06 pm


Return to General Troubleshooting

Who is online

Users browsing this forum: No registered users and 3 guests

cron