This page details the projects that differentiate EnGarde Secure Linux from other Linux distributions. These EnGarde specific projects are worked on directly by the EnGarde development team, and are released under the terms of the GNU Public License as part of the EnGarde distribution.
- Guardian Digital WebTool Development
The Guardian Digital WebTool is the heart of EnGarde Secure Linux, it allows users to configure all important aspects of the EnGarde system. The WebTool is used for the simplest changes such as adding an email account as well as complex tasks such as configuring the network intrusion detection system and viewing its graphs and reports, all using a simple web-based interface that is attractive and easy to use. The WebTool is released as open source under the GNU Public License, and the developers are available and responsive to suggestions and contributions. If you have an idea for an extension or improvement of the WebTool, please
join the mailing list
and let us know.
- Security Enhanced Linux (SELinux) Policy Development
Security Enhanced Linux, or SELinux as it is commonly known, is a project incorporating Mandatory Access Control into a Linux system. Under Mandatory Access Control, security administrators design security domains for each application running on the system and restrict these domains to only allow the actions required for proper operation. EnGarde Secure Linux includes an EnGarde specific custom security policy that strictly enforces application separation and can mitigate or nullify even unknown vulnerabilities in packaged applications. All applications packaged for use with EnGarde include appropriate security policy and the EnGarde SELinux policy is the strictest default policy of any Linux distribution available.
- Intrusion Detection System
The EnGarde Secure Linux intrusion detection tools are based on the Snort network IDS and AIDE host IDS open source projects. Each has been customized and integrated into the WebTool for easy configuration and viewing of reports. The network IDS work makes it possible to view incoming attacks in real time, as well as visual representations of attack severity, type, and class graphed over time to allow you the best possible awareness of your network environment.
- Packaging and Customization
The most popular open source applications are packaged specifically for use with EnGarde Secure Linux. This allows the EnGarde developers to provide a highly secure default configuration for each package, and ensures consistency with existing application paths. EnGarde packaged applications include appropriate additions to the SELinux policy and automatic security and feature updates through the GDSN.
If you'd like to suggest a package that you feel should be included with EnGarde or packaged for use with EnGarde, please
join the EnGarde mailing list
and let us know.