On IRC last night I was pointed to a new secure linux distro… this one simply called Hardened Linux. The individual whom I was speaking with (“Intensity”) was wondering why there needed to be YASLD (Yet Another Secure Linux Distro). Interested, I was reading through the page to see if there was anything unique… you know, something no other secure distro offered that might give it some appeal. Well, about the only thing I can see that would make this thing any more interesting than any others is that this one is based on Slackware. AFAIK, there is no other hardened distro out there based on Slackware. They also seem to be working on some custom configuration (web-based) tools. Well, that seems par for the course, doesn’t it? I mean, most distros have some means of configuration other than commandline (well, except maybe Annvix!). Anyways, it looks like, judging by the age of web pages and forums setup on sourceforge that this started around October 2006. Now the question is why? There are many hardened Linux distros out there… this one has four developers, very little in the way of well-setup infrastructure (no mailing list archives, for instance). Now, I’m not saying this to discourage the Hardened Linux developers… they are certainly entitled to create their own distro, but having worked on my own for almost 4 years now, I have to wonder about the rationale behind it. It’s not easy having your own distro, and it really isn’t easy for something as “niche” as this. And looking at their features page there’s nothing that jumps out at me to make me go “YES! This is the secure distro I need to be using!”.
Let me re-iterate. There are a lot of secure distros out there: Annvix, Openwall GNU/Linux, Trustix, EnGarde, Devil-Linux, OpenNA Linux, Adamantix, Phayoune Linux, IPCop Firewall, Hardened Linux From Scratch, ALT Linux, and probably a whole lot more that I can’t think of right now (or that aren’t showing up in a quick google of distrowatch).
I think for a hardened distro (especially for something as niche/specific as server/firewall/etc.-only needs to have some really good features to make it stand out from the crowd. Otherwise I think the developer(s) interested in starting a new distro would be better off looking for a distro with similar ideas and goals and contribute/develop for it. No, maybe “good” features is wrong. It needs to have unique and compelling features… something to make it stand out from the crowd. And looking at Hardened Linux I don’t see anything compelling or unique there. Of course, the same could be said about a whole bunch of distros out there.
Just makes me wonder what the rationale is if you can get everything you’re offering in another similar distro. To go through all that effort and time to end up with a product that is 95% identical to another product just seems wierd to me.