Devil-Linux is a CD-based Linux distribution for firewalls and routers. The goal of Devil-Linux is to have a small, customizable and secure Linux. The future of Devil-Linux will go far beyond an ordinary router, it will provide a lot of other services, but the distribution will still be easy and fast to maintain.
* Boots from CD
Traditionally Devil Linux boots from a CD-ROM which is read-only by nature. This means an intruder will not be able to install i.e. an "ordinary" root kit.
* Boots from USB pendrive
As all movable parts in your computer, the CD-ROM is prone to failure. This is the reason why we provide a script to install the entire system on an USB pendrive. Note: You need a computer which is able to boot from USB harddisks, in order to use this feature.
* Configuration is saved on a floppy disc or on a USB Flash Media
Due to the read-only nature of CD-ROMs, you need a place to save your configuration files. This can either traditionally be on a floppy disc or on a USB flash media (like a pendrive), to increase the reliability.
* Configuration can be burned on CD
There are cases when you have to ensure that the configuration can't be modified. This is the reason why we provide the feature for loading the configuration archive from the (read-only) CD-ROM.
* No need for a harddisk although it can optionally be used for data storage
Most distributions need a harddisk for data storage, with DL this is completely optional. Reasons for adding harddisk data storage would be, i.e. when you use DL as your mail server or for file sharing. DL uses dynamic disc configuration via the Logical Volume Manager, which makes adding and maintaining the harddisk storage easy (regardless if you have only 1 GB or 1 TB of data).
* Support for Intel 486 and higher
Got some old boxes in your bone yard? For most internet connection an old computer is enough to play the role of your Firewall, this is the reason why we still support 486 CPUs. But we're not stuck with old technologies, we also provide you a version vor 686 CPUs with SMP support.
* IPTables/Netfilter Support
State of-the-art firewall functionality is provided by IPTables/Netfilter, which includes features like connection tracking. Devil-Linux adds many more Netfilter modules then you find in your standard Linux Kernel.
* Create your own, customized version with our Build System
Since everybody has different requirements, Devil-Linux provides you with an easy-to-use build system, which enables you to create your own customized version. You can i.e. only add the packages you need on your machine or even add features which are currently missing in the mainstream version.
* Directly supported by Firewall Builder
Don't like writing your Firewall rules by hand? Get Firewall Builder and use a great GUI tool to create your ruleset. Firewall Builder supports writing the rules directly onto your configuration floppy.
* No graphical desktop
Devil-Linux has not support for i.e. X-Server. This greatly reduces the requirements to run DL and also greatly increases security by reducing the number of running programs. (Try this on Windows...)
* Almost all binaries are compiled with the GCC Stack Smashing Protector
Except of a very few exceptions, all binaries are compiled with the GCC Stack Smashing Protector. Applications written in C will be protected by the method that automatically inserts protection code into an application at compilation time. The protection is realized by buffer overflow detection and the variable reordering feature to avoid the corruption of pointers.
* Improved Kernel Security through GRSecurity
GRSecurity adds several new features and protection mechanisms to the Linux Kernel itself. This includes Chroot restrictions (did you know that it is easy to break out of a non-protected chroot jail?), Address space modification protection (like PAX), Auditing features, Randomization features and much more.
* Easy to use chroot
Devil-Linux has support for chroot jails which is easy to use. Just define what you need in a configuration file and our jail script will take care of the rest. Some pre-defined configurations are already available.
Applications for Devil-Linux
The traditional application for Devil-Linux is to use it as Router/Firewall. Below you see a list of other possible applications:
Proxy Server, DNS Server, Mail Server with TLS support and Spam and Virus filtering, HTTP Server, FTP Server, File Server, VPNs with X.509 support, DHCP Server, NTP Server, IDS Node.
You can download Devil Linux from here.