Openwall GNU/*/Linux, Owl for short, is a security enhanced operating system that is constructed atop Linux and GNU software. It is intended to serve as a stable server environment. The latest release of Owl 2.0, from the OpenWall website:
"Owl 2.0 is built around Linux kernel 2.4.32-ow1, glibc 2.3.6 (with our security enhancements), gcc 3.4.5, and recent versions of over 100 other packages. It offers binary- and package-level compatibility for most packages intended for Red Hat Enterprise Linux 4 (RHEL4) and Fedora Core 3 (FC3), as well as for many FC4 packages."
Owl offers a packaged Linux server platform that has been strenghtened with OpenWall security modifications. I like Owl as a way of getting your hands on an open source "out of the box" Linux server option. The OpenWall team uses proactive source code review to identify software vulnerabilities. Most code that runs on Owl is rarely run with any greater priviledges than a regular user, which is great in a managed server environment as it reduces the chances that vulnerabilities in code can be used to exploit the host system.
Enhanced audit functionality gives system admins more information about the operating system, the applications running on it, etc. Also from the Owl website:
Owl uses "strong" cryptography within its core components, and already includes some security policy enforcement (proactive password checking with "pam_passwdqc", password and account expiration, network address- based access control) and integrity checking ("mtree") capabilities. It is one of our goals to provide a wide range of security tools with Owl, available for use "out of the box".
One other aspect of Owl that is particularly intriguing is the ability to build the system from the source using one command. For anyone who has attempted to build different Linux distros from source before, knows this is a more than just a neat feature...I can remember personally, attempting to create a command that did that for Redhat 8.0 before it went "Fedora". It was not a pretty experience to say the least...
Currently, Owl supports the x86, SPARC, and Alpha architectures as of the writing of this blog entry. I think the importance of Owl is that it puts security as the focus of its development activities. Instead of attempting to compete on levels of "enterprise scalability" or "high-end support services" Owl has basically taken the route that they want to develop and distribute a secure, open source, Linux based server platform.
I see Owl as a good choice for the midmarket Linux server market who need a ready to go, low-cost, secure server option. I think its worth a look, check it out sometime.