Partner links


ClearOSClearOS is a network and gateway server distribution derived from RedHat and CentOS. Formerly known as Clark Connect, it is developed and maintained by the Clear Foundation, an IT solutions provider based in Wellington, New Zealand.

Installation: ClearOS is designed to be installed to a hard disk. The installation program is ncurses based and offers two installation modes – Gateway or Standalone. In Standalone mode, ClearOS may be installed with or without the firewall module. Support is available for LVM (ClearOS lacks support for LVM) and software RAID configuration. By default, the installer uses a non-LVM disk partitioning scheme, creating just two partitions – one of about 76 MB for the /boot partition, and the other for the main partition. Ext3 is the only journaling filesystem available.

ClearOS installation modes

ClearOS installer showing the two installation modes.

All of the services provided by ClearOS are packaged in modules. By default, only the Graphical Console module is selected for installation. For the rest, you may choose to install just a few, or all of them. The two images below shows the modules as presented by the installer.

ClearOS modules - page 1

The first page of the modules available for installation on ClearOS

ClearOS modules - page 2

The second page of the modules available for installation on ClearOS

Features and Services: Once installed, ClearOS is remarkably easy to administer via a browser-based interface at the console or remotely (https). The admin interface is very well designed and uncluttered. The following is a short list of some of the features and services that it provides:

  • Local DHCP and DNS services
  • LAN and WAN interface redundancy
  • 1-1 NAT and advanced firewall filtering
  • IPSec, OpenVPN and PPTP VPN
  • Anti-virus, anti-spam and anti-phishing
  • QoS
  • Intrusion prevention and detection
  • Username, IP and MAC address-based time-of-day access control (ACL)
  • Content filtering based on phrase and URL matching, black and white lists
  • NTP client and server
  • Configuration settings backup and restore
  • Software and hardware RAID management
  • SSL certificate management
  • File volume encryption

Aside from hardware RAID management and the ability to encrypt file systems, all the other features are available on almost all the distributions in its category. What sets ClearOS apart from virtually all the others is its admin interface. It is, by my assessment, the easiest and the most intuitive to use. Most people will not need a guide or documentation to configure any one of it’s features, and for those that do, there is access to well written online documentations from the admin interface.

ClearOS is free to download, but as a user, the access you have to module updates depends on your subscription level. Those at the Basic (Free) level receive module updates only for the Remote Backup and Restore service and the Dynamic DNS service. All other module updates are available to Standard- and Premium-level subscribers.

Shortcomings: As much as I like this distro’s features and it’s admin interface, there are a few things you should be aware of:

  1. While the admin interface is a joy to use, the installer could be better. All but one of the distributions in the Firewall and Router category listed on this site either have a text-based or ncurses-based installer. I think they all can do better. There is no reason why a modern operating system should be sporting an installer other than a graphical one.
  2. The installer has support for LVM, but the default partitioning scheme does not utilize LVM. I think a system that could be used as a file, database, email and Web server should use an LVM-based partitioning scheme. CentOS, one of the distributions that ClearOS is derived from, uses LVM by default.
  3. During installation, only the root account is created. That is the account that is used to access the admin interface remotely, and also ssh into the system if you have to. Distributions like ClearOS always specify a separate account for access to the Web interface, and reserve the root account for indirect console access. Allowing console and remote root account access has always been a bad idea. It’s even worse in this case, given that ClearOS is a distribution that could be used to protect a network(s)

Suggestions: Here a few suggestions I have for the team:

  1. At the Basic subscriber level, make all updates free, and impose a restriction on the number of IP addresses that may pass through a ClearOS installation running at the level. This would be something akin to Astaro’s Home User License.
  2. Use an LVM-based disk partitioning scheme by default. LVM is the most flexible tool we have for disk management on a Linux system.
  3. There is an encryption module that you may use to encrypt file systems from the admin interface, but I think the best time to set up file system encryption is during installation. If you are going to implement disk encryption, it is better to encrypt the whole disk in the same manner that Fedora implements it.

Resources: Multi-platform CD iso image of the latest edition of ClearOS Enterprise is available for download here. If you want to take ClearOS for spin without downloading and installing it, try a live demo.



Partner links

Newsletter: Subscribe for updates

Notify of
1 Comment
Inline Feedbacks
View all comments

Get the latest

On social media

Security distros

Linux distros for hacking and pentesting

Crypto mining OS

Distros for mining bitcoin and other cryptocurrencies

Crypto hardware

MSI GeForce GTX 1070
Installing Nvidia GTX 1070 GPU drivers on Ubuntu

Disk guide

Beginner's guide to disks & disk partitions in Linux

Bash guide

Bash shell terminal
How to set the PATH variable in Bash
Hya, what do you think? Please comment.x