ClearOS is a network and gateway server distribution derived from RedHat and CentOS. Formerly known as Clark Connect, it is developed and maintained by the Clear Foundation, an IT solutions provider based in Wellington, New Zealand.
Installation: ClearOS is designed to be installed to a hard disk. The installation program is ncurses based and offers two installation modes – Gateway or Standalone. In Standalone mode, ClearOS may be installed with or without the firewall module. Support is available for LVM (ClearOS lacks support for LVM) and software RAID configuration. By default, the installer uses a non-LVM disk partitioning scheme, creating just two partitions – one of about 76 MB for the /boot partition, and the other for the main partition. Ext3 is the only journaling filesystem available.
ClearOS installer showing the two installation modes.
All of the services provided by ClearOS are packaged in modules. By default, only the Graphical Console module is selected for installation. For the rest, you may choose to install just a few, or all of them. The two images below shows the modules as presented by the installer.
The first page of the modules available for installation on ClearOS
The second page of the modules available for installation on ClearOS
Features and Services: Once installed, ClearOS is remarkably easy to administer via a browser-based interface at the console or remotely (https). The admin interface is very well designed and uncluttered. The following is a short list of some of the features and services that it provides:
- Local DHCP and DNS services
- LAN and WAN interface redundancy
- 1-1 NAT and advanced firewall filtering
- IPSec, OpenVPN and PPTP VPN
- Anti-virus, anti-spam and anti-phishing
- QoS
- Intrusion prevention and detection
- Username, IP and MAC address-based time-of-day access control (ACL)
- Content filtering based on phrase and URL matching, black and white lists
- NTP client and server
- Configuration settings backup and restore
- Software and hardware RAID management
- SSL certificate management
- File volume encryption
Aside from hardware RAID management and the ability to encrypt file systems, all the other features are available on almost all the distributions in its category. What sets ClearOS apart from virtually all the others is its admin interface. It is, by my assessment, the easiest and the most intuitive to use. Most people will not need a guide or documentation to configure any one of it’s features, and for those that do, there is access to well written online documentations from the admin interface.
ClearOS is free to download, but as a user, the access you have to module updates depends on your subscription level. Those at the Basic (Free) level receive module updates only for the Remote Backup and Restore service and the Dynamic DNS service. All other module updates are available to Standard- and Premium-level subscribers.
Shortcomings: As much as I like this distro’s features and it’s admin interface, there are a few things you should be aware of:
- While the admin interface is a joy to use, the installer could be better. All but one of the distributions in the Firewall and Router category listed on this site either have a text-based or ncurses-based installer. I think they all can do better. There is no reason why a modern operating system should be sporting an installer other than a graphical one.
- The installer has support for LVM, but the default partitioning scheme does not utilize LVM. I think a system that could be used as a file, database, email and Web server should use an LVM-based partitioning scheme. CentOS, one of the distributions that ClearOS is derived from, uses LVM by default.
- During installation, only the root account is created. That is the account that is used to access the admin interface remotely, and also ssh into the system if you have to. Distributions like ClearOS always specify a separate account for access to the Web interface, and reserve the root account for indirect console access. Allowing console and remote root account access has always been a bad idea. It’s even worse in this case, given that ClearOS is a distribution that could be used to protect a network(s)
Suggestions: Here a few suggestions I have for the team:
- At the Basic subscriber level, make all updates free, and impose a restriction on the number of IP addresses that may pass through a ClearOS installation running at the level. This would be something akin to Astaro’s Home User License.
- Use an LVM-based disk partitioning scheme by default. LVM is the most flexible tool we have for disk management on a Linux system.
- There is an encryption module that you may use to encrypt file systems from the admin interface, but I think the best time to set up file system encryption is during installation. If you are going to implement disk encryption, it is better to encrypt the whole disk in the same manner that Fedora implements it.
Resources: Multi-platform CD iso image of the latest edition of ClearOS Enterprise is available for download here. If you want to take ClearOS for spin without downloading and installing it, try a live demo.
