Secured Distributions of Linux

I am interested in the development of secure Linux kernels, and distributions of Linux that are secure.  I would like this list of such distributions to be exhaustive, up-to-date, and include pointers to reviews. Please help!  If you know of a distribution that claims itself to be secure, one way or another, and is not listed below, please send me a link.  Please note that the paragraph descriptions below are not written by me; they are a copy-and-paste of what I found in their own web pages or on www.distrowatch.com .

Listed in no particular order.

1. BackTrack is a SLAX-based live CD with a collection of security and penetration testing tools. It was created by merging Auditor Security Linux with WHAX (formerly Whoppix).  http://www.remote-exploit.org/
2. arudius.sourceforge.net Arudius is a Linux live CD with tools for information assurance (penetration testing, vulnerability analysis, etc). It is based on Slackware (Minislack/Zenwalk) for i386 systems and targets the computer security audience. Included are SANS Top 100 list plus many other tools listed on Freshmeat.net Sf.net and other sites around the world.
3. http://m0n0.ch/wall/ m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software).
   m0n0wall is based on a bare-bones version of FreeBSD, along with a web server (thttpd), PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent.  m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.
4. rsbac.org / RSBAC is a flexible, powerful and fast (low overhead) open source access control framework for current Linux kernels, which has been in stable production use since January 2000 (version 1.0.9a). All development is independent of governments and big companies, and no existing access control code has been reused. Practically, it allows full fine grained control over objects (files, processes, users, devices, etc.), memory execution prevention (PaX, NX), real time integrated virus detection, and much more.
5. altlinux. ru / A Russian Linux distribution based on RSBAC.
6. Adamantix http://www.adamantix.org/ The Adamantix project (formerly known as "Trusted Debian" has released Adamantix 1.0.3: 2004-03-03 "Adamantix v1.0.3 has been released. It is bigger, better and bolder. :-) New features are improved RSBAC support through the security policy tool, XFS support, newer versions of kernel patches, latest RSBAC and kernel bug fixes, more packages, security updates of packages." The announcement. There are no ISO images of this release as yet, but version 1.0.3 can be installed on top of a standard Debian installation; see the installation instructions for details. Adamantix is a Linux distribution with the goal of creating a highly secure but usable Linux platform, inclusive of various security solutions for Linux, such as kernel and compiler patches and security related programs and techniques.
   Adamantix, formerly known as TrustedDebian, aims to create a highly secure but usable Linux platform. To accomplish this, the project will use currently available security solutions for Linux (like kernel patches, compiler patches, security related programs and techniques) and knit these together to a highly secure Linux platform.
7. 2004-03-03 A new version of the ADIOS Linux Boot CD was announced late last week: "ADIOS Boot CD version 3.00 February 2004 has support for LIDS (Linux Intrusion Detection System) and SELinux (NSA Security Enhanced Linux). The ADIOS live CD uses a compressed loopback filesystem and has support for UML (User Mode Linux) virtual machines. It is a custom installation of Fedora 1 running kernel 2.4.24 and supports X11 windows desktop environments of KDE, Gnome and IceWM." Find out more on this page. Unfortunately, only one (very slow) mirror is carrying the ISO image: adios-3.01.iso (700MB). Update: a new mirror is available here.
8. Astaro Security Linux http://www.astaro.com/ http://freshmeat.net/projects/asl/ A firewall and VPN product based on the 2.4 Linux kernel. Available for free download but not completely open source.  Astaro Security Linux V5 includes two major new capabilities - Intrusion Protection and Virus Protection for the Web - as well as many enhancements that improve security, management, and scalability." The full announcement. Download: asl-5.000-040331-4.iso (232MB).
9. Castle http://castle.altlinux.ru/ Castle is a server distribution from the ALT Linux Team in Russia. Installation instructions and some other documentation is available in English.
10. Effort Linux http://www.effortlinux.com.br/ Effort Linux comes from Brazil. The website is in Portuguese.
11. Engarde Secure Linux http://www.engardelinux.org/  EnGarde is a secure distribution of Linux engineered from the ground-up to provide organizations with the level of security required to create a corporate Web presence or even conduct e-business on the Web. It can be used as a Web, DNS, e-mail, database, e-commerce, and general Internet server where security is a primary concern. Version 1.2 (Professional) was released June 28, 2002. Version 1.3 (Community Edition) was released April 28, 2003.
12. evelin http://evelin.psycode.net/  http://freshmeat.net/projects/evelin/ Evelin is a Linux distribution based upon Mandrake. Its main purpose is to be kept secure and small, while providing the basic functionality that system administrators might need. It runs within its own chroot jail on an existing Linux system. The initial release is version 0.1, dated September 5, 2003.
13. Firegate Server http://www.wiresoft.net/  The Firegate Server SMB Edition from Wiresoft is a self-managing server operating system designed for small and mid-sized businesses. It securely connects offices to the Internet and to each other, protecting valuable electronic information. Office staff can securely surf the web, send and receive email, host the company Web site, share files, host a customer database, and more. It is controlled through a simple Web browser or mobile telephone interface and managed by an artificial intelligence-based administration service. This package contains proprietary software. Version 7.1 was released September 25, 2002.
14. floppyfw http://www.zelow.no/floppyfw/ floppyfw is a static router with firewall capabilities. Suitable for use as a screening router or as a packet filtering firewall. Version 2.0.3 was released October 3, 2002. Stable version 2.0.8 was released December 11, 2003. Development version 2.9.5 was released September 8, 2003.
15. FrazierWall Linux http://www.frazierwall.com/ Originally developed as a customized firewall, early versions were based on the Linux Router Project and Coyote Linux 1.03. It has evolved into a unique router/firewall distribution. FrazierWall 3.4 was released on August 29, 2001.
16. Hardened Gentoo http://www.gentoo.org/proj/en/hardened/index.xml Gentoo Hardened team is announcing the inaugural release of a security-enhanced Gentoo platform for the x86 architecture.  This week, we are featuring Alexander Gabert (pappy), another developer specializing in the security realm for Gentoo. Alexander is the lead for the gcc-hardened project, which has the goal of implementing security enhancements such as PIE (position independent executables) and PaX address space randomization and stack protection. He is also co-lead, along with Ned Ludd (solar), for the implantation of propolice, another stack protection utility. In addition, he is exploring work with the HPPA team on implementing Gentoo for pa-risc processors as well as adding user documentation for Hardened Gentoo.
17. Immunix http://www.immunix.org/ Immunix, Inc. provides Immunix System 7 a secured Red Hat 7.0 distribution with StackGuard 2.0, FormatGuard 1.0, SubDomain 1.0 and a suite of application-level security tools. Immunix Secured Linux 7.3 was released November, 2003, with 2.4 Linux kernel, 2.2.5 glibc, and 2.96 GCC.
18. INSERT, short for Inside Security Rescue Toolkit, is a Knoppix-based multi-purpose disaster recovery and network analysis system running directly from a credit card-sized CD-ROM. Version 1.2.1 was released today. From the changelog: "This version of INSERT features major improvements. It is based on latest Knoppix V3.3-031119 booting linux kernel 2.4.22-xfs and offering the ability to run from RAM or HD. INSERT now provides full read-write support on NTFS partitions, which makes it the first linux mini-distribution world-wide to provide this functionality!" Visit the project's web site for further information. Download: INSERT-1.2.1_de.iso (50MB) or INSERT-1.2.1_en.iso (50MB).
19. IPCop Firewall http://www.ipcop.org/cgi-bin/twiki/view/IPCop/WebHome sourceforge.net/ projects/ ipcop IPCop Firewall is a Linux firewall distro. It will be geared towards home and SOHO users. The difference with existing firewalls is that the IPCop interface will be very user-friendly and task-based. IPCop v0.1.1 was released January 17, 2002. Version 1.3.0 was released April 22, 2003.
20. LinuxDefender Live!, based on Knoppix 3.4 CeBIT edition, has been released. New features in the CeBIT release of LinuxDefender include: the new 2.6 kernel alongside the 2.4.23-xfs; the new AntiSpam server module from BitDefender; BitDefender Remote Admin 1.5.6; GNOME Desktop Environment..." Instant email protection (antivirus & antispam); Disinfection of infected files from Windows partitions; NTFS write support
.  LinuxDefender is a GNU/Linux distribution based on Debian which integrates the latest BitDefender for Linux security solution, offering instant SMTP antivirus/antispam protection and a desktop antivirus capable to scan and disinfect existing hard drives (including Windows partitions), remote Samba/Windows shares or NFS mount points. A web based configuration interface to BitDefender solutions is also included as a Webmin configuration module Read the announcement and visit the product's features page for further details. Download: LinuxDefender_Live!_v1.5.6_CeBIT.iso (673MB); also available via BitTorrent.
21. Kaladix Linux http://www.kaladix.org/ The aim of Kaladix Linux is to become a ultra-secure Linux distribution that satisfied all your needs as a Linux for your server environment. Current release is pre-0.4.
22. http://www.knoppix-std.org/  Knoppix STD is a customized distribution of the Knoppix live Linux CD. STD focuses on information security and network management tools. It is meant to be used by both the novice looking to learn more about information security and the security professional looking for another Swiss army knife for their tool kit. The tools are divided into the following categories: authentication, encryption utilities, firewalls, penetration tools, vulnerability assessment, forensic tools, honeypots, intrusion detection, packet sniffers and assemblers, network utilities, wireless tools, password auditing (crackers) and servers.
23. http://www.localareasecurity.com/   Local Area Security Linux is a 'Live CD' distribution with a strong emphasis on security tools and small footprint. We currently have 2 different versions of L.A.S. to fit two specific needs - MAIN and SECSERV. This project is released under the terms of GPL.
24. Linux Netwosix is a new Linux distribution on our list; a specialist product for servers and network security related jobs with a powerful ports system, similar to BSD ports. From the release announcement of Netwosix 1.0: "Features: it runs Linux kernel 2.6.1; system binaries linked with the GNU C Library, version 2.3.2; printer server powered by CUPS 1.1.19; double possibility of installation: from .tgz or from .tar.gz (for experts); iptables 1.2.7a; GCC 3.3.2 as the default C compiler; it runs 'nepote' as default porting tool; Perl 5.8.2 as perl compiler; a big collection of tools security-oriented is localised into /netwosix/tools of the official Netwosix CD-ROM." Find out more at netwosix.org. Download: netwosix1.0.x86.iso (563MB).
25. NSA Security Enhanced Linux http://www.nsa.gov/selinux/  http://freshmeat.net/projects/selinux/
    The results of several previous research projects by the National Security Agency have been incorporated in a security-enhanced Linux system. This version of Linux has a strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel. The system provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements. This allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. Version 2003081307 was released August 14, 2003. Version 2003120509 was released December 5, 2003.
26. OpenNA Linux http://www.openna.com/ http://freshmeat.net/projects/opennalinux/
    The OpenNA Linux Operating System provides a highly secure and fast Linux server. Dedicated for mission critical tasks in the servers domain, the OpenNA Linux operating system provides a secure, strong, reliable and fast solution. A beta4 development version was released July 22, 2002. Release Candidate 2 was released March 24, 2003. Version 1.0 was released November 11, 2003.
27. Openwall GNU/Linux http://www.openwall.com/Owl/ "Owl" (or "Openwall GNU/*/Linux") is a security-enhanced operating system with Linux and GNU software as its core, compatible with other major distributions of GNU/*/Linux. It is intended as a server platform. The Owl 0.1-prerelease was released on May 11, 2001. Version 1.0 was released October 14, 2002. Owl 1.1 will be freely available for download after January 7, 2004.
28. http://overclockix.octeams.com/ This Knoppix-based distribution features a host of tools for network security, low-level hardware tweaking, burn-in applications like memtest, lucifer, cpuburn, and distributed computing clients - folding@home, seti@home, and prime-net. The GUIs include KDE, Fluxbox, IceWM, and twm with a good deal of customisation to KDE and Fluxbox. It even has Windows virus scanning capability and an ability install-on-demand 3D Radeon and NVIDIA drivers. Overclockix is a great tool to test out and fix systems and a cheap way to build distributed computing clusters Transparency and other tweaks can be found throughout the Window managers. It also includes support for NForce2 and KT400 integrated network cards, as well as some winmodem drivers.
29. This is a new release of ThePacketMaster Security Server, version 1.2.1: "I've just completed the final touches on version 1.2.1. This version incorporates all the packages I had been working on in January until the problem with the Linux kernel mremap function came around and I decided to put out a fix first. So this new version includes 70 more security packages, bring the grand total to 200+! I've also made some changes to the bootup procedure to bring in more in line with the goals of this distribution. The system will not proceed with the bootup until a root password has been created. Some initialization scripts that were included in 1.2.0 have been tweaked." The full announcement. Download: tpm-security-server-1.2.1.iso (294MB).
30. Phlak http://www.phlak.org/ http://freshmeat.net/projects/phlak/ Phlak is a LiveCD Linux distribution with a focus on pen-testing, forensics, and network analysis. It includes two lightweight GUIs (XFCE4 and Fluxbox) and loads of tools, including crackers, sniffers, MITM utilities, and data recovery and duplication utilities. It includes a seven-step GUI to install to your hard drive if you desire. The initial version, 0.1, was released October 1, 2003. Version 0.2 was released December 9, 2003.
31. pm: "The Security Arsenal for Digital Warfare" with a nuclear blast yellow-orange-red wallpaper! Knoppix based.  Boots with mic on.
32.  Securepoint Firewall & VPN Server http://www.securepoint.cc/  Securepoint The Securepoint Firewall & VPN server is a high end firewall and VPN solution for protecting your Internet gateway. Securepoint can also be used with existing firewalls and to protect interconnected locations or divisions and lets you create and manage VPN tunnels. Languages supported: English, German, Russian, and Korean.  Securepoint is an excellent and cost-effective choice for companies which wish to secure their Internet access, to protect the departments against each other and build up VPN nets between company and external locations." Visit Securepoint's product page for more information. Securepoint 4.0 is free for home and personal use and can be downloaded from here: securepoint-4.0p3.iso (205MB).
33. INSERT (the Inside Security Rescue Toolkit) http://www.inside-security.de/insert_en.html aims to be a multi-functional, multi-purpose disaster recovery and network analysis system. It runs from a credit card-sized CD-ROM for convenient transport or download and is basically a stripped-down version of Knoppix. INSERT provides full read-write support for NTFS-partitions using captive-ntfs.
34. SmoothWall http://www.smoothwall.org/ SmoothWall was first released to the world in July 2000 as a hardened internet firewall device. Products include Smoothwall Server and Smoothwall GPL, renamed Smoothwall Express. Smoothwall GPL 1.0 was released December 10, 2002. Smoothwall Express 2.0 was released December 17, 2003.
35. ThePacketMaster http://www.thepacketmaster.com/ https://sourceforge.net/projects/tpm-secserver/
    ThePacketMaster Linux Security Server is a CD-based security auditing tool that boots and runs penetration testing and forensic analysis tools. It is handy for security auditors. Some tools included are nessus, ethereal, The Coroner's Toolkit, chntpw, and minicom. It includes modules for any Linux 2.4.20 SCSI driver. Initial version 1.0.0 was released July 5, 2003. Version 1.1.0 was released December 3, 2003.
36. Sentinix http://www.sentinix.org/ Sentinix (formerly Compledge Sentinel) is a Linux distribution designed for monitoring, auditing and intrusion detection. - a complete solution to solve as many monitoring needs and aspects as possible. A wide variety of open source software is included: Nagios, Nagat, Nessus, Snort, ACID, openMosix, Apache /w OpenSSL, PHP and MySQL. The whole package is distributed on one CD, ready to install on any x86-based computer. Version RC2.1 was released May 22, 2003. Version 1.0 beta 01 was released on November 12, 2003. Version 0.70.5 (beta 2) was released November 24, 2003.
37. Trustix Secure Linux  http://www.trustix.org/ Trustix Secure Linux, briefly known as Tawie Server Linux, is for servers with a focus on security and stability. TSL now belongs to the Comodo Group. TSL 2.0 (Cloud) was originally released July 2, 2003, is the current stable version.
38. http://www.whoppix.net/ Whoppix is a stand alone penetration testing live cd based on Knoppix. With the latest tools and exploits, it is a must for every penetration tester and security auditor. Whoppix includes Several exploit archives, such as Securityfocus, Packetstorm, SecurityForest and Milw0rm, as well as a wide variety of updated security tools. The new custom kernel also allows for better WIFI support, for tools such as Aireplay.