ClearOS cover Giacomo Lanzi

ClearOS: Linux Server for Small Business

ClearOS (formerly ClarkConnect) is a Linux distribution, with the aim of transforming any standard PC into a dedicated firewall and Internet server / gateway. The software is a solution for small businesses, home offices and networked homes. ClearOS is based on CentOS and offers a very robust set of tools organized in easy to navigate administration pages.

Small business and servers

Small business data centers often rely on one-size-fits-all solutions for standard problems. Because’? They save on costs. Within the Linux world, there are a number of exceptional server software that can help power a business in ways that aren’t always considered.

The problem with small businesses that use Linux can often come in the form of distribution complexity. While Linux has come a long way in terms of ease of use, there can sometimes be an additional level of complexity when it comes to server software. This additional learning curve is very often easily overcome by anyone with a moderate level of computer skills. Note that for anyone who has used Linux before, this is generally a breeze.

But then, who needs a data center solution, without the burden of a high-level IT expert on hand, who could they turn to? One solution is ClearOS.

What is ClearOS

According to the presentation material of the distribution:

“ClearOS is a simple, open and affordable operating system, with an intuitive web-based graphical user interface and a marketplace with over 100 applications to choose from, with more being added every day. By leveraging open source software, you decide which apps you need and only pay for the apps and support you want. “

To verify that these statements respect reality and check that ClearOS is indeed an interesting solution, let’s see the details together.

Editions

First, you need to choose between the versions of the operating system. In fact, ClearOS offers three different platform distributions:

Community: the free edition of ClearOS
Home: Ideal for home offices
Business: Ideal for small businesses, thanks to the inclusion of paid support

To find out the differences of each edition, you can consult the ClearOS function matrix here. There are also the prices on the page which, after all, are contained for the proposed service.

ClearOS price table

Installation

There is really no need to talk about the ClearOS installation process, as it is incredibly simple. If you’ve ever installed Linux, you won’t have any problems with ClearOS.

I wanted to test it with a VirtualBox on my personal computer, and in just 20 minutes I had a working virtual machine with ClearOS ready. The installation time includes the post-installation wizard and the first updates.

Once you have completed the basic installation, post-installation wizard and updates, all done from within an incredibly well-designed web interface, you are ready to start adding applications from the ClearOS Marketplace, which is ‘where the platform really shines.

Taking a look at the process of adding applications to the ClearOS server, it is evident how easy this ecosystem is to use. Once we are done with the initial setup, we are on the “ClearOS Marketplace Getting Started” page. From this screen it is possible to manage the application selection and installation process.

The operating system also comes with a couple of preconfigurations to choose from. In any case, you will have the possibility to choose through the selection of applications / services to be installed on the ClearOS server.

ClearOS functionality

Available features include:

Firewall, Networking and Security:
– Network: the firewall restricts access to systems and provides advanced features, including DMZ, NAT 1 to 1 and Port Forwarding
– Protocol: Peer-to-Peer discovery system allows you to manage the use of peer-to-peer file sharing
– Application: Intrusion Detection and Intrusion Prevention systems provide an additional layer of defense against threats to your network.
– Virtual Private Networking
– Web Proxy and Content Filter
– Email, including Webmail
– Groupware
– Database and Web Server
– File and print services

ClearOS Circles

Costs App

Some of the apps are free, while others have a cost. You have to consult the list of available apps to see if any of these apps / services meet your needs and fit your budget. Once you have selected all the applications you want to install, you can proceed with the installation.

At this point you are ready to configure the custom dashboard. If you don’t want to worry about customizing the dashboard, you can use the default one. The dashboard allows you to select what you want to view through practical drop-down menus. It is also possible to immediately start configuring newly installed applications.

One remarkable thing is that ClearOS has made configuring the LDAP service extremely easy. Normally this process can be quite a headache, but ClearOS has found a way to make it as painless as possible.

The function of ClearOS

One thing not found on ClearOS is a tool for creating a server environment like that of a Microsoft Small Business Server or its successor Windows Server. So, using applications like MS Office, via Terminal Server, will not work. But you can always install the Dropbox app for free and use their Paper Server. This, of course, is not a real alternative for a full office suite, but it is still a partial solution.

However, this is not the point of ClearOS, as the intent is more to serve a business-class server that can help protect and expand a small business network. In other words, if you are looking for an incredibly simple firewall to set up and manage, VPN, DNS, DHCP, and a well-rounded general network appliance, ClearOS is exactly what you need. If you are looking for something to replace a Samba server, ClearOS is not the solution.

ClearOS can be found among the standard SOD templates and you can then install your own VPS with ClearOS in a few seconds.

Useful links:

Share


RSS

More Articles…

Categories …

Tags

RSS darkreading

RSS Full Disclosure

  • SEC Consult SA-20240220-0 :: Multiple Stored Cross-Site Scripting Vulnerabilities in OpenOLAT (Frentix GmbH) February 21, 2024
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 20SEC Consult Vulnerability Lab Security Advisory < 20240220-0 > ======================================================================= title: Multiple Stored Cross-Site Scripting Vulnerabilities product: OpenOLAT (Frentix GmbH) vulnerable version:
  • Re: Buffer Overflow in graphviz via via a crafted config6a file February 21, 2024
    Posted by Matthew Fernandez on Feb 20The fix for this ended up landing in Graphviz 10.0.1, available at https://graphviz.org/download/. Details of this CVE (CVE-2023-46045) are now published, but the CPEs are incomplete. For those who track such things, the affected range is [2.36.0, 10.0.1).
  • CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool February 21, 2024
    Posted by Jeroen J.A.W. Hermans via Fulldisclosure on Feb 20CloudAware Security Advisory CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool ======================================================================== Summary ======================================================================== A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents....
  • Microsoft Windows Defender / Backdoor:JS/Relvelshe.A / Detection Mitigation Bypass February 21, 2024
    Posted by hyp3rlinx on Feb 20[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/Windows_Defender_Backdoor_JS.Relvelshe.A_Detection_Mitigation_Bypass.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.microsoft.com [Product] Windows Defender [Vulnerability Type] Detection Mitigation Bypass Backdoor:JS/Relvelshe.A [CVE Reference] N/A [Security Issue] Back in 2022 I released a...
  • Microsoft Windows Defender / VBScript Detection Bypass February 21, 2024
    Posted by hyp3rlinx on Feb 20[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_VBSCRIPT_TROJAN_MITIGATION_BYPASS.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.microsoft.com [Product] Windows Defender [Vulnerability Type] Windows Defender VBScript Detection Mitigation Bypass TrojanWin32Powessere.G [CVE Reference] N/A [Security Issue]...
  • Microsoft Windows Defender / Trojan.Win32/Powessere.G / Detection Mitigation Bypass Part 3 February 21, 2024
    Posted by hyp3rlinx on Feb 20[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART_3.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.microsoft.com [Product] Windows Defender [Vulnerability Type] Windows Defender Detection Mitigation Bypass TrojanWin32Powessere.G [CVE Reference] N/A [Security Issue]...
  • 44CON 2024 September 18th - 20th CFP February 15, 2024
    Posted by Florent Daigniere via Fulldisclosure on Feb 1544CON is the UK&apos;s largest combined annual Security Conference and Training event. Taking place 18,19,20 of September at the Novotel London West near Hammersmith, London. We will have a fully dedicated conference facility, including catering, private bar, amazing coffee and a daily Gin O’Clock break.         _  […]
  • SEC Consult SA-20240212-0 :: Multiple Stored Cross-Site Scripting vulnerabilities in Statamic CMS February 14, 2024
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 13SEC Consult Vulnerability Lab Security Advisory < 20240212-0 > ======================================================================= title: Multiple Stored Cross-Site Scripting vulnerabilities product: Statamic CMS vulnerable version: =3.4.17 CVE number: CVE-2024-24570 impact: high homepage: https://statamic.com/...
  • Stored XSS and RCE - adaptcmsv3.0.3 February 14, 2024
    Posted by Andrey Stoykov on Feb 13# Exploit Title: Stored XSS and RCE - adaptcmsv3.0.3 # Date: 02/2024 # Exploit Author: Andrey Stoykov # Version: 3.0.3 # Tested on: Ubuntu 22.04 # Blog: http://msecureltd.blogspot.com *Description* - It was found that adaptcms v3.0.3 was vulnerable to stored cross site scripting - Also the application allowed the […]
  • OXAS-ADV-2023-0007: OX App Suite Security Advisory February 14, 2024
    Posted by Martin Heiland via Fulldisclosure on Feb 13Dear subscribers, We&apos;re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack. This advisory has also been published at https://documentation.open-xchange.com/appsuite/security/advisories/html/2023/oxas-adv-2023-0007.html. […]

Customers

Newsletter

{subscription_form_1}