Software:Zeroshell

From HandWiki
Short description: Linux distribution
Zeroshell
Netbalancer.gif
DeveloperFulvio Ricciardi
OS familyLinux (Unix-like)
Working stateDiscontinued
Source modelOpen source
Initial releaseJune 2006; 18 years ago (2006-06)
yes|Final release|Latest release}}3.9.5 / 16 January 2021; 3 years ago (2021-01-16)
PlatformsIA-32, x86-64, ARM
Kernel typeMonolithic
LicenseGNU GPL
Official websitewww.zeroshell.org

Zeroshell is a small open-source Linux distribution for servers and embedded systems which aims to provide network services.[1][2] Its administration relies on a web-based graphical interface; no shell is needed to administer and configure it. Zeroshell is available as Live CD and CompactFlash images, and VMware virtual machines.

Zeroshell can be installed on any IA-32 computer with almost any Ethernet interface. It can also be installed on most embedded devices and single-board computers such as Raspberry Pi and Orange Pi.[3]

The project reached EOL in April of 2021 with the version 3.9.5.[4] There are several known vulnerabilities for various versions of this software: V2, V3.6x up to V3.7, V3.9.0, V3.9.3 and last V3.9.5 for example,[5] allowing an attacker to e.g. gain root access to the device easily. The main attack vector is the cgi script in use, 'kerbynet'.

Selected features

  • RADIUS server which is able to provide strong authentication for the Wireless clients by using IEEE 802.1X and Wi-Fi Protected Access (WPA/WPA2) protocols
  • Captive portal for network authentication in the HotSpots by using a web browser. The credentials can be verified against a Radius server, a Kerberos 5 KDC (such as Active Directory KDC)
  • Netfilter – Firewall, Packet Filter and Stateful Packet Inspection (SPI), Layer 7 filter to block or shape the connections generated by Peer to Peer clients
  • Linux network scheduler – control maximum bandwidth, the guaranteed bandwidth and the priority of some types of traffic such as VoIP and peer-to-peer
  • VPN host-to-LAN and LAN-to-LAN with the IPSec/L2TP and OpenVPN protocols
  • Routing and Bridging capabilities with VLAN IEEE 802.1Q support
  • Multizone DNS (Domain name system) server
  • Multi subnet DHCP server
  • PPPoE client for connection to the WAN (Wide area network) via ADSL, DSL and cable lines
  • Dynamic DNS client updater for DynDNS
  • NTP (Network Time Protocol) client and server
  • Syslog server for receiving and cataloging the system logs produced by the remote hosts
  • Kerberos 5 authentication
  • LDAP server
  • X.509 certification authority

See also

References

External links