Zeroshell
Developer | Fulvio Ricciardi |
---|---|
OS family | Linux (Unix-like) |
Working state | Discontinued |
Source model | Open source |
Initial release | June 2006 |
Final release | 3.9.5 / 16 January 2021 |
Platforms | IA-32, x86-64, ARM |
Kernel type | Monolithic |
License | GNU GPL |
Official website | www |
Zeroshell is a small open-source Linux distribution for servers and embedded systems which aims to provide network services.[1][2] Its administration relies on a web-based graphical interface; no shell is needed to administer and configure it. Zeroshell is available as Live CD and CompactFlash images, and VMware virtual machines.
Zeroshell can be installed on any IA-32 computer with almost any Ethernet interface. It can also be installed on most embedded devices and single-board computers such as Raspberry Pi and Orange Pi.[3]
The project reached EOL in April of 2021 with the version 3.9.5.[4] There are several known vulnerabilities for various versions of this software: V2, V3.6x up to V3.7, V3.9.0, V3.9.3 and last V3.9.5 for example,[5] allowing an attacker to e.g. gain root access to the device easily. The main attack vector is the cgi script in use, 'kerbynet'.
Selected features
- RADIUS server which is able to provide strong authentication for the Wireless clients by using IEEE 802.1X and Wi-Fi Protected Access (WPA/WPA2) protocols
- Captive portal for network authentication in the HotSpots by using a web browser. The credentials can be verified against a Radius server, a Kerberos 5 KDC (such as Active Directory KDC)
- Netfilter – Firewall, Packet Filter and Stateful Packet Inspection (SPI), Layer 7 filter to block or shape the connections generated by Peer to Peer clients
- Linux network scheduler – control maximum bandwidth, the guaranteed bandwidth and the priority of some types of traffic such as VoIP and peer-to-peer
- VPN host-to-LAN and LAN-to-LAN with the IPSec/L2TP and OpenVPN protocols
- Routing and Bridging capabilities with VLAN IEEE 802.1Q support
- Multizone DNS (Domain name system) server
- Multi subnet DHCP server
- PPPoE client for connection to the WAN (Wide area network) via ADSL, DSL and cable lines
- Dynamic DNS client updater for DynDNS
- NTP (Network Time Protocol) client and server
- Syslog server for receiving and cataloging the system logs produced by the remote hosts
- Kerberos 5 authentication
- LDAP server
- X.509 certification authority