The goal of the Astaro Community Software Project is to create a working and extensible framework with which new (third-party) software can be added to stock ASL systems. The desire to do this arose because ASL systems are not simply standalone firewalls, they are fully-functioning Linux servers. As such, they can be used for more in-depth network hacking purposes than are officially supported by Astaro. The primary goal of ACS, however, is to add related functionality to ASL firewalls - we are not trying to turn ASL into a desktop environment.

Tom Kistner has made a very useful add-on package to ASL called the PlusPack. From his description:

The PlusPack is a development suite for Astaro Security Linux. It includes a collection of development tools, making it possible to build other projects from source directly on the ASL machine.

ASL differs from the PlusPack in that it is modular (package-oriented), binary (though source is available), and oriented toward providing software packages rather than a compilation environment. The PlusPack is very useful - we've used it in creating ACS, and indeed some ACS packages depend on it - but the two are designed to solve different problems.

The current strategy of the ACS project is to port the Debian package-management tools (dpkg, apt, etc.) to ASL, and then to use these tools to port other programs. Debian was chosen because the dpkg/apt system is mature, flexible, and very easy to use.

This software is not supported by Astaro AG. Using it may even void your support contract. You have been warned. If you really want to purchase commercial support for these programs, contact Sam Quigley (osquigle@cs.uchicago.edu)

Moreover, it is a Bad Idea to install lots of software on your firewall. Should this software somehow interfere with the proper operation of ASL, you may be exposed to a security risk. If an attacker compromises your firewall, many of these packages will make it easier to penetrate your network further. The ACS system should only be used for network testing and troubleshooting within an already-secured network.