Wikipedia
FireballISO (or "Fireball") is a VMware virtual appliance that builds a security-hardened Live CD containing a stripped-down custom version of Gentoo Linux. The original intent of the project is focused on providing firewall and networking services to a network, but the appliance can be customized in almost limitless ways to build bootable ISOs that can do many different things. When burned to a CD-ROM, it will allow a perhaps otherwise unused, old computer to boot it and act as a network security device. It may also be used in a virtual environment as a secure cloud appliance. Notable features in the generated ISO include:
- (Version 1.4) Encryption is now truly optional (there were issues with how 1.3 handled unencrypted builds). Many updates to Gentoo Hardened files, including compiler-provided increased stack protection. Extensive cleanups to build script; now supports "test" build which can be customized to make a different ISO than the "deployment" build, suitable for testing or other purposes. Many features removed (tunnels, DSL support, etc.) to make appliance more generic.
- (Version 1.3) Except for the files required early in the boot process (such as the kernel and initramfs), the contents can now be optionally encrypted, which makes it much more difficult and time-consuming for someone that may steal the ISO to access the contents. Default encryption is 256-bit AES. See the documentation for issues related to encryption.
- (Version 1.2) All programs updated and recompiled with Hardened Gentoo kernel and compiler toolchain, resulting in increased protection from several kinds of overflows and other security vulnerabilities.
- IPv4 and IPv6 support
- iptables and ip6tables firewalls
- SSH server for full command-line access
- DNS cache and DHCP server
- tcpdump & other networking utilities
- Perl and Python scripting languages
- NTP client
- Extremely customizable, just like a regular Gentoo Linux system
- Unnecessary programs removed from generated ISO; can be customized for even smaller size
- Low hardware requirements for ISO: Pentium computer with a CD-ROM drive capable of booting, and two network interface cards, or equivalent virtual environment. No hard disk, monitor, or keyboard is needed for the unencrypted configuration (though a monitor and keyboard might be useful for troubleshooting configurations as needed). A keyboard and monitor are required at start-up if encryption is used.
The virtual appliance can be updated just like a normal Gentoo system, allowing new Live CD images to be generated with the latest security fixes, bug corrections, additional features, and updated configurations. The Live CD should be re-generated as often as important changes are released by the authors of the various software packages it contains.