The Engarde Linux distro is presented as a secure platform, right out of the box, suitable for running web and other public facing applications. Once I completed the installation I found this is true. My first impression is that they've done a good a job of implementing very restrictive ACLs. One feature I really like is that root's default perms are restricted when the system is booted in secure mode (default); the perms can only be changed on login from the console, otherwise, root can not even list /home or /var among other things.   The distro runs an administrative app, called the Guardian Digital WebTool, which allows admins to perform many tasks from FireFox (the preferred browser), such as adding users, updating FW rules, selecting and restarting services, auditing of SELinux actions, etc. However this is not to say that the distro can easily be used by someone with little sys admin experience; it cannot.   More to come when I've had a chance.