نمایش نتایج: از شماره 1 تا 3 از مجموع 3

موضوع: Administer PacketFence with ease via Web interface

  
  1. #1
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272

    Administer PacketFence with ease via Web interface

    کد:
    http://articles.techrepublic.com.com/2415-1035_11-179764.html
    Takeaway: PacketFence is fairly demanding to install, but once you get into the administration of the system via the Web-based administration tool, things become a whole lot easier. Jack Wallen guides you through installation of the tool.


    PacketFence is one of the most difficult systems I've installed, while at the same time being one of the most valuable. PacketFence is the premier open source solution to Network Access Control (NAC). The system can work in an environment with any flavor of operating system or device, it's reliable, it's secure, and it's packed with tons of features.
    One such feature is the Web-based administration tool. Sure, PacketFence is fairly demanding to install, and some of the tasks must be handled via command line. But once you get into the administration of the system, and do so via the Web-based tool, things become a whole lot easier.
    Environment

    For this article, we'll cover the PacketFence Web GUI on an Ubuntu Server 6.06 installation. If you have yet to install PacketFence, please refer to the original article for help. One of the nice aspects of using this software is that it does not have hefty requirements. In fact, the system I am using is installed on an older AMD 2075 MHz processor with 512 MB RAM. The machine is headless, so having SSH access will be required in my situation.
    The requirements for the browser are nil; in fact, I was able to log into (and administer) the PacketFence GUI from my iPhone. So you shouldn't have any problem using the Web-based GUI, no matter what OS you're on.
    Let's get started with the GUI.
    Firing it up

    The first thing you're going to need to do (after you have PacketFence up and running) is open up a browser on your internal network and point it to https://IP_OF_PacketFence_SERVER:1443. This will take you to the dashboard shown in Figure A.
    Figure A


    From the Dashboard, you handle all your administration needs.

    You will log into the dashboard with the administrator username and password you set up during installation. Most likely, the username is admin.
    Once inside the GUI, you will notice a number of tabs. The lower section of tabs is mostly reporting, whereas the upper row of tabs is for the actual maintenance.
    Before I move on, I want to make note of one issue. There is currently a bug in the system with Active Reports. If you go to Reports and select Active, you will get this error:
    Error: Problems executing 'PFCMD report active '
    DBD::mysql::st execute failed: Unknown column 'n.dhcp_fingerprint' in 'on clause' at /usr/local/pf/lib/pf/db.pm line 96.
    Can't use string ("0") as a HASH ref while "strict refs" in use at /usr/local/pf/bin/pfcmd line 653. The problem occurs because of how MySQL 5 changed the way it handles joins. The developers are working on this and will have it fixed for the 1.6.4 release. Until then you will have to skip active reports.
    Back to the Dashboard; from this window, you will instantly see some very important information:

    • Disk Usage: This is the disk usage on the PacketFence server.
    • Memory Usage: This is the memory usage on the PacketFence server.
    • CPU Load: This is the CPU load on the PacketFence server.
    • Recent Violations: All recent violations that have occurred within the network (according to PacketFence).
    • Recent Registrations: All device registrations that have occurred within the system. (Note: This section will only list user-initiated registrations (not registrations handled by the administrator.)

    You can customize your dashboard as well. This is handy when the standard dashboard doesn't offer you all of the information you want. To customize the dashboard, select the Customize This Page icon to reveal a simple interface allowing you to change or add reports (Figures B and C).
    Figure B


    On the left side are the configurable statics in numbered form.

    Figure C


    On the right side are the configurable statistics in graph form.

    Once you have configured the dashboard the way you like it, select Submit Query and your dashboard will be exactly how you want. Of course, you might have to wait until some statistics start popping up before you actually see any difference.
    Reports: History

    Let's move on to the Reports section of the dashboard. This section offers up a lot of useful information. The main section, seen in Figure D, is accessed by selecting the Reports link to the left of the Dashboard link.
    Figure D


    As stated earlier, the Active reports are not currently usable.

    Let's say you want to see a list of the activity associated with a particular IP or MAC address. Select the History link and you will be able to enter either an IP or MAC address, as seen in Figure E, as well as a time frame to see all that devices activity.
    Figure E


    The only downfall is the data reported can not be customized.

    Once you select Query History, you'll get a report of the time the IP or MAC address was active. Unfortunately, the data reported is really only useful if you are trying to pinpoint a time for certain activity. As you can see in Figure F, the only data reported is the MAC address, the IP address, the Start Time, and the End Time of the activity. It does not, unfortunately, list the type of activity.
    Figure F


    If you scroll all the way down to the bottom you will see a link that allows you to download the data as a CSV file.

    Reports: Inactive

    One very nice feature is the Inactive Reports section. Select it to reveal a listing of each unregistered MAC address on your network. Figure G details the information given in this report.
    Figure G


    Now we get a bit more information.

    As you can see, there is more information to be had in this report. Not only do you get all the information from the History report, you also get information regarding browser and OS type, DHCP licenses, and ARP reports.
    The rest of the reporting should be self-explanatory. Now it's time to get into the actual administration of the system.
    Person

    The Person tab allows you to handle the administration of users on your NAC. Don't get this confused with authentication because this has nothing to do with that area. The Person portion of this system is only to make the administrator's job easier. You can add, edit, or delete people on this system to associate them with devices. So instead of having to remember what MAC address is in what department or belongs to which user, you add People to the system and assign their names to the address.
    Select the Person tab to see a listing of the currently available People on the system, as seen in Figure H.
    Figure H


    You can edit already added users by pressing the Edit button under Actions.

    Let's add a person. Say we need to add another user in Graphic Arts. Press the Add button to add a name. You'll see the screen shown in Figure I.
    Figure I


    The Identifier could be a name, a department, or an office number.

    For this example, I am going to add the user Haversham Happenstance and include the note Graphics. Once I have that, I can then add that Identifier to the MAC address (in another screen).
    This will keep your network far more manageable, because you'll have a better idea what MAC addresses belong to which users or departments.
    Now let's associate our new user to a device.
    Nodes

    A node, in PacketFence parlance, is basically a device. This device can be a PC, printer, router, or a hub -- anything with a MAC address. Press on the Node tab and you will see a listing of every device on the network, as shown in Figure J.
    Figure J


    This is the heart and soul of your network.

    Let's say you know that IP address 192.168.1.24 belongs to Haversham Happenstance and you want to add his name to the correct Node listing. Problem is, the Node listing only shows MAC addresses. The solution is simple: Go to Reports, select History, enter the IP address, and select Query History. The report will list the MAC address associated with the IP address. Now, with the MAC address in tow, head over to the Node tab, and find the MAC address you are looking for (in my case, 00:14:51:e3:89:61).
    Press the Edit button (under the Actions column) that corresponds with the MAC address in question. You will now see an edit window -- Figure K -- that will allow you to enter information.
    Figure K


    Although there is a drop-down for registered status, you can no register or de-register a user from the Web-based GUI.

    Here, you can enter plenty of information, but we want to limit it, right now, to user-information. Enter Haversham Happenstance as the Identifier and press the Edit Node button at the bottom right of the window. Now, when you take a look at the node, you will see Haversham Happenstance listed as the identifier attached to the MAC address.
    Administration

    Let's now take a look at some of the more meaty tasks of the Web-based administration tool. Select the Administration tab. Here, you will see the following sub-tabs:

    • Configuration: Under this sub-tab are numerous system configurations.
    • Services: This is where you can stop or start the PacketFence services.
    • Add User: Add users to the system.
    • UI Options: The look and feel of the Web-based GUI.
    • Remediation: Configure the remediation screen the users see.
    • Instructions: Configure the instruction screen the users see.

    The configuration sub-tab is the most crucial component of the GUI. Here, you'll configure nearly every aspect of the system, including:
    Alerting


    • Wins Server: Address of Wins server.
    • E-mail Address: Address of administrator.
    • SMTP Server: Outgoing mail server for system.
    • Admin netbiosname: Netbios name of the PacketFence server.
    • Log: Log file to be used for violations.

    ARP


    • DHCP Timeout: Hours and Minutes of ARP timeout.
    • Clean Shutdown: Enable or disable.
    • Interval: Seconds.
    • Strobe: Enable or disable.
    • GW Timeout: Enable or disable.
    • ARP Timeout: Enable or disable.
    • Heartbeat: Seconds.
    • Stuffing: Enable or disable.

    Database


    • Username: Database username.
    • Password: Database password.,
    • Port: Port for database use.
    • Host: Database host.

    DHCP


    • Registered lease: Hours.
    • Unregistered lease time: Minutes.
    • Isolation lease time: Minutes.

    Expire


    • Iplog: Days.
    • Node: Days.

    General


    • Logo: Location of system logo.
    • Caching: Enabled or disabled.
    • Domain: Domain name.
    • Dnsservers: Location of DNS servers.
    • Hostname: Hostname of PacketFence server.
    • Dhcpservers: Location of DHCP servers.

    Interface


    • IP address: IP of PacketFence server.
    • Gateway: Gateway for PacketFence server.
    • Type: Internal, Managed, or Monitored.
    • Mask: Netmask of PacketFence server.

    Logging


    • Level: 0-8
    • Priority: Debug, info, notice, warning, warn (same as warning), err, error (same as err), crit, alert, emerg, or panic (same as emerg).
    • Facility: Auth, authpriv, cron, daemon, ftp, kern, lpr, mail, mark, news, security (same as auth), syslog, user, uucp, or local0 through local7.

    Network


    • Rogueinterval: 1-10.
    • Named: Enabled or disbled.
    • Scan: Enabled or disabled.
    • Nat: Enabled or disabled.
    • DHCP detector: Enabled or disabled.
    • Mode: Passive or Inline.
    • DHCP: Enabled or disabled.

    Passthroughs


    • Symantec Scanner: URL
    • PacketFence: IP addresses of devices allowed to pass through system.

    Ports


    • Admin: Administration port
    • Open: Open ports.
    • Allowed: Ports allowed for use.
    • Redirect: Ports that are redirected.
    • Listeners: IMAP or POP3.

    Proxies


    • Stinger.exe: Address of stinger.exe

    Registration


    • Expire Window: Days
    • Detection: Enabled or disabled.
    • Range: IP address range for registration.
    • Registration: Enabled or disabled.
    • Skip reminder: Days
    • Immediate: Enabled or disabled.
    • Expire deadline: Date.
    • Auth: Local, ldap, mysql, radius, or harvard.
    • Expire Session: Days
    • Skip Mode: Window, Deadline, Disabled.
    • Isolation: Enabled.
    • Queuesize: Integer
    • Expire Mode: Window, deadline, session, or disabled.
    • AUP: Enabled or disabled.
    • Complete Message: Enabled or disabled.
    • Redirect URL: Address for redirection.
    • Skip Deadline: Date.
    • Skip Window: Seconds, minutes, hours, days, weeks.
    • Button Text: Text to appear on registration button.
    • Maxnodes: Maximum number of nodes allowed.

    Scan


    • Pass: Type of data to pass
    • SSL: Enabled or disabled.
    • Live TIDS: Plug in IDs allowed to live on the system.
    • User: User allowed to scan.
    • Port: Port number for scanning.
    • Registration: Enabled or disabled.
    • Host: Address of scanning host.

    Services


    • Named: Location of named executable.
    • DHCPD: Location of dhcpd executable.
    • HTTP: Location of apache executable.
    • Pfredirect: Location of pfredirect executable.
    • Pfdetect: Location of pfdetect executable.
    • Pfmon: Location of pfmon executable.
    • Snort: location of snort executable.

    Trapping


    • Isolation: Enabled or disabled.
    • Testing: Enabled or disabled.
    • Detection: Enabled or disabled.
    • Blacklist: Location of blacklist.
    • Range: IP range of trapping.
    • Whitelist: Enabled or disabled.
    • Trapping Registration: Enabled or disabled.
    • Redirect URL: URL for trapping redirection.
    • Immediate: Enabled or disabled.
    • Redirtimer: Seconds
    • Passthrough: IP tables or proxy.

    It's a long list of configuration options, but most of them should be self-explanatory at this point.
    Final thoughts

    Though not 100 percent perfect, the PacketFence Web-based administration takes a lot of the pains and efforts out of administering a PacketFence solution. There are still certain aspects of PacketFence that will require using the command line and some text-based editing; but, for the most part, once your system is up and running, you should be able to handle all the administration from the Web-based tool.
    PacketFence is an amazing system for controlling access to your network. Although difficult to get up and running, it's certainly worth the effort




    موضوعات مشابه:

  2. #2
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272

    Installing and configuring Network Access Control with PacketFence

    کد:
    http://articles.techrepublic.com.com/2415-1035_11-179743.html?tag=rbxccnbtr1

    Takeaway: PacketFence is the next big thing with network security and open source. Jack Wallen shows you how to run this installation completely by command line.


    PacketFence is the open source community's answer to NAC. Being a solid supporter of the open source community, I knew this was going to be an interesting project to get up and running. Little did I know that PacketFence would wind up being one of the single most difficult installations I have done in over ten years of dealing with Linux. Granted, part of the difficulty was in my resisting installing PacketFence on the recommended environment. Why did I resist? Well, the recommended environments were outdated -- Fedora 4, for example.
    But then I swallowed my nerd-pride and opted for the most logical choice in Ubuntu 6.06 server. So be prepared: this installation will be done completely by command line. And there will be a lot of commands to run.
    First things first

    The first thing you are going to need to do is install Ubuntu Server 6.06 LTS. The good news is that this release is supported until 2011, so you won't have to worry about security fixes not being released as they arise. Once you have downloaded the ISO image use K3B (or something similar) to burn the disk. Install the server and prepare for the installation. (Warning: It's a text-only installation.)
    Because you will be using Ubuntu, you'll be using the sudocommand a lot. There will be no root password, so the password you create for the created user (during installation) will be the password you use. However, when I use Ubuntu and sudo, I always create a root password because it bypasses a lot of problems created when trying to do installations of certain applications (or configurations of MySQL, for instance). To do this, run sudo passwd and enter the new "root" password. Once this is done, you are ready to rock.
    The first thing you are going to do is set up remote administration with SSH. In case this server will most likely wind up a headless server (or in case you need to administer it remotely), you will want this installed. To do this issue, the following command: sudo apt-get install ssh openssh-server. One of the main reasons I often do this type of installation (via SSH) is because if I need to google something I don't have to switch back and forth between machines. So now that you have sshinstalled, move over to a machine with access to the net and log into the Ubuntu server with SSH. Now you can continue reading this article and install at the same time.
    Prepping for installation of software

    You'll use the apt-get commandto install the software for this installation. In order to do that, you'll have to first edit your sources to be able to find the proper software packages. To do this, issue the following commands.
    Backup your original sources list:
    sudo cp /etc/apt/sources.list /etc/apt/sources.list.BACKUP Now you have to go through the sources list and uncomment all of the repositories listed in the sources.listfile. Go to /etc/apt, open up the sources.list file, and remove all of the # to uncomment the sources. Or you could run the command:
    sudo sed -i -e "s/# deb/deb/g" /etc/apt/sources.list Now we must update the apt sources with the command:
    sudo apt-get update One final step before you start installing applications: You have to be able to compile from source. By default, Ubuntu 6.06 server cannot do this. So to make the server capable of this necessary action, issue the command:
    sudo apt-get install build-essential Once this is done, you're ready to install.
    Snort

    The first thing you should do is install an intrusion detection package. As Snort is the standard in Linux (as well as what PacketFence suggests), we'll use that. Issue the command:
    sudo apt-get install snort Before you move on, you will need to stop Snort with the sudo /etc/init.d/snort stop command. You will also need to make sure Snort does not start during system boot (otherwise, PacketFence will not start up). To do this, use the update-rc.d command: sudo update-rc.d -f snort remove. Now Snort has been removed from the rc.d run list.
    MySQL

    Because PacketFences uses a database, you'll have to install MySQL and take care of a few details with that installation.
    First, install MySQL with the command sudo apt-get install mysql-server. Now it gets a bit tricky. This is where I like to have a "root" password. Issue the command sudo passwd and enter a "root" password twice. Now you can log on as a pseudo-root user. What you need to do now is change the MySQL password. By default, the password is blank. This is not secure and PacketFence requires you to have a root MySQL password. So issue the command mysql -u root -p and hit [Enter] (there is currently no password). You should now be at the mysql> command prompt. Now enter the command:
    SET PASSWORD FOR root@localhost=PASSWORD('NEWPASSWORD'); where NEWPASSWORD is the new password you'll use for the root MySQL user.
    Now MySQL is up.
    Apache and PHP

    The first thing you need to do is install Apache and all of the necessary modules, bells, and whistles. Here are the steps:
    sudo apt-get install apache2 libapache2-mod-proxy-html This installs Apache and the Proxy module. Now install PHP:
    sudo apt-get install libapache2-mod-php5 php-pear php5-mysql php5-gd This will install everything necessary for PHP.
    Now all you have to do is to stop the Apache server and prevent Apache from starting at boot. First run:
    sudo /etc/init.d/apache2 stop To stop Apache, run sudo update-rc.d -f apache2 remove to remove Apache from the rc.d run list.
    Perl and Perls' modules

    There are a number of Perl modules to install. To do so, issue the following commands:
    sudo apt-get install perl-suid libterm-readkey-perl libconfig-inifiles-perl libnet-netmask-perl and
    sudo apt-get install libparse-recdescent-perl libnet-rawip-perl libtimedate-perl libwww-perl Perl is ready to go.
    PacketFence

    Finally, install the PacketFence application itself. You cannot use apt-get to do the installation. You have to download the source, unpack it, and run the enclosed installation. Download the latest stable release (as of this writing, it is 1.6.2) with the wget application. If wget doesn't show up, you might have to install with sudo apt-get install wget.
    The download will come from Sourceforge. The current release address is: http://downloads.sourceforge.net/pac...e-1.6.2.tar.gz, so issue the commands:
    sudo cd /usr/local/
    sudo wget http://downloads.sourceforge.net/pac...e-1.6.2.tar.gz Unpack the tar file with the command:
    sudo tar xvzf PacketFence-1.6.2.tar.gz which will create the /usr/local/pf directory. Change into the pfdirectory and issue the command to start the installer:
    sudo ./installer.pl You will now have to walk through a lot of questions regarding the installation. Many of the defaults will work. Remember your MySQL root user password. Also, allow the PacketFence installer to create the necessary database for you. I tried many times to create the database with phpMyAdmin, only to find the PacketFence system cannot then create the necessary tables for the database.
    Before you run the final step of the process, you will want to create an SSL Certificate for security purposes. To do this, issue the commands:
    cd /tmp
    openssl req -new > PacketFence.csr
    openssl rsa -in privkey.pem -out server.key
    openssl x509 -in PacketFence.csr -out server.crt -req signkey
    server.key -days 365
    mv server.crt /usr/local/pf/conf/ssl/
    mv server.key /usr/local/pf/conf/ssl/
    rm -f PacketFence.csr privkey.pem This will install a unique certificate for your machine (instead of the included default).
    Once you have completed the installation, you will then have to run the configurator.pl to complete the install. The configuratorbasically sets up the type of system you want to run. When you run it, you'll be offered the following:

    1. Test mode
    2. Registration
    3. Detection
    4. Registration & Detection
    5. Registration, Detection & Scanning
    6. Session-based Authentication

    I suggest running the system in Test mode at first. Finish answering the questions to complete the installation.
    A few modifications

    One issue I had upon completing the installation was that the PacketFence start script couldn't find the Apache startup script, because it was looking for /usr/bin/httpd instead of /usr/bin/apache2, as is installed in an Ubuntu server. To change this, you have to add a [service] entry in the pf.conf file. Open up the /usr/local/pf/conf/pf.conf file in your favorite editor and add the following lines to the end of that file:
    [services]
    httpd=/usr/sbin/apache2 Now, open the file /usr/local/pf/conf/templates/httpd.conf and add the following:
    ServerRoot /usr/lib/apache2 and then modify the line:
    LoadModule php4_module modules/libphp4.so to reflect:
    LoadModule php4_module /usr/lib/apache2/modules/libphp4.so There were a number of other lines that had to be modified. Because of the installation of Apache on Ubuntu, the necessary modules must all reflect the /usr/lib/apache2/module structure. So go through the entire /usr/local/pf/conf/templates/httpd.conf file and change the module paths to reflect this. You will also need to uncomment out the line for the php5 module (around line 79) and comment out the line for php4 (around line 80).
    Starting PacketFence

    You can first test to make sure PacketFence is starting up properly by running the command /usr/local/pf/bin/start. You should see nothing more than the following:
    Checking configuration sanity...
    service|command
    config files|start
    iptables|start
    httpd|start
    pfmon|start
    pfdetect|start
    snort|start Now stop the PacketFence system with the command /usr/local/pf/bin/stop.
    Once you know this is starting properly you can then modify the install so that the PacketFence startup script is installed and the rc.d system is aware of it. To do this issue the following commands:
    sudo cp /usr/local/pf/PacketFence.init /etc/init.d/PacketFence
    sudo chmod 755 /etc/init.d/PacketFence
    sudo update-rc.d PacketFence defaults Restart the system with the command:
    sudo /etc/init.d/PacketFence start You are now up and running.
    Logging in

    Fire up a browser and point it to the IP address of the PacketFence server with the 1443 port address added. So my address would be https://192.168.1.29:1443. Note: This is secure HTTP. You will see a log in screen where you'll enter your administrator name (by default it is admin) and the password you created for the administrator.
    Once you are logged in, you'll see the main administrator screen (see Figure A below).
    Figure A


    This is where you will finally be able to do all of your work.

    From this point on, it's all point and click.
    A big job

    PacketFence has been one of the more challenging installations I have come across. Is it worth it? An old saying comes to mind: "An ounce of prevention is better than a pound of a cure." PacketFence is the next big thing with network security and open source. This tool is huge, and will gain popularity fast. And with the help of this article, you can finally install the system with fewer headaches than I incurred




  3. #3
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272

    Use PacketFence to stop unwanted network traffic

    کد:
    http://articles.techrepublic.com.com/2415-1035_11-179294.html?tag=rbxccnbtr1

    Takeaway: Looking for a system that blocks illegal downloads without breaking your IT budget? Jack Wallen introduces PacketFence, an open-source network access control (NAC) system.


    How many times have you administered a network only to find certain users installing and using forbidden applications such as LimeWire or Gnutella? It happens all the time, even on the home network.
    What if you could block those attempted illegal downloads (or activity unbecoming an employee) without having to shell out what could easily amount to your entire IT budget for an application to stop that behavior? That's where PacketFence comes in.
    What can PacketFence do?

    PacketFence is a strong system that contains:

    • User registration: PacketFence has an optional user registration portal.
    • Worm and virus detection: Using Snort, PacketFence ads even another layer of protection to your network.
    • Worm/bot detection: PacketFence can be configured so that any time a host is used as a bot that host is placed in isolation or black-holed.
    • User-directed mitigation/remediation: If a user/host is trapped in isolation that user/host is redirected to a page with removal instructions. A grace period can be set up so the violation can serve as a warning.
    • Pro-active vulnerability scans: The administrator can set up scans so they are done manual, scheduled, or upon user registration.
    • Passive or in-line operation: PacketFence can function either as a router (inline) or it can inject itself into the system (passive).

    The above list shows some of the advanced features. Before you get knee-deep into advanced features, you must first understand how to stop traffic with PacketFence. But before we get deep into the configuration, let's first install one last helper application: Nessus (client) and Nessusd (daemon).
    Nessus

    We're going to continue on the Ubuntu Server 6.06 environment, so apt-get will be our tool of choice. To install everything for Nessus and Nessusd, you'll need to run the commands:
    sudo apt-get install nessus
    sudo apt-get install nessusd
    sudo nessus-adduser
    sudo ln -fs /etc/init.d/nessusd /etc/rc2.d/S20nessusd Finally, to start the Nessus daemon, issue the command:
    sudo /etc/init.d/nessusd start Now your PacketFence installation is complete.
    Getting to know the commands

    Even though there is a Web-based GUI for PacketFence, you'll rely on the commands more than the GUI. Let's take a look at the commands you will need to know (each command will either be issued by the root user or with the help of sudo):

    • /sbin/iptables: There will be times when you'll need to flush the IPTables cache in order to get PacketFence to start. To flush the cache, issue the command /sbin/iptables -F.
    • /etc/init.d/snort start: This is how you start Snort. To stop Snort, replace start with stop.
    • /etc/init.d/nessusd start:In order to start the Nessus daemon, issue this command. To stop Nessus, replace start with stop.
    • /usr/local/pf/bin/start: This is the command to start PacketFence.
    • /usr/local/pf/bin/pfcmd config help: This is where you can begin to get help with PacketFence. By issuing this command, you'll see a list of all the types of help you can get. Help topics include: control, service, version, person, history, node, violation, report, fingerprint, lookup, graph, config, ui, class, trigger, update, and reload.

    The pfcmdcommand is a very useful tool; it can do a number of things. For example, say you want to know what types of OSs are on your network. Issue the command /usr/local/pf/bin/pfcmd report os and the system will return something like:
    root@ubuntu:/usr/local/pf# /usr/local/pf/bin/pfcmd report os
    description|percent|count
    Unknown DHCP Fingerprint|18.2|2
    RedHat/Fedora-based Linux|18.2|2
    Microsoft Windows 2000|18.2|2
    Mac OS X|18.2|2
    Debian-based Linux|9.1|1
    *Probable Static IP(s)|18.2|2
    Total|100|11 If you definitively know the contents of your network, this tool can quickly help you see if there is any rogue hardware.
    Before a piece of hardware can actually have access to the outside world (when PacketFence is up and running), the hardware must be registered. The easiest way to register a piece of hardware is to use the pfcmdcommand. Unfortunately, you have to know the MAC address of the machine to be registered. In order to register a machine, issue a command like so:
    /usr/local/pf/bin/pfcmd node edit 44:4d:50:02:0a:5b status="reg",pid=1 Now when you issue the command /usr/local/pf/bin/pfcmd report registered, you'll see:
    44:4d:50:02:0a:5b|1|||reg|| This isn't very helpful if you have a number of users, so before registering a MAC address, add a user first. Issue the command: /usr/local/pf/bin/pfcmd person add maryjane notes="Graphics Department" before you register. Now when you register, you can issue the command: /usr/local/pf/bin/pfcmd node edit 44:4d:50:02:0a:5b status="reg",pid=maryjane. Now issue the command /usr/local/pf/bin/pfcmd report registered, and you'll see:
    44:4d:50:02:0a:5b|maryjane|||reg|| Now the report has a bit more meaning; the MAC address is associated with a username.
    Configuring the conf

    In the /usr/local/pf/conf directory is the pf.conffile. This is the file generated when you initially set up PacketFence. This initial setup will not really do a whole lot; you need to get into this file and really get your fingers dirty. The pf.conffile is broken into different sections:

    • [general]: This is general information about the server hosting PacketFence. This will include: domain name, host name, and DNS servers.
    • [logging]: This will define the log level you wish to run (8 being the highest verbosity).
    • [alerting]: This is where you configure the e-mail address all alerts will go to and the SMTP server the alerting system will use.
    • [database]: This is the database information. Here you will configure the database user and the database password.
    • [interface]: This is where you configure the interface for PacketFence to use. Included in this configuration are the netmask, type (internal,managed,monitor), IP address, and gateway.
    • [services]: This is where you define the executable for your Web server.
    • [trapping]: Choose here whether you want to enable the trapping of users.
    • [registration]: The most important section, this is where you configure how registration is handled. You have to configure the following: registration method; skip mode (can users "skip" registration?); AUP policy (do your users have to accept a "user policy"?); and expire policy.
    • [scan]: When do you want to set a vulnerability scan?

    There are many other configuration options, but we're going to keep this at the bare minimum. So let's take a look at a bare bones -- but useable -- pf.conffile.
    [general]
    domain=mydomain.name
    dnsservers=192.168.1.22,192.168.1.23
    [logging]
    verbosity=8 [alerting]
    emailaddr=admin@mydomain.name
    smtpserver=mail.mydomain.name [database]
    pass=dbpassword
    user=root [interface]
    mask=255.255.255.0
    type=internal,managed,monitor
    gateway=192.168.1.1
    ip=192.168.1.29 [services]
    httpd=/usr/sbin/apache2 [trapping]
    registration=enabled [registration]
    skip_mode=window
    skip_window=2w
    skip_reminder=1d
    expire_mode=window
    expire_window=26w
    aup=enabled
    auth=local
    maxnodes=1 [scan]
    registration=enabled
    pass=packet
    user=admin
    host=192.168.1.29
    port=1241
    ssl=enabled There are a few additional configuration options above that warrant explanation. In the [registration] section, you'll see the expire options. These options configure how long a users registered instance will last. In the same section, you'll see aup options. These are the authentication methods. In the above configuration, the system is using a local authentication which will be contained in a userasswordfile called user.confin /usr/local/pf/conf.
    Stopping unwanted traffic

    You don't want P2P traffic on your network. In the /usr/local/pf/conf directory is a file called violations.conf. This file contains most of the common violations you'll need. The top section is the defaults section. Below the defaults is an entry for each violation. If you want to examine the violation set for LimeWire, for example, it would look like this:
    [2001808]
    desc=P2P (Limewire)
    priority=8
    url=/content/index.php?template=p2p
    disable=Y
    max_enable=1
    trigger=Detect::2001808 Since this violation is disabled (with disable=Y), we need to enable this violation in order to enforce it. Change enable=Y to enable=N and restart PacketFence. Now, if any member of the network fires up LimeWire, that user will lose Internet access.
    Notice the url= option. This defines where the user will be redirected when they violate the policy. You can customize this page.
    Final thoughts

    This has been a barebones introduction to the massive system known as PacketFence. From this launching point, you can grow this system to meet nearly any need. On top of this, you can implement the Web-based GUI to help make administration much easier.
    Please be aware that PacketFence is an application that can take days to master; also, implementation will vary with every installation you do. Even with all of its difficulties (and lack of documentation), PacketFence should quickly become your network security's best friend




کلمات کلیدی در جستجوها:

packetfence debian

PacketFence

pfredirect stopped

packetfence smtp

15

packetfence pfredirect

packetfence howto

packetfence networks.conf

administer packetfencepacketfence web gui forbiddenpacketfence web default passwordservice pfredirect stop packet fencepacketfence smtp mail() command failedservice pfredirect stopped packetfencepacketfence step by stepinstall packetfence on ubuntu make this entire process much much easier.radiusd binary is not executable in packetfence setupfirestarter webifhow to enable pfredirect in packetfencei dont know what is my https:IP_OF_ PacketFence SERVER:1443packetfence setup proxy iphonepacketfence comment installer server interfacepacketfence debian packagesinternal managed monitor packetfence

برچسب برای این موضوع

مجوز های ارسال و ویرایش

  • شما نمی توانید موضوع جدید ارسال کنید
  • شما نمی توانید به پست ها پاسخ دهید
  • شما نمی توانید فایل پیوست ضمیمه کنید
  • شما نمی توانید پست های خود را ویرایش کنید
  •