next_inactive up previous


FAQ : ipfcontrol

Alexandre Dulaunoy

1 Introduction

1.1 What is ipfcontrol ?

Ipfcontrol is an ``open source'' software and framework to manage multiple types of security module across a global network. Security modules can be packet filters (like netfilter, ipfw, IP Filter, checkpoint FW1), NIDS (Snort, arpwatch...) and other general security software (like LIDS, ACL, ...).

1.2 Which license do you use for ipfcontrol ?

We release all software and framework design under the GPLv2. We strongly believe that software must be free to everyone. We want to share ideas, concepts and software with a lot of people around the world. Source availability is really important for software related to security management.

1.3 Which operating systems are supported ?

The configuration and log repository is using Apache (with some extensions) in this framework. The client uses Perl. So the platforms where you can run Apache and Perl are supported. Most notably, different flavors of Unix (*BSD, Solaris, Linux, AIX) and WIN32 are supported.

1.4 Why did you choose ipfcontrol as name ? Do you plan to change it ?

In the beginning of the project, the name was chosen because our first target was to remotely manage IP Filter (a packet filter software) for *BSD. Now, the project is more generic and more flexible so we can manage easily multiple type of security module (like Snort, NIDS, ipfw, netfilter, checkpoint FW1,...). IP Filter has move to a more restrictive license and we think is not a good thing to based our name on it because our project is GNU GPL. The name will change in near future for this multiple reasons. (if you have any proposition for a cool name, don't hesitate...)

1.5 History of the design notes

2001-06-??: Alexandre Dulaunoy (alex@conostix.com) : Initial wisdom

2001-06-11: Tycho Fruru (tycho@conostix.com) : Misc changes, added 2.2, 2.3, 2.4, 2.5, elaboration, it's too early to make a formal history of the design notes ;-)

2 How does it work ?

2.1 Data repository

The core system is working with a data repository acting as a ``proxy'', a network file server, a buffer server, ... (yes, you can name it as you like 8-) The repository as ``glue'' between the multiple security module and management/gui client (security module and management/gui client are not really different in the point of view of the repository server).

The data (log/config/alert/monitoring) are stored in a filesystem hierarchy, which is made accessible through Apache.

Every module/engine has its own set of directories, organised as follows :

The <ID of module/engine> is arbitrary.

2.2 Remote module/engine Logging

In the .../log directory, the following files can be found :

The <ID of log> name is arbitrary, but it is recommended to take something of the form YYYYMMDD-HHMMSS.cc or another unique identifier.

2.2.1 Logging file format

2.3 Remote module/engine Configuration

In the .../config directory the following files can be found :

2.3.1 Configuration file format

2.3.2 Config.go file format

2.4 Remote module/engine Alerting

Not yet here.

2.5 Remote module/engine Monitoring

Monitoring consists in pushing a file with status information regularly from the module to the webserver. The contents of this file are different monitoring parameters which might be of interest (eg. free memory, how many users are logged on, average cpu usage, network error packets etc). The file also includes the current time of the module and when the next update is due.

3 Installation

3.1 Software prerequisite

For compiling the data repository server, you need all software needed by a standard Apache compilation.

For the wrapper part, you need a functionnal perl (5.005) with Perl module like :

3.2 Which module of apache do you use ?

4 Configuration

4.1 Data Repository server

4.2 Client Wrapper

5 Extending ipfcontrol

5.1 Writting additional client wrapper

6 Useful example

or real life is better than anything else 8-)...

6.1 Managing multiple NIDS Snort

6.2 Managing a packet filtering

6.3 Fetching information from data repository to SQL

6.4 Fetching information from data repository to a monitoring console

6.5 How to write a 2 line pushing policy ?

lwp-request -m PUT http://127.0.0.1/ipfc/smod/sparky/policy/p-2.policy <policy-file

lwp-request -m PUT http://127.0.0.1/ipfc/smod/sparky/policy/p-2.policy.go <1-byte-file

6.6 Authors


Contents

About this document ...

FAQ : ipfcontrol

This document was generated using the LaTeX2HTML translator Version 99.2beta8 (1.46)

Copyright © 1993, 1994, 1995, 1996, Nikos Drakos, Computer Based Learning Unit, University of Leeds.
Copyright © 1997, 1998, 1999, Ross Moore, Mathematics Department, Macquarie University, Sydney.

The command line arguments were:
latex2html -no_subdir -split 0 -show_section_numbers /tmp/lyx_tmpdir972HrmKVo/lyx_tmpbuf972z4otbB/faq.tex

The translation was initiated by root on 2001-06-12


next_inactive up previous
root 2001-06-12