Alexandre Dulaunoy
Ipfcontrol is an ``open source'' software and framework to manage multiple types of security module across a global network. Security modules can be packet filters (like netfilter, ipfw, IP Filter, checkpoint FW1), NIDS (Snort, arpwatch...) and other general security software (like LIDS, ACL, ...).
We release all software and framework design under the GPLv2. We strongly believe that software must be free to everyone. We want to share ideas, concepts and software with a lot of people around the world. Source availability is really important for software related to security management.
The configuration and log repository is using Apache (with some extensions) in this framework. The client uses Perl. So the platforms where you can run Apache and Perl are supported. Most notably, different flavors of Unix (*BSD, Solaris, Linux, AIX) and WIN32 are supported.
In the beginning of the project, the name was chosen because our first target was to remotely manage IP Filter (a packet filter software) for *BSD. Now, the project is more generic and more flexible so we can manage easily multiple type of security module (like Snort, NIDS, ipfw, netfilter, checkpoint FW1,...). IP Filter has move to a more restrictive license and we think is not a good thing to based our name on it because our project is GNU GPL. The name will change in near future for this multiple reasons. (if you have any proposition for a cool name, don't hesitate...)
2001-06-??: Alexandre Dulaunoy (alex@conostix.com) : Initial wisdom
2001-06-11: Tycho Fruru (tycho@conostix.com) : Misc changes, added 2.2, 2.3, 2.4, 2.5, elaboration, it's too early to make a formal history of the design notes ;-)
The core system is working with a data repository acting as a ``proxy'', a network file server, a buffer server, ... (yes, you can name it as you like 8-) The repository as ``glue'' between the multiple security module and management/gui client (security module and management/gui client are not really different in the point of view of the repository server).
The data (log/config/alert/monitoring) are stored in a filesystem hierarchy, which is made accessible through Apache.
Every module/engine has its own set of directories, organised as follows :
In the .../log directory, the following files can be found :
In the .../config directory the following files can be found :
Not yet here.
Monitoring consists in pushing a file with status information regularly from the module to the webserver. The contents of this file are different monitoring parameters which might be of interest (eg. free memory, how many users are logged on, average cpu usage, network error packets etc). The file also includes the current time of the module and when the next update is due.
For compiling the data repository server, you need all software needed by a standard Apache compilation.
For the wrapper part, you need a functionnal perl (5.005) with Perl module like :
or real life is better than anything else 8-)...
lwp-request -m PUT http://127.0.0.1/ipfc/smod/sparky/policy/p-2.policy.go <1-byte-file
This document was generated using the LaTeX2HTML translator Version 99.2beta8 (1.46)
Copyright © 1993, 1994, 1995, 1996,
Nikos Drakos,
Computer Based Learning Unit, University of Leeds.
Copyright © 1997, 1998, 1999,
Ross Moore,
Mathematics Department, Macquarie University, Sydney.
The command line arguments were:
latex2html -no_subdir -split 0 -show_section_numbers /tmp/lyx_tmpdir972HrmKVo/lyx_tmpbuf972z4otbB/faq.tex
The translation was initiated by root on 2001-06-12