Linux-powered Packet Fence Protects Your Network

Installation and Initial Setup

PacketFence is a free and open source network access control (NAC) system. This Linux-based application primarily provides network access control, monitoring, and intrusion detection. It gives you several network protection features, which includes the following:

• Captive portal: Can be used to require users to login before using the network or to present instructions to a user on a web page, blocking all other network traffic, when a problem is detected.
• Malware detection and alerting: Along with internal features, PacketFence can work with remote sensors like from Snort.
• Vulnerability scans with Nessus: Can use the external Nessus program to periodically run vulnerability scans.
• Isolation of problematic devices: One of the several isolation techniques PacketFence support is VLAN isolation (with VoIP support), where problematic clients would be moved to a designated VLAN. Switches from many vendors are supported.
• DHCP fingerprinting: Used to automatically allow or disallow specific device types (such as VoIP phones or Wi-Fi equipped game systems).

In this tutorial, we'll see how to set up and get started with PacketFence.

Some prerequisites are verifying that your network switches, access points, and controllers are supported by PacketFence for full-functionality. Additionally, make sure the computer you're setting up as the PacketFence server has at least two wired Ethernet cards installed.

Installing dependencies

We're using the CentOS 5.3 Linux distribution, so instructions are given with this in consideration.

First you must ensure you have the other servers and applications that PacketFence uses installed and ready to go. This includes a database server (MySQL) and web server (Apache) and maybe also a DHCP server (ISC DHCP), DNS server (BIND), and NIDS (Snort).

Open a Terminal window (Applications > Accessories) and enter root mode: type su, hit Enter, input the root password, and hit Enter again.

Then you can run the following command to install most of the required and optional software:

yum install mysql-server httpd dhcp bind

You'll have to manually install snort. Plus keep in mind, the mySQL server is installed with no password for root access, so you'll want to assign a password.

You must configure yum to use the DAG repository, so it can download and install the necessary dependency packages. You need to know the Red Hat Linux version you're using; here's the command to check it:

cat /etc/redhat-release

Now you can get the command to install the proper rpmforge-release package from the DAG site.

Now you can configure yum with the PacketFence repository. To do this, type gedit while still in root mode. This brings up the text editor with root privileges, so you can write to the particular location.

Now copy and paste the following into the text editor:

[PacketFence]
name=PacketFence Repository
baseurl=http://inverse.ca/downloads/PacketFence/RHEL5/$basearch
gpgcheck=0

Then save the file to /etc/yum.repos.d/PacketFence.repo.

Before you close the root-mode text editor, you might want to check the status of SELinux. For PacketFence to work, SELinux must be disabled on your Linux distro. In Fedora Core and RedHat Enterprise distros, you can edit /etc/selinux/config and change the SELINUX line to SELINUX=disabled and then reboot the system.

For the other distros that don't have the /etc/selinux/config file, you can edit the kernel boot line, usually in the /boot/grub/grub.conf file for the GRUB boot loader. On the kernel line, add selinux=0 at the end. Then reboot the PC.

Bring up a Terminal in root mode again and enter the following command to install PacketFence and its dependencies:

yum install packetfence

After yum is done, you must execute a file using the following command to complete the installation:

cd /usr/local/pf/ && ./installer.pl

Be sure to create an account for the web administrative interface when prompted, otherwise the default password of qwerty will be used. After installation is complete, you must run the following command to perform the configuration:

/usr/local/pf/configurator.pl

Next, startup the web server so you'll be able to access PacketFence's web-based control panel:

/sbin/service httpd start

PacketFence can authenticate users that register devices using three different methods: a flat file (the default method), an LDAP server, or a RADIUS server.

The default flat file is at /usr/local/pf/conf/user.conf. You'll have to encrypt the password of each user with htpasswd by entering the following command and entering the password twice:

htpasswd /usr/local/pf/conf/user.conf newuser

Once you have the intial configuration complete, start up PacketFence with the following command:

/sbin/service packetfence start

Configuring PacketFence

You can configure PacketFence using its command-line utility, pfcmd, or via the web-based control panel.

You can access pfcmd at /usr/local/pf/bin/pfcmd. Returning no options will give you the basic help screen, a listing of all the commands.

To access the web-based control panel, go to the following URL:

https://pf.yourdomain.com:1443

Use the username and password you created when running the installer.pl script; otherwise use the default username admin and default password qwerty.

Getting help with PacketFence

If you run into problems, you might want to check out the official documentation. They give examples of many different scenarios. Plus you can communicate on the mailing lists.

Eric Geier is the Founder and CEO of NoWiresSecurity, which helps businesses easily protect their Wi-Fi network with enterprise-level encryption by offering an outsourced RADIUS/802.1X authentication service called AuthenticateMyWiFi. He is also the author of many networking and computing books for brands like For Dummies and Cisco Press.