PacketFence is the open source community’s answer to NAC.
Being a solid supporter of the open source community, I knew this was going to
be an interesting project to get up and running. Little did I know that
PacketFence would wind up being one of the single most difficult installations
I have done in over ten years of dealing with Linux. Granted,
part of the difficulty was in my resisting installing PacketFence on the recommended
environment. Why did I resist? Well, the recommended environments were outdated
— Fedora 4, for example.
But then I swallowed my nerd-pride and opted for the most
logical choice in Ubuntu 6.06 server. So be prepared: this installation will be
done completely by command line. And there will be a lot of commands to run.
First things first
The first thing you are going to need to do is install Ubuntu Server 6.06 LTS. The
good news is that this release is supported until 2011, so you won’t have to
worry about security fixes not being released as they arise. Once you have
downloaded the ISO image use K3B (or something similar) to burn the disk.
Install the server and prepare for the installation. (Warning: It’s a text-only installation.)
Because you will be using Ubuntu, you’ll be using the sudo command a lot. There will be no root
password, so the password you create for the created user (during installation)
will be the password you use. However, when I use Ubuntu and sudo, I always create a root
password because it bypasses a lot of problems created when trying to do
installations of certain applications (or configurations of MySQL, for instance).
To do this, run sudo passwd
and enter the new “root” password. Once this is done, you are
ready to rock.
The first thing you are going to do is set up remote
administration with SSH. In case this server will most likely wind up a
headless server (or in case you need to administer it remotely), you will want
this installed. To do this issue, the following command: sudo
apt-get install ssh openssh-server. One of the main reasons I often do this
type of installation (via SSH)
is because if I need to google something I
don’t have to switch back and forth between machines. So now that you have ssh installed, move
over to a machine with access to the net and log into the Ubuntu server with SSH.
Now you can continue reading this article and install at the same time.
Prepping for
installation of software
You’ll use the apt-get command to install the
software for this installation. In order to do that, you’ll have to first edit
your sources to be able to find the proper software packages. To do this, issue
the following commands.
Backup your original sources list:
sudo cp /etc/apt/sources.list /etc/apt/sources.list.BACKUP
Now you have to go through the sources list and uncomment
all of the repositories listed in the sources.list
file. Go to /etc/apt, open up the sources.list
file, and remove all of the # to uncomment the sources. Or you could run the
command:
sudo sed -i -e "s/# deb/deb/g" /etc/apt/sources.list
Now we must update the apt
sources with the command:
sudo apt-get update
One final step before you start installing applications: You
have to be able to compile from source. By default, Ubuntu 6.06 server cannot
do this. So to make the server capable of this necessary action, issue the
command:
sudo apt-get
install build-essential
Once this is done, you’re ready to install.
Snort
The first thing you should do is install an intrusion
detection package. As Snort is the standard in Linux (as well as what
PacketFence suggests), we’ll use that. Issue the command:
sudo apt-get
install snort
Before you move on, you will need to stop Snort with the sudo /etc/init.d/snort
stop command. You will also need to make sure Snort does not start during
system boot (otherwise, PacketFence will not start up). To do this, use the update-rc.d command: sudo
update-rc.d -f snort remove. Now Snort has been
removed from the rc.d
run list.
MySQL
Because PacketFences uses a
database, you’ll have to install MySQL and take care of a few details with that
installation.
First, install MySQL with the command sudo
apt-get install mysql-server. Now it gets a bit
tricky. This is where I like to have a “root” password. Issue the
command sudo passwd
and enter a “root” password twice. Now you can log on as a
pseudo-root user. What you need to do now is change the MySQL password. By
default, the password is blank. This is not secure and PacketFence requires you
to have a root MySQL password. So issue the command mysql
-u root -p and hit [Enter] (there is currently no password). You should now
be at the mysql> command prompt. Now
enter the command:
SET PASSWORD FOR root@localhost=PASSWORD('NEWPASSWORD');
where NEWPASSWORD is the new
password you’ll use for the root MySQL user.
Now MySQL is up.
Apache and PHP
The first thing you need to do is install
Apache and all of the necessary modules, bells, and whistles. Here are the
steps:
sudo apt-get
install apache2 libapache2-mod-proxy-html
This installs Apache and the Proxy module. Now install PHP:
sudo apt-get
install libapache2-mod-php5 php-pear php5-mysql
php5-gd
This will install everything necessary for PHP.
Now all you have to do is to stop the Apache server and
prevent Apache from starting at boot. First run:
sudo /etc/init.d/apache2 stop
To stop Apache, run sudo
update-rc.d -f apache2 remove to remove Apache
from the rc.d
run list.
Perl and Perls’ modules
There are a number of Perl modules to install. To do so,
issue the following commands:
sudo apt-get
install perl-suid libterm-readkey-perl
libconfig-inifiles-perl libnet-netmask-perl
and
sudo apt-get
install libparse-recdescent-perl libnet-rawip-perl
libtimedate-perl libwww-perl
Perl is ready to go.
PacketFence
Finally, install the PacketFence application itself. You cannot
use apt-get to do the installation. You have to download the source,
unpack it, and run the enclosed installation. Download the latest stable
release (as of this writing, it is 1.6.2) with the wget
application. If wget doesn’t show up, you
might have to install with sudo apt-get
install wget.
The download will come from Sourceforge.
The current release address is: http://downloads.sourceforge.net/PacketFence/PacketFence-1.6.2.tar.gz,
so issue the commands:
sudo cd /usr/local/
sudo wget http://downloads.sourceforge.net/PacketFence/PacketFence-1.6.2.tar.gz
Unpack the tar
file with the command:
sudo tar xvzf PacketFence-1.6.2.tar.gz
which will create the /usr/local/pf directory.
Change into the pf directory and issue
the command to start the installer:
sudo ./installer.pl
You will now have to walk through a lot of questions
regarding the installation. Many of the defaults will work. Remember your MySQL
root user password. Also, allow the PacketFence installer to create the
necessary database for you. I tried many times to create the database with phpMyAdmin,
only to find the PacketFence system cannot then create the necessary tables for
the database.
Before you run the final step of the process, you will want
to create an SSL Certificate for security purposes. To do this, issue the
commands:
cd /tmp
openssl req -new > PacketFence.csr
openssl rsa -in privkey.pem
-out server.key
openssl x509 -in PacketFence.csr -out server.crt -req signkey
server.key -days 365
mv server.crt /usr/local/pf/conf/ssl/
mv server.key /usr/local/pf/conf/ssl/
rm -f PacketFence.csr privkey.pem
This will install a unique certificate for your machine
(instead of the included default).
Once you have completed the installation, you will then have
to run the configurator.pl to complete the install. The configurator basically sets up the type of
system you want to run. When you run it, you’ll be offered the following:
- Test mode
- Registration
- Detection
- Registration &
Detection - Registration, Detection
& Scanning - Session-based
Authentication
I suggest running the system in Test mode at first. Finish
answering the questions to complete the installation.
A few modifications
One issue I had upon completing the installation was that
the PacketFence start script couldn’t find the Apache startup script,
because it was looking for /usr/bin/httpd instead of /usr/bin/apache2,
as is installed in an Ubuntu server. To change this, you have to add a [service]
entry in the pf.conf file. Open up the /usr/local/pf/conf/pf.conf file in your favorite editor and add the
following lines to the end of that file:
[services]
httpd=/usr/sbin/apache2
Now, open the file /usr/local/pf/conf/templates/httpd.conf and
add the following:
ServerRoot /usr/lib/apache2
and then modify the line:
LoadModule php4_module
modules/libphp4.so
to reflect:
LoadModule php4_module /usr/lib/apache2/modules/libphp4.so
There were a number of other lines that had to be
modified. Because of the installation of Apache on Ubuntu, the necessary
modules must all reflect the /usr/lib/apache2/module
structure. So go through the entire /usr/local/pf/conf/templates/httpd.conf file
and change the module paths to reflect this. You will also need to uncomment
out the line for the php5 module (around line 79) and comment out the line for
php4 (around line 80).
Starting PacketFence
You can first test to make sure PacketFence is starting up
properly by running the command /usr/local/pf/bin/start. You should see nothing more than the
following:
Checking configuration sanity...
service|command
config files|start
iptables|start
httpd|start
pfmon|start
pfdetect|start
snort|start
Now stop the PacketFence system with the command /usr/local/pf/bin/stop.
Once you know this is starting properly you can then modify
the install so that the PacketFence startup script is installed and the rc.d system is
aware of it. To do this issue the following commands:
sudo cp /usr/local/pf/PacketFence.init
/etc/init.d/PacketFence
sudo chmod 755 /etc/init.d/PacketFence
sudo update-rc.d
PacketFence defaults
Restart the system with the command:
sudo /etc/init.d/PacketFence start
You are now up and running.
Logging in
Fire up a browser and point it to the IP address of the
PacketFence server with the 1443 port address added. So my address would be https://192.168.1.29:1443. Note: This is secure HTTP. You will see
a log in screen where you’ll enter your administrator name (by default it is admin)
and the password you created for the administrator.
Once you are logged in, you’ll see the main administrator
screen (see Figure A below).
From this point on, it’s all point and click.
A big job
PacketFence has been one of the more challenging
installations I have come across. Is it worth it? An old saying comes to mind:
“An ounce of prevention is better than a pound of a cure.” PacketFence
is the next big thing with network security and open source. This tool is huge,
and will gain popularity fast. And with the help of this article, you can
finally install the system with fewer headaches than I incurred.
Daily Tech Insider Newsletter
Stay up to date on the latest in technology with Daily Tech Insider. We bring you news on industry-leading companies, products, and people, as well as highlighted articles, downloads, and top resources. You’ll receive primers on hot tech topics that will help you stay ahead of the game.
Delivered Weekdays
