Dev Anand wrote:
Hi All ,
Is it possible to quarantine a system by placing it in different vlan
by OpenRadius ?
If so can somebody guide me on the steps that can be tried .
The situation is like this :
System already having an IP address , but found to be infected with a
virus-worm.
So it needs to be quarantined automatically .
Thanks in advance,
-Deva
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
I think the best way to tackle this would be mac auth
and I dont think its very smart to put the machine into "quarantine"
just contacted the person
who's responsable for the machine and tell him to wipe it instead of
having a vlan full of infected machines...
Phil Mayers gave an good sample on how to do this
<--- snip -->
The man page is pretty clear
Do something like:
modules {
passwd mac2ok {
filename = /etc/raddb/mac2ok
format = "*Calling-Station-Id:~My-Local-String"
hashsize = 100
}
# other modules
}
authorize {
preprocess
mac2ok
files
# other modules
}
Make "/etc/raddb/mac2ok" read:
# macaddress:ok
008012323244:ok
002938475473:ok
...then in "users" put:
DEFAULT My-Local-String != "ok", Auth-Type := Reject
Reply-Message = "calling station id not allowed",
Fall-Through = No
# Other config items
Depending on the version of the server, you might need the following in
/etc/raddb/dictionary:
ATTRIBUTE My-Local-String 3000 string
...where 3000 can be any number between 3000 and 4000 and
My-Local-String is an arbitrary name you can use for a local config
attribute.
<-- snip -->
Then just create an script to add and remove macaddresses to the file
/etc/raddb/mac2ok ....
Best regards
Johann B.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
