Monday, December 23, 2013

Vuurmuur and Centos 6.5

Today I got to play around with my centos box and I decided to install Vuurmuur.  The install on centos is pretty easy.

Basically, go to the site and download the tarball.  Follow the steps located here.  Once you think you have everything ready to go, make sure to start vuurmuur before you run the config.  I know this seems initiative enough, but I was under the impression that I would configure it before I ran it.  Oh well.

The last piece would be installing conntrack-tools.  I did not have this in any repos that I had configured, so I decided to build it from scratch.  Note that the latest version of conntrack-tools requires dependencies greater than that that are included in the base repos (such as libnfnetlink).  You are better off just building everything from scratch.  The default install location for the dependencies are in /usr/local/lib.  Pkg-config will not find this location by default.  I ended up using the PKG_CONFIG_PATH environment variable to set the location of the .pc files.  Conveniently they are located in /usr/local/lib/pkgconfig.

I think the end goal here is to install suricata and plug it into Vuurmuur.  I do want to spend some time playing around with the base features, however.

So far I have built a few rules (SNAT and such) and played around with the logging and connection list features.  They seem easy enough to use and quite powerful actually.  Vuurmuur seems to have some built in anti-spoof protection among other things.  It is interesting to do an iptables --list and check out what Vuurmuur has done to it!