Horatio 1.7 reviewDownload
The Horatio system is a firewall authentication tool
The Horatio system is a firewall authentication tool. The premise: Legitimate users want to attach laptops and other mobile hosts to the network, but security demands that illegitimate users be prevented from accessing the internal, secure network and from abusing the general Internet. The approach taken by Horatio is to provide a separate, untrusted, network that only connects to the internal network (and thus to the Internet) through a firewall that by default does not pass any traffic.
When a legitimate user connects his or her host, it is assigned an address by a DHCP server (such as dhcpd), but is unable to contact anything outside the untrusted network. The user must must point a web browser at the horatio web server, which runs on the firewall machine, and provide a username and password.
When leaving, the user can log out, removing his or her host from the access list. If the user does not log out, a periodic rollcall (using fping) will detect that the host is no longer accessible and remove it from the access list.Once the username and password have been validated, the firewall rules are modified and are allowing the access to the rest of the network.
The horatio server uses syslog to log the actions it takes, including log-ins, log-outs, web accesses, rollcalls, and process starts and stops. The firewall uses Linux ipchains. HTTPS support is provided using OpenSSL, and the Perl modules IO::Socket::SSL, Net::SSLeay, and HTTP::Daemon::SSL. The firewall and host list management scripts are written in Bash.
For more information, see the horatio(8) man page. More details about the firewall are available in the horatio-firewall(8) man page and about the host management in the horatio-hostlist(8) man page.
What's New in This Release:
horatio.in: Added Timeout to HTTPS daemon, log logins/logouts with HTTP/HTTPS
Horatio 1.7 keywords