当前位置: 首页 > Linux学院 > 业界新闻 > PacketFence v2.2.0发布 开源NAC网络接入控制

PacketFence v2.2.0发布 开源NAC网络接入控制

2011-05-04 21:55 来源:风信网 作者:末信 人气指数: 我要评论

Packetfence是一个网络工作接口控制系统,提供了DHCP指纹和注册,检测反常的网络工作活动,那些容易被攻击,隔离有问题的设备并且通过入口就行修正。

PacketFence是开源NAC (网络接入控制) 中的佼佼者,它可靠、容易配置,且构建于未修改的开源代码之上(Fedora, LAMP, Perl,Php and Snort)。PacketFence的设计目的是要在不同种类的环境中运行,并且它使用了“不可知厂商隔离”(vendor-agnostic isolation)技术,其中包括DHCP范围改变和ARP高速缓存处理技术(“被动”模式)等。

新版本增加对包括 Motorola Wireless, 3Com 4200G, E4800G, and E5500G, and Dlink DGS3100 在内的新硬件的支持;更简单的无线和 802.1X 安装配置;新的关于用户数报表;改进和简化设备阻塞;修复了大量bug。

PacketFence 2.2.0发行说明:

New Hardware Support

  • Motorola RF Switches (Wireless Controllers)
  • 3Com Switches 4200G, E4800G and E5500G now supports MAC Authentication and 802.1X
  • Dlink DGS 3100 Switches

New features

  • Captive Portal network access detection is more accurate and way faster (javascript-based)
  • Easier integration and configuration of FreeRADIUS 2.x using our new packetfence-freeradius2 RPM
  • Apache configuration is automatically adjusted on startup based on system resources to avoid performance degradation on heavy workloads (#1204)
  • New reports: Nodes per SSID (#1126) and Connection-Type (#1125)
  • User-Agent violation support completely re-written. It is now easier than ever to block devices or old browsers from your network. (#769, #1192)
  • Administrators can now modify and preview remediation pages from the Web Admin
  • VoIP autodetection in Wired 802.1X and Wired MAC Authentication can now use CDP / LLDP if available (#1175)
  • Kerberos Authentication on the Captive Portal (Thanks to Brad Lhotsky from NIH)

Enhancements

  • Moved several configuration files from conf/templates/ into conf/ (#1166)
  • SSL certificate configuration for httpd is now in a separate file that is not overwritten by packages making it easier to maintain (#1207)
  • 3Com Super Stack 4500 now uses SNMP for MAC authorization (port-security)
  • OS Class ID are now visible when viewing DHCP Fingerprints (#1181)
  • Log levels can be changed without a restart (#748)
  • Process ID information in the logs for some daemons
  • Captive Portal minor usability improvements
  • Reorganized default violation classes to be more coherent and self-documented
  • More violation classes validation on startup (#992)
  • Improved database configuration error reporting
  • DHCP fingerprints sharing now allows submitter to send computer name, user-agent and a contact email to help us identify the devices better (#983)
  • Meru module now supports firmware version identification
  • Improvements in the logrotate script (#1198)
  • MAC address format xxxx-xxxx-xxxx supported in our FreeRADIUS' module
  • Removed unused configuration parameters (#767)
  • Refactoring of the code base (#1058)
  • New DHCP fingerprint for Cisco SPA series IP Phone, Mikrotik, Freebox, AeroHive Hive AP, Ubuntu Server, Suse Linux Desktop 11, Synology NAS, Polycom Conference IP Phone and Generic Intel PXE

Documentation

  • Improvement to the samba configuration provided in the administration guide to fix uid mapping issues (#1205)
  • FAQ entry: Active directory integration in registration network
  • Updated Developer documentation regarding how to support new wireless hardware
  • Wired 802.1X and MAC Authentication corrections in Network Devices Guide
  • Minor corrections to the Administration Guide (#743)

Bug Fixes

  • Fixed an important problem with VoIP in Wired 802.1X and Wired MAC Authenication modes (#1202)
  • Fixed important Nortel support regressions (introduced in 2.1.0: #1183, #1195)
  • Fixed an issue with the Meru module: If the controller sent SNMP traps to PacketFence a thread would crash. Hopefully this configuration is not required and is rarely done. Regression prevention tests have been added.
  • Fixed an issue with pfcmd-initiated VLAN re-evaluation if you assign VLANs based on a client's connection-type (which is not the default)
  • Fixed DHCP fingerprint sharing upload form
  • Violation grace no longer ignores time modifiers like minutes (#1154)
  • Fixed OS id not visible when dhcp-fingerprint view is filtered (#1180)
  • Fixed rare case of Web Admin user account corruption causing homepage to become status/dashboard instead of status/dashboard.php (#1196)
  • Warning avoidance in Extreme Network modules
  • installer and configurator scripts no longer output passwords on the terminal (#1021)
  • Fixed warnings and improved error reporting in our FreeRADIUS module (#1176)
  • Fixed broken person lookups if username is an email address (#1206)
  • Fixed Web Admin which referred to an inexistent Meru MC3000 module (it was renamed Meru::MC in 2.0.1)
  • Fixed overly aggressive Web Administration password validation (#1209)

Translations

  • New German (de) translation (Thanks to Tino Matysiak of Meetyoo Conferencing)

下载地址:

Source

packetfence-2.2.0.tar.gz
SHA1 sum: d3e2cde25f4c63886a47a0fcd707c7299e7388ab

RHEL5/CentOS5 RPM

packetfence-2.2.0-2.el5.noarch.rpm
SHA1 sum: 39590901e96791be1bc3fcfaf02c6391309d08c1

packetfence-freeradius2-2.2.0-2.el5.noarch.rpm
SHA1 sum: 0b67b739920b3c7dce53a87024f7cc3f9d5bd2f3

packetfence-remote-snort-sensor-2.2.0-2.el5.noarch.rpm
SHA1 sum: 1c604b4021d3e2624e1be177d982106c43fb6124

大家感兴趣的内容
小伙伴最爱的新闻
小伙伴还关注了以下信息
小伙伴关注的焦点

小伙伴都在关注的热门词

新服 缤纷活动 航海世纪 芈月传 暗黑道具 萌乐网 苹果发布会 最新谍照 三国令 剑雨江湖 怎样修炼战骑 页游 怎样修炼伙伴 木甲世界 仙侠道2 推黑科技 页游模式 武圣试炼场 街机玩法 蓝月传奇 个人BOSS玩法 哥们网 九阴绝学 仗剑出鞘 全新模式 范伟打天下 全新元神玩法 七大神兵简介 新手攻略 跑腿任务 门派五行 城战礼包 页游界 泥石流 傅园慧 经典网页游戏 耐玩 盘点 玉石攻略 提升角色 大黑 实装属性 神兵攻略 问鼎莽荒 莽荒纪 手持神兵 土豪梦 万世 开学清单 财富赚不停 天书世界 大黑游戏 资源战场 ppwan 天问 激战 全国大战 雄霸一方 新增宠物技能 绝对小能手 花千骨 三尾章鱼 风色轨迹 双枪手 弑之神 缤纷好礼 惊喜六重连 帮会 中秋福利 自制月饼 九阴真经 玩家 五周年纪念 纪念银币 名动三界 新服资料片 画江山 勇战妖魔 邪恶势力 上古降魔 老司机玩法 坐骑揭秘 黑科技 竞技场攻略 铁血皇城 披风玩法 书剑恩仇录 装备强化攻略 野外BOSS玩法 全网曝光 赤壁传说 半回合制国 ACT 奇珍商城 热血战歌 传奇宝藏抽奖 打开方式 门徒 门徒获取玩法 三大萌宠简介