Compilation and Installation of PSAD for IPFire Firewall

Introduction

This article is about compilation and installation of PSAD (Port Scan Attack Detector) for IPFire (Linux based firewall). However, a development environment for the IPFire  will be setup for the compilation of new plugin (PSAD in this case). Details about the configuration and usage of PSAD tool is available in our previous article.

Setting IPFire Development Environment

Prerequisites for the development environment of IPFire includes:

  • Ubuntu 16.04 LTS OS with latest updates
  • Installation of following required packages
git gcc g++ make bzip2 realpath
  • Hardware resources such as 5-6 GB disk space  & 6 GB RAM to reduce compilation time.

Similarly, IPFire development environment can be setup on other Linux distributions. Install following packages which are required for the compilation of source code on Ubuntu distribution. Git tool is used to clone source code on the development system.

aptitude install git gcc g++ make bzip2 realpath

Installation of the compiler and other prerequisites for IPFire

IPFire Source Tree

Currently, following  two repositories of IPFire source code are available on the github site.

  • IPFire 2.x   (stable released)
  • IPFire 3.x 

In this tutorial, we have considered IPfire 2.x source code repository for the compilation of new plugin.

git clone git://git.ipfire.org/ipfire-2.x.git

Clone the source tree with Git

The following snapshot shows the latest updates in the IPFire-2.x repository

Latest IPFire Snapshot

In the next step, run the following command to  download the source code of IPFire packages.

./make.sh downloadsrc

Run make.sh

Current machine is 64 bit so now pre-compiled tool chain will be download to compile the source. The following command is used to download toolchain on the development system.

./make.sh gettoolchain

Get the toolchain

After successful cloning of IPFire, downloading of source packages and toolchain, next step is to start build process. First, IPFire firewall will be compiled without any changes. After that desired plugin will be included and re-compiled to create PSAD package for IPFire environment.  Newly created a package with ipfire extension will be moved to IPFire VM for the installation of PSAD package.

Compilation of IPFire

The last step is to run the following command to build the source code. Make sure enough disk space should be on the development system and build command is run under user root.

./make.sh build

For 32-bit system.

linux32 ./make.sh build                

compile IPFire

The first-time build process will take few hours to complete. However, it can be reduced using good hardware resources on the development system. Build script of IPFire performs following four stages.

  1. Building LFS  (Building Linux From Scratch system) and it contains scripts for the installation of packages.
  2. Building IPFire
  3. Building installer
  4. Building Packages

Compiler output while compiling IPFire

The following snapshot shows the Building LFS step.

Building LFS

Building IPFire step is shown below.

Building IPFire

The following snapshot shows the Installer building step.

Installer Building Step

Finally, packages compilation process of the build process.

package compilation

IPFire compilation will take many hours  (13 hours in this case) as shown in the following screenshot. 

IPFire compilation takes long

In the end, IPFire build script generates iso, xen and img output files as shown below. Build script also calculates the md5 checksum of generated iso file. 

The resulting ISO and XEN image

Finally, the compilation of IPfire from the source code is completed and ready to install in the VM.   It is recommended to login as a root on development system to run  build process.

Installation of IPFire

IPFire firewall can be setup using iso which is generated by the build script. Detailed steps on the IPFire installation is not included in this tutorial. After installation, following windows appear which shows the version of Linux Kernel (3.14.73-ipfire 1686).

IPFire Installation

The web interface of IPFire device accessed using IP address (192.168.1.150:444) of the green interface. IPFire version info is also given on the Fireinfo sub menu.

IPFire Web Interface

Building PSAD addon

Directly, PSAD tool cannot be compiled  on the IPFire. So development system is required to compile the source code of new addon for IPFire platform. Development environment of IPFire is already setup in the above section.

Following are the requirements for the compilation of new source code on IPFire development environment.

  • Create a compilation script for the desired addon or package and place it in the lfs\ directory (under ipfire-2.x\lfs\)
  • Addition of addon script in the build script make.sh

Compilation script for PSAD is created for package psad-2.4.1.tar.gzDownload the lfs script and place it under lfs directory inside the ipfire-2.x and MD5 checksum is created for psad-2.4.1.tar.gz in the lfs script.

PSAD Addon

PSAD lfs script is shown in following snapshots.

PSAD LFS script

IPFire LFS

Modification in the make.sh build script for PSAD addon is shown below.

Modify make.sh

For the compilation of new addon, following build command will be run two times. As shown in the screenshot that psad is successfully included in the build script.

./make build

make build

The output of first build command is shown in the following figure that rootfile for PSAD is missing.

make output

The name of addon rootfile is same as package/file name (psad-2.41) and exists inside the log directory.

name of addon root file

As shown in the following figure, copy the psad-2.4.1 file into config/rootfiles/packages path and rename it as lfs of  package/file name which is placed in the lfs directory.

psad-2.4.1 file

cp log/psad-2.4.1 config/rootfiles/packages/psad

CP command

Rootfile of the addon contains a list of all files removed, changed or added by the install script.Run the following command to remove "+" from the rootfile of PSAD as shown below.

sed -i 's/+//g' config/rootfiles/packages/psad

Edit PSAD file with SED

It is required to include PakFire (IPFire package management system) routine such as install,uninstall and update in the new addon. First of all, create a directory (psad) inside the src/paks same as lfs of the package name. Copy default routine from src/paks/default/* into the src/paks/psad and customize it accordingly.

PakFire

Again run the build command for the compilation of source code of PSAD.

./make build

make build command

As shown below, PSAD addon (psad-2.4.1-2.ipfire) is successfully compiled on the IPFire environment and placed in the packages directory.

The resulting addon

PSAD installation on IPFire

Now, PSAD package will be installed on the IPFire. As shown below, compiled package is copied on the already installed IPFire.

PSAD Installation on IPFire

Make sure that compiled package must be under /opt/pakfire/tmp path.

Check package path

The package is extracted for installation using the following command.

 tar -xvf psad-2.4.1-2.ipfire

unpack the package with tar

List of PSAD addon files is shown below.

List of PSAD files.

Following windows shows the installation of PSAD addon on the IPFire.

  ./install.sh

Run install.sh

The install script output

Following figure shows the PSAD tool help on IPFire environment.

PSAD help

In this article, new feature or addon is included the well-known Linux-based firewall "IPFire". PSAD tool is used to automatically block the malicious traffic using IPtables. Compilation of PSAD for IPFire environment is our contribution.

Share this page:

0 Comment(s)