发布于 2017-04-24 01:02:09 | 209 次阅读 | 评论: 0 | 来源: 网友投递
Packetfence 网络接入控制
PacketFence是开源NAC (网络接入控制) 中的佼佼者,它可靠、容易配置,且构建于未修改的开源代码之上(Fedora, LAMP, Perl, and Snort)。PacketFence的设计目的是要在不同种类的环境中运行,并且它使用了“不可知厂商隔离”( vendor-agnostic isolation)技术,其中包括DHCP范围改变和ARP高速缓存处理技术(“被动”模式)等。
PacketFence v7.0 发布了,这是一个主要版本,具有新特性,增强功能和重要的错误修复。该版本可用于生产环境使用,强烈建议从旧版本升级。详情更新如下:
新特性
Added provisioning support for SentinelOne (PR#1294)
Added MariaDB Galera cluster support (PR#2002/PR#2023/PR#2039/PR#2040/PR#2041/PR#2043/PR#2044/PR#2070/PR#2076/PR#2079/PR#2080/PR#2082/PR#2090)
All services are now handled by systemd (PR#2010)
IPv6 network stack in PacketFence (PR#2024)
New Golang-based HTTP dispatcher (#1301/PR#2029/PR#2067)
New Golang-based pfsso service to handle the firewall SSO requests (#1144/PR#2037/PR#2062)
Revamped Web administration interface (PR#2108)
增强
SNMP traps are now handled in pfqueue (PR#1656)
Added the ability to grant CLI write access for Extreme Networks switches (PR#1699)
Added a distributed cache for the accounting information to safely disable the SQL accounting records in active/active clusters (PR#1715)
Reduced the number of ipset calls when adding ports for Active Directory (PR#1886)
pfmon tasks have their own configuration file (PR#1918)
new command "pfcmd pfmon" - for running pfmon tasks via pfcmd (PR#1918)
CentOS repositories (packetfence and packetfence-devel) packages are now signed (PR#1946)
Added way to unregister devices that were inactive for a certain amount of time (maintenance.node_unreg_window) (PR#1948)
Added a new last_seen column to nodes table to track their last activity (Authentication, HTTP portal, DHCP) (PR#1948)
Delete nodes based on the new last_seen column instead of looking at the last DHCP packet (PR#1948)
iplog: Floored lease time for "tolerance" (#1965/PR#1968)
Can now restart the switchport where a node is connected from the administration interface (PR#2006)
Added interface description to location entries (PR#2007)
New pffilter filtering engine (PR#2032)
Ability to manage multiple "active" endpoints behind a single switchport (PR#2034)
pfdhcplistner now runs as a master-worker style service (PR#2036)
Added a winbindd wrapper for the PacketFence managed winbindd processes (#2065/PR#2038/PR#2069)
Added a caddy middleware for rate limiting the concurrent connections (PR#2055)
Updated the Ruckus SmartZone module to use the most recent webauth technique available (PR#2059/PR#2088)
Added vsys support for PaloAlto firewall SSO modules (PR#2061)
Portal Profile has been renamed to Connection Profile (PR#2066)
Moved common flows / process of DHCP processors in base class (PR#2086)
Removed PacketFence-Authorization-Status attribute from the RADIUS replies to prevent RADIUS replies from being discarded due to an unknown attribute (#2085/PR#2087)
Added option to fetch users one by one in the NTLM cache instead of all together (PR#2093)
New parallel testing infrastructure (PR#2094)
Roles are now stored in a configuration file for easier backup and management (PR#2097)
Tightened up HAproxy's SSL termination security (#893/#410/#411/#412)
Tightened up Apache's encryption security by requiring TLS v1.2 support only and restricted cipher suites (#893/#410/#411/#412)
Clickjacking attack prevention enforcement for recent browsers (PR#2111)
Cross-site scripting (XSS) filtering is now requested from your browser (PR#2114)
Dell N2000 series support (#675/PR#2115)
All logging is now done through syslog (PR#2124)
IP forwarding is now activated by default per PacketFence package installation (#2145/PR#2146/PR#2148/PR#2149)
Added more fine grain stats for the captive portal (#1962/PR#2173)
Many documentation improvements (PR#2136/PR#2214)
Bug 修复
Fixed addition of an UDP SRV record port as a TCP port (PR#1886)
Restored pf::api compatibility to Sourcefire module (#2048/PR#2019)
Avoid opening a double entry with wrong accounting values (PR#2113)
Added the ability to "format" the CN when using PKI (#2116/PR#2119)
pfdhcplistener doesn't work on a monitor interface (#1377)
pfqueue stats: Outstanding Task Counters isn't accurate (#1726)
pfdhcplistener: Segfaulting when keepalived transitions quickly from backup/master/backup (#1737)
pfdhcplistener takes a minute to die (#1791)
captive-portal: i18n labels for dynamic fields (#1911)
有关升级说明,请参阅 完整的更改列表 和 UPGRADE.asciidoc 文件。