Dev Anand wrote:
Hi All ,
Is it possible to quarantine a system by placing it in different vlan by OpenRadius ?
If so can somebody guide me on the steps that can be tried .
The situation is like this : System already having an IP address , but found to be infected with a virus-worm. So it needs to be quarantined automatically .
Thanks in advance, -Deva - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I think the best way to tackle this would be mac auth and I dont think its very smart to put the machine into "quarantine" just contacted the person who's responsable for the machine and tell him to wipe it instead of having a vlan full of infected machines... Phil Mayers gave an good sample on how to do this <--- snip --> The man page is pretty clear Do something like: modules { passwd mac2ok { filename = /etc/raddb/mac2ok format = "*Calling-Station-Id:~My-Local-String" hashsize = 100 } # other modules } authorize { preprocess mac2ok files # other modules } Make "/etc/raddb/mac2ok" read: # macaddress:ok 008012323244:ok 002938475473:ok ...then in "users" put: DEFAULT My-Local-String != "ok", Auth-Type := Reject Reply-Message = "calling station id not allowed", Fall-Through = No # Other config items Depending on the version of the server, you might need the following in /etc/raddb/dictionary: ATTRIBUTE My-Local-String 3000 string ...where 3000 can be any number between 3000 and 4000 and My-Local-String is an arbitrary name you can use for a local config attribute. <-- snip --> Then just create an script to add and remove macaddresses to the file /etc/raddb/mac2ok .... Best regards Johann B.