diff --git a/README.md b/README.md index e1791d6b..77c9b99f 100644 --- a/README.md +++ b/README.md @@ -1,25 +1,21 @@ # UTMFW -UTMFW is a UTM firewall running on OpenBSD 5.9. UTMFW is expected to be used on production systems. The UTMFW project provides a Web UI for monitoring and configuration. You can also use [A4PFFW](https://github.com/sonertari/A4PFFW) and [W4PFFW](https://github.com/sonertari/W4PFFW) for monitoring. UTMFW supports deep SSL inspection and inline intrusion prevention. +UTMFW is a UTM firewall running on OpenBSD. UTMFW is expected to be used on production systems. The UTMFW project provides a Web User Interface (WUI) for monitoring and configuration. You can also use [A4PFFW](https://github.com/sonertari/A4PFFW) and [W4PFFW](https://github.com/sonertari/W4PFFW) for monitoring. UTMFW supports deep SSL inspection and inline intrusion prevention. You can find a couple of screenshots on the [wiki](https://github.com/sonertari/UTMFW/wiki). -The installation iso file for the amd64 arch is available for download at [utmfw59\_20171017\_amd64.iso](https://drive.google.com/file/d/0B3F7Ueq0mFlYNkNseG5vblN0QjA/view?usp=sharing). Make sure the SHA256 checksum is correct: ec62bc4a5b94ed65d68645275b880a3dc227b57240c8787c86d23243e63fe579. +The installation iso file for the amd64 arch is available for download at [utmfw62\_20171024\_amd64.iso](https://drive.google.com/file/d/0B3F7Ueq0mFlYV20wbUhOUkZybXc/view?usp=sharing). Make sure the SHA256 checksum is correct: 8da9aba59ca8b5c01ab176a33c8457f2d01880e04f1d7e95952df719312fea79. -UTMFW is an updated version of ComixWall. However, there are a few major changes, such as SSLproxy, Snort Inline IPS, PFRE, E2Guardian, and many fixes and improvements to the system and the WUI. Also note that UTMFW 5.9 comes with OpenBSD 5.9-stable including all updates until October 17th, 2017. +UTMFW is an updated version of ComixWall. However, there are a few major changes, such as SSLproxy, Snort Inline IPS, PFRE, E2Guardian, and many fixes and improvements to the system and the WUI. Also note that UTMFW 6.2 comes with OpenBSD 6.2-stable including all updates until October 23rd, 2017. -UTMFW supports deep SSL inspection of HTTP, POP3, and SMTP protocols. SSL/TLS encrypted traffic is decrypted by [SSLproxy](https://github.com/sonertari/SSLproxy) and fed into UTM services: Web Filter, HTTP Proxy, POP3 Proxy, SMTP Proxy, Virus Scanner, Spam Filter, and Snort Inline IPS. These UTM software are modified to support the mode of operation required by the SSLproxy. +UTMFW supports the deep SSL inspection of HTTP, POP3, and SMTP protocols. SSL/TLS encrypted traffic is decrypted by [SSLproxy](https://github.com/sonertari/SSLproxy) and fed into the UTM services: Web Filter, HTTP Proxy, POP3 Proxy, SMTP Proxy, Virus Scanner, Spam Filter, and Inline IPS. These UTM software are modified to support the mode of operation required by the SSLproxy. ## Features -UTMFW includes the following software, alongside what is already available in a basic OpenBSD 5.9 installation: +UTMFW includes the following software, alongside what is already available in a basic OpenBSD installation: - SSLproxy: Transparent SSL/TLS proxy for deep SSL inspection - PFRE: Packet Filter Rule Editor -- Apache Web server -- PHP -- ISC DNS server -- Symon system monitoring software - E2Guardian: Web filter, anti-virus using ClamAV, blacklists - Snort: Intrusion detection and inline prevention system, with the latest rules - SnortIPS: Passive intrusion prevention software @@ -27,11 +23,14 @@ UTMFW includes the following software, alongside what is already available in a - SpamAssassin: Spam scanner - P3scan: Anti-virus/anti-spam transparent POP3 proxy - Smtp-gated: Anti-virus/anti-spam transparent SMTP proxy -- Dante: SOCKS proxy - Squid: HTTP proxy +- Dante: SOCKS proxy - IMSpector: IM proxy which supports IRC and others. - OpenVPN: Virtual private networking +- Symon system monitoring software - Pmacct: Network monitoring via graphs +- ISC DNS server +- PHP ![Console](https://github.com/sonertari/UTMFW/blob/master/screenshots/Console.png) @@ -58,7 +57,7 @@ Download the installation iso file mentioned above and follow the instructions i A few notes about UTMFW installation: -- Thanks to a modified auto-partitioner of OpenBSD 5.9, the disk can be partitioned with a recommended layout for UTMFW, so most users don't need to use the label editor at all. +- Thanks to a modified auto-partitioner of OpenBSD, the disk can be partitioned with a recommended layout for UTMFW, so most users don't need to use the label editor at all. - All install sets including siteXY.tgz are selected by default, so you cannot 'not' install UTMFW by mistake. - OpenBSD installation questions are modified according to the needs of UTMFW. For example, X11 related questions are never asked. - Make sure you have at least 2GB RAM. And an 8GB HD should be enough. @@ -87,7 +86,7 @@ References: ## How to build -The purpose in this section is to build the installation iso file using the createiso script at the root of the project source tree. You are expected to be doing these on an OpenBSD 5.9 and have installed git on it. +The purpose in this section is to build the installation iso file using the createiso script at the root of the project source tree. You are expected to be doing these on an OpenBSD 6.2 and have installed git, gettext, and doxygen on it. The createiso script: @@ -99,13 +98,13 @@ The createiso script: However, the source tree has links to OpenBSD install sets and packages, which should be broken, hence need to be fixed when you first obtain the sources. Make sure you see those broken links now. So, before you can run createiso, you need to do a couple of things: - Install sets: - + Obtain the sources of OpenBSD 5.9. + + Obtain the sources of OpenBSD. + Copy the files under `openbsd/utmfw` to the OpenBSD sources to replace the original files. You are advised to compare the original files with the UTMFW versions before replacing. - + Build an OpenBSD 5.9 release, as described in [release(8)](https://man.openbsd.org/release) or [faq5](https://www.openbsd.org/faq/faq5.html). + + Build an OpenBSD release, as described in [release(8)](https://man.openbsd.org/release) or [faq5](https://www.openbsd.org/faq/faq5.html). + Copy the required install sets to the appropriate locations to fix the broken links in the project. - Packages: + Download the required packages available on the OpenBSD mirrors. - + Create the packages which are not available on the OpenBSD mirrors and/or have been modified for UTMFW: sslproxy, e2guardian, squid, p3scan, smtp-gated, snort, imspector, snortips, rrdtool 1.6.0 with patches, and libevent 2.1.8 (see `ports` and `ports/disfiles`). + + Create the packages which are not available on the OpenBSD mirrors and/or have been modified for UTMFW: sslproxy, e2guardian, squid, p3scan, smtp-gated, snort, imspector, snortips, and libevent 2.1.8 (see `ports` and `ports/disfiles`). + Copy them to the appropriate locations to fix the broken links in the project. Note that you can strip down xbase and xfont install sets to reduce the size of the iso file. Copy or link them to the appropriate locations under `openbsd/utmfw`.