Network Access Control with Linux

Question

Are there any projects to provide NAC support in Linux? My main aim is to accept/deny access to other network on a Linux Firewall after asking the operating systems' NAC agents about the client's health.

For example: if the client has no antivirus installed, this Linux will block the client's traffic.

Some switches have such capabilities. Is it possible in Linux?

Possibly of interest? http://www.opennac.org/opennac/en.html — , Mar 11 '17 at 23:58

Mike Pennington · Answer 1 · 2011-10-20T21:17:49.300

5

It sounds like you are looking for packetfence... it runs under Linux...

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful guest management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.

You need to use packetfence + nessus (nessus wikipedia article) to enforce anti-virus policy

edited Oct 20 '11 at 21:17

answered Oct 20 '11 at 21:09

Mike Pennington

8,305
9
44
87

How can it check the all antivirus signatures are installed on the client? AFAIK, there is a protocol to talk with end user agents for checking. Does packetfence supports it? – seaquest Oct 22 '11 at 07:18
There's not one protocol for that communication: each NAC system has its own. You probably need an agent on the clients, or an application with credentials on those clients, to test AV levels. – Bill Weiss Jun 05 '12 at 14:10

Network Access Control with Linux

1 Answers1