Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fork of Matasano's flint
Ruby JavaScript
branch: master

Merge git://github.com/emerose/flint

latest commit 2ed07ac06e
Craig Brozefsky authored

README

# Flint -- a firewall rule analyzer

## Supported firewalls:

At the moment Flint only works with Cisco PIX/ASA.  Support for Cisco
IOS, BSD PF, and Linux IPTables is in the works.  Please let us know
which platforms you are interested in.

## Installing the FlintVM

The FlintVM is a VMWare image based on Ubuntu JeOS 8.04 (Hardy Heron)
image provided by Joao Inacio <jcinacio at gmail dot com> and
available at:  <http://www.jcinacio.com/projects/vmware-ubuntujeos-804/>

It will configure it's network using DHCP.  Check the VM console for the address it was assigned.
Flint starts up listing on port 4567.  So you can access it at <http://<ip of vm>:4567

### Virtual Machine Login Details:

    username: flint
    password: flint

Please login and change the flint user's password immediately.

## Installing from Source

You will need a development environment.  On Mac OSX that means XCode.
On Ubuntu/Debian Linux is would be that `build-essentials` and
`libc6-dev` packages.

You will also need Ruby, along with the usual tools, rake and gem.

To install all required gemsand supporting software:

    rake install

To start the web interface:

    rake app

This will start a Sinatra server listening on port http://localhost:4567.  Point your browser at that.

## Running Flint

The default user is: admin/admin77

## Developers

You will need the rspec, racc, and rdoc gems.  You can use `bundle install` to pull in those gems.  

Assuming you want to hack on the lexers, Ragel is available at: http://www.complang.org/ragel

## Project Layout

* `lib`

  Ruby code for the Flint module, as well as the support modules for
  specific firewall types.

* `app`

  The sinatra app which provides an interface to Flint.

* `checks`

  Contains all of firewall rule checks that Flint uses.  Each firewall
  has it's own subdir for example:

      checks/<firewall>/*.ftg

  Rule checks are defined in Flint Test Group files, each one defines
  a specific test group, and it's associated checks.  The
  `checks/test` subdir contains a set of dummy tests which exercise
  the UI and the Flint test result classes.

* spec

  RSpec tests for Flint.

* vendor
  
  Third party code that we depend upon.
Something went wrong with that request. Please try again.