Installing Packages

Packages are managed at System > Packages. The listings there, exemplified by Figure Package Listing, show all of the information about a package: Its name, category, version and status, a package information link, and a short description. Keep the installed packages to the bare minimum required for a deployment for extra security. The package list is presented in alphabetical order.

Packages are installed as follows: - Navigate to System > Packages

  • Click the Available Packages tab
  • Locate the package to install in the list
  • Optionally, search for a package by entering a value in the Search term box and clicking
  • Click Install button to the right of the package entry.

Confirm to proceed with the package installation Once the installation is confirmed, the package installation screenis shown where the install progress is displayed.

Reinstalling and Updating Packages

Packages are reinstalled and updated the same way they are installed: - Navigate to System > Packages

  • Click the Installed Packages tab, the list will look like Figure Installed Package List
  • Locate the package to reinstall or update in the list. If there is a newer version available than is installed, the Package Version column will be highlighted stating the old and new versions.
  • Click to update or reinstall packages
  • Click Confirm to proceed with the package reinstallation

Uninstalling Packages

To uninstall a package:

  • Navigate to System > Packages
  • Click the Installed Packages tab
  • Locate the package to uninstall in the list
  • Click delete buttan to remove the package
  • Click right Confirm to proceed with the package removal

Introduction to Packages

Many of the packages have been written by the DefenseBolt community and not by the DefenseBolt development team. The available packages vary quite widely, and some are more mature and well-maintained than others. There are pack- ages which install and provide a GUI interface for third-party software, such as Squid, and others which extend the functionality of DefenseBolt itself, like the OpenVPN Client Export Utility package which automatically creates VPN configuration files.

By far the most popular package available for DefenseBolt is the Squid Proxy Server. It is installed more than twiceas often as the next most popular package: Squidguard, which is a content filter that works with Squid to control access to web resources by users. Not surprisingly, the third most popular package is Lightsquid, which is a Squid log analysis package that makes reports of the web sites which have been visited by users behind the proxy.

Some other examples of available packages (which are not Squid related) are:

  • Bandwidth monitors that show traffic by IP address such as ntopng, and Darkstat.
  • Extra services such as FreeRADIUS.
  • Proxies for other services such as SIP and FTP, and reverse proxies for HTTP or HTTPS such as HAProxy.
  • System utilities such as NUT for monitoring a UPS.
  • Popular third-party utilities such as nmap, iperf, and arping.
  • BGP Routing, OSPF routing, Cron editing, Zabbix agent, and many, many others.
  • Some items that were formerly in the base system but were moved to packages, such as RIP (routed) As of this writing there are more than 40 different packages available; too many to cover them all in this book! The full list of packages that can be installed on a particular system is available from within any DefenseBolt system by browsing to System > Packages .

The packages screen may take a little longer to load than other pages in the web interface. This is because the firewall fetches the package information from the DefenseBolt package servers before the page is rendered to providethe most up-to- date package information. If the firewall does not have a functional Internet connection including DNS resolution, this will fail and trigger a notification. If the package information has been retrieved previously, it will be displayed from cache, but the information will be outdated. This is usually caused by a missing or incorrect DNS server configuration. For static IP connections, verify working DNS servers are entered on the System > General Setup page. For those with dynamically assigned connections, ensure the DNS servers assigned by the ISP are functioning. This traffic will only go via the default gateway on the firewall, so ensure that gateway is up or change another active WAN gateway to be the default.