Free policy software for linux

The Net-Policy project allows system administrators to configure and manage their entire network at once. It is initially designed to configure firewall and IPsec connections across an entire network.

Net-policy contains the following components:
net-policy:
This is the core network manager. It is a generic SNMP-based manager and is capable of managing any information configurable via SNMP. It is currently web based with a few more interfaces (Tk, CLI, ...) planned or partially implemented. Its SNMP engine is based on the OpenSNMP and Net-SNMP toolkits. It runs on top of a PostgreSQL database.

After checking out the SVN source code or downloading the tar ball for the net-policy project, run ./np-install as root to help guide you through a complete installation using our graphical installer.

Configurable optional pieces
The net-policy manager is capable of managing the following modules. The management system above is already capable of managing
np-cerberus: A IPsec implementation for linux based on the 2.4 kernel. This code is derived from NISTs IPsec reference project. We ported the code to the 2.4 kernel and added some IPtables specific pieces and re-released it here (with their permission).
np-plutoplus: A IKE implementation which runs on top of np-cerberus. This is code is derived from NISTs IKE reference project. It has been instrumented with SNMP support using the Net-SNMP toolkit.

Policy Daemon project is an anti-spam plugin for Postfix (written in C) that does Greylisting, Sender-(envelope, SASL or host / ip)-based throttling (on messages and/or volume per defined time unit), Recipient rate limiting, Spamtrap monitoring / blacklisting, HELO auto blacklisting and HELO randomization preventation.
Enhancements:
- Merged OSX -L < libdir > vs. -L< libdir > fix into v1.8x branch
- Added quirk for SIGPIPE on Apple
- Added quirk for some versions of NetBSD which dont have SO_NOSIGPIPE
- Added error message that if we cannot find how to handle SIGPIPE on the host platform to contact the devel mailing list
- Make "stats" command a bit better aligned
- Be paranoid bout our read buffer size check
- Better check to see if weve run out of available slots, if we have emit a warning and close connection
- Fixed potential buffer overflow when line length exceeds MAXLINE

SELinux Policy Editor (seedit) is a tool to make SELinux policies easy to apply. SELinux Policy Editor was originally developed by Hitachi Software.

SELinux Policy Editor is composed of Simplified Policy and tools. Simplified Policy is a policy described by Simplified Policy Description Language (SPDL) which hides the details of SELinux configurations by using name-based configration and reducing the number of permissions.

SELinux Policy Editor includes a GUI to generate SPDL so adminstrators do not have to remember syntax of the language. There are also command line tools in the package.

Following is example policy for Apache using SPDL.
domain httpd_t;
program /usr/sbin/httpd;
allow /var/www/** r,s;
allownet -protocol tcp -port 80 server;

As you see from the example type is not used. You can use file names and port numbers for configuration.

You can try SELinux Policy Editor on Fedora Core 5. It will not affect existing SELinux policies so it is possible to revert to the default SELinux easily.

ACL Policy Daemon is a program that communicates with the Postfix MTA using the Policy Delegation Protocol implementing an ACL (Access Control List) system, making very easy to improve and create nice controls on your e-mail traffic. You can use it to verify SPF records to.

The project is developed using Python and has no other dependencies and licensed by GPL version 2.

The rules are loaded from a regular text file. It is planned to load the rules from a SQL database or LDAP directory in the future.

Greylisting functionality will be implemented soon.

For news and updated information about ACL Policy Daemon, you can always check the project page at GNA: https://gna.org/projects/apolicy/

Installation:

You must have Python installed, version 2.3 or above. Run python to check:
miguel@debian:~$ python

Python 2.4.4c0 (#2, Jul 30 2006, 15:43:58)

[GCC 4.1.2 20060715 (prerelease) (Debian 4.1.1-9)] on linux2

Type "help", "copyright", "credits" or "license" for more information.
>>>

It is very easy to install apolicy. In some distributions, Postfixs daemons are located in /usr/libexec/postfix, check your distribution.

The following commands should do just fine, you must be root:

debian:~# tar zcf apolicy-0.3.tar.gz
debian:~# cp apolicy-0.3/src/apolicy.py /usr/lib/postfix/
debian:~# chmod 755 /usr/lib/postfix/apolicy.py
debian:~# mkdir /etc/apolicy/
debian:~# cp apolicy.conf /etc/apolicy/
debian:~# chmod 644 /etc/apolicy/apolicy.conf
debian:~# echo "apolicy unix - n n - - spawn" >> /etc/postfix/master.cf
debian:~# echo " user=nobody argv=/usr/lib/postfix/apolicy.py" >> /etc/postfix/master.cf

The apolicy.conf is a sample file with examples, you must edit it to fit your needs.

Install the complementary modules for apolicy. We will install 3 packages: apolicy, pyspf and pydns. Note that the directory that contains Python libraries is not the same on all operating systems. Sometimes it is inside /usr/lib or /usr/libexec, and may be named python or python< version >:

debian:~# mkdir /usr/lib/ /site-packages/apolicy
debian:~# mkdir /usr/lib/ /site-packages/spf
debian:~# mkdir /usr/lib/ /site-packages/DNS
debian:~# cp apolicy-0.3/src/apolicy/* /usr/lib/ /site-packages/apolicy
debian:~# cp apolicy-0.3/src/spf/* /usr/lib/ /site-packages/spf
debian:~# cp apolicy-0.3/src/DNS/* /usr/lib/ /site-packages/DNS
debian:~# echo apolicy > /usr/lib/ /site-packages/apolicy.pth
debian:~# echo spf > /usr/lib/ /site-packages/spf.pth
debian:~# echo DNS > /usr/lib/ /site-packages/DNS.pth

Before setting Postfix, it is wise to test apolicy and check if everything is right. The configuration file is loaded by default from /etc/apolicy/apolicy.conf, you can use -c parameter to change to point where your configuration file is. It is possible to debug your configuration using the parameter -d, it will send a lot of output to syslog mail facility:

debian:~# /usr/lib/postfix/apolicy.py -d

The program must keep running and waiting input from stdin. Take a look at mail.log for any problem. You can press ctrl+c to finish it. If no errors happened, then lets move forward.

Finally, add to your main.cf:

smtpd_recipient_restrictions =
reject_unlisted_recipient
...
reject_unauth_destination
check_policy_service unix:private/apolicy

For the size acl works, apolicy need to be called this way:

smtpd_end_of_data_restrictions = check_policy_service unix:private/apolicy

Bio::Location::CoordinatePolicyI is an abstract interface for objects implementing a certain policy of computing integer-valued coordinates of a Location.

SYNOPSIS

# get a location, e.g., from a SeqFeature
$location = $feature->location();
# examine its coordinate computation policy
print "Location of feature ", $feature->primary_tag(), " employs a ",
ref($location->coordinate_policy()),
" instance for coordinate computationn";
# change the policy, e.g. because the user chose to do so
$location->coordinate_policy(Bio::Location::NarrowestCoordPolicy->new());

Objects implementing this interface are used by Bio::LocationI implementing objects to determine integer-valued coordinates when asked for it. While this may seem trivial for simple locations, there are different ways to do it for fuzzy or compound (split) locations. Classes implementing this interface implement a certain policy, like always widest range, always smallest range, mean for BETWEEN locations, etc. By installing a different policy object in a Location object, the behaviour of coordinate computation can be changed on-the-fly, and with a single line of code client-side.

NetSPoC is a tool for security managment of large computer networks with different security domains. It generates configuration files for packet filters which are controlling the borders of security domains.
NetSPoC provides its own language for describing the security policy and topology of a network. The security policy is a set of rules that state which packets are allowed to pass the network and which not. NetSPoC is topology aware: a rule for traffic from A to B is automatically applied to all managed packet filters on the path from A to B.
Currently NetSPoC generates ACLs and static routing entries for
Cisco routers with or without firewall feature set,
PIX firewalls and
Linux iptables and ip route.
It supports network address translation, virtual IP addresses for redundancy protocols like VRRP and some dynamic routing protocols.
IPSec encryption is supported as well. A powerful syntax allows to easily define a large number of crypto tunnels of either a hub and spoke topology or a fully meshed topology. Crypto rules define which type of traffic needs to be encrypted. Crypto configuration for Cisco IOS routers and PIX firewalls is generated.
NetSPoCs text based specification language is well suited for integration with CVS or other version control systems. A script is provided for tagging a policy and saving it to a policy database.
This software is actively developed with perl 5.8 under linux. It should be portable to other platforms where perl is available.
Enhancements:
- VERSION:
- TODO:
- NEWS.html:
- Prepare version 3.0.
- index.html: Mentioned crypto. Removed links to email addresses to reduce SPAM. Removed CSPM stuff.
- Netspoc.pm:
- Made code 64 bit clean. This was necessary for complement and left-shift operations on 32 bit IP addresses.

The Fedora Project is an openly-developed project designed by Red Hat, open for general participation, led by a meritocracy, following a set of project objectives.
The goal of The Fedora Project is to work with the Linux community to build a complete, general purpose operating system exclusively from open source software. Development will be done in a public forum.
The project will produce time-based releases of Fedora Core about 2-3 times a year, with a public release schedule.
The Red Hat engineering team will continue to participate in building Fedora Core and will invite and encourage more outside participation than in past releases.
By using this more open process, we hope to provide an operating system more in line with the ideals of free software and more appealing to the open source community.
Main features:
- Support for the PowerPC (PPC) architecture.
- GCC 4.0
- GNOME 2.10
- KDE 3.4 includes new accessibility features. You can manage these new features in KDS Control CenterRegional & AccessibilityAccessibility.
- Native Eclipse 3.1M6 (part of a free Java stack)
- MySQL 4.1
- PHP 5.0
- Xen 2 (virtualization to run multiple versions of an OS)
- GFS 6.1-0.pre22 (cluster file system)
- Evince 0.2.1 (universal document viewer)
- GDM 2.6 - Includes early login capability
- SELinux This release includes coverage for 80 new daemons by the targeted policy. There are changes to the handling of Booleans. The targeted policy is enabled by default.

APL project is a general purpose C++ template class library.
All the code is placed in header files, so no compilation is required. You just have to #include the header file.
The classes are implemented using Policy Based Design. When you use the class you decide how it should behave.
Includes rich set of routines working with:
- file systems
- sockets
- threads
- mutexes
- internet protocols
- networks
- various parsers (including XML)
- databases
- process management
- and much more...
Platform and compiler independent.
The following is a sample code for reading the file contect into std::string class:
std::string content ;
apl::AFile file ;
file.load("file.dat",content) ;
Enhancements:
- serial: rewritten serial class.