Flint is a "free, open source web-based firewall rule scanner" written by
Matasano Security.
To begin with, grab Flint from
here. It's available from the Matasano
git repository or via
source archive.
Next you want to check out the README file.
...## Installing
gem install ./matasano_utils-0.1.gem
gem install ./Ralex-0.1.gem
It also needs the following gems:
* sinatra
* haml
* ohm
* rdiscount
* compass
* bcrypt-ruby
Flint also requires a working Redis 1.2.3+
Redis is available at http://code.google.com/p/redis/
Note, the Ubuntu redis-server package is too old.
## Running
* Start redis
* The first time you run, you will need to do run 'rake init'
* 'rake app'
This will start a Sinatra server listening on port 4567. Point your browser at that.
Hurray! There are instructions.
Check your list of installed ruby gems with the command
'gem list' and install any gems that you don't already have. Personally, it seems like I have to (metaphorically) sacrifice a chicken to get ruby gems installed in the correct directory, in the path, and working right. But that's just me.
If you haven't stopped reading already, you will have noticed that
Redis is required to get Flint working. Get the latest stable version of Redis
here. Redis is a "persistent key-value database with built-in net interface written in ANSI-C for Posix systems". Check out the Redis
Quick Start page for getting Redis up and running.
Now we're down to the 'Running' section of the README. Hopefully you actually read the Quick Start page for Redis and saw the './redis-server' command - it's kind of important and you should do that now.
Next, you want to be sitting in the Flint directory. Run 'rake init', followed by 'rake app'. This should notify you along the way that flint was brought up successfully and it has been given a default account of admin/admin77.
If you've gotten this far, do as the good README says and point your browser to
http://localhost:4567 and see if everything went right. This is what the login screen looks like:
If something didn't go right you may get an error like this:
NoMethodError at /
undefined method `path' for #
* file: login.rb
* location: nil
* line: 11
Okay. That's what it looks like when there is a user error. Remember what I said about the chickens? I was missing the
Rack gem. It turns out that you need that gem installed so that you can use the path method from the
Request class.
After you upload a configuration file, here is what the Overview page looks like:
Looks like there is a firewall out there that needs some help. I'll leave the rest of the exploration up to you.
Overall, Flint delivers and makes my brain hurt less when compared to a manual review of firewall rules. The GUI is pretty self-explanatory and easily navigable. I'll be keeping an eye on it as it improves over time.