Horatio is a firewall authentication software that verifies user identity before allowing access to a network.
Horatio operates by providing a separate and untrusted network that connects to the internal network and the Internet through a firewall that, by default, does not allow any traffic. Upon a successful connection, a legitimate user's device is assigned an IP address by a DHCP server like dhcpd. However, the host is still unable to establish a connection outside the untrusted network.
To gain access to the rest of the network, the user must access Horatio's web server, which runs on the firewall machine. Here, the user can provide their username and password to the authorizing system. Once validated, the firewall rules are adjusted to permit access to the network. If the user forgets to log out, a periodic rollcall using fping detects the device's activity and removes it from the access list.
Horatio logs all web and network activity using syslog to track log-ins, log-outs, web accesses, rollcalls, and process starts and stops. The software employs Linux ipchains, HTTPS support using OpenSSL, and Perl modules IO::Socket::SSL, Net::SSLeay, and HTTP::Daemon::SSL. The scripts for the firewall and host list management are written in Bash. For more details on Horatio, see the horatio(8) man page, horatio-firewall(8) for the firewall, and horatio-hostlist(8) for the host management guide.
The latest release of the software adds Timeout to HTTPS daemon logging and allows for logins/logouts with HTTP/HTTPS. The new features add to Horatio's already established reliability and security, making it an excellent choice for network authentication and protection.
Version 1.7: N/A