As mentioned previously, gwcontrol is the heart of the Eagle. On startup, it reads the authorization file, securely stored
on the A Box and waits for connection or service request. The
authorization file is a powerful, centrally controlled rule-based
system (set up and tuned by the system administrator) to control access
to your network. The rules determine which hosts are authorized to get
into or out of the protected network, when access through the
protected network is permitted, which types of access are permitted,
and what frequency of successful or unsuccessful access to the
protected network is cause for alarm. Unless a specific rule permits
access into or out of your protected network, access is denied.
See Chapter for more details.
When a telnet or ftp connection is made, the modified daemon contacts gwcontrol with the source and destination machine names. Gwcontrol then looks through the list of allowed connections, and responds either with a completed connection or denial of access accordingly. If it allows a connection, it then adds that to its list of current connections. The following information is retained for each connection and is visually presented using the display program on the G box's console:
Gwcontrol maintains a log of all attempted and completed
connections (including when initiated and terminated). System errors
will also be sent to the log (see Appendix ), as will
any diagnostic information if suspicious activity is detected.
Archived log files are created on a daily basis. This makes it easier
to track down possible security violations by limiting the log entries
that have to be examined.
The system administrator can immediately terminate any connection with display. The process id of the connection's daemon is sent a terminate signal and a message is written in the log. You must be physically at the G box's console to terminate a connection.
If a possible security breach is detected, a trace of the network route back to the offending host will be written into the logfile.
The log file is kept on the G box. For security reasons,
there is no way that you can reach this machine from inside your network.
To specify where you are going to archive this file, you must edit the
changelogfile script to mail it to the desired system (see Section
).