Documentation

Get Started

Download the latest packaged release of osMUD or direct source code from the osMUD GitHub repo.

Instructions for how to install and deploy osMUD are provided in the source repository:

• Install and deploy osMUD

Requirements

osMUD requires a compatible network architecture capable of providing integration with the following network components

• Compatible firewall
• DHCP server that can extract the MUD Url in DHCP header packet for MUD Enabled Devices

Supported Hardware

osMUD is currently targeting the OpenWRT platform. However osMUD can be compiled for most C compatible environments to run osMUD outside of OpenWRT. Running osMUD outside of OpenWRT will require you to install the above two components.

Supported Network Architecture

osMUD currently supports networks that use DHCP. Future work may be done to allow for protocols supporting Radius or LLDP compatibility.

Required Components Status

We are working on making the dnsmasq DHCP server compatible with reading a MUD Url included in DHCP headers when the device enters a network.

Currently only theOpenWRT firewall is compatible with osMUD.

More DHCP servers & firewalls will be supported soon. Ask how you can help or let us know which dhcp server/firewall would be great to support next! Provide feedback to the osMUD developers

Architecture

MUD Vocabulary

• MUD File – A MUD file is a JSON file conforming to the YANG data modeling language that includes MUD specific concepts described in the IETF specification. The MUD File describes a device and allowed network behaviors.
• MUD URL – URL which tells the MUD Manager where to look for the MUD File. Typically a device will transmit the MUD URL to the MUD manager via DHCP, RADIUS, or LLDP.
• MUD File Server – Web server hosting MUD File/s.
• MUD Manager – Listens for information on MUD Enabled Devices including a MUD Url through integrations with network services including DHCP. The MUD Manager retrieves MUD File(s) from a MUD File Server and parses, processes, and communicates with network services on how to handle security settings for the device. osMUD is an implementation of a “MUD Manager”.

How osMUD communicates with DHCP

State of osMUD

What osMUD does:

• Implements MUD via DHCP
• Downloads MUD file from MUD file server
• Downloads MUD signature file from MUD file server
• Implements MUD file rules for vertical movement (external requests)
• Compatible with OpenWRT firewall

What osMUD does NOT do yet:

• Does NOT implement MUD via LLDP
• Does NOT implement MUD via protocols supporting X509 certificates
• Does NOT validate the signature across the MUD file
• Does NOT implement MUD file rules for lateral movement
• Does NOT communicate with other firewalls (non OpenWRT Firewall)

Limitations

https://github.com/osmud/osmud#known-limitations

Future Work

https://github.com/osmud/osmud#future

Using osMUD

Configuring osMUD manager

Other

How to set up a MUDfile server

How to build a MUDfile

How to test/validate a MUDfile

How to create code signing cert