Instructions for how to install and deploy osMUD are provided in the source repository:
osMUD requires a compatible network architecture capable of providing integration with the following network components
- Compatible firewall
- DHCP server that can extract the MUD Url in DHCP header packet for MUD Enabled Devices
osMUD is currently targeting the OpenWRT platform. However osMUD can be compiled for most C compatible environments to run osMUD outside of OpenWRT. Running osMUD outside of OpenWRT will require you to install the above two components.
Supported Network Architecture
osMUD currently supports networks that use DHCP. Future work may be done to allow for protocols supporting Radius or LLDP compatibility.
Required Components Status
We are working on making the dnsmasq DHCP server compatible with reading a MUD Url included in DHCP headers when the device enters a network.
Currently only theOpenWRT firewall is compatible with osMUD.
More DHCP servers & firewalls will be supported soon. Ask how you can help or let us know which dhcp server/firewall would be great to support next! Provide feedback to the osMUD developers
- MUD File – A MUD file is a JSON file conforming to the YANG data modeling language that includes MUD specific concepts described in the IETF specification. The MUD File describes a device and allowed network behaviors.
- MUD URL – URL which tells the MUD Manager where to look for the MUD File. Typically a device will transmit the MUD URL to the MUD manager via DHCP, RADIUS, or LLDP.
- MUD File Server – Web server hosting MUD File/s.
- MUD Manager – Listens for information on MUD Enabled Devices including a MUD Url through integrations with network services including DHCP. The MUD Manager retrieves MUD File(s) from a MUD File Server and parses, processes, and communicates with network services on how to handle security settings for the device. osMUD is an implementation of a “MUD Manager”.
State of osMUD
What osMUD does:
- Implements MUD via DHCP
- Downloads MUD file from MUD file server
- Downloads MUD signature file from MUD file server
- Implements MUD file rules for vertical movement (external requests)
- Compatible with OpenWRT firewall
What osMUD does NOT do yet:
- Does NOT implement MUD via LLDP
- Does NOT implement MUD via protocols supporting X509 certificates
- Does NOT validate the signature across the MUD file
- Does NOT implement MUD file rules for lateral movement
- Does NOT communicate with other firewalls (non OpenWRT Firewall)
Configuring osMUD manager