Program Guard allows the user of a Linux workstation to specify which application programs that are allowed TCP/IP connections to the Internet (Internet addresses are defined as any IP address not in the range of 10.0.0.0/24 or 192.168.0.0/16).
The application program names can be specified by listing them in a file (Static Mode) by querying the user (Query Mode). In Query Mode, when a program that is unknown to Program Guard attempts to access an Internet IP address, Program Guard displays the Program Guard Dialog Box.
In addition to providing connection information, this dialog box gives the workstation user the option of allowing the program to access the Internet or to be blocked from accessing the Internet. This can be done either for the current instance of the program or for this and all future instances of the program (Make Persistent checkbox).
Currently, the program names that are allowed or denied Internet access apply to all users of the workstation rather than on a per user basis. For example, if Program Guard is running in Query Mode and user A invokes a program previously blocked from Internet access by user B, the program will be blocked from Internet access for User A as well.
Connections blocked by Program Guard are logged to the Program Guard log file pgrd.log. It is located in the /var/log/pgrd directory. If desired, Program Guard can be configured to log all Internet connection attempts rather than just those that have been blocked.
Program Guard was tested on Fedora Core 1 and Fedora Core 3 on single processor 32 bit X86 Intel processors. It has not been tested on other distributions or on multi-processor machines. While it works on Fedora Core 1, it will not build on a standard Linux 2.4.x kernel due to task_struct definitions that were not made until Linux 2.6. If there is enough interest, a version that runs under a standard Linux 2.4 kernel may be made available.
To run in Query Mode, Gnome 2.x and Glade 2.x are required. There are no prerequisites for Static Mode.
Program Guard consists of three components: a kernel module; a daemon; and a Gnome GUI user interface component. All files needed to build the components are in the pgrd.tgz file. An installation shell script install-pgrd is provided for Fedora distributions.
It will build/install (or remove) the kernel module and daemon as well as configure them to be started automatically when the system is booted. To invoke it, type install-pgrd < install | remove >. This script may or may not be useable as is for other Linux distributions.
If you modify the install script, please note that the module, daemon and various support files must be installed in the /opt/pgrd directory for Program Guard to work properly (this is already handled when using the install script as provided). To run in Query Mode, each user must be configured by invoking the install-pgrd_user < username > script. And by going to the Preferences->More Preferences->Sessions selection in the Fedora Main Menu and adding pgrdgui to the Startup Programs tab.
Program Guard will be started the next time the machine is rebooted. If you do not wish to reboot, you may start Program Guard manually as described below in Manual Starting And Stopping. Note: If starting manually and using Query Mode, once the daemon and kernel module are started, make sure that you log out and log back in.