diff options
author | Vlad Glagolev | 2011-05-04 00:20:39 +0400 |
---|---|---|
committer | Vlad Glagolev | 2011-05-04 00:20:39 +0400 |
commit | 846f054447b7ea9d97a4b2d5ed8b99011afe243c (patch) | |
tree | a0082a5d090007c69ca5e036c929d3c4fd887831 | |
parent | 82679fbad38f508b87ee1332946da327cbfe7cbe (diff) |
knock: various fixes
-rwxr-xr-x | net/knock/DETAILS | 31 | ||||
-rw-r--r-- | net/knock/HISTORY | 9 | ||||
-rwxr-xr-x | net/knock/INSTALL | 6 | ||||
-rwxr-xr-x | net/knock/PRE_BUILD | 5 | ||||
-rw-r--r-- | net/knock/doc.patch | 30 | ||||
-rw-r--r-- | net/knock/init.d/knock.conf | 3 | ||||
-rwxr-xr-x | net/knock/init.d/knockd | 10 | ||||
-rw-r--r-- | net/knock/performance.patch | 48 |
8 files changed, 130 insertions, 12 deletions
diff --git a/net/knock/DETAILS b/net/knock/DETAILS index f1ca691d89..bf31d784ff 100755 --- a/net/knock/DETAILS +++ b/net/knock/DETAILS @@ -1,20 +1,27 @@ SPELL=knock VERSION=0.5 + PATCHLEVEL=1 SOURCE=$SPELL-$VERSION.tar.gz -SOURCE_DIRECTORY=$BUILD_DIRECTORY/$SPELL-$VERSION - SOURCE_URL[0]=http://www.zeroflux.org/proj/knock/files/$SOURCE - WEB_SITE=http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki +SOURCE_DIRECTORY="$BUILD_DIRECTORY/$SPELL-$VERSION" + SOURCE_URL[0]=http://www.zeroflux.org/proj/$SPELL/files/$SOURCE + WEB_SITE=http://www.zeroflux.org/projects/knock ENTERED=20060529 SOURCE_HASH=sha512:c5f7f3320d4d9a41847dba0cda4d66852f983db419b23d3bf9c83d44a41ba437379bf6cee47a096c600841e321740849dac26d5c3afff9b3ae0178a2fcb6c35e LICENSE[0]=GPL - SHORT="knockd is a port-knock server" + GATHER_DOCS=off + SHORT="port-knocking server and client" cat << EOF -knockd is a port-knock server. It listens to all traffic on an ethernet -(or PPP) interface, looking for special "knock" sequences of port-hits. -A client makes these port-hits by sending a TCP (or UDP) packet to a -port on the server. This port need not be open -- since knockd listens -at the link-layer level, it sees all traffic even if it's destined for a -closed port. When the server detects a specific sequence of port-hits, -it runs a command defined in its configuration file. This can be used to -open up holes in a firewall for quick access. +Port knocking is a stealthy system for network authentication across closed +ports. + +knockd is a port-knock server. It listens to all traffic on an ethernet (or PPP) +interface, looking for special "knock" sequences of port-hits. A client makes +these port-hits by sending a TCP (or UDP) packet to a port on the server. + +This port need not be open -- since knockd listens at the link-layer level, +it sees all traffic even if it's destined for a closed port. When the server +detects a specific sequence of port-hits, it runs a command defined in its +configuration file. + +This can be used to open up holes in a firewall for quick access. EOF diff --git a/net/knock/HISTORY b/net/knock/HISTORY index 51b62397b4..a98c432d34 100644 --- a/net/knock/HISTORY +++ b/net/knock/HISTORY @@ -1,3 +1,12 @@ +2011-05-03 Vlad Glagolev <stealth@sourcemage.org> + * DETAILS: PATCHLEVEL=1; quoting paths; updated descriptions and urls + * INSTALL: added, to install init script + * PRE_BUILD: added, to apply patches + * init.d/knock{d,.conf}: added init system + * performance.patch: added, to reduce CPU usage on live capture, reread + logfiles on HUP and remove randomness on a client side, fix build + * doc.patch: added, to install knockd manpage to a proper place + 2006-10-03 Juuso Alasuutari <iuso@sourcemage.org> * DETAILS: [automated] Removed UPDATED. diff --git a/net/knock/INSTALL b/net/knock/INSTALL new file mode 100755 index 0000000000..e3021a8078 --- /dev/null +++ b/net/knock/INSTALL @@ -0,0 +1,6 @@ +default_install && + +if [[ $INIT_INSTALLED ]]; then + install_config_file "$SPELL_DIRECTORY/init.d/knock.conf" \ + "$INSTALL_ROOT/etc/sysconfig/knock" +fi diff --git a/net/knock/PRE_BUILD b/net/knock/PRE_BUILD new file mode 100755 index 0000000000..4b1de84443 --- /dev/null +++ b/net/knock/PRE_BUILD @@ -0,0 +1,5 @@ +default_pre_build && +cd "$SOURCE_DIRECTORY" && + +patch -p0 < "$SPELL_DIRECTORY/doc.patch" && +patch -p0 < "$SPELL_DIRECTORY/performance.patch" diff --git a/net/knock/doc.patch b/net/knock/doc.patch new file mode 100644 index 0000000000..f6b1bf70c5 --- /dev/null +++ b/net/knock/doc.patch @@ -0,0 +1,30 @@ +--- Makefile.in.orig 2005-06-27 09:11:34.000000000 +0400 ++++ Makefile.in 2011-05-03 23:48:18.147684188 +0400 +@@ -28,6 +28,7 @@ + BINDIR = @bindir@ + SBINDIR = @sbindir@ + MANDIR = @mandir@ ++DATADIR = @datadir@ + + INSTALL = @INSTALL@ + INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS) +@@ -70,9 +71,9 @@ + install: all + $(INSTALL) -D -m0755 knockd $(DESTDIR)$(SBINDIR)/knockd + $(INSTALL) -D -m0755 knock $(DESTDIR)$(BINDIR)/knock +- $(INSTALL) -D -m0644 $(MANSRC)knockd.1 $(DESTDIR)$(MANDIR)/man1/knockd.1 ++ $(INSTALL) -D -m0644 $(MANSRC)knockd.1 $(DESTDIR)$(MANDIR)/man8/knockd.8 + $(INSTALL) -D -m0644 $(MANSRC)knock.1 $(DESTDIR)$(MANDIR)/man1/knock.1 +- $(INSTALL) -D -m0644 knockd.conf $(DESTDIR)/etc/knockd.conf ++ $(INSTALL) -D -m0644 knockd.conf $(DESTDIR)/$(DATADIR)/knockd/knockd.conf + + clean: + rm -f *~ $(OBJDIR)*.o $(MANSRC)*.1 +--- doc/knockd.1.in.orig 2005-06-29 22:45:17.000000000 +0400 ++++ doc/knockd.1.in 2011-05-03 23:49:01.259684649 +0400 +@@ -1,4 +1,4 @@ +-.TH knockd 1 "June 26, 2005" "knockd #VERSION#" "" ++.TH knockd 8 "June 26, 2005" "knockd #VERSION#" "" + .SH NAME + knockd \- port-knock server + .SH SYNOPSIS diff --git a/net/knock/init.d/knock.conf b/net/knock/init.d/knock.conf new file mode 100644 index 0000000000..292431358e --- /dev/null +++ b/net/knock/init.d/knock.conf @@ -0,0 +1,3 @@ +# For the arguments and description see knockd(8) + +KNOCKD_ARGS="" diff --git a/net/knock/init.d/knockd b/net/knock/init.d/knockd new file mode 100755 index 0000000000..bed98729ed --- /dev/null +++ b/net/knock/init.d/knockd @@ -0,0 +1,10 @@ +#!/bin/bash + +. /etc/sysconfig/knock + +PROGRAM=/usr/sbin/knockd +ARGS="-d $KNOCKD_ARGS" +RUNLEVEL=3 +PIDFILE=/var/run/knockd.pid + +. /etc/init.d/smgl_init diff --git a/net/knock/performance.patch b/net/knock/performance.patch new file mode 100644 index 0000000000..010de107ea --- /dev/null +++ b/net/knock/performance.patch @@ -0,0 +1,48 @@ +--- src/knockd.c.orig 2005-06-27 09:11:34.000000000 +0400 ++++ src/knockd.c 2011-05-03 23:41:20.133684648 +0400 +@@ -46,6 +46,7 @@ + #include <syslog.h> + #include <pcap.h> + #include <errno.h> ++#include <limits.h> + #include "list.h" + + static char version[] = "0.5"; +@@ -193,7 +194,7 @@ + } + } + +- cap = pcap_open_live(o_int, 65535, 0, 0, pcapErr); ++ cap = pcap_open_live(o_int, 65535, 0, 1000, pcapErr); + if(strlen(pcapErr)) { + fprintf(stderr, "could not open %s: %s\n", o_int, pcapErr); + } +@@ -371,7 +372,18 @@ + } + list_free(doors); + ++ if(logfd) { ++ fclose(logfd); ++ logfd = NULL; ++ } + parseconfig(o_cfg); ++ if(strlen(o_logfile)) { ++ /* open the log file */ ++ logfd = fopen(o_logfile, "a"); ++ if(logfd == NULL) { ++ perror("warning: cannot open logfile"); ++ } ++ } + return; + } + +--- src/knock.c.orig 2005-06-27 09:11:34.000000000 +0400 ++++ src/knock.c 2011-05-03 23:35:39.297684650 +0400 +@@ -128,6 +128,7 @@ + connect(sd, (struct sockaddr*)&addr, sizeof(struct sockaddr)); + } + close(sd); ++ usleep(1); + } + + return(0); |