ports/94626: [NEW PORT] security/knock - flexible port knocking server and client
Shaun Amott
shaun at inerd.com
Mon May 1 15:20:18 UTC 2006
The following reply was made to PR ports/94626; it has been noted by GNATS.
From: Shaun Amott <shaun at inerd.com>
To: Sergey Matveychuk <sem at FreeBSD.org>
Cc: bug-followup at FreeBSD.org, freebsd-ports-bugs at FreeBSD.org
Subject: Re: ports/94626: [NEW PORT] security/knock - flexible port knocking server and client
Date: Mon, 1 May 2006 16:11:06 +0100
On Mon, May 01, 2006 at 01:55:25PM +0000, Sergey Matveychuk wrote:
>
> Synopsis: [NEW PORT] security/knock - flexible port knocking server and client
>
> State-Changed-From-To: open->feedback
> State-Changed-By: sem
> State-Changed-When: Mon May 1 13:55:24 UTC 2006
> State-Changed-Why:
> Ask for submitter fix.
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=94626
>
The author has completely restructured his site, and I can't find the
distfile anywhere. I have re-made the port with my CVS patch integrated;
I will host the distfile until the author releases a new version.
Tinderbox tested on: 5.x (sparc64)
----- Begin knockd.shar -----
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# knock
# knock/files
# knock/files/knockd.sh.in
# knock/files/patch-knockd.conf
# knock/Makefile
# knock/pkg-descr
# knock/distinfo
#
echo c - knock
mkdir -p knock > /dev/null 2>&1
echo c - knock/files
mkdir -p knock/files > /dev/null 2>&1
echo x - knock/files/knockd.sh.in
sed 's/^X//' >knock/files/knockd.sh.in << 'END-of-knock/files/knockd.sh.in'
X#!/bin/sh
X
X# PROVIDE: knockd
X# REQUIRE: DAEMON
X# BEFORE: LOGIN
X
X. %%RC_SUBR%%
X
Xname="knockd"
Xrcvar=`set_rcvar`
Xload_rc_config $name
X
Xknockd_enable=${knockd_enable:-"NO"}
Xknockd_flags=${knockd_flags:-"-d"}
X
Xcommand="%%PREFIX%%/bin/knockd"
Xpidfile="%%RUNDIR%%/knockd.pid"
Xrequired_files="%%PREFIX%%/etc/knockd.conf"
X
Xrun_rc_command "$1"
END-of-knock/files/knockd.sh.in
echo x - knock/files/patch-knockd.conf
sed 's/^X//' >knock/files/patch-knockd.conf << 'END-of-knock/files/patch-knockd.conf'
X--- knockd.conf.orig Thu May 6 22:56:03 2004
X+++ knockd.conf Fri Mar 17 23:39:01 2006
X@@ -1,15 +1,16 @@
X [options]
X logfile = /var/log/knockd.log
X+ interface = fxp0
X
X [openSSH]
X sequence = 7000,8000,9000
X seq_timeout = 5
X- command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
X+ command = /sbin/ipfw -q add pass proto tcp src-ip %IP% dst-port 22
X tcpflags = syn
X
X [closeSSH]
X sequence = 9000,8000,7000
X seq_timeout = 5
X- command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
X+ command = /sbin/ipfw -q delete pass proto tcp src-ip %IP% dst-port 22
X tcpflags = syn
X
END-of-knock/files/patch-knockd.conf
echo x - knock/Makefile
sed 's/^X//' >knock/Makefile << 'END-of-knock/Makefile'
X# New ports collection makefile for: knock
X# Date Created: 2006-03-17
X# Whom: Shaun Amott <shaun at inerd.com>
X#
X# $FreeBSD$
X#
X
XPORTNAME= knock
XPORTVERSION= 0.5.20051124
XCATEGORIES= security
XMASTER_SITES= http://mirror.inerd.com/FreeBSD/distfiles/${PORTNAME}/
X
XMAINTAINER= shaun at inerd.com
XCOMMENT= A flexible port-knocking server and client
X
XGNU_CONFIGURE= yes
X
XOPTIONS= SERVER "Install knockd server" on \
X CLIENT "Install knock client" on
X
XRUNDIR= /var/run
XSUB_LIST= RUNDIR=${RUNDIR}
X
X.include <bsd.port.pre.mk>
X
X.if defined(WITH_SERVER)
XMAN1= knockd.1
XUSE_RC_SUBR= knockd.sh
XPLIST_FILES+= bin/knockd
XPLIST_FILES+= etc/knockd.conf.sample
X.endif
X
X.if defined(WITH_CLIENT)
XMAN1+= knock.1
XPLIST_FILES+= bin/knock
X.endif
X
Xpre-configure:
X.if defined(WITHOUT_SERVER) && defined(WITHOUT_CLIENT)
XIGNORE= at least one component must be selected for installation
X.endif
X
Xpost-patch:
X @${REINPLACE_CMD} -e "s#%%PREFIX%%#${PREFIX}#g" \
X -e "s#%%RUNDIR%%#${RUNDIR}#g" \
X -e "s#eth0#fxp0#g" \
X ${WRKSRC}/src/knockd.c
X
X @${REINPLACE_CMD} -e "s/#VERSION#/${PORTVERSION}/g" \
X -e "s#eth0#fxp0#g" \
X ${WRKSRC}/doc/knock.1.in \
X ${WRKSRC}/doc/knockd.1.in
X
Xdo-install:
X.if defined(WITH_SERVER)
X ${INSTALL_PROGRAM} ${WRKSRC}/knockd ${PREFIX}/bin
X ${INSTALL_DATA} ${WRKSRC}/knockd.conf ${PREFIX}/etc/knockd.conf.sample
X.endif
X
X.if defined(WITH_CLIENT)
X ${INSTALL_PROGRAM} ${WRKSRC}/knock ${PREFIX}/bin
X.endif
X
Xpost-install-script:
X.if defined(WITH_SERVER)
X ${INSTALL_MAN} ${WRKSRC}/doc/knockd.1.in ${MAN1PREFIX}/man/man1/knockd.1
X.endif
X
X.if defined(WITH_CLIENT)
X ${INSTALL_MAN} ${WRKSRC}/doc/knock.1.in ${MAN1PREFIX}/man/man1/knock.1
X.endif
X
X.include <bsd.port.post.mk>
END-of-knock/Makefile
echo x - knock/pkg-descr
sed 's/^X//' >knock/pkg-descr << 'END-of-knock/pkg-descr'
Xknockd is a port-knock server. It listens to all traffic on an ethernet
X(or PPP) interface, looking for special "knock" sequences of port-hits.
X
XA client makes these port-hits by sending a TCP (or UDP) packet to a
Xport on the server. This port need not be open -- since knockd listens
Xat the link-layer level, it sees all traffic even if it's destined for
Xa closed port. When the server detects a specific sequence of port-hits
Xport-hits, it runs a command defined in its configuration file. This
Xcan be used to open up holes in a firewall for quick access.
X
XWWW: http://www.zeroflux.org/cgi-bin/cvstrac/knock/wiki/
END-of-knock/pkg-descr
echo x - knock/distinfo
sed 's/^X//' >knock/distinfo << 'END-of-knock/distinfo'
XMD5 (knock-0.5.20051124.tar.gz) = 0ab0c51687b1d99ea7141b3a86b8e963
XSHA256 (knock-0.5.20051124.tar.gz) = 15aa6a5d152a7cdb5b52d1e9de9e77d7f52156ce3e5d5c80dd9b76e40f6a84aa
XSIZE (knock-0.5.20051124.tar.gz) = 86607
END-of-knock/distinfo
exit
----- End knockd.shar -----
--
Shaun Amott [ PGP: 0x6B387A9A ]
Scientia Est Potentia.
More information about the freebsd-ports-bugs
mailing list