diff options
| author | shaun <shaun@FreeBSD.org> | 2006-07-13 02:03:24 +0800 |
|---|---|---|
| committer | shaun <shaun@FreeBSD.org> | 2006-07-13 02:03:24 +0800 |
| commit | 5c08140844d93880ff5c0cdaa014dce92b8736c4 (patch) | |
| tree | 32ba022866d2489ae15ca598a5bfedd1a261a7c8 /security | |
| parent | 7f1943865be97a850ecabf0fb254d5592ef38140 (diff) | |
| download | freebsd-ports-gnome-5c08140844d93880ff5c0cdaa014dce92b8736c4.tar.gz freebsd-ports-gnome-5c08140844d93880ff5c0cdaa014dce92b8736c4.tar.zst freebsd-ports-gnome-5c08140844d93880ff5c0cdaa014dce92b8736c4.zip | |
Add a port of "knock" - a flexible port-knocking server and client.
PR: ports/94626
Submitted by: shaun (me)
Approved by: ahze (mentor, implicit)
Diffstat (limited to 'security')
| -rw-r--r-- | security/Makefile | 1 | ||||
| -rw-r--r-- | security/knock/Makefile | 73 | ||||
| -rw-r--r-- | security/knock/distinfo | 3 | ||||
| -rw-r--r-- | security/knock/files/knockd.sh.in | 20 | ||||
| -rw-r--r-- | security/knock/files/patch-knockd.conf | 21 | ||||
| -rw-r--r-- | security/knock/pkg-descr | 11 |
6 files changed, 129 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index 268c086e5cff..e243fa5825b4 100644 --- a/security/Makefile +++ b/security/Makefile @@ -194,6 +194,7 @@ SUBDIR += keyprint SUBDIR += kgpg SUBDIR += klamav + SUBDIR += knock SUBDIR += knocker SUBDIR += kovpn SUBDIR += krb4 diff --git a/security/knock/Makefile b/security/knock/Makefile new file mode 100644 index 000000000000..58190220cc11 --- /dev/null +++ b/security/knock/Makefile @@ -0,0 +1,73 @@ +# New ports collection makefile for: knock +# Date Created: 2006-03-17 +# Whom: Shaun Amott <shaun@inerd.com> +# +# $FreeBSD$ +# + +PORTNAME= knock +PORTVERSION= 0.5.20051124 +CATEGORIES= security +MASTER_SITES= http://mirror.inerd.com/FreeBSD/distfiles/${PORTNAME}/ + +MAINTAINER= shaun@FreeBSD.org +COMMENT= A flexible port-knocking server and client + +GNU_CONFIGURE= yes + +OPTIONS= SERVER "Install knockd server" on \ + CLIENT "Install knock client" on + +RUNDIR= /var/run +SUB_LIST= RUNDIR=${RUNDIR} + +.include <bsd.port.pre.mk> + +.if defined(WITH_SERVER) +MAN1= knockd.1 +USE_RC_SUBR= knockd.sh +PLIST_FILES+= bin/knockd +PLIST_FILES+= etc/knockd.conf.sample +.endif + +.if defined(WITH_CLIENT) +MAN1+= knock.1 +PLIST_FILES+= bin/knock +.endif + +pre-configure: +.if defined(WITHOUT_SERVER) && defined(WITHOUT_CLIENT) +IGNORE= at least one component must be selected for installation +.endif + +post-patch: + @${REINPLACE_CMD} -e "s#%%PREFIX%%#${PREFIX}#g" \ + -e "s#%%RUNDIR%%#${RUNDIR}#g" \ + -e "s#eth0#fxp0#g" \ + ${WRKSRC}/src/knockd.c + + @${REINPLACE_CMD} -e "s/#VERSION#/${PORTVERSION}/g" \ + -e "s#eth0#fxp0#g" \ + ${WRKSRC}/doc/knock.1.in \ + ${WRKSRC}/doc/knockd.1.in + +do-install: +.if defined(WITH_SERVER) + ${INSTALL_PROGRAM} ${WRKSRC}/knockd ${PREFIX}/bin + ${INSTALL_DATA} ${WRKSRC}/knockd.conf ${PREFIX}/etc/knockd.conf.sample +.endif + +.if defined(WITH_CLIENT) + ${INSTALL_PROGRAM} ${WRKSRC}/knock ${PREFIX}/bin +.endif + +post-install-script: +.if defined(WITH_SERVER) + ${INSTALL_MAN} ${WRKSRC}/doc/knockd.1.in ${MAN1PREFIX}/man/man1/knockd.1 +.endif + +.if defined(WITH_CLIENT) + ${INSTALL_MAN} ${WRKSRC}/doc/knock.1.in ${MAN1PREFIX}/man/man1/knock.1 +.endif + +.include <bsd.port.post.mk> diff --git a/security/knock/distinfo b/security/knock/distinfo new file mode 100644 index 000000000000..314e8471fd1c --- /dev/null +++ b/security/knock/distinfo @@ -0,0 +1,3 @@ +MD5 (knock-0.5.20051124.tar.gz) = 0ab0c51687b1d99ea7141b3a86b8e963 +SHA256 (knock-0.5.20051124.tar.gz) = 15aa6a5d152a7cdb5b52d1e9de9e77d7f52156ce3e5d5c80dd9b76e40f6a84aa +SIZE (knock-0.5.20051124.tar.gz) = 86607 diff --git a/security/knock/files/knockd.sh.in b/security/knock/files/knockd.sh.in new file mode 100644 index 000000000000..7bddb6e9decd --- /dev/null +++ b/security/knock/files/knockd.sh.in @@ -0,0 +1,20 @@ +#!/bin/sh + +# PROVIDE: knockd +# REQUIRE: DAEMON +# BEFORE: LOGIN + +. %%RC_SUBR%% + +name="knockd" +rcvar=`set_rcvar` +load_rc_config $name + +knockd_enable=${knockd_enable:-"NO"} +knockd_flags=${knockd_flags:-"-d"} + +command="%%PREFIX%%/bin/knockd" +pidfile="%%RUNDIR%%/knockd.pid" +required_files="%%PREFIX%%/etc/knockd.conf" + +run_rc_command "$1" diff --git a/security/knock/files/patch-knockd.conf b/security/knock/files/patch-knockd.conf new file mode 100644 index 000000000000..d0223778d320 --- /dev/null +++ b/security/knock/files/patch-knockd.conf @@ -0,0 +1,21 @@ +--- knockd.conf.orig Thu May 6 22:56:03 2004 ++++ knockd.conf Fri Mar 17 23:39:01 2006 +@@ -1,15 +1,16 @@ + [options] + logfile = /var/log/knockd.log ++ interface = fxp0 + + [openSSH] + sequence = 7000,8000,9000 + seq_timeout = 5 +- command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT ++ command = /sbin/ipfw -q add pass proto tcp src-ip %IP% dst-port 22 + tcpflags = syn + + [closeSSH] + sequence = 9000,8000,7000 + seq_timeout = 5 +- command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT ++ command = /sbin/ipfw -q delete pass proto tcp src-ip %IP% dst-port 22 + tcpflags = syn + diff --git a/security/knock/pkg-descr b/security/knock/pkg-descr new file mode 100644 index 000000000000..b5d0765e7211 --- /dev/null +++ b/security/knock/pkg-descr @@ -0,0 +1,11 @@ +knockd is a port-knock server. It listens to all traffic on an ethernet +(or PPP) interface, looking for special "knock" sequences of port-hits. + +A client makes these port-hits by sending a TCP (or UDP) packet to a +port on the server. This port need not be open -- since knockd listens +at the link-layer level, it sees all traffic even if it's destined for +a closed port. When the server detects a specific sequence of port-hits +port-hits, it runs a command defined in its configuration file. This +can be used to open up holes in a firewall for quick access. + +WWW: http://www.zeroflux.org/cgi-bin/cvstrac/knock/wiki/ |