From 8c42ed431b2f4a3e6b18d27827f168ca365e4b0679acc9f11ab242ba41911efe Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 15 Jan 2007 23:20:24 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/knock?expand=0&rev=1 --- .gitattributes | 23 +++++++++ .gitignore | 1 + knock-0.5.patch | 17 +++++++ knock-0.5.tar.bz2 | 3 ++ knock.changes | 30 +++++++++++ knock.spec | 124 ++++++++++++++++++++++++++++++++++++++++++++++ knockd.conf | 11 ++++ knockd.init | 103 ++++++++++++++++++++++++++++++++++++++ knockd.sysconfig | 5 ++ ready | 0 10 files changed, 317 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 knock-0.5.patch create mode 100644 knock-0.5.tar.bz2 create mode 100644 knock.changes create mode 100644 knock.spec create mode 100644 knockd.conf create mode 100644 knockd.init create mode 100644 knockd.sysconfig create mode 100644 ready diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/knock-0.5.patch b/knock-0.5.patch new file mode 100644 index 0000000..9c4356d --- /dev/null +++ b/knock-0.5.patch @@ -0,0 +1,17 @@ +--- knockd.conf ++++ knockd.conf +@@ -4,12 +4,12 @@ + [openSSH] + sequence = 7000,8000,9000 + seq_timeout = 5 +- command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT ++ command = /usr/sbin/iptables -I input_ext 1 -p tcp -s %IP% -p tcp --dport 22 -j ACCEPT --dport 22 + tcpflags = syn + + [closeSSH] + sequence = 9000,8000,7000 + seq_timeout = 5 +- command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT ++ command = /usr/sbin/iptables -D input_ext -p tcp -s %IP% -p tcp --dport 22 -j ACCEPT --dport 22 + tcpflags = syn + diff --git a/knock-0.5.tar.bz2 b/knock-0.5.tar.bz2 new file mode 100644 index 0000000..0240a0a --- /dev/null +++ b/knock-0.5.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8c437db83f30aee3a6bf922c12dceef6d26ab670a63895f74af5f9ecf03832a6 +size 73767 diff --git a/knock.changes b/knock.changes new file mode 100644 index 0000000..208742d --- /dev/null +++ b/knock.changes @@ -0,0 +1,30 @@ +------------------------------------------------------------------- +Tue Nov 14 15:07:38 CET 2006 - mskibbe@suse.de + +- fix bug #220355 (iptables call is wrong) + +------------------------------------------------------------------- +Wed Oct 4 13:23:02 CEST 2006 - mskibbe@suse.de + +- fix bug in iptables call + +------------------------------------------------------------------- +Mon Sep 25 11:20:44 CEST 2006 - mskibbe@suse.de + +- fix iptables call in config + +------------------------------------------------------------------- +Fri Sep 22 13:00:46 CEST 2006 - mskibbe@suse.de + +- fix sysconfig file + +------------------------------------------------------------------- +Wed Jan 25 21:37:14 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Thu Jun 30 16:12:57 CEST 2005 - hvogel@suse.de + +- Initial Package, Version 0.5 + diff --git a/knock.spec b/knock.spec new file mode 100644 index 0000000..80766ab --- /dev/null +++ b/knock.spec @@ -0,0 +1,124 @@ +# +# spec file for package knock (Version 0.5) +# +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: knock +BuildRequires: libpcap +Summary: A Port-Knocking Client +Version: 0.5 +Release: 31 +License: GNU General Public License (GPL) +Group: Productivity/Networking/Security +URL: http://www.zeroflux.org/knock/ +Source0: %{name}-%{version}.tar.bz2 +Source1: %{name}d.sysconfig +Source2: %{name}d.init +Source3: %{name}d.conf +Patch: %{name}-%{version}.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +The server part (package knockd) listens to all traffic on an ethernet +(or PPP) interface, looking for special "knock" sequences of port hits. +This client makes these port hits by sending a TCP (or UDP) packet to a +port on the server. This port need not be open--since knockd listens at +the link-layer level, it sees all traffic even if it is destined for a +closed port. When the server detects a specific sequence of port hits, +it runs a command defined in its configuration file. This can be used +to open up holes in a firewall for quick access. + + + +Authors: +-------- + Judd Vinet + +%package -n knockd +Group: Productivity/Networking/Security +Summary: A port-knocking server +Prereq: %fillup_prereq + + +%description -n knockd +It listens to all traffic on an ethernet (or PPP) interface, looking +for special "knock" sequences of port-hits. A client (package knock) +makes these port-hits by sending a TCP (or UDP) packet to a port on the +server. This port need not be open -- since knockd listens at the +link-layer level, it sees all traffic even if it's destined for a +closed port. When the server detects a specific sequence of port-hits, +it runs a command defined in its configuration file. This can be used +to open up holes in a firewall for quick access. + + + +Authors: +-------- + Judd Vinet + +%prep +%setup -q +%patch + +%build +CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr --libdir=%_libdir --mandir=%_mandir +make + +%install +make DESTDIR=%{buildroot} install +install -m 644 -D %{S:1} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.%{name}d +install -m 755 -D %{S:2} $RPM_BUILD_ROOT%{_sysconfdir}/init.d/%{name}d +sed -i -e "s:iptables:%{_sbindir}/iptables:" %{S:3} +install -m 600 -D %{S:3} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}d.conf +ln -sf ../../etc/init.d/%{name}d $RPM_BUILD_ROOT/usr/sbin/rc%{name}d + +%clean +rm -rf $RPM_BUILD_ROOT + +%post -n knockd +%fillup_only -n %{name}d + +%preun -n knockd +%stop_on_removal %{name}d + +%postun -n knockd +%insserv_cleanup + +%files +%defattr(-,root,root) +%attr(0755,root,root) %{_bindir}/%{name} +%{_mandir}/man?/%{name}.* + +%files -n knockd +%defattr(-,root,root) +%doc README COPYING ChangeLog TODO + +%_sbindir/%{name}d + +%_sbindir/rc%{name}d + +%_sysconfdir/init.d/%{name}d +%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}d.conf +%{_mandir}/man?/%{name}d.* +%config /var/adm/fillup-templates/* + +%changelog -n knock +* Tue Nov 14 2006 - mskibbe@suse.de +- fix bug #220355 (iptables call is wrong) +* Wed Oct 04 2006 - mskibbe@suse.de +- fix bug in iptables call +* Mon Sep 25 2006 - mskibbe@suse.de +- fix iptables call in config +* Fri Sep 22 2006 - mskibbe@suse.de +- fix sysconfig file +* Wed Jan 25 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Thu Jun 30 2005 - hvogel@suse.de +- Initial Package, Version 0.5 diff --git a/knockd.conf b/knockd.conf new file mode 100644 index 0000000..19f00ce --- /dev/null +++ b/knockd.conf @@ -0,0 +1,11 @@ +[options] + UseSyslog + +[opencloseSSH] + sequence = 2222:udp,3333:tcp,4444:udp + seq_timeout = 15 + tcpflags = syn,ack + start_command = iptables -I INPUT 1 -s %IP% -p tcp --dport ssh -j ACCEPT + cmd_timeout = 10 + stop_command = iptables -D INPUT -s %IP% -p tcp --dport ssh -j ACCEPT + diff --git a/knockd.init b/knockd.init new file mode 100644 index 0000000..813dfa4 --- /dev/null +++ b/knockd.init @@ -0,0 +1,103 @@ +#! /bin/sh +# Copyright (c) 1997-2006 SUSE Linux AG, Nuernberg, Germany. +# All rights reserved. +# +# Author: Henne Vogelsang +# Please send feedback to http://www.suse.de/feedback/ +# +# /etc/init.d/knockd +# and its symbolic link +# /usr/sbin/rcknockd +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +### BEGIN INIT INFO +# Provides: knockd +# Required-Start: $syslog $remote_fs $network +# Required-Stop: $syslog $remote_fs +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Short-Description: knock daemon providing port-knocking +# Description: Start knockd to allow port-knocking +### END INIT INFO + +# Check for missing binaries (stale symlinks should not happen) +# Note: Special treatment of stop for LSB conformance +KNOCKD_BIN=/usr/sbin/knockd +test -x $KNOCKD_BIN || { echo "$KNOCKD_BIN not installed"; + if [ "$1" = "stop" ]; then exit 0; + else exit 5; fi; } + +# Check for existence of needed config file and read it +KNOCKD_CONFIG=/etc/sysconfig/knockd +test -r $KNOCKD_CONFIG || { echo "$KNOCKD_CONFIG not existing"; + if [ "$1" = "stop" ]; then exit 0; + else exit 6; fi; } + +# Read config +. $KNOCKD_CONFIG + +# Shell functions sourced from /etc/rc.status: +. /etc/rc.status + +# Reset status of this service +rc_reset + +case "$1" in + start) + echo -n "Starting knockd " + startproc $KNOCKD_BIN $KNOCKD_OPTIONS + rc_status -v + ;; + stop) + echo -n "Shutting down knockd " + killproc -TERM $KNOCKD_BIN + rc_status -v + ;; + try-restart) + $0 status + if test $? = 0; then + $0 restart + else + rc_reset + fi + rc_status + ;; + restart) + $0 stop + $0 start + rc_status + ;; + force-reload) + echo -n "Reload service KNOCKD " + killproc -HUP $KNOCKD_BIN + rc_status -v + ;; + reload) + echo -n "Reload service KNOCKD " + killproc -HUP $KNOCKD_BIN + rc_status -v + ;; + status) + echo -n "Checking for service KNOCKD " + checkproc $KNOCKD_BIN + rc_status -v + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" + exit 1 + ;; +esac +rc_exit diff --git a/knockd.sysconfig b/knockd.sysconfig new file mode 100644 index 0000000..04cbe0f --- /dev/null +++ b/knockd.sysconfig @@ -0,0 +1,5 @@ +## Path: Network/Security/Knockd +## Description: Basic configuration of knockd +## Type: string +## Default: "" +KNOCKD_OPTIONS="-d" diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4