Bug 94626 - [NEW PORT] security/knock - flexible port knocking server and client
Summary: [NEW PORT] security/knock - flexible port knocking server and client
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Shaun Amott
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-03-18 00:00 UTC by Shaun Amott
Modified: 2006-07-12 19:08 UTC (History)
0 users

See Also:


Attachments
knock.shar.uu (52.37 KB, text/plain)
2006-03-18 00:00 UTC, Shaun Amott
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Shaun Amott 2006-03-18 00:00:34 UTC
By popular demand, here is a port of "knock" - a port knocking daemon and
accompanying client.
Comment 1 Sergey Matveychuk freebsd_committer 2006-05-01 14:54:55 UTC
Not fetchable:
=> knock-0.5.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://www.zeroflux.org/knock/files/.
fetch: http://www.zeroflux.org/knock/files/knock-0.5.tar.gz: Not Found

-- 
Dixi.
Sem.
Comment 2 Sergey Matveychuk freebsd_committer 2006-05-01 14:55:24 UTC
State Changed
From-To: open->feedback

Ask for submitter fix.
Comment 3 Shaun Amott 2006-05-01 16:11:06 UTC
On Mon, May 01, 2006 at 01:55:25PM +0000, Sergey Matveychuk wrote:
> 
> Synopsis: [NEW PORT] security/knock - flexible port knocking server and client
> 
> State-Changed-From-To: open->feedback
> State-Changed-By: sem
> State-Changed-When: Mon May 1 13:55:24 UTC 2006
> State-Changed-Why: 
> Ask for submitter fix.
> 
> http://www.freebsd.org/cgi/query-pr.cgi?pr=94626
> 

The author has completely restructured his site, and I can't find the
distfile anywhere. I have re-made the port with my CVS patch integrated;
I will host the distfile until the author releases a new version.

Tinderbox tested on: 5.x (sparc64)

----- Begin knockd.shar -----
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	knock
#	knock/files
#	knock/files/knockd.sh.in
#	knock/files/patch-knockd.conf
#	knock/Makefile
#	knock/pkg-descr
#	knock/distinfo
#
echo c - knock
mkdir -p knock > /dev/null 2>&1
echo c - knock/files
mkdir -p knock/files > /dev/null 2>&1
echo x - knock/files/knockd.sh.in
sed 's/^X//' >knock/files/knockd.sh.in << 'END-of-knock/files/knockd.sh.in'
X#!/bin/sh
X
X# PROVIDE: knockd
X# REQUIRE: DAEMON
X# BEFORE:  LOGIN
X
X. %%RC_SUBR%%
X
Xname="knockd"
Xrcvar=`set_rcvar`
Xload_rc_config $name
X
Xknockd_enable=${knockd_enable:-"NO"}
Xknockd_flags=${knockd_flags:-"-d"}
X
Xcommand="%%PREFIX%%/bin/knockd"
Xpidfile="%%RUNDIR%%/knockd.pid"
Xrequired_files="%%PREFIX%%/etc/knockd.conf"
X
Xrun_rc_command "$1"
END-of-knock/files/knockd.sh.in
echo x - knock/files/patch-knockd.conf
sed 's/^X//' >knock/files/patch-knockd.conf << 'END-of-knock/files/patch-knockd.conf'
X--- knockd.conf.orig	Thu May  6 22:56:03 2004
X+++ knockd.conf	Fri Mar 17 23:39:01 2006
X@@ -1,15 +1,16 @@
X [options]
X 	logfile = /var/log/knockd.log
X+	interface = fxp0
X 
X [openSSH]
X 	sequence    = 7000,8000,9000
X 	seq_timeout = 5
X-	command     = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
X+	command     = /sbin/ipfw -q add pass proto tcp src-ip %IP% dst-port 22
X 	tcpflags    = syn
X 
X [closeSSH]
X 	sequence    = 9000,8000,7000
X 	seq_timeout = 5
X-	command     = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
X+	command     = /sbin/ipfw -q delete pass proto tcp src-ip %IP% dst-port 22
X 	tcpflags    = syn
X 
END-of-knock/files/patch-knockd.conf
echo x - knock/Makefile
sed 's/^X//' >knock/Makefile << 'END-of-knock/Makefile'
X# New ports collection makefile for:	knock
X# Date Created:				2006-03-17
X# Whom:					Shaun Amott <shaun@inerd.com>
X#
X# $FreeBSD$
X#
X
XPORTNAME=	knock
XPORTVERSION=	0.5.20051124
XCATEGORIES=	security
XMASTER_SITES=	http://mirror.inerd.com/FreeBSD/distfiles/${PORTNAME}/
X
XMAINTAINER=	shaun@inerd.com
XCOMMENT=	A flexible port-knocking server and client
X
XGNU_CONFIGURE=	yes
X
XOPTIONS=	SERVER		"Install knockd server"		on \
X		CLIENT		"Install knock client"		on
X
XRUNDIR=		/var/run
XSUB_LIST=	RUNDIR=${RUNDIR}
X
X.include <bsd.port.pre.mk>
X
X.if defined(WITH_SERVER)
XMAN1=		knockd.1
XUSE_RC_SUBR=	knockd.sh
XPLIST_FILES+=	bin/knockd
XPLIST_FILES+=	etc/knockd.conf.sample
X.endif
X
X.if defined(WITH_CLIENT)
XMAN1+=		knock.1
XPLIST_FILES+=	bin/knock
X.endif
X
Xpre-configure:
X.if defined(WITHOUT_SERVER) && defined(WITHOUT_CLIENT)
XIGNORE=	at least one component must be selected for installation
X.endif
X
Xpost-patch:
X	@${REINPLACE_CMD} -e "s#%%PREFIX%%#${PREFIX}#g"	\
X			  -e "s#%%RUNDIR%%#${RUNDIR}#g"	\
X			  -e "s#eth0#fxp0#g"		\
X			  ${WRKSRC}/src/knockd.c
X
X	@${REINPLACE_CMD} -e "s/#VERSION#/${PORTVERSION}/g" \
X			  -e "s#eth0#fxp0#g"		    \
X			  ${WRKSRC}/doc/knock.1.in	    \
X			  ${WRKSRC}/doc/knockd.1.in
X
Xdo-install:
X.if defined(WITH_SERVER)
X	${INSTALL_PROGRAM} ${WRKSRC}/knockd ${PREFIX}/bin
X	${INSTALL_DATA} ${WRKSRC}/knockd.conf ${PREFIX}/etc/knockd.conf.sample
X.endif
X
X.if defined(WITH_CLIENT)
X	${INSTALL_PROGRAM} ${WRKSRC}/knock ${PREFIX}/bin
X.endif
X
Xpost-install-script:
X.if defined(WITH_SERVER)
X	${INSTALL_MAN} ${WRKSRC}/doc/knockd.1.in ${MAN1PREFIX}/man/man1/knockd.1
X.endif
X
X.if defined(WITH_CLIENT)
X	${INSTALL_MAN} ${WRKSRC}/doc/knock.1.in ${MAN1PREFIX}/man/man1/knock.1
X.endif
X
X.include <bsd.port.post.mk>
END-of-knock/Makefile
echo x - knock/pkg-descr
sed 's/^X//' >knock/pkg-descr << 'END-of-knock/pkg-descr'
Xknockd is a port-knock server. It listens to all traffic on an ethernet
X(or PPP) interface, looking for special "knock" sequences of port-hits.
X
XA client makes these port-hits by sending a TCP (or UDP) packet to a
Xport on the server. This port need not be open -- since knockd listens
Xat the link-layer level, it sees all traffic even if it's destined for
Xa closed port. When the server detects a specific sequence of port-hits
Xport-hits, it runs a command defined in its configuration file. This
Xcan be used to open up holes in a firewall for quick access. 
X
XWWW: http://www.zeroflux.org/cgi-bin/cvstrac/knock/wiki/
END-of-knock/pkg-descr
echo x - knock/distinfo
sed 's/^X//' >knock/distinfo << 'END-of-knock/distinfo'
XMD5 (knock-0.5.20051124.tar.gz) = 0ab0c51687b1d99ea7141b3a86b8e963
XSHA256 (knock-0.5.20051124.tar.gz) = 15aa6a5d152a7cdb5b52d1e9de9e77d7f52156ce3e5d5c80dd9b76e40f6a84aa
XSIZE (knock-0.5.20051124.tar.gz) = 86607
END-of-knock/distinfo
exit
----- End knockd.shar -----

-- 
Shaun Amott [ PGP: 0x6B387A9A ]
    Scientia Est Potentia.
Comment 4 sat freebsd_committer 2006-05-09 00:10:01 UTC
State Changed
From-To: feedback->open

Feedback received
Comment 5 Ion-Mihai "IOnut" Tetcu freebsd_committer 2006-06-17 23:42:48 UTC
Responsible Changed
From-To: freebsd-ports-bugs->shaun

Let him handle his own PRs
Comment 6 Shaun Amott freebsd_committer 2006-07-12 19:07:31 UTC
State Changed
From-To: open->closed

Committed.