[olug] PortKnocker Script

Thom Harrison id4spam at cox.net
Fri Apr 9 11:04:52 UTC 2004 

Thanks Brian!

I'll be showing how to set this up at the July Olug meeting. I may have 
to come up with some other stuff to present to make the whole 
presentation last long enough.

Currently it's all on my laptop, which means connecting is a hit or miss 
proposition. I've made a couple of improvements though.

-r--r--r-- 1 ftp ftp 268 Apr 9 05:50 knockserver.conf
-r--r--r-- 1 ftp ftp 9343 Apr 9 05:51 knockserver.new

knockserver.conf defines a list of valid ports.
knockserver.new utilizes this list.

It's still called knockserver.new rather than knockserver because it 
hasn't gone through my rigorous Q&A process yet. ;-)

I've got to swap out my KVM. Once I do, my ftp site should be more 
readily available. It'll be up all day today though.

Thom

Brian Wiese wrote:

>Thanks for sharing this with the list... I hope to get a chance to play
>with this soon!!! =)
>
>Brian
>
>On Sat, 03 Apr 2004 10:47:11 -0600
>Thom Harrison <id4spam at cox.net> wrote:
>
>|The Port Knocker scripts can be downloaded from my ftp site too.  
>|They're in /knock
>|
>|linux:/srv/ftp/custom/cmds # ftp thom.homelinux.com
>|Connected to ip68-225-168-172.om.om.cox.net.
>|220 "Welcome to Smopuim FTP service."
>|Name (thom.homelinux.com:root): ftp
>|331 Please specify the password.
>|Password: ftp$thom
>|230 Login successful.
>|Remote system type is UNIX.
>|Using binary mode to transfer files.
>|ftp> cd knock
>|250 Directory successfully changed.
>|ftp> dir
>|229 Entering Extended Passive Mode (|||11422|)
>|150 Here comes the directory listing.
>|-r--r--r--    1 ftp      ftp          2561 Jan 18 12:28 firewall
>|-r--r--r--    1 ftp      ftp          9437 Dec 10 13:38 knockclient
>|-r--r--r--    1 ftp      ftp          8773 Jan 17 21:02 knockserver
>|-r--r--r--    1 ftp      ftp          4438 Dec 10 13:38 lufshome
>|-r--r--r--    1 ftp      ftp          2705 Jan 17 21:01 sftphome
>|-r--r--r--    1 ftp      ftp          4332 Jan 19 01:10 sshhome
>|226 Directory send OK.
>|
>|The firewall script is to show the IPTABLES -P commands.  The firewall 
>|basically needs to set the defaults.  The subsequent commands each allow 
>|some kind of connection.  This is required for the knockserver script to 
>|add additional rules on the fly.
>|
>| >From the server type:  knockserver -f /var/log/messages
>|
>|You'll have to install some Perl Modules for this to work.
>|For instance, knockserver has the following lines:
>|
>|use File::Tail;
>|use Crypt::CBC;
>|use Schedule::At;
>|use Math::VecStat qw(sum);
>|use POSIX qw(strftime);
>|use Pod::Usage;
>|
>|Type the following:
>|
>|# cpan
>|cpan> install File::Tail
>|cpan> install Crypt::CBC
>|etc...
>|
>|I've got some scripts that will to the knocking from a client too.  
>|They'll probably need modifying though.  For instance, they're going to 
>|try and connect to thom.homelinux.com
>|
>|Feel free to test the client by connecting to my server.  You'll get an 
>|ssh login (sorry ftp/ftp$thom won't work for ssh).  Once you've verified 
>|that, you'll probably want to change:
>|use constant KEY          => "5y%h^23b";
>|iv         =>"l4725836",
>|That way you'll have your own superduper secret password.  ( more secret 
>|than mine anyway ).  As I recall, I purposely used 8 distinct digits for 
>|the iv #.  Some special characters may also cause you trouble in the 
>|password.
>|
>|Please let me know if you have any problems.  And I'll update my notes.
>|
>|Thom
>|_______________________________________________
>|OLUG mailing list
>|OLUG at olug.org
>|http://lists.olug.org/mailman/listinfo/olug
>|
>
>
>  
>

More information about the OLUG mailing list