[olug] PortKnocker Script

Thom Harrison id4spam at cox.net
Sat Apr 10 01:34:41 UTC 2004


That'll be the June Olug meeting.

Thom

Thom Harrison wrote:

> Thanks Brian!
>
> I'll be showing how to set this up at the July Olug meeting. I may 
> have to come up with some other stuff to present to make the whole 
> presentation last long enough.
>
> Currently it's all on my laptop, which means connecting is a hit or 
> miss proposition. I've made a couple of improvements though.
>
> -r--r--r-- 1 ftp ftp 268 Apr 9 05:50 knockserver.conf
> -r--r--r-- 1 ftp ftp 9343 Apr 9 05:51 knockserver.new
>
> knockserver.conf defines a list of valid ports.
> knockserver.new utilizes this list.
>
> It's still called knockserver.new rather than knockserver because it 
> hasn't gone through my rigorous Q&A process yet. ;-)
>
> I've got to swap out my KVM. Once I do, my ftp site should be more 
> readily available. It'll be up all day today though.
>
> Thom
>
> Brian Wiese wrote:
>
>> Thanks for sharing this with the list... I hope to get a chance to play
>> with this soon!!! =)
>>
>> Brian
>>
>> On Sat, 03 Apr 2004 10:47:11 -0600
>> Thom Harrison <id4spam at cox.net> wrote:
>>
>> |The Port Knocker scripts can be downloaded from my ftp site too. 
>> |They're in /knock
>> |
>> |linux:/srv/ftp/custom/cmds # ftp thom.homelinux.com
>> |Connected to ip68-225-168-172.om.om.cox.net.
>> |220 "Welcome to Smopuim FTP service."
>> |Name (thom.homelinux.com:root): ftp
>> |331 Please specify the password.
>> |Password: ftp$thom
>> |230 Login successful.
>> |Remote system type is UNIX.
>> |Using binary mode to transfer files.
>> |ftp> cd knock
>> |250 Directory successfully changed.
>> |ftp> dir
>> |229 Entering Extended Passive Mode (|||11422|)
>> |150 Here comes the directory listing.
>> |-r--r--r-- 1 ftp ftp 2561 Jan 18 12:28 firewall
>> |-r--r--r-- 1 ftp ftp 9437 Dec 10 13:38 knockclient
>> |-r--r--r-- 1 ftp ftp 8773 Jan 17 21:02 knockserver
>> |-r--r--r-- 1 ftp ftp 4438 Dec 10 13:38 lufshome
>> |-r--r--r-- 1 ftp ftp 2705 Jan 17 21:01 sftphome
>> |-r--r--r-- 1 ftp ftp 4332 Jan 19 01:10 sshhome
>> |226 Directory send OK.
>> |
>> |The firewall script is to show the IPTABLES -P commands. The 
>> firewall |basically needs to set the defaults. The subsequent 
>> commands each allow |some kind of connection. This is required for 
>> the knockserver script to |add additional rules on the fly.
>> |
>> | >From the server type: knockserver -f /var/log/messages
>> |
>> |You'll have to install some Perl Modules for this to work.
>> |For instance, knockserver has the following lines:
>> |
>> |use File::Tail;
>> |use Crypt::CBC;
>> |use Schedule::At;
>> |use Math::VecStat qw(sum);
>> |use POSIX qw(strftime);
>> |use Pod::Usage;
>> |
>> |Type the following:
>> |
>> |# cpan
>> |cpan> install File::Tail
>> |cpan> install Crypt::CBC
>> |etc...
>> |
>> |I've got some scripts that will to the knocking from a client too. 
>> |They'll probably need modifying though. For instance, they're going 
>> to |try and connect to thom.homelinux.com
>> |
>> |Feel free to test the client by connecting to my server. You'll get 
>> an |ssh login (sorry ftp/ftp$thom won't work for ssh). Once you've 
>> verified |that, you'll probably want to change:
>> |use constant KEY => "5y%h^23b";
>> |iv =>"l4725836",
>> |That way you'll have your own superduper secret password. ( more 
>> secret |than mine anyway ). As I recall, I purposely used 8 distinct 
>> digits for |the iv #. Some special characters may also cause you 
>> trouble in the |password.
>> |
>> |Please let me know if you have any problems. And I'll update my notes.
>> |
>> |Thom
>> |_______________________________________________
>> |OLUG mailing list
>> |OLUG at olug.org
>> |http://lists.olug.org/mailman/listinfo/olug
>> |
>>
>>
>>
>>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>


More information about the OLUG mailing list