# HG changeset patch # User Pascal Bellard # Date 1424541897 -3600 # Node ID 216fe5c85b7105fa541ce8e03f579fded07824de # Parent c4a0ea5aa3e5d1de2d56aa36a486ccb7853c4f3c Up knock (0.7) diff -r c4a0ea5aa3e5 -r 216fe5c85b71 knock/receipt --- a/knock/receipt Fri Feb 20 18:12:30 2015 -0500 +++ b/knock/receipt Sat Feb 21 19:04:57 2015 +0100 @@ -1,7 +1,7 @@ # SliTaz package receipt. PACKAGE="knock" -VERSION="0.5" +VERSION="0.7" CATEGORY="security" SHORT_DESC="Port knock sequence listener." MAINTAINER="pascal.bellard@slitaz.org" @@ -17,11 +17,13 @@ # Rules to configure and make the package. compile_rules() { - cd $src [ -f done.knock.u ] || patch -p1 < $stuff/knock.u touch done.knock.u - ./configure --prefix=/usr --infodir=/usr/share/info \ - --mandir=/usr/share/man $CONFIGURE_ARGS && + ./configure --prefix=/usr \ + --infodir=/usr/share/info \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + $CONFIGURE_ARGS && make && make DESTDIR=$DESTDIR install } @@ -29,10 +31,9 @@ # Rules to gen a SliTaz package suitable for Tazpkg. genpkg_rules() { - mkdir -p $fs/usr - cp -a $install/etc $fs + cp -a $stuff/etc $fs + cp -a $stuff/usr $fs cp -a $install/usr/sbin $fs/usr cp -a $install/usr/bin $fs/usr - cp -a stuff/etc $fs + cp -a $install/etc $fs } - diff -r c4a0ea5aa3e5 -r 216fe5c85b71 knock/stuff/knock.u --- a/knock/stuff/knock.u Fri Feb 20 18:12:30 2015 -0500 +++ b/knock/stuff/knock.u Sat Feb 21 19:04:57 2015 +0100 @@ -1,27 +1,3 @@ ---- knock-0.5/Makefile.in -+++ knock-0.5/Makefile.in -@@ -68,11 +68,15 @@ - (cd ..; tar czvf knock-$(VERSION).tar.gz knock-$(VERSION)) - - install: all -- $(INSTALL) -D -m0755 knockd $(DESTDIR)$(SBINDIR)/knockd -- $(INSTALL) -D -m0755 knock $(DESTDIR)$(BINDIR)/knock -- $(INSTALL) -D -m0644 $(MANSRC)knockd.1 $(DESTDIR)$(MANDIR)/man1/knockd.1 -- $(INSTALL) -D -m0644 $(MANSRC)knock.1 $(DESTDIR)$(MANDIR)/man1/knock.1 -- $(INSTALL) -D -m0644 knockd.conf $(DESTDIR)/etc/knockd.conf -+ mkdir -p $(DESTDIR)$(SBINDIR) -+ $(INSTALL) -m0755 knockd $(DESTDIR)$(SBINDIR)/knockd -+ mkdir -p $(DESTDIR)$(BINDIR) -+ $(INSTALL) -m0755 knock $(DESTDIR)$(BINDIR)/knock -+ mkdir -p $(DESTDIR)$(MANDIR)/man1 -+ $(INSTALL) -m0644 $(MANSRC)knockd.1 $(DESTDIR)$(MANDIR)/man1/knockd.1 -+ $(INSTALL) -m0644 $(MANSRC)knock.1 $(DESTDIR)$(MANDIR)/man1/knock.1 -+ mkdir -p $(DESTDIR)/etc -+ $(INSTALL) -m0644 knockd.conf $(DESTDIR)/etc/knockd.conf - - clean: - rm -f *~ $(OBJDIR)*.o $(MANSRC)*.1 - --- knock-0.5/knockd.conf +++ knock-0.5/knockd.conf @@ -1,4 +1,5 @@ @@ -33,11 +9,10 @@ --- knock-0.5/src/knockd.c +++ knock-0.5/src/knockd.c -@@ -46,6 +46,7 @@ +@@ -46,5 +46,6 @@ #include #include #include +#include #include "list.h" - static char version[] = "0.5"; diff -r c4a0ea5aa3e5 -r 216fe5c85b71 knock/stuff/usr/sbin/knockd-helper --- a/knock/stuff/usr/sbin/knockd-helper Fri Feb 20 18:12:30 2015 -0500 +++ b/knock/stuff/usr/sbin/knockd-helper Sat Feb 21 19:04:57 2015 +0100 @@ -1,5 +1,7 @@ #!/bin/sh +PERIOD=5 # minutes + IP=$2 PROT=$3 PORT=$4 @@ -29,11 +31,11 @@ [ -f /var/lib/knockd/$IP ] && disable /var/lib/knockd/$IP ;; check) - TIMEOUT=$(( 6 * 60 )) + TIMEOUT=$(( $PERIOD * 120 )) for i in /var/lib/knockd/*.*.*.*; do [ -f "$i" ] || continue while read ip prot port msg; do - if grep -qe "^$prot.* src=$ip .* dport=$port" /proc/net/ip_conntrack ; then + if netstat -nut | grep -qe "^$prot .*:$port *$ip:[0-9]* " ; then touch $i break fi @@ -53,7 +55,7 @@ $(crontab -l) # Close old connections opened by knockd -*/5 * * * * $0 check > /dev/null 2>&1 +*/$PERIOD * * * * $0 check > /dev/null 2>&1 EOT /etc/init.d/crond stop /etc/init.d/crond start