knocking software

General support questions
johnny1024
Posts: 4
Joined: 2012/02/01 19:32:16

knocking software

Post by johnny1024 » 2012/02/01 19:58:24

Hello,

Does anybody know if CentOS 6.2 has software for port knocking? Other distributions usually contain something like that and even previous versions od CentOS contained packages knockd and knock. I consider this type of software absolutely fundamental for hardening server against hacking.

I have tried to install these packages from CentOS 5.7 but I was unsuccessful so far...

error: Failed dependencies:
libpcap.so.0.9.4()(64bit) is needed by knock-0.5-1.el5.rf.x86_64

I'm just about to reinstall my linux server and I need to know if installation of knockd (or some alternative) on CentOs 6.2 is possible. If it isn't then I will be forced to come back to Debian (and this thougth doesn't make me happy);-(

Regards,
Jan

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

knocking software

Post by pschaff » 2012/02/02 02:42:16

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

No surprise the CentOS-5 packages did not work, and trying to install packages not built for EL6 is a [i][b]Bad Idea [TM][/b][/i]. No sign of them in any of the well-known [url=http://wiki.centos.org/AdditionalResources/Repositories]Repositories[/url].

Have a look at nmap:
[code]# yum info nmap
...
Available Packages
Name : nmap
Arch : x86_64
Epoch : 2
Version : 5.21
Release : 4.el6
Size : 2.2 M
Repo : base
Summary : Network exploration tool and security scanner
URL : http://nmap.org/
License : GPLv2 and LGPLv2+ and GPLv2+ and BSD
Description : Nmap is a utility for network exploration or security auditing.
: It supports ping scanning (determine which hosts are up), many
: port scanning techniques (determine what services the hosts are
: offering), and TCP/IP fingerprinting (remote host operating system
: identification). Nmap also offers flexible target and port
: specification, decoy scanning, determination of TCP sequence
: predictability characteristics, reverse-identd scanning, and more.[/code]

johnny1024
Posts: 4
Joined: 2012/02/01 19:32:16

Re: knocking software

Post by johnny1024 » 2012/02/02 15:25:23

Hello,

Thank you for the answer, but what can I do to have knockd (or alternative for the same purpose) installed?

At the moment my server is visible from outside and it means that first line of protection doesn't even exist...

Regards,
Jan

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: knocking software

Post by TrevorH » 2012/02/02 16:19:16

First step is to move your sshd port to a different port. This doesn't really do anything for security except to avoid all the skript-kiddies who search for servers listening on the default ports. Next is to configure ssh so that root logins are disabled (or enabled only with keys) and to disallow password logins for normal users. This means that [u]only[/u] people with public/private key pairs who have their keys installed on your system will be able to login via ssh.

You can also set up iptables rules to disable connections after so many attempts from a particular IP address for a certain amount of time.

If none of those are sufficient then the knock rpm from rpmforge for el5 rebuilds on CentOS 6 with a few changes

[code]
$ cat ~/rpmbuild/SOURCES/knockd-0.5-limits.patch
--- src/knockd.orig 2012-02-02 16:07:01.231835730 +0000
+++ src/knockd.c 2012-02-02 16:07:22.356965180 +0000
@@ -47,6 +47,7 @@
#include <pcap.h>
#include <errno.h>
#include "list.h"
+#include <linux/limits.h>

static char version[] = "0.5";

[/code]

and amending the spec file to include the patch

[code]
$ diff -u knock.spec.orig knock.spec
--- knock.spec.orig 2012-02-02 16:16:54.734840571 +0000
+++ knock.spec 2012-02-02 16:08:55.838965571 +0000
@@ -14,6 +14,7 @@
Vendor: Dag Apt Repository, http://dag.wieers.com/apt/

Source: http://www.zeroflux.org/knock/files/knock-%{version}.tar.gz
+Patch0: knockd-%{version}-limits.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root

BuildRequires: libpcap
@@ -31,6 +32,7 @@

%prep
%setup
+%patch0 -p0

%build
%configure \
[/code]

I didn't check the resulting rpm to find out if it installs or runs.

johnny1024
Posts: 4
Joined: 2012/02/01 19:32:16

Re: knocking software

Post by johnny1024 » 2012/02/06 15:45:26

Thank you for the answer but I'm afraid it's too difficult for me to use it.

Regards,
Jan

johnny1024
Posts: 4
Joined: 2012/02/01 19:32:16

Re: knocking software

Post by johnny1024 » 2012/02/07 08:33:08

Hi,

Maybe somebody knows how to request knockd to be included in one of CentOS 6.2 repositories? I hope it's not very difficult (for author or people familiar with it) to prepare an appropriate port for new version of operating system.
I consider such software as very useful and for me it's a big overlooking not to include it in any repository.

Kind Regards,
Jan

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: knocking software

Post by pschaff » 2012/02/07 12:10:28

You could file an RFE at http://bugs.centos.org/ but I would expect the chances of that being implemented as somewhere between slim and none. A better bet would be to request packages at [url=http://lists.repoforge.org/mailman/listinfo/users]RPMforge/Repoforge users list[/url] citing this thread, specifically Trevor's post #4 with the patch.

Blisk
Posts: 316
Joined: 2011/07/04 14:49:51
Contact:

Re: knocking software

Post by Blisk » 2012/02/07 18:19:37

Why do you need a knocking software. Lock the ports on your IP.
If you have dynamical IP, install some machine with static IP and lock it on that machine.

Turn that machine off and when you need access to server tur it on with WOL and that go to that machine and from there to server.....

elysch
Posts: 4
Joined: 2012/04/07 03:56:10

Re: knocking software

Post by elysch » 2012/04/07 15:06:36

Hi.

Has anybody been able to find knock RPM's for CentOS6 already?

I found a log file saying someone created them since january at:
http://pkgs.repoforge.org/knock/_buildlogs/

But culdn't find the actual RPM at:
http://pkgs.repoforge.org/knock/

Maybe it is there, but doesn't show because of wrong filesystem permissions.

Does anybody knows how to contact http://pkgs.repoforge.org administrator in order to ask him/her for help?
I haven't been able to.

Any help will be really appreciated.

Ely.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: knocking software

Post by pschaff » 2012/04/07 22:55:43

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

After reading those links you should realize why you should not hijack threads as you have done. Please start a new Topic for your issue to get the attention you need, providing a link to this one if required for context.

Post Reply