knocking software

General support questions

knocking software

Postby johnny1024 » 2012/02/01 19:58:24

Hello,

Does anybody know if CentOS 6.2 has software for port knocking? Other distributions usually contain something like that and even previous versions od CentOS contained packages knockd and knock. I consider this type of software absolutely fundamental for hardening server against hacking.

I have tried to install these packages from CentOS 5.7 but I was unsuccessful so far...

error: Failed dependencies:
libpcap.so.0.9.4()(64bit) is needed by knock-0.5-1.el5.rf.x86_64

I'm just about to reinstall my linux server and I need to know if installation of knockd (or some alternative) on CentOs 6.2 is possible. If it isn't then I will be forced to come back to Debian (and this thougth doesn't make me happy);-(

Regards,
Jan
johnny1024
 
Posts: 4
Joined: 2012/02/01 19:32:16

knocking software

Postby pschaff » 2012/02/02 02:42:16

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

No surprise the CentOS-5 packages did not work, and trying to install packages not built for EL6 is a Bad Idea [TM]. No sign of them in any of the well-known Repositories.

Have a look at nmap:
Code: Select all
# yum info nmap
...
Available Packages
Name        : nmap
Arch        : x86_64
Epoch       : 2
Version     : 5.21
Release     : 4.el6
Size        : 2.2 M
Repo        : base
Summary     : Network exploration tool and security scanner
URL         : http://nmap.org/
License     : GPLv2 and LGPLv2+ and GPLv2+ and BSD
Description : Nmap is a utility for network exploration or security auditing.
            : It supports ping scanning (determine which hosts are up), many
            : port scanning techniques (determine what services the hosts are
            : offering), and TCP/IP fingerprinting (remote host operating system
            : identification). Nmap also offers flexible target and port
            : specification, decoy scanning, determination of TCP sequence
            : predictability characteristics, reverse-identd scanning, and more.
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: knocking software

Postby johnny1024 » 2012/02/02 15:25:23

Hello,

Thank you for the answer, but what can I do to have knockd (or alternative for the same purpose) installed?

At the moment my server is visible from outside and it means that first line of protection doesn't even exist...

Regards,
Jan
johnny1024
 
Posts: 4
Joined: 2012/02/01 19:32:16

Re: knocking software

Postby TrevorH » 2012/02/02 16:19:16

First step is to move your sshd port to a different port. This doesn't really do anything for security except to avoid all the skript-kiddies who search for servers listening on the default ports. Next is to configure ssh so that root logins are disabled (or enabled only with keys) and to disallow password logins for normal users. This means that only people with public/private key pairs who have their keys installed on your system will be able to login via ssh.

You can also set up iptables rules to disable connections after so many attempts from a particular IP address for a certain amount of time.

If none of those are sufficient then the knock rpm from rpmforge for el5 rebuilds on CentOS 6 with a few changes

Code: Select all
$ cat ~/rpmbuild/SOURCES/knockd-0.5-limits.patch
--- src/knockd.orig     2012-02-02 16:07:01.231835730 +0000
+++ src/knockd.c        2012-02-02 16:07:22.356965180 +0000
@@ -47,6 +47,7 @@
 #include <pcap.h>
 #include <errno.h>
 #include "list.h"
+#include <linux/limits.h>

 static char version[] = "0.5";



and amending the spec file to include the patch

Code: Select all
$ diff -u knock.spec.orig knock.spec
--- knock.spec.orig     2012-02-02 16:16:54.734840571 +0000
+++ knock.spec  2012-02-02 16:08:55.838965571 +0000
@@ -14,6 +14,7 @@
 Vendor: Dag Apt Repository, http://dag.wieers.com/apt/
 
 Source: http://www.zeroflux.org/knock/files/knock-%{version}.tar.gz
+Patch0: knockd-%{version}-limits.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 
 BuildRequires: libpcap
@@ -31,6 +32,7 @@
 
 %prep
 %setup
+%patch0 -p0
 
 %build
 %configure \


I didn't check the resulting rpm to find out if it installs or runs.
User avatar
TrevorH
Forum Moderator
 
Posts: 9164
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: knocking software

Postby johnny1024 » 2012/02/06 15:45:26

Thank you for the answer but I'm afraid it's too difficult for me to use it.

Regards,
Jan
johnny1024
 
Posts: 4
Joined: 2012/02/01 19:32:16

Re: knocking software

Postby johnny1024 » 2012/02/07 08:33:08

Hi,

Maybe somebody knows how to request knockd to be included in one of CentOS 6.2 repositories? I hope it's not very difficult (for author or people familiar with it) to prepare an appropriate port for new version of operating system.
I consider such software as very useful and for me it's a big overlooking not to include it in any repository.

Kind Regards,
Jan
johnny1024
 
Posts: 4
Joined: 2012/02/01 19:32:16

Re: knocking software

Postby pschaff » 2012/02/07 12:10:28

You could file an RFE at http://bugs.centos.org/ but I would expect the chances of that being implemented as somewhere between slim and none. A better bet would be to request packages at RPMforge/Repoforge users list citing this thread, specifically Trevor's post #4 with the patch.
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: knocking software

Postby Blisk » 2012/02/07 18:19:37

Why do you need a knocking software. Lock the ports on your IP.
If you have dynamical IP, install some machine with static IP and lock it on that machine.

Turn that machine off and when you need access to server tur it on with WOL and that go to that machine and from there to server.....
Blisk
 
Posts: 94
Joined: 2011/07/04 14:49:51

Re: knocking software

Postby elysch » 2012/04/07 15:06:36

Hi.

Has anybody been able to find knock RPM's for CentOS6 already?

I found a log file saying someone created them since january at:
http://pkgs.repoforge.org/knock/_buildlogs/

But culdn't find the actual RPM at:
http://pkgs.repoforge.org/knock/

Maybe it is there, but doesn't show because of wrong filesystem permissions.

Does anybody knows how to contact http://pkgs.repoforge.org administrator in order to ask him/her for help?
I haven't been able to.

Any help will be really appreciated.

Ely.
elysch
 
Posts: 4
Joined: 2012/04/07 03:56:10

Re: knocking software

Postby pschaff » 2012/04/07 22:55:43

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

After reading those links you should realize why you should not hijack threads as you have done. Please start a new Topic for your issue to get the attention you need, providing a link to this one if required for context.
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Next

Return to CentOS 6 - General Support

Who is online

Users browsing this forum: Pantela and 11 guests