From 95428a6d3a39e436aed2d33a39ebae473f7531dd Mon Sep 17 00:00:00 2001 From: florian Date: Mon, 13 Aug 2012 14:08:37 +0000 Subject: [PATCH] [package] add ostiary package This patch adds the Ostiary package to the repository. I've tested this on the latest build (revision 31158). Installation, un-installation and ostiaryd.init script all seem to work correctly. A bit of background, Ostiary has a similar purpose to Port Knocking but uses a different implementation that removes the possibility of replay attacks. Not everyone will view it as suitable for their needs, but for me combined with ssh I feel it is more than sufficient. I suppose for the super paranoid admin, the perfect system would be a package that uses the approach of port knocking via a closed port that is combined with an ostiary style signature challenge. Anyhow, I have created quickstart documentation for the server and client at "http://wiki.openwrt.org/doc/howto/ostiary.server" and "http://wiki.openwrt.org/doc/howto/ostiary.client". Signed-off-by: Desmond Hokin git-svn-id: svn://svn.openwrt.org/openwrt/packages@33167 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- admin/ostiary/Makefile | 88 +++++++++++++++++++++++++++++++ admin/ostiary/files/ostiaryd.init | 27 ++++++++++ admin/ostiary/files/ssh_disable | 4 ++ admin/ostiary/files/ssh_enable | 4 ++ 4 files changed, 123 insertions(+) create mode 100644 admin/ostiary/Makefile create mode 100644 admin/ostiary/files/ostiaryd.init create mode 100644 admin/ostiary/files/ssh_disable create mode 100644 admin/ostiary/files/ssh_enable diff --git a/admin/ostiary/Makefile b/admin/ostiary/Makefile new file mode 100644 index 000000000..757c5953f --- /dev/null +++ b/admin/ostiary/Makefile @@ -0,0 +1,88 @@ +# +# Copyright (C) 2008-2011 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=ostiary +PKG_VERSION:=4.0 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=http://ingles.homeunix.net/software/ost/latest/ +PKG_MD5SUM:=420d1fda246097d7e4d1277f39069578 + +include $(INCLUDE_DIR)/package.mk + +define Package/ostiary + SECTION:=admin + CATEGORY:=Administration + TITLE:=Simple, Secure Remote Script Execution + URL:=http://ingles.homeunix.net/software/ost/index.html +endef + +define Package/ostiary/description + Designed to allow you to run a fixed set of commands remotely, + without giving everyone else access to the same commands. + + Provides - ostiaryd daemon (~25kb) + - ostclient (~9kb) +endef + +EXTRA_CFLAGS += $(TARGET_CPPFLAGS) + +CONFIGURE_ARGS += \ + --prefix="/usr/bin" \ + --sysconfdir="/etc/ostiaryd" \ + CFLAGS="$(TARGET_CFLAGS) $(EXTRA_CFLAGS)" + +define Build/Compile + $(MAKE) -C $(PKG_BUILD_DIR) \ + DESTDIR="$(PKG_INSTALL_DIR)" \ + INSTALL_OPTS="" \ + STRIP="" \ + ostiaryd ostclient +endef + +define Package/ostiary/install + $(INSTALL_DIR) $(1)/etc/ostiaryd + $(INSTALL_CONF) $(PKG_BUILD_DIR)/tests/ostiary.cfg $(1)/etc/ostiaryd/ostiary.cfg + $(INSTALL_DIR) $(1)/etc/ostiaryd/scripts + $(INSTALL_BIN) ./files/{ssh_enable,ssh_disable} $(1)/etc/ostiaryd/scripts + $(INSTALL_DIR) $(1)/etc/init.d/ + $(INSTALL_BIN) ./files/ostiaryd.init $(1)/etc/init.d/ostiaryd + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/{ostiaryd,ostclient} $(1)/usr/bin/ +endef + + + + +define Package/ostiary/postinst +#!/bin/sh +# check if we are on real system +if [ -z "$${IPKG_INSTROOT}" ]; then + echo "Enabling rc.d symlink for ostiaryd" + /etc/init.d/ostiaryd enable +fi +exit 0 +endef + +define Package/ostiary/prerm +#!/bin/sh +# check if we are on real system +if [ -z "$${IPKG_INSTROOT}" ]; then + /etc/init.d/ostiaryd stop + echo "Removing rc.d symlink for ostiaryd" + /etc/init.d/ostiaryd disable + echo "Any config backups and scripts you created are not removed automatically." + echo "To finish cleanup, backup any files you want to keep, then run rm -f /etc/ostiaryd" +fi +exit 0 +endef + + +$(eval $(call BuildPackage,ostiary)) diff --git a/admin/ostiary/files/ostiaryd.init b/admin/ostiary/files/ostiaryd.init new file mode 100644 index 000000000..6c4ee090a --- /dev/null +++ b/admin/ostiary/files/ostiaryd.init @@ -0,0 +1,27 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2008-2012 OpenWrt.org + +START=85 +MYSERVICE=ostiaryd + + +start() { + echo starting $MYSERVICE... + /usr/bin/$MYSERVICE + sleep 1 + echo done +} + +stop() { + + if ps ax | grep -v grep | grep -v rc.common | grep $MYSERVICE> /dev/null + then + echo "stopping $MYSERVICE..." + pkill -9 $MYSERVICE + sleep 1 + echo done + else + echo "$MYSERVICE is not running" + fi +} + diff --git a/admin/ostiary/files/ssh_disable b/admin/ostiary/files/ssh_disable new file mode 100644 index 000000000..1d4304fed --- /dev/null +++ b/admin/ostiary/files/ssh_disable @@ -0,0 +1,4 @@ +#!/bin/sh + +logger Ostiary is dis-abling SSH +iptables -D zone_wan -p tcp --dport 22001 -j ACCEPT diff --git a/admin/ostiary/files/ssh_enable b/admin/ostiary/files/ssh_enable new file mode 100644 index 000000000..0987cded0 --- /dev/null +++ b/admin/ostiary/files/ssh_enable @@ -0,0 +1,4 @@ +#!/bin/sh + +logger Ostiary is enabling SSH +iptables -I zone_wan -p tcp --dport 22001 -j ACCEPT