Installing knockd for ClearOS is anything but, trivial if you are not familiar with the platform. I use Ubuntu and was having a hard time with getting knockd to work on ClearOS. These are my adventures (actually fairly simple as it turns out)…<\/p>\n
To install knockd on ClearOS, we first need to install gcc, rpm-build, and libpcap-devel:<\/p>\n
\r\n#yum install gcc rpm-build libpcap-devel\r\n<\/pre>\nWe then need to fetch the source RPM package for knockd:<\/p>\n
\r\n#wget http:\/\/www.invoca.ch\/pub\/packages\/knock\/RPMS\/ils-5\/SRPMS\/knock-0.5-7.el5.src.rpm\r\n<\/pre>\nNow build the source RPM package:<\/p>\n
\r\n#rpmbuild --rebuild knock-0.5-7.el5.src.rpm\r\n<\/pre>\nFinally, install the newly created RPM package which should be located at ‘\/usr\/src\/redhat\/RPMS\/i386\/<\/strong>‘:<\/p>\n
\r\n#cd \/usr\/src\/redhat\/RPMS\/i386\/\r\n#rpm -ivh knock-server-0.5-7.i386.rpm\r\n<\/pre>\nWe should now have knockd:<\/p>\n
\r\n#knockd --help\r\nusage: knockd [options]\r\noptions:\r\n-i, --interface <int>\u00a0 network interface to listen on (default \"eth0\")\r\n-d, --daemon\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 run as a daemon\r\n-c, --config <file>\u00a0\u00a0\u00a0 use an alternate config file\r\n-D, --debug\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 output debug messages\r\n-l, --lookup\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lookup DNS names (may be a security risk)\r\n-v, --verbose\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 be verbose\r\n-V, --version\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 display version\r\n-h, --help\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 this help\r\n<\/pre>\nWe now need to setup our ‘knockd.conf<\/strong>‘ file:<\/p>\n
\r\n#vi \/etc\/knockd.conf\r\n<\/pre>\nMine looks like this after playing around with iptables and customizing it to my need:<\/p>\n
\r\n[options]\r\nlogfile = \/var\/log\/knockd.log\r\ninterface = eth0\r\n\r\n[opencloseVNC]\r\n\r\nsequence\u00a0\u00a0\u00a0\u00a0\u00a0 = 8181:tcp,5901:tcp,8181:tcp,5901:tcp\r\nseq_timeout\u00a0\u00a0 = 15\r\nstart_command = \/sbin\/iptables -A FORWARD -o eth1 -p tcp --dport 5901 -j ACCEPT -d 192.168.2.24 -s %IP% && iptables -t nat -A PREROUTING -p tcp --dport 5901 -j DNAT --to-destination 192.168.2.24:5901 && iptables -t nat -A POSTROUTING -p tcp --dport 5901 -j SNAT --to-source 192.168.2.1 -d 192.168.2.24 -s 192.168.2.0\/24\r\ncmd_timeout\u00a0\u00a0 = 10\r\nstop_command\u00a0 = \/sbin\/iptables -D FORWARD -o eth1 -p tcp --dport 5901 -j ACCEPT -d 192.168.2.24 -s %IP% && iptables -t nat -D PREROUTING -p tcp --dport 5901 -j DNAT --to-destination 192.168.2.24:5901 && iptables -t nat -D POSTROUTING -p tcp --dport 5901 -j SNAT --to-source 192.168.2.1 -d 192.168.2.24 -s 192.168.2.0\/24\r\n<\/pre>\nYou’ll of course need to customize it to your needs. That however, is outside the scope of this article. You can refer to here for help: http:\/\/www.zeroflux.org\/projects\/knock<\/a><\/p>\n
At this point, you should run ‘knockd<\/strong>‘ and test that your configuration works as intended.<\/p>\n
If you would like to add knockd to the list on the services page within ClearOS, you will need to add an entry to the ‘Daemon.inc.php<\/strong>‘ file:<\/p>\n
\r\n#vi \/var\/webconfig\/api\/Daemon.inc.php\r\n<\/pre>\nAdd the following line into the array at the bottom:<\/p>\n
\r\n\"knockd\"\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 => array(\"knock-server-0.5-7\",\u00a0\u00a0\u00a0 \"knockd\",\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \"yes\",\u00a0 \"knockd\",\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \"no\",\u00a0 null),\r\n<\/pre>\nThat’s it! You’re done! Congratulations! You have successfully installed knockd for ClearOS!<\/p>\n","protected":false},"excerpt":{"rendered":"
Installing knockd for ClearOS is anything but, trivial if you are not familiar with the platform. I use Ubuntu and was having a hard time with getting knockd to work on ClearOS. These are my adventures (actually fairly simple as …<\/p>\n