TDMP=/usr/sbin/tcpdump LOG=/admin/pknock/logfile LOPT="-i eth1 -q -nn -c 3 "dst port (111 or 2222 or 33333)"" TST=1 while [ $TST == 1 ] do $TDMP $LOPT | grep -e "<servers_ip>" > $LOG TST=1 done |
TDMP=`which tcpdump` LLOG=/admin/pknock/logfile IPT=/usr/local/sbin/iptables ##next is the knock sequence LOPT="port (111 or 2222 or 33333)" ##start the process loop TST=1 while [ $TST == 1 ] do ##get time 5 minutes ago BDATE5=`date +%R -d '-5 minutes'` BDATE4=`date +%R -d '-4 minutes'` BDATE3=`date +%R -d '-3 minutes'` BDATE2=`date +%R -d '-2 minutes'` BDATE1=`date +%R -d '-1 minutes'` BDATE0=`date +%R` ##check for the knock KEEP=`cat $LLOG` ##check for all 3 ports echo $KEEP | grep ".111" $2> /dev/null CHK1=`echo $?` echo $KEEP | grep ".2222" $2> /dev/null CHK2=`echo $?` echo $KEEP | grep ".33333" $2> /dev/null CHK3=`echo $?` ##check if it is recent enough - last 5 minutes and that all were present if [ $CHK1 == "0" ] && [ $CHK2 == "0" ] && [ $CHK3 == "0" ] then PDATE=`echo $KEEP | cut -f 1,2 -d ":"` if [ "$BDATE5" == "$PDATE" ] || [ "$BDATE4" == "$PDATE" ] || [ "$BDATE3" == "$PDATE" ] || [ "$BDATE2" == "$PDATE" ] || [ "$BDATE1" == "$PDATE" ] || [ "$BDATE0" == "$PDATE" ] then ##insert rule to allow ssh access ##i insert it after my packet checks of which I have 12 $IPT -I INPUT 13 -p tcp -m tcp --dport 22 -j ACCEPT logger "pknock: allow access" ##give chance to login and then close again sleep 60 $IPT -D INPUT 13 else sleep 5 fi fi TST=1 done |
nohup /admin/pknock/listend 2> /dev/null
& nohup /admin/pknock/checkd & |
for x in 111 2222 33333; do nc -w 1 -z
<server_ip> $x; done |
$IPT -N PKNCK $IPT -N SSHKNCK $IPT -A PKNCK -m state --state NEW -m tcp -p tcp --dport 22 -m recent --seconds 300 --rcheck --name ALLOW -j ACCEPT $IPT -A PKNCK -m state --state NEW -m tcp -p tcp -m recent --name ALLOW --remove -j DROP $IPT -A PKNCK -m state --state NEW -m tcp -p tcp --dport 33333 -m recent --rcheck --name KEEP -j SSHKNCK $IPT -A PKNCK -m state --state NEW -m tcp -p tcp -m recent --name KEEP --remove -j DROP $IPT -A PKNCK -m state --state NEW -m tcp -p tcp --dport 2222 -m recent --name KEEP --set -j DROP $IPT -A PKNCK -m state --state NEW -m tcp -p tcp --dport 111 -m recent --name KEEP --set -j DROP $IPT -A PKNCK -j RETURN $IPT -A SSHKNCK -m recent --name ALLOW --set -j DROP $IPT -A INPUT -p tcp -m tcp -j PKNCK |