"Fossies" - the Fresh Open Source Software Archive

Member "coarseknocking-0.0.6/bin/coarseknocking" (27 Mar 2006, 8647 Bytes) of package /linux/privat/old/coarseknocking-0.0.6.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 #!/bin/bash
    2 ###############################################################################
    3 # File: coarseknocking
    4 # Copyright (C) 2005  - http://coarseknocking.sourceforge.net
    5 #
    6 # By Andre Luiz Rodrigues Ferreira - si0ux - <andrelrf@gmail.com>
    7 # From Orlandia - SP - Brazil
    8 # 
    9 # This is a simple implementation of Port Knocking techniques.
   10 # This sniffs network packets with determined keys and executes commands like 
   11 # firewall to open and close ports. In the client mode injects packets with 
   12 # key to server.
   13 # This is a personal project of the your author and is available for everybody 
   14 # by your GPL Licence.
   15 #
   16 # WARNING: Depends of ngrep (http://ngrep.sourceforge.net) and 
   17 #          nemesis (http://nemesis.sourceforge.net) network tools.
   18 #          This software was been tested on Debian GNU/Linux 3.1 system.
   19 #
   20 # More information: 
   21 # http://www.portknocking.org
   22 # http://coarseknocking.sourceforge.net
   23 #
   24 # 
   25 # Changelog:
   26 #   * 20060328 - Fixed bug in injection mode. 
   27 #                    Thanks to Sebastien J. <s.j@mac.com>
   28 #   * 20060210 - Added support to choose network interface;
   29 #          - Added coarseknockingcfg configuration tool;
   30 #   * 20051114 - Fixed bug in the sent key in client mode and 
   31 #                      improved the documentation.
   32 #   * 20051111 - Fixed various bugs: 
   33 #           - Keys now doesn't visible to ps command :)
   34 #           - More resources to daemon mode. But I need improve it. 
   35 #           - Packages to Debian GNU/Linux
   36 #   * 20051101 - Install and uninstall script to Linux systems
   37 #   * 20051031 - Support to others firewalls
   38 #   * 20051028 - Support to Configuration file for Client and Server
   39 #   sides.
   40 #   * 20051020 - Initial Release
   41 #
   42 #
   43 #
   44 ################################################################################
   45 # LICENCE:
   46 # CoarseKnocking is free software; you can redistribute it and/or modify it 
   47 # under the terms of the GNU General Public License as published by the Free
   48 # Software Foundation; either version 2 of the License, or (at your option) any 
   49 # later version.
   50 #
   51 # CoarseKnocking is distributed in the hope that it will be useful, but WITHOUT 
   52 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 
   53 # FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
   54 #
   55 # You should have received a copy of the GNU General Public License along with 
   56 # CoarseKnocking; if not, write to the Free Software Foundation, Inc., 59 
   57 # Temple Place, Suite 330, Boston, MA  02111-1307  USA
   58 #
   59 ##############################################################################
   60 
   61 # Variables
   62 version="0.0.6"
   63 date="20060328"
   64 
   65 # About screen ###
   66 function about() {
   67     echo -e "********************************************************"
   68     echo -e "*     CoarseKnocking - version $version - $date        *" 
   69     echo -e "********************************************************"
   70     echo -e "A "coarse" implementation of Port Knocking techniques."
   71     echo -e "by Andre Luiz Rodrigues Ferreira <andrelrf@gmail.com>"
   72 }
   73                  
   74 ###################
   75 # Server Mode     #
   76 ###################
   77 function server_mode() {
   78 
   79     ## Checkings ##########
   80     # Config file...
   81     conffile="/etc/coarseknocking/coarse-server.conf"
   82     
   83     if [ -f $conffile ]
   84     then
   85         echo -e "\nConfiguration file found. Reading..."
   86         source $conffile
   87     else
   88         echo -e "\nERROR: Configuration file $conffile doesn't exists..."
   89         exit 1
   90     fi
   91 
   92     if [ -f $sniffing ]
   93     then
   94         echo -e "Sniffer found."
   95     else
   96         echo -e "\nERROR: ngrep tool (http://ngrep.sourceforge.net) not found..."
   97         echo -e "Please verify the sniffing variable in your configuration file:"
   98         echo -e "$conffile"
   99         exit 1
  100     fi
  101     
  102 
  103     ## Sniffing #########
  104     if [ $UID != "0" ]
  105     then
  106         echo -e "\nERROR: User must be root...\n"
  107         exit 1
  108     fi
  109     
  110     connected="Not"
  111     loop="Yes"
  112 
  113     echo $2;
  114     while [ $loop = "Yes" ]
  115     do
  116         # Sniff packets based in variables and execute commands to open and close ports...
  117         if [ $connected = "Not" ]
  118         then
  119             echo -e "\nSniffing! Waiting packet to OPEN..."
  120             
  121             if $sniffing -d $interface -q -n $amount -t -w coarse tcp port $dport and src host $srchost and dst host $dsthost > $confdir/key_rec.tmp
  122             then
  123                 key=`grep coarse $confdir/key_rec.tmp | tail -1 | cut -f2 -d ":"` && rm -f $confdir/key_rec.tmp
  124                 if [ $key = $key_open ]
  125                 then
  126                     echo -e "Packet received!!!"
  127                     echo -e "Opening port..."
  128                     if $command_open
  129                     then
  130                         echo -e "Port tcp $dport OPENED of $srchost to $dsthost!"
  131                         echo -e "Waiting packet to CLOSE..."
  132                         connected="Ok"
  133                     else
  134                         echo -e "ERROR: error executing command to open..."
  135                         exit 1
  136                     fi
  137                 else
  138                     echo -e "Packet from $srchost to $dsthost to $dport tcp port received, BUT THE KEY IS INCORRECT!!!"
  139                 fi
  140             else
  141                 echo -e "ERROR: Packet to open port wasn't received!!!"
  142                 exit 1
  143             fi
  144         fi
  145 
  146         if [ $connected = "Ok" ]
  147         then
  148             if $sniffing -d $interface -q -n $amount -t -w coarse tcp port $dport and src host $srchost and dst host $dsthost > $confdir/key_rec.tmp
  149             then
  150                 key=`grep coarse $confdir/key_rec.tmp | tail -1 | cut -f2 -d ":"` && rm -f $confdir/key_rec.tmp
  151                 if [ $key = $key_close ]
  152                 then
  153                     echo -e "Packet received!!!"
  154                     echo -e "Closing port..."
  155                     if $command_close
  156                     then
  157                         echo -e "Port tcp $dport CLOSED of $srchost to $dsthost!"
  158                         connected="Not"
  159                     else
  160                         echo -e "ERROR: error executing command to close..."
  161                         exit 1
  162                     fi
  163                 else
  164                     echo -e "Packet from $srchost to $dsthost to $dport tcp port received, BUT THE KEY IS INCORRECT!!!"
  165                 fi
  166             else
  167                 echo -e "ERROR: Packet to close port wasn't received!!!"
  168                 exit 1
  169             fi
  170         fi
  171     done
  172     exit 0
  173 }
  174 
  175 function client_mode() {
  176 
  177     ## Checkings ##########
  178     # Config file...
  179     conffile="/etc/coarseknocking/coarse-client.conf"
  180     
  181     if [ -f $conffile ]
  182     then
  183         echo -e "\nConfiguration file found. Reading..."
  184         source $conffile
  185     else
  186         echo -e "\nERROR: Configuration file $conffile doesn't exists..."
  187         exit 1
  188     fi
  189 
  190     if [ -f $injection_tool ]
  191     then
  192         echo -e "Injection tool found."
  193     else
  194         echo -e "\nERROR: nemesis tool (http://nemesis.sourceforge.net) not found..."
  195         echo -e "Please verify the injection_tool variable in your configuration file:"
  196         echo -e "$conffile"
  197         exit 1
  198     fi
  199     
  200 
  201     ## Injection #########
  202     if [ $UID != "0" ]
  203     then
  204         echo -e "\nERROR: User must be root...\n"
  205         exit 1
  206     else
  207     
  208         if [ "$arg2" = "-o" -o "$arg2" = "--open" ]
  209         then
  210             echo "coarse:$key_open:/coarse" > $conf_dir/key.tmp
  211             echo "Knocking to open..."
  212             for ((i=1;i<=$amount;i++)); 
  213             do 
  214                 if $injection_tool tcp -x $sport -y $dport -fS -S $srchost -D $dsthost -P $conf_dir/key.tmp
  215                 then
  216                     echo -e "Packet #$i to OPEN sent..."
  217                     continue
  218                 else
  219                     echo -e "ERROR: packet #$i wasn't sent..."
  220                     rm -f $conf_dir/key.tmp
  221                     exit 1
  222                 fi
  223             done
  224             echo -e "All the packages had been sent..."
  225             echo -e "Please, try to connect now!"
  226             rm -f $conf_dir/key.tmp
  227         elif [ "$arg2" = "-p" -o "$arg2" = "--pull" ] 
  228         then 
  229             echo "coarse:$key_close:/coarse" > $conf_dir/key.tmp
  230             echo "Pulling the port to close"
  231             for ((i=1;i<=$amount;i++));
  232             do
  233                 if $injection_tool tcp -x $sport -y $dport -fS -S $srchost -D $dsthost -P $conf_dir/key.tmp
  234                 then
  235                     echo -e "Packet #$i to CLOSE sent..."
  236                     continue
  237                 else
  238                     echo -e "ERROR: packet #$i wasn't sent..."
  239                     rm -f $conf_dir/key.tmp
  240                     exit 1
  241                 fi
  242             done
  243         else
  244             echo -e "ERROR: Please, inform -o (to knocking for open) or -p (to pull the port and close connection) !"
  245             exit 1
  246         fi
  247     fi
  248     exit 0
  249 }
  250 
  251 
  252 function help_program() {
  253     echo -e "Use: [option] [option]"
  254     echo 
  255     echo -e "Options:   -c, --client                 Run in client mode."
  256     echo -e "           -s, --server                 Run in server mode."
  257     echo -e "           -h, --help                   This help." 
  258     echo -e 
  259     echo -e "Options to CLIENT mode:  -o, --open     Knocking! Send key to open port."
  260     echo -e "                         -p, --push     Send key to pull port for close connection."   
  261     echo -e         
  262     echo -e "Samples:"
  263     echo -e "1 - Server mode (to wait keys): coarseknocking -s"
  264     echo -e "2 - Cliente mode (to send key for open connection): coarseknocking -c -o"
  265     echo -e "3 - Client mode (to send key for close connection): coarseknocking -c -p"
  266     echo -e
  267     echo -e "Please report problems to <coarseknocking-devel@lists.sourceforge.net>."
  268     exit 1
  269 }
  270 
  271 # about screen
  272 about 
  273 
  274 # Main program
  275 case "$1" in
  276     -s)
  277         export arg2=$2
  278         server_mode
  279     ;;
  280     --server)
  281         export arg2=$2
  282         server_mode
  283     ;;
  284     -c)
  285         export arg2=$2
  286         client_mode
  287     ;;
  288     --client)
  289         export arg2=$2
  290         client_mode
  291     ;;
  292     --help)
  293         export arg2=$2
  294         help_program
  295     ;;
  296     -h)
  297         export arg2=$2
  298         help_program
  299     ;;
  300     *)
  301         export arg2=$2
  302         help_program
  303     exit 1
  304     ;;
  305 esac
  306     
  307 # End of Code ###