projects / packages.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9e22456)
[package] add ostiary package
authorflorian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Mon, 13 Aug 2012 14:08:37 +0000 (14:08 +0000)
committerflorian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Mon, 13 Aug 2012 14:08:37 +0000 (14:08 +0000)
This patch adds the Ostiary package to the repository.  I've tested this on the latest build (revision 31158).  Installation, un-installation and ostiaryd.init script all seem to work correctly.

A bit of background, Ostiary has a similar purpose to Port Knocking but uses a different implementation that removes the possibility of replay attacks.  Not everyone will view it as suitable for their needs, but for me combined with ssh I feel it is more than sufficient.

I suppose for the super paranoid admin, the perfect system would be a package that uses the approach of port knocking via a closed port that is combined with an ostiary style signature challenge.

Anyhow, I have created quickstart documentation for the server and client at "http://wiki.openwrt.org/doc/howto/ostiary.server" and  "http://wiki.openwrt.org/doc/howto/ostiary.client".

Signed-off-by: Desmond Hokin <Salander@gmx.u>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@33167 3c298f89-4303-0410-b956-a3cf2f4a3e73

admin/ostiary/Makefile [new file with mode: 0644] patch | blob
admin/ostiary/files/ostiaryd.init [new file with mode: 0644] patch | blob
admin/ostiary/files/ssh_disable [new file with mode: 0644] patch | blob
admin/ostiary/files/ssh_enable [new file with mode: 0644] patch | blob

diff --git a/admin/ostiary/Makefile b/admin/ostiary/Makefile
new file mode 100644 (file)
index 0000000..757c595
--- /dev/null
+++ b/admin/ostiary/Makefile
@@ -0,0 +1,88 @@
+#
+# Copyright (C) 2008-2011 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=ostiary
+PKG_VERSION:=4.0
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://ingles.homeunix.net/software/ost/latest/
+PKG_MD5SUM:=420d1fda246097d7e4d1277f39069578
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/ostiary
+  SECTION:=admin
+  CATEGORY:=Administration
+  TITLE:=Simple, Secure Remote Script Execution
+  URL:=http://ingles.homeunix.net/software/ost/index.html
+endef
+
+define Package/ostiary/description
+ Designed to allow you to run a fixed set of commands remotely,
+ without giving everyone else access to the same commands.
+
+ Provides - ostiaryd daemon (~25kb)
+          - ostclient (~9kb)
+endef
+
+EXTRA_CFLAGS += $(TARGET_CPPFLAGS)
+
+CONFIGURE_ARGS += \
+    --prefix="/usr/bin" \
+    --sysconfdir="/etc/ostiaryd" \
+    CFLAGS="$(TARGET_CFLAGS) $(EXTRA_CFLAGS)"
+
+define Build/Compile
+       $(MAKE) -C $(PKG_BUILD_DIR) \
+               DESTDIR="$(PKG_INSTALL_DIR)" \
+               INSTALL_OPTS="" \
+               STRIP="" \
+               ostiaryd ostclient
+endef
+
+define Package/ostiary/install
+       $(INSTALL_DIR) $(1)/etc/ostiaryd
+       $(INSTALL_CONF) $(PKG_BUILD_DIR)/tests/ostiary.cfg $(1)/etc/ostiaryd/ostiary.cfg
+       $(INSTALL_DIR) $(1)/etc/ostiaryd/scripts
+       $(INSTALL_BIN) ./files/{ssh_enable,ssh_disable} $(1)/etc/ostiaryd/scripts
+       $(INSTALL_DIR) $(1)/etc/init.d/
+       $(INSTALL_BIN) ./files/ostiaryd.init $(1)/etc/init.d/ostiaryd
+       $(INSTALL_DIR) $(1)/usr/bin
+       $(INSTALL_BIN) $(PKG_BUILD_DIR)/{ostiaryd,ostclient} $(1)/usr/bin/
+endef
+
+
+
+
+define Package/ostiary/postinst
+#!/bin/sh
+# check if we are on real system
+if [ -z "$${IPKG_INSTROOT}" ]; then
+       echo "Enabling rc.d symlink for ostiaryd"
+       /etc/init.d/ostiaryd enable
+fi
+exit 0
+endef
+
+define Package/ostiary/prerm
+#!/bin/sh
+# check if we are on real system
+if [ -z "$${IPKG_INSTROOT}" ]; then
+       /etc/init.d/ostiaryd stop
+       echo "Removing rc.d symlink for ostiaryd"
+       /etc/init.d/ostiaryd disable
+       echo "Any config backups and scripts you created are not removed automatically."
+       echo "To finish cleanup, backup any files you want to keep, then run rm -f /etc/ostiaryd"
+fi
+exit 0
+endef
+
+
+$(eval $(call BuildPackage,ostiary))
diff --git a/admin/ostiary/files/ostiaryd.init b/admin/ostiary/files/ostiaryd.init
new file mode 100644 (file)
index 0000000..6c4ee09
--- /dev/null
+++ b/admin/ostiary/files/ostiaryd.init
@@ -0,0 +1,27 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2008-2012 OpenWrt.org
+
+START=85
+MYSERVICE=ostiaryd
+
+
+start() {
+    echo starting $MYSERVICE...
+    /usr/bin/$MYSERVICE
+    sleep 1
+    echo done
+}
+
+stop() {
+
+        if ps ax | grep -v grep | grep -v rc.common | grep $MYSERVICE> /dev/null
+        then
+                echo "stopping $MYSERVICE..."
+                pkill -9 $MYSERVICE
+                sleep 1
+                echo done
+        else
+                echo "$MYSERVICE is not running"
+        fi
+}
+
diff --git a/admin/ostiary/files/ssh_disable b/admin/ostiary/files/ssh_disable
new file mode 100644 (file)
index 0000000..1d4304f
--- /dev/null
+++ b/admin/ostiary/files/ssh_disable
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+logger Ostiary is dis-abling SSH
+iptables -D zone_wan -p tcp --dport 22001 -j ACCEPT
diff --git a/admin/ostiary/files/ssh_enable b/admin/ostiary/files/ssh_enable
new file mode 100644 (file)
index 0000000..0987cde
--- /dev/null
+++ b/admin/ostiary/files/ssh_enable
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+logger Ostiary is enabling SSH
+iptables -I zone_wan -p tcp --dport 22001 -j ACCEPT
Repository of old unmaintained packages