Forgot to mention, the package is architecture independent. If the patch needs any further improvements before being accepted please let me know. And I am happy to maintain this package.
Sent from my iPhone On 1 Apr 2012, at 14:20, Salander <[email protected]> wrote: > Hi all, > This patch adds the Ostiary package to the repository. I've tested this on > the latest build (revision 31158). Installation, un-installation and > ostiaryd.init script all seem to work correctly. > > A bit of background, Ostiary has a similar purpose to Port Knocking but uses > a different implementation that removes the possibility of replay attacks. > Not everyone will view it as suitable for their needs, but for me combined > with ssh I feel it is more than sufficient. > > I suppose for the super paranoid admin, the perfect system would be a package > that uses the approach of port knocking via a closed port that is combined > with an ostiary style signature challenge. > > Anyhow, I have created quickstart documentation for the server and client at > "http://wiki.openwrt.org/doc/howto/ostiary.server"; and > "http://wiki.openwrt.org/doc/howto/ostiary.client";. > > Signed-off-by: Salander <Salander [@t] gmx.u$> > > > > > Index: admin/ostiary/files/ostiaryd.init > =================================================================== > --- admin/ostiary/files/ostiaryd.init (revision 0) > +++ admin/ostiary/files/ostiaryd.init (revision 0) > @@ -0,0 +1,27 @@ > +#!/bin/sh /etc/rc.common > +# Copyright (C) 2008-2012 OpenWrt.org > + > +START=85 > +MYSERVICE=ostiaryd > + > + > +start() { > + echo starting $MYSERVICE... > + /usr/bin/$MYSERVICE > + sleep 1 > + echo done > +} > + > +stop() { > + > + if ps ax | grep -v grep | grep -v rc.common | grep $MYSERVICE> > /dev/null > + then > + echo "stopping $MYSERVICE..." > + pkill -9 $MYSERVICE > + sleep 1 > + echo done > + else > + echo "$MYSERVICE is not running" > + fi > +} > + > > Property changes on: admin/ostiary/files/ostiaryd.init > ___________________________________________________________________ > Added: svn:executable > + * > > Index: admin/ostiary/files/ssh_disable > =================================================================== > --- admin/ostiary/files/ssh_disable (revision 0) > +++ admin/ostiary/files/ssh_disable (revision 0) > @@ -0,0 +1,4 @@ > +#!/bin/sh > + > +logger Ostiary is dis-abling SSH > +iptables -D zone_wan -p tcp --dport 22001 -j ACCEPT > > Property changes on: admin/ostiary/files/ssh_disable > ___________________________________________________________________ > Added: svn:executable > + * > > Index: admin/ostiary/files/ssh_enable > =================================================================== > --- admin/ostiary/files/ssh_enable (revision 0) > +++ admin/ostiary/files/ssh_enable (revision 0) > @@ -0,0 +1,4 @@ > +#!/bin/sh > + > +logger Ostiary is enabling SSH > +iptables -I zone_wan -p tcp --dport 22001 -j ACCEPT > > Property changes on: admin/ostiary/files/ssh_enable > ___________________________________________________________________ > Added: svn:executable > + * > > Index: admin/ostiary/Makefile > =================================================================== > --- admin/ostiary/Makefile (revision 0) > +++ admin/ostiary/Makefile (revision 0) > @@ -0,0 +1,88 @@ > +# > +# Copyright (C) 2008-2011 OpenWrt.org > +# > +# This is free software, licensed under the GNU General Public License v2. > +# See /LICENSE for more information. > +# > + > +include $(TOPDIR)/rules.mk > + > +PKG_NAME:=ostiary > +PKG_VERSION:=4.0 > +PKG_RELEASE:=1 > + > +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz > +PKG_SOURCE_URL:=http://ingles.homeunix.net/software/ost/latest/ > +PKG_MD5SUM:=420d1fda246097d7e4d1277f39069578 > + > +include $(INCLUDE_DIR)/package.mk > + > +define Package/ostiary > + SECTION:=admin > + CATEGORY:=Administration > + TITLE:=Simple, Secure Remote Script Execution > + URL:=http://ingles.homeunix.net/software/ost/index.html > +endef > + > +define Package/ostiary/description > + Designed to allow you to run a fixed set of commands remotely, > + without giving everyone else access to the same commands. > + > + Provides - ostiaryd daemon (~25kb) > + - ostclient (~9kb) > +endef > + > +EXTRA_CFLAGS += $(TARGET_CPPFLAGS) > + > +CONFIGURE_ARGS += \ > + --prefix="/usr/bin" \ > + --sysconfdir="/etc/ostiaryd" \ > + CFLAGS="$(TARGET_CFLAGS) $(EXTRA_CFLAGS)" > + > +define Build/Compile > + $(MAKE) -C $(PKG_BUILD_DIR) \ > + DESTDIR="$(PKG_INSTALL_DIR)" \ > + INSTALL_OPTS="" \ > + STRIP=: \ > + ostiaryd ostclient > +endef > + > +define Package/ostiary/install > + $(INSTALL_DIR) $(1)/etc/ostiaryd > + $(INSTALL_CONF) $(PKG_BUILD_DIR)/tests/ostiary.cfg > $(1)/etc/ostiaryd/ostiary.cfg > + $(INSTALL_DIR) $(1)/etc/ostiaryd/scripts > + $(INSTALL_BIN) ./files/{ssh_enable,ssh_disable} > $(1)/etc/ostiaryd/scripts > + $(INSTALL_DIR) $(1)/etc/init.d/ > + $(INSTALL_BIN) ./files/ostiaryd.init $(1)/etc/init.d/ostiaryd > + $(INSTALL_DIR) $(1)/usr/bin > + $(INSTALL_BIN) $(PKG_BUILD_DIR)/{ostiaryd,ostclient} $(1)/usr/bin/ > +endef > + > + > + > + > +define Package/ostiary/postinst > +#!/bin/sh > +# check if we are on real system > +if [ -z "$${IPKG_INSTROOT}" ]; then > + echo "Enabling rc.d symlink for ostiaryd" > + /etc/init.d/ostiaryd enable > +fi > +exit 0 > +endef > + > +define Package/ostiary/prerm > +#!/bin/sh > +# check if we are on real system > +if [ -z "$${IPKG_INSTROOT}" ]; then > + /etc/init.d/ostiaryd stop > + echo "Removing rc.d symlink for ostiaryd" > + /etc/init.d/ostiaryd disable > + echo "Any config backups and scripts you created are not removed > automatically." > + echo "To finish cleanup, backup any files you want to keep, then run rm > -f /etc/ostiaryd" > +fi > +exit 0 > +endef > + > + > +$(eval $(call BuildPackage,ostiary)) _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
