From: root <root@mail.hoellein.online>
Date: Sun, 18 Nov 2018 20:38:47 +0000 (+0100)
Subject: committing changes in /etc after apt run
X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=e58f9004fca4dbcb71b6c890eea008d391f1bc75;p=vserver

committing changes in /etc after apt run

Package changes:
+knockd 0.7-1ubuntu1 amd64
---

diff --git a/.etckeeper b/.etckeeper
index cc6550855..b89ee18af 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -570,6 +570,7 @@ maybe chmod 0644 'default/grub'
 maybe chmod 0644 'default/intel-microcode'
 maybe chmod 0644 'default/irqbalance'
 maybe chmod 0644 'default/keyboard'
+maybe chmod 0644 'default/knockd'
 maybe chmod 0644 'default/locale'
 maybe chmod 0644 'default/motd-news'
 maybe chmod 0644 'default/networkd-dispatcher'
@@ -942,6 +943,7 @@ maybe chmod 0755 'init.d/hwclock.sh'
 maybe chmod 0755 'init.d/irqbalance'
 maybe chmod 0755 'init.d/keyboard-setup.sh'
 maybe chmod 0755 'init.d/kmod'
+maybe chmod 0755 'init.d/knockd'
 maybe chmod 0755 'init.d/mysql'
 maybe chmod 0755 'init.d/opendkim'
 maybe chmod 0755 'init.d/opendmarc'
@@ -1010,6 +1012,7 @@ maybe chmod 0755 'kernel/postrm.d/initramfs-tools'
 maybe chmod 0755 'kernel/postrm.d/zz-update-grub'
 maybe chmod 0755 'kernel/preinst.d'
 maybe chmod 0755 'kernel/preinst.d/intel-microcode'
+maybe chmod 0644 'knockd.conf'
 maybe chmod 0644 'ld.so.conf'
 maybe chmod 0755 'ld.so.conf.d'
 maybe chmod 0644 'ld.so.conf.d/libc.conf'
diff --git a/default/knockd b/default/knockd
new file mode 100644
index 000000000..665cb774d
--- /dev/null
+++ b/default/knockd
@@ -0,0 +1,8 @@
+# control if we start knockd at init or not
+# 1 = start
+# anything else = don't start
+# PLEASE EDIT /etc/knockd.conf BEFORE ENABLING
+START_KNOCKD=0
+
+# command line options
+#KNOCKD_OPTS="-i eth1"
diff --git a/init.d/knockd b/init.d/knockd
new file mode 100755
index 000000000..be35b57ff
--- /dev/null
+++ b/init.d/knockd
@@ -0,0 +1,71 @@
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides:          knockd
+# Required-Start:    $network $syslog $remote_fs
+# Required-Stop:     $network $syslog $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: port-knock daemon
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/knockd
+NAME=knockd
+PIDFILE=/var/run/$NAME.pid
+DEFAULTS_FILE=/etc/default/knockd
+DESC="Port-knock daemon"
+OPTIONS=" -d"
+
+umask 0037
+
+test -f $DAEMON || exit 0
+
+set -e
+
+[ -f $DEFAULTS_FILE ] && . $DEFAULTS_FILE
+
+. /lib/lsb/init-functions
+
+[ "$KNOCKD_OPTS" ] && OPTIONS="$OPTIONS $KNOCKD_OPTS"
+
+start_if_configured() {
+    if [ $START_KNOCKD -ne 1 ]; then
+        log_warning_msg "$NAME disabled: not starting. To enable it edit $DEFAULTS_FILE"
+        exit 0
+    else
+        log_daemon_msg "Starting $DESC" "$NAME"
+        if ! START_ERROR=`start-stop-daemon --start --oknodo --quiet --exec $DAEMON -- $OPTIONS 2>&1`; then
+            # don't fail the upgrade if it fails to start
+            echo -n " "
+            log_action_end_msg 1 "$START_ERROR"
+            exit 0
+        else
+            log_end_msg 0
+        fi
+    fi
+}
+
+case "$1" in
+    start)
+        start_if_configured
+        ;;
+    stop)
+        log_daemon_msg "Stopping $DESC" "$NAME"
+        start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
+        log_end_msg 0
+        ;;
+    restart|reload|force-reload)
+        log_daemon_msg "Stopping $DESC" "$NAME"
+        start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
+        log_end_msg 0
+        sleep 1
+        start_if_configured
+        ;;
+    *)
+        log_warning_msg "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
+        exit 1
+        ;;
+esac
+
+exit 0
diff --git a/knockd.conf b/knockd.conf
new file mode 100644
index 000000000..76f32071e
--- /dev/null
+++ b/knockd.conf
@@ -0,0 +1,15 @@
+[options]
+	UseSyslog
+
+[openSSH]
+	sequence    = 7000,8000,9000
+	seq_timeout = 5
+	command     = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
+	tcpflags    = syn
+
+[closeSSH]
+	sequence    = 9000,8000,7000
+	seq_timeout = 5
+	command     = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
+	tcpflags    = syn
+
diff --git a/rc0.d/K01knockd b/rc0.d/K01knockd
new file mode 120000
index 000000000..c68d7f2d0
--- /dev/null
+++ b/rc0.d/K01knockd
@@ -0,0 +1 @@
+../init.d/knockd
\ No newline at end of file
diff --git a/rc1.d/K01knockd b/rc1.d/K01knockd
new file mode 120000
index 000000000..c68d7f2d0
--- /dev/null
+++ b/rc1.d/K01knockd
@@ -0,0 +1 @@
+../init.d/knockd
\ No newline at end of file
diff --git a/rc2.d/S01knockd b/rc2.d/S01knockd
new file mode 120000
index 000000000..c68d7f2d0
--- /dev/null
+++ b/rc2.d/S01knockd
@@ -0,0 +1 @@
+../init.d/knockd
\ No newline at end of file
diff --git a/rc3.d/S01knockd b/rc3.d/S01knockd
new file mode 120000
index 000000000..c68d7f2d0
--- /dev/null
+++ b/rc3.d/S01knockd
@@ -0,0 +1 @@
+../init.d/knockd
\ No newline at end of file
diff --git a/rc4.d/S01knockd b/rc4.d/S01knockd
new file mode 120000
index 000000000..c68d7f2d0
--- /dev/null
+++ b/rc4.d/S01knockd
@@ -0,0 +1 @@
+../init.d/knockd
\ No newline at end of file
diff --git a/rc5.d/S01knockd b/rc5.d/S01knockd
new file mode 120000
index 000000000..c68d7f2d0
--- /dev/null
+++ b/rc5.d/S01knockd
@@ -0,0 +1 @@
+../init.d/knockd
\ No newline at end of file
diff --git a/rc6.d/K01knockd b/rc6.d/K01knockd
new file mode 120000
index 000000000..c68d7f2d0
--- /dev/null
+++ b/rc6.d/K01knockd
@@ -0,0 +1 @@
+../init.d/knockd
\ No newline at end of file