Portfile

PortSystem 1.0
name fwknop
version 1.0.1
categories net security
maintainers blair@orcaware.com
description 'FireWall KNock OPerator': a port knocker to Linux servers
homepage http://www.cipherdyne.org/fwknop/
platforms darwin

long_description \
fwknop stands for the 'FireWall KNock OPerator', and \
implements an authorization scheme called Single \
Packet Authorization (SPA) that is based around \
Netfilter and libpcap. SPA requires only a single \
encrypted packet in order to communicate various \
pieces of information including desired access through \
a Netfilter policy and/or complete commands to execute \
on the target system. By using Netfilter to maintain \
a 'default drop' stance, the main application of this \
program is to protect services such as OpenSSH with an \
additional layer of security in order to make the \
exploitation of vulnerabilities (both 0-day and \
unpatched code) much more difficult. The \
authorization server passively monitors authorization \
packets via libcap and hence there is no 'server' to \
which to connect in the traditional sense. Access to \
a protected service is only granted after a valid \
encrypted and non-replayed packet is monitored. This \
port installs the client side script that you run to \
gain access to a Linux box.

master_sites http://www.cipherdyne.org/fwknop/download/

checksums md5 c64e78e408402fd00026affe448ee620 \
sha1 8b4621fa7870ae3f1075de99d2280f004bf79cd3

use_bzip2 yes

depends_lib port:p5-crypt-cbc \
port:p5-crypt-rijndael \
port:p5-net-ipv4addr \
port:p5-net-ping-external \
port:p5-term-readkey \
port:p5-unix-syslog

configure {}
build {}

destroot {
system "cd ${worksrcpath} && ${prefix}/bin/perl -w -p -i -e 's:^#!/usr/bin/perl -w$:#!${prefix}/bin/perl -w:' fwknop"
system "cd ${worksrcpath} && ${prefix}/bin/perl -w -p -i -e 's:^use lib ./usr/lib/fwknop.;::' fwknop"
xinstall -m 755 ${worksrcpath}/fwknop ${destroot}${prefix}/bin
xinstall -m 644 ${worksrcpath}/fwknop.8 ${destroot}${prefix}/share/man/man8
}