Automating Port Knocking with Knockd Shellscript wrapper
In today’s interconnected world, ensuring the security of your servers and networks is paramount. One often-overlooked security measure is port knocking. Port knocking is a security technique that allows you to open network ports on your server by sending a specific sequence of connection attempts. While this method is highly effective, setting it up manually can be a complex and time-consuming process. To simplify this task, we’ve created a shell script wrapper that automates port knocking using Knockd, a popular port-knocking daemon for Linux systems.
TLDR:
Checkout this knockd wrapper:https://github.com/humblelad/knockd_auto_wrapper
What Is Port Knocking?
Port knocking is a method of opening network ports by sending a series of connection attempts to predefined closed ports on a server. The sequence and timing of these connection attempts act as a "secret handshake" to trigger the server to open the desired port. Once the correct sequence is detected, the server allows access to the specified service, such as SSH, web, or any other port-based service.
Port knocking adds an additional layer of security to your server because it hides open ports from potential attackers. Unauthorized users cannot easily identify open ports, making it significantly more challenging for them to exploit vulnerabilities.
The Port Knocking Automation Script:
We've created a shell script wrapper that simplifies the process of setting up port knocking using Knockd on a Linux server. This script streamlines the installation of Knockd, configuration of port knocking rules, and service management.
Here are the steps involved in the automation script:
- Installation of Knockd: The script checks if Knockd is installed on your server. If not, it installs Knockd automatically.
- User Input: The script prompts you for specific configuration details, including the knock sequence, the port you want to protect, and the command timeout. The command timeout is the duration for which the port will remain open after a correct knock sequence.
- Configuration File Creation: The script generates a new Knockd configuration file (/etc/knockd.conf) based on your input. This file contains the port knocking rules and command execution instructions.
- Interface Selection: It also asks for the network interface that Knockd should monitor. This ensures that only connection attempts on the specified interface trigger the port knocking sequence.
- Service Restart: The script restarts the Knockd service to apply the new configuration.
Once you've executed the script, your server will be set up to accept connections after the correct port knocking sequence.
How to Use the Port Knocking Automation Script:
To use the automation script, follow these steps:
- Download the script from our GitHub repository.
2. Make the script executable with the following command:
chmod +x knockd.sh
3. ./knockd.sh
4. Follow the on-screen prompts to provide the required information, such as the knock sequence, port, command timeout, and network interface.
Testing Port Knocking:
Before and after running the script, you can test port knocking with the following commands:
Before Port Knocking:
nmap -Pn -p 22 [your_server_ip]
This command will likely show that the SSH port (port 22) is filtered, meaning it's not accessible.
After Port Knocking:
After executing the port knocking sequence, use the following command to test the accessibility of the SSH port:
nmap -Pn -p 22 [your_server_ip]
Conclusion:
Port knocking is a valuable security measure to protect your server from unauthorized access, and our automation script simplifies the setup process. By automating the configuration of Knockd, you can enhance your server's security without the need for complex manual steps.
This script is particularly useful for system administrators and security-conscious users looking to bolster the security of their Linux servers. With just a few simple inputs and the execution of our script, you can set up port knocking quickly and efficiently, adding an additional layer of security to your server.
