| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: fwknop | Distribution: Fedora Project |
| Version: 2.6.10 | Vendor: Fedora Project |
| Release: 10.el9 | Build date: Fri Apr 1 10:18:08 2022 |
| Group: Unspecified | Build host: buildvm-s390x-23.s390.fedoraproject.org |
| Size: 485023 | Source RPM: fwknop-2.6.10-10.el9.src.rpm |
| Packager: Fedora Project | |
| Url: http://www.cipherdyne.org/fwknop/ | |
| Summary: A Single Packet Authorization (SPA) implementation | |
fwknop implements an authorization scheme known as Single Packet Authorization (SPA) that requires only a single encrypted packet to communicate various pieces of information including desired access through an iptables policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities (both 0-day and unpatched code) much more difficult. The authorization server passively monitors authorization packets via libpcap and hence there is no "server" to which to connect in the traditional sense. Any service protected by fwknop is inaccessible (by using iptables to intercept packets within the kernel) before authenticating; anyone scanning for the service will not be able to detect that it is even listening. This authorization scheme offers many advantages over port knocking, include being non-replayable, much more data can be communicated, and the scheme cannot be broken by simply connecting to extraneous ports on the server in an effort to break knock sequences. The authorization packets can easily be spoofed as well, and this makes it possible to make it appear as though, say, www.yahoo.com is trying to authenticate to a target system but in reality the actual connection will come from a seemingly unrelated IP. Although the default data collection method is to use libpcap to sniff packets off the wire, fwknop can also read packets out of a file that is written by the iptables ulogd pcap writer or by a separate sniffer process.
GPLv2
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.10-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.10-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.6.10-8
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.10-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.10-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Feb 10 2020 Jakub Jelen <jjelen@redhat.com> - 2.6.10-5
- Unbreak build with gcc10 (#1799378)
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.10-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
/etc/fwknop /etc/fwknop/access.conf /etc/fwknop/fwknopd.conf /usr/bin/fwknop /usr/lib/.build-id /usr/lib/.build-id/06 /usr/lib/.build-id/06/ee1d23d7a02158069a0530a93672c2f327acdc /usr/lib/.build-id/53 /usr/lib/.build-id/53/2d33d380cc9d9e15b8e86b08d03a4dd1bee8ed /usr/lib/.build-id/8a /usr/lib/.build-id/8a/ba9beb5ad0ff7e9bfb2954d63a9fb6ae0b0525 /usr/lib/systemd/system/fwknopd.service /usr/lib64/libfko.so.3 /usr/lib64/libfko.so.3.0.0 /usr/sbin/fwknopd /usr/share/doc/fwknop /usr/share/doc/fwknop/CREDITS /usr/share/doc/fwknop/ChangeLog /usr/share/doc/fwknop/README /usr/share/licenses/fwknop /usr/share/licenses/fwknop/COPYING /usr/share/man/man8/fwknop.8.gz /usr/share/man/man8/fwknopd.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Nov 15 07:51:05 2024