diff options
author | agc <agc@pkgsrc.org> | 2007-05-10 18:18:16 +0000 |
---|---|---|
committer | agc <agc@pkgsrc.org> | 2007-05-10 18:18:16 +0000 |
commit | d0f024d05198acb53a3e90b5e33913dfb93203a4 (patch) | |
tree | f6149a3773a15937f732e6691a7e8d86edc574d2 /security | |
parent | 76c1940402ce6da265d96c11ccf66e878ca7ba80 (diff) | |
download | pkgsrc-d0f024d05198acb53a3e90b5e33913dfb93203a4.tar.gz |
Initial import of sbd-0.5 into the Packages Collection.
One-time cipher based back door program for executing emergency
commands.
Secure Back Door(SBD) is an alternative to leaving SSH open all the
time. It is based on a secure one-time keypad method, that insures
maximum security. Since SBD is very small, it is less likely to have
security exploits, as compared to SSH. Therefore, you could leave an
important computer up and running with just sbdd running in the
background, and if an emergency came about, you could simple execute a
command to bring ssh up, then work on the computer as regular. It
would be as simple as doing ./sbd domain.com "/etc/init.d/sshd start",
and with the proper key file set, the remote computer would have ssh
up and running shortly.
Diffstat (limited to 'security')
-rw-r--r-- | security/sbd/DESCR | 13 | ||||
-rw-r--r-- | security/sbd/Makefile | 39 | ||||
-rw-r--r-- | security/sbd/PLIST | 9 | ||||
-rw-r--r-- | security/sbd/distinfo | 7 | ||||
-rw-r--r-- | security/sbd/patches/patch-aa | 22 | ||||
-rw-r--r-- | security/sbd/patches/patch-ab | 33 |
6 files changed, 123 insertions, 0 deletions
diff --git a/security/sbd/DESCR b/security/sbd/DESCR new file mode 100644 index 00000000000..cb5119593e3 --- /dev/null +++ b/security/sbd/DESCR @@ -0,0 +1,13 @@ +One-time cipher based back door program for executing emergency +commands. + +Secure Back Door(SBD) is an alternative to leaving SSH open all the +time. It is based on a secure one-time keypad method, that insures +maximum security. Since SBD is very small, it is less likely to have +security exploits, as compared to SSH. Therefore, you could leave an +important computer up and running with just sbdd running in the +background, and if an emergency came about, you could simple execute a +command to bring ssh up, then work on the computer as regular. It +would be as simple as doing ./sbd domain.com "/etc/init.d/sshd start", +and with the proper key file set, the remote computer would have ssh +up and running shortly. diff --git a/security/sbd/Makefile b/security/sbd/Makefile new file mode 100644 index 00000000000..7f6cbc14df5 --- /dev/null +++ b/security/sbd/Makefile @@ -0,0 +1,39 @@ +# $NetBSD: Makefile,v 1.1.1.1 2007/05/10 18:18:16 agc Exp $ +# + +DISTNAME= sbd-0.5 +CATEGORIES= security +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sbd/} + +MAINTAINER= pkgsrc-users@NetBSD.org +HOMEPAGE= http://sourceforge.net/projects/sbd/ +COMMENT= HMAC & one-time pad-based remote login program + +WRKSRC= ${WRKDIR}/sbd + +USE_LANGUAGES+= c c++ + +EGDIR= ${PREFIX}/share/sbd +CONF_FILES= ${EGDIR}/deckey.bits ${PKG_SYSCONFDIR}/sbd/deckey.bits +CONF_FILES+= ${EGDIR}/enckey.bits ${PKG_SYSCONFDIR}/sbd/enckey.bits +CONF_FILES+= ${EGDIR}/athkey.bits ${PKG_SYSCONFDIR}/sbd/athkey.bits + +do-configure: + +do-build: + cd ${WRKSRC} && \ + ${CXX} -DPKG_SYSCONFDIR=\""${PKG_SYSCONFDIR}/sbd\"" -Wall -O2 -o sbdd ssocket.cpp sha1.cpp utils.cpp sbdd.cpp; \ + ${CXX} -DPKG_SYSCONFDIR=\""${PKG_SYSCONFDIR}/sbd\"" -Wall -O2 -o sbd csocket.cpp sha1.cpp utils.cpp sbd.cpp + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/sbdd ${PREFIX}/bin + ${INSTALL_PROGRAM} ${WRKSRC}/sbd ${PREFIX}/bin + ${INSTALL_DATA_DIR} ${PREFIX}/share/sbd + ${INSTALL_DATA_DIR} ${PKG_SYSCONFDIR}/sbd + ${INSTALL_DATA} ${WRKSRC}/PROTOCOL ${PREFIX}/share/sbd/ + ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/sbd/ + ${INSTALL_DATA} ${WRKSRC}/athkey.bits ${EGDIR} + ${INSTALL_DATA} ${WRKSRC}/deckey.bits ${EGDIR} + ${INSTALL_DATA} ${WRKSRC}/enckey.bits ${EGDIR} + +.include "../../mk/bsd.pkg.mk" diff --git a/security/sbd/PLIST b/security/sbd/PLIST new file mode 100644 index 00000000000..c12add9870e --- /dev/null +++ b/security/sbd/PLIST @@ -0,0 +1,9 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2007/05/10 18:18:16 agc Exp $ +bin/sbd +bin/sbdd +share/sbd/PROTOCOL +share/sbd/README +share/sbd/athkey.bits +share/sbd/deckey.bits +share/sbd/enckey.bits +@dirrm share/sbd diff --git a/security/sbd/distinfo b/security/sbd/distinfo new file mode 100644 index 00000000000..7b1ff481095 --- /dev/null +++ b/security/sbd/distinfo @@ -0,0 +1,7 @@ +$NetBSD: distinfo,v 1.1.1.1 2007/05/10 18:18:16 agc Exp $ + +SHA1 (sbd-0.5.tar.gz) = 958860dc240105b705a0127409cfb5e4da4109ab +RMD160 (sbd-0.5.tar.gz) = 374db4f75210bc04ed9dd91c1c608fa2984856b3 +Size (sbd-0.5.tar.gz) = 25750 bytes +SHA1 (patch-aa) = e516c2a43d33e3e4a0c808f38a128bce8b96fedf +SHA1 (patch-ab) = afa9111e000d25dd05189554c2d97991d799ed5c diff --git a/security/sbd/patches/patch-aa b/security/sbd/patches/patch-aa new file mode 100644 index 00000000000..318c4f04b33 --- /dev/null +++ b/security/sbd/patches/patch-aa @@ -0,0 +1,22 @@ +$NetBSD: patch-aa,v 1.1.1.1 2007/05/10 18:18:16 agc Exp $ + +--- sbd.cpp 2007/05/10 09:59:22 1.1 ++++ sbd.cpp 2007/05/10 10:00:30 +@@ -121,7 +121,7 @@ + + // We always assume server recieved the command ok + // truncate file so same bytes are not used +- truncateFile("enckey.bits", keyBytesUsed); ++ truncateFile(PKG_SYSCONFDIR "/" "enckey.bits", keyBytesUsed); + + return 0; + } +@@ -136,7 +136,7 @@ + eMsg=""; // Finished cypher text + + // get key bytes from file +- readKey("enckey.bits", key, SHA1_SIZE*2 + msg.size()); ++ readKey(PKG_SYSCONFDIR "/" "enckey.bits", key, SHA1_SIZE*2 + msg.size()); + + // Copy 20 bytes of key over to hashOTP for computing HMAC-SHA1 + for (i = 0; i < SHA1_SIZE; i++) diff --git a/security/sbd/patches/patch-ab b/security/sbd/patches/patch-ab new file mode 100644 index 00000000000..7140672f82a --- /dev/null +++ b/security/sbd/patches/patch-ab @@ -0,0 +1,33 @@ +$NetBSD: patch-ab,v 1.1.1.1 2007/05/10 18:18:16 agc Exp $ + +--- sbdd.cpp 2007/05/10 09:59:22 1.1 ++++ sbdd.cpp 2007/05/10 10:01:05 +@@ -110,8 +110,8 @@ + return 1; + } + +- readKey("athkey.bits", authBytes, AUTH_SIZE); +- truncateFile("athkey.bits", AUTH_SIZE); ++ readKey(PKG_SYSCONFDIR "/" "athkey.bits", authBytes, AUTH_SIZE); ++ truncateFile(PKG_SYSCONFDIR "/" "athkey.bits", AUTH_SIZE); + + for (i = 0; i < authBytes.size() ; i++) + { +@@ -180,7 +180,7 @@ + unsigned char hashOTP[SHA1_SIZE]; // First 20 bytes of OTP used to comput HMAC-SHA1 + unsigned char finishedHash[SHA1_SIZE]; // Finished HMAC-SHA1 hash + +- readKey("deckey.bits", key, infileCmd.size()+SHA1_SIZE); ++ readKey(PKG_SYSCONFDIR "/" "deckey.bits", key, infileCmd.size()+SHA1_SIZE); + + // Copy 20 bytes of key over to hashOTP for computing HMAC-SHA1 + for (i = 0; i < SHA1_SIZE; i++) +@@ -227,7 +227,7 @@ + logFile << "system() returned : " << system(cmd.c_str()) << endl; + + //truncate bytes file +- truncateFile("deckey.bits", infileCmd.size()+SHA1_SIZE); ++ truncateFile(PKG_SYSCONFDIR "/" "deckey.bits", infileCmd.size()+SHA1_SIZE); + return 0; + } + |