{ "info": { "author": "Javier Junquera S\u00e1nchez", "author_email": "javier@junquera.xyz", "bugtrack_url": null, "classifiers": [], "description": "![doc/img/c-lock.png](doc/img/c-lock.png)\n\n# c-lock\n\n[![Build Status](https://travis-ci.org/junquera/c-lock.svg?branch=master)](https://travis-ci.org/junquera/c-lock)\n[![Known Vulnerabilities](https://snyk.io/test/github/junquera/c-lock/badge.svg?targetFile=requirements.txt)](https://snyk.io/test/github/junquera/c-lock?targetFile=requirements.txt)\n[![Total alerts](https://img.shields.io/lgtm/alerts/g/junquera/c-lock.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/junquera/c-lock/alerts/)\n[![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/junquera/c-lock.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/junquera/c-lock/context:python)\n\nA TOTP based next generation port knocking service. Every time slot, it generates a sequence of ports that must be *knocked* (in a correct order) before the final port (it have been designed for protecting a SSH service) becames opened.\n\n\n\n![c-lock Process](doc/img/clock-process.gif)\n\n> Yeah, I'm not very good with graphics...\n\n## Table of Contents\n\n\n\n\n\n- [Installation](#installation)\n * [System dependencies](#system-dependencies)\n * [Software dependencies](#software-dependencies)\n- [Usage](#usage)\n * [Step 1 - Server setup](#step-1---server-setup)\n * [Step 2 - Setup 2fa applications](#step-2---setup-2fa-applications)\n * [Step 3 (server) - Start server side](#step-3-server---start-server-side)\n * [Step 3 (client) - Port knocking using TOTP pin](#step-3-client---port-knocking-using-totp-pin)\n * [Step 3 (client) - Port knocking using secret](#step-3-client---port-knocking-using-secret)\n * [Step 4 - Connect to your protected service =)](#step-4---connect-to-your-protected-service-)\n * [Server](#server)\n * [Client](#client)\n- [Examples](#examples)\n- [Contributing](#contributing)\n- [Credits](#credits)\n\n\n\n## Installation\n\n### System dependencies\n\nThis is the software with wich I have worked:\n\n- `python 3.x`\n\n- `iptables >= v1.6`\n\nIt has been tested in *Ubuntu 16.04* and *Debian 9*, but should work with any other system with theese systems installed.\n\n### Software dependencies\n\nAs it is just an alpha version, it has no currently an automated installer, because until it comes debugged and improved, it shouldnt have yet integration with the system.\n\nBecause `python-cryptography` is needed for some dependencies, it must be installed before anything else: [Building cryptography on linux](https://cryptography.io/en/latest/installation/#building-cryptography-on-linux)\n\nFor install dependencies there are two options:\n\n- **Option A**: [Pipenv](https://github.com/pypa/pipenv) (*Recommended*)\n\n```bash\npip3 install pipenv\npipenv install -r requeriments.txt\n```\n\n- **Option B**: requeriments.txt\n\n```bash\npip3 install -r requeriments.txt\n```\n\n## Usage\n\n### Step 1 - Server setup\n\n```shell\n$ c-lockd --gen-secret\n```\n\n![doc/img/demo/scan_qr.png](doc/img/demo/scan_qr.png)\n\n### Step 2 - Setup 2fa applications\n\n![doc/img/demo/2fa_app.png](doc/img/demo/2fa_app.png)\n\n### Step 3 (server) - Start server side\n\n```shell\n# For example, protecting SSH port\n$ c-lockd --secret NPAR2VWV5HX5BI4BIE6PKWUROWYHJE3CCGWZYVBT6AJ2H3DGFKZA -p 22\n```\n\n### Step 3 (client) - Port knocking using TOTP pin\n\n```shell\n$ c-lock --address $SERVER_ADDRESS --pin 084678\n```\n\n### Step 3 (client) - Port knocking using secret\n\n```shell\n$ c-lock --address $SERVER_ADDRESS --secret NPAR2VWV5HX5BI4BIE6PKWUROWYHJE3CCGWZYVBT6AJ2H3DGFKZA\n```\n\n### Step 4 - Connect to your protected service =)\n\n```shell\nssh $USER@$SERVER_ADDRESS\n```\n\n### Server\n\nMust be launched as root (for managing the *iptables* rules):\n\n```\nusage: c-lockd [-h] [-ts SLOT] [-a ADDRESS] [-s SECRET] [-p PROTECTED_PORTS]\n [-o OPENED_PORTS] [--gen-secret] [--clean-firewall]\n [--log-level LOG_LEVEL]\n\nLaunch TOTP based port knocking protection\n\noptional arguments:\n -h, --help show this help message and exit\n -ts SLOT, --time-slot SLOT\n Time slot for TOTP\n -a ADDRESS, --address ADDRESS\n Address to protect\n -s SECRET, --secret SECRET\n Secret part of TOTP\n -p PROTECTED_PORTS, --protected-ports PROTECTED_PORTS\n Port which has to be protected\n -o OPENED_PORTS, --opened-ports OPENED_PORTS\n Port which should be opened\n --gen-secret Generate random secret\n --clean-firewall Clean firewall configuration (e.g., after a bad close)\n --log-level LOG_LEVEL\n Log level\n\n```\n\n### Client\n\n```\nusage: c-lock [-h] [-ts SLOT] -a ADDRESS [-s SECRET] [-p PIN] [-n PORTS]\n\nLaunch TOTP based port knocking protection\n\noptional arguments:\n -h, --help show this help message and exit\n -ts SLOT, --time-slot SLOT\n Time slot for TOTP\n -a ADDRESS, --address ADDRESS\n Address to knock\n -s SECRET, --secret SECRET\n Secret part of TOTP\n -p PIN, --pin PIN TOTP pin\n -n PORTS, --ports PORTS\n Number of ports configured\n\n```\n\n## Examples\n\n### Client\n\nIn this example:\n\n1. Client scans server ports without c-lockd actived\n\n2. When `c-lockd` is working in the server, just the opened ports can be scaned\n\n3. Use `c-lock` with pin\n\n4. The protected ports are now visible fron the client\n\n[![asciicast](https://asciinema.org/a/v3LV7Ss5VaSBvqtWe9VdPVSLV.svg)](https://asciinema.org/a/v3LV7Ss5VaSBvqtWe9VdPVSLV)\n\n### Server\n\nThis is the server where the client points:\n\n1. Generates the secret for the pin generation\n\n2. Starts `c-lockd` server opening ports `80` and `5432`, and closing port `22`\n\n3. When the client uses the correct port combination, it opens the protected port for 30 seconds\n\n[![asciicast](https://asciinema.org/a/z6O3qOZFCDDkQhnm3NkICOUYL.svg)](https://asciinema.org/a/z6O3qOZFCDDkQhnm3NkICOUYL)\n\n## Contributing\n\nBy now, and until I finish a first stable version, I want to control the code. The best way of contribute to this project is apporting ideas and reviewing code. Any help is welcome!\n\nFor example, its obvious that I need help with documentation images, design, logo... :blush:\n\n## Credits\n\n- @ldx [python-iptables](https://github.com/ldx/python-iptables)\n\n- @jonschlinkert [markdown-toc](https://github.com/jonschlinkert/markdown-toc)\n\n- @mnooner256 [pyqrcode](https://github.com/mnooner256/pyqrcode)\n\n## License\n\n```\nMIT License\n\nCopyright (c) 2018 Javier Junquera S\u00e1nchez\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n```", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://gitlab.com/junquera/c-lock", "keywords": "", "license": "MIT License", "maintainer": "", "maintainer_email": "", "name": "c-lock", "package_url": "https://pypi.org/project/c-lock/", "platform": "", "project_url": "https://pypi.org/project/c-lock/", "project_urls": { "Homepage": "https://gitlab.com/junquera/c-lock" }, "release_url": "https://pypi.org/project/c-lock/0.0.7.5/", "requires_dist": null, "requires_python": ">=3.6", "summary": "A TOTP based next generation port knocking service.", "version": "0.0.7.5" }, "last_serial": 5095117, "releases": { "0.0.7": [ { "comment_text": "", "digests": { "md5": "9695c8533ab72174eb4f9be938afb6ba", "sha256": "19807e22c8eb06189d81fa8c7ec3ec7ea1a165d442497d1ecd5792b4c2b44051" }, "downloads": -1, "filename": "c-lock-0.0.7.tar.gz", "has_sig": false, "md5_digest": "9695c8533ab72174eb4f9be938afb6ba", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 11924, "upload_time": "2019-03-29T22:21:14", "url": "https://files.pythonhosted.org/packages/ab/41/a8cf3a522529d5201fd10a61878e716344ac99224e8abec2472971b63b6c/c-lock-0.0.7.tar.gz" } ], "0.0.7.1": [ { "comment_text": "", "digests": { "md5": "365320a07dec71cbddf6812e1b64115f", "sha256": "2aea82f14810d34a53d625633d721b598e720c6f85a459860ba9d0a9a5da075d" }, "downloads": -1, "filename": "c-lock-0.0.7.1.tar.gz", "has_sig": false, "md5_digest": "365320a07dec71cbddf6812e1b64115f", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 15717, "upload_time": "2019-03-29T22:24:02", "url": "https://files.pythonhosted.org/packages/d9/d2/0c9bbc65b6bbc9407ab26c655ca4f43aa0842fe07c08ad5d78863a9c96fc/c-lock-0.0.7.1.tar.gz" } ], "0.0.7.3": [ { "comment_text": "", "digests": { "md5": "026aa0d3f07dff1e3f7b09c4fcdb03ab", "sha256": "630d2570de1cf845caf5177b0a9042220f4fcf4bd84c1df55ee7ce47639462e6" }, "downloads": -1, "filename": "c-lock-0.0.7.3.tar.gz", "has_sig": false, "md5_digest": "026aa0d3f07dff1e3f7b09c4fcdb03ab", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 13862, "upload_time": "2019-03-30T22:37:18", "url": "https://files.pythonhosted.org/packages/b5/6a/fc25dcc56cf0079e31c8be3390621b27e63283f534766ff52a18abe4ee2f/c-lock-0.0.7.3.tar.gz" } ], "0.0.7.4": [ { "comment_text": "", "digests": { "md5": "e6d7a581ea323ea4cb0bb9598950fc6d", "sha256": "99f4d6c0e8a334084340cc6e9e2728bd0e2fbeafba7958feeda341cdd91e53b1" }, "downloads": -1, "filename": "c-lock-0.0.7.4.tar.gz", "has_sig": false, "md5_digest": "e6d7a581ea323ea4cb0bb9598950fc6d", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 13837, "upload_time": "2019-03-30T22:50:56", "url": "https://files.pythonhosted.org/packages/a1/1f/cc046e2cb403eb125a3b8b8e1c0a3112207daa8c6fa734c3bcdbcead4865/c-lock-0.0.7.4.tar.gz" } ], "0.0.7.5": [ { "comment_text": "", "digests": { "md5": "ea7245b12bd7a289534d22e362650235", "sha256": "c07ff1e127a9d93b19ff186ba239322ad1b7b3d675aae55aac07dbf826f52e92" }, "downloads": -1, "filename": "c-lock-0.0.7.5.tar.gz", "has_sig": false, "md5_digest": "ea7245b12bd7a289534d22e362650235", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 13867, "upload_time": "2019-04-04T07:09:18", "url": "https://files.pythonhosted.org/packages/27/b4/e8e3a2739dbadffbb0b435d4cb013f829a73fa0113f46e56847561c349bf/c-lock-0.0.7.5.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "ea7245b12bd7a289534d22e362650235", "sha256": "c07ff1e127a9d93b19ff186ba239322ad1b7b3d675aae55aac07dbf826f52e92" }, "downloads": -1, "filename": "c-lock-0.0.7.5.tar.gz", "has_sig": false, "md5_digest": "ea7245b12bd7a289534d22e362650235", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 13867, "upload_time": "2019-04-04T07:09:18", "url": "https://files.pythonhosted.org/packages/27/b4/e8e3a2739dbadffbb0b435d4cb013f829a73fa0113f46e56847561c349bf/c-lock-0.0.7.5.tar.gz" } ] }