我正在尝试设置 knock 守护进程,但它似乎没有执行 knock 命令。为了调试这个问题,我使用了以下简单配置,它是文档中略加编辑的示例:
[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 7000,8000,9000
seq_timeout = 10
tcpflags = syn
command = /usr/bin/touch /tmp/knock
[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 10
tcpflags = syn
command = /usr/bin/rm /tmp/knock
knock -v 192.168.0.2 7000 8000 9000我甚至可以通过在非守护进程模式下运行 knockd 并记录如下输出来证明 knock 正在检测发送的数据包sudo knockd -c /etc/knockd.conf -ienp2s0 -Dv > log。文件内容log如下:
config: new section: 'options'
config: log file: /var/log/knockd.log
config: new section: 'openSSH'
config: openSSH: sequence: 7000:tcp,8000:tcp,9000:tcp
config: openSSH: seq_timeout: 10
config: tcp flag: SYN
config: openSSH: start_command: /usr/bin/touch /tmp/knock
config: new section: 'closeSSH'
config: closeSSH: sequence: 9000:tcp,8000:tcp,7000:tcp
config: closeSSH: seq_timeout: 10
config: tcp flag: SYN
config: closeSSH: start_command: /usr/bin/rm /tmp/knock
ethernet interface detected
listening on enp2s0...
-------- snip -------
2024-00-11 13:08:17: tcp: 192.168.0.182:34892 -> 192.168.0.2:7000 74 bytes
2024-00-11 13:08:17: tcp: 192.168.0.182:49042 -> 192.168.0.2:8000 74 bytes
2024-00-11 13:08:17: tcp: 192.168.0.182:47252 -> 192.168.0.2:9000 74 bytes
waiting for child processes...
closing...
并且没有在中创建任何文件/tmp/knock。我遗漏了什么?