Jump to content

Installing 'knockd' on OS Level (no VM, no Docker)


Go to solution Solved by ich777,

Recommended Posts

Hi,

 

I want to install the port-knocking demon 'knockd'. Since I want to use it to control an outside connection to my server, I need to install it on operating system level. There is a Slackware package for it on https://slackbuilds.org/. Slackbuilds does not serve binaries, however, so all I would get is the Slackbuild, that configures the build of the original source archive for use in Slack. unRAID does not have a development environment (gcc, etc.) installed and I don't want that, either.

 

Currently, I have also no other computer as my smartphone. What can I do? Anyone, who knows of a compatible binary distribution of 'knockd'?

 

Wouldn't it make sense for @limetech to inlcude 'knockd' as default?

 

Thanks, Andreas

Link to comment

Since you only stated that you want to control an outside connection to the server, you can easily do that by running the docker container in host mode, since it has access to all interfaces. So, that wouldnt be the issue as to why your title states "no Docker"

Link to comment
Just now, Mainfrezzer said:

Since you only stated that you want to control an outside connection to the server, you can easily do that by running the docker container in host mode, since it has access to all interfaces. So, that wouldnt be the issue as to why your title states "no Docker"

I see. But why would I add so many layers of complexity?

  1. As stated, I have no way to compile from source in the foreseeable future. Containerizing would still require to build a binary from source.
  2. I would need to set up a docker. Which would also mean for me, that I'd need to learn much more about Docker, than I am currently interested in. One of the reasons for me to purchase an unRAID license was to plug'N'play as much as possible, since I just don't have the time anymore for deep-level system administration and constant up-to-datism with the developments.
  3. Not knowing Docker internals I can only guess, but so far, each image I installed came with over a 100 MB of data, where the 'knock' package stays below 200 KB when installed from a binary package direct-to-host.
  4. Adding another software-layer to something as security-sensitive/critical and simple like 'kockd' escapes me.
Link to comment
  • Solution
On 6/17/2024 at 4:46 PM, amix said:

As stated, I have no way to compile from source in the foreseeable future. Containerizing would still require to build a binary from source.

Have you yet seen @SpaceInvaderOne's container where you can easily build from source in a Docker container:
grafik.png.bdd0542683ebf388a88bd78b8a074080.png

  • Like 1
Link to comment
On 6/17/2024 at 10:46 AM, amix said:

As stated, I have no way to compile from source in the foreseeable future. Containerizing would still require to build a binary from source.

How so? It looks to me like one of the links in your initial post shows how to build a knockd container based on alpine without any compilation.

 

On 6/17/2024 at 10:46 AM, amix said:

I would need to set up a docker. Which would also mean for me, that I'd need to learn much more about Docker, than I am currently interested in. One of the reasons for me to purchase an unRAID license was to plug'N'play as much as possible, since I just don't have the time anymore for deep-level system administration and constant up-to-datism with the developments.

I understand the hassle of staying up to date with the latest system admin stuff, but in unRAID docker by and large is the most plug'N'play solution. Installing packages directly in the host os is considered the deep-level system administration solution and is generally not the recommended path.

 

On 6/17/2024 at 10:46 AM, amix said:

Not knowing Docker internals I can only guess, but so far, each image I installed came with over a 100 MB of data, where the 'knock' package stays below 200 KB when installed from a binary package direct-to-host.

 Containers can be smaller than that depending on the base image and included application but a 100MB container is pretty reasonable.

 

On 6/17/2024 at 10:46 AM, amix said:

Adding another software-layer to something as security-sensitive/critical and simple like 'kockd' escapes me.

The general idea is to isolate user programs from the unRAID host os. Knockd is pretty low level though so depending on what your doing with it containerizing might not be a good. Speaking of which if the idea is to use knockd to make the unRAID webui or ssh server available remotely, dont. The unRAID host os should never be exposed directly to the internet. A VPN is a much better solution.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...