Ohayden: /* Recovery from Six Blinking Red Lights */

2010-12-17T23:02:05Z

Recovery from Six Blinking Red Lights

New page

=Buffalo Linkstation (LS2) Mipsel - Derro =

== Recovery from Six Blinking Red Lights ==
* Tear apart and hooked IDE + power from nix desktop
* D/L and extract [http://downloads.buffalo.nas-central.org/PlatformSupport/i386/fix_ext2_magic_i386-1.1.tar.gz fix_ext2_magic_i386-1.1.tar.gz] (I stored a copy on my site)
* Use "fdisk -l" to find he correct drive
* ./fix_ext2_magic --fix /dev/hdX1
* Run fsck -f -c /dev/hdX1
* Unhook and put linkstation back together
* Done

=Buffalo Linkstation (LS2) Mipsel - Drow =

== Initial Recovery from Brickage ==
* I re-flashed from a Windows box by connecting LS (LinkStation) directly to the desktops NIC.
* On the desktop, I set the NIC to a static IP of 192.168.11.100/255.255.255.0, no DNS and no gateway.
* I downloaded the Freelink from here:<br>
http://downloads.buffalo.nas-central.org/LS2_MIPSel/Distributions/Freelink/freelink_mipsel-hdhlan-060810.zip
* I launched the firmware EXE and it found the LS on 192.168.11.150 as expected.
* Once it was done flashing, I used putty (as I was still on the Windows box) and sshed into 192.168.11.150 with root/freelink.

<pre>

. \ /
__ `-.''.. This is NOT a guide and is more of a recording of the steps I took!
.' '-- .`. -------------------------------------------------------------------
_|_ / : \ If I were to do over, I would have gparted and installed the 2.6
_|___|_ kernel just after recovering the LS from it's previous brick state.
.' '.
/ ' \
| | |
| | |
\ / /
'. ' .'
'-----'

</pre>

== Tweaking the LS ==
* Then I ran the following shell commands:
* Added a nameserver:
vi /etc/resolv.conf
* Added:
nameserver 192.168.0.5
* Updated network to my ip/subnet:
vi /etc/network/interfaces
* Changed eth0 to:
auto eth0
iface eth0 inet static
address 192.168.0.150
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.5
* I then shutdown the LS and moved it from being plugged directly into the Windows box, to the router.
halt
* Powered it back on once I was connected to the right network and relogged in via ssh.
* Fixed sources so we don't download lenny (or whatever is the latest stable)
vi /etc/apt/sources.list
* Changed stable to etch with:
:%s/stable/etch/gc
<strike>* Moved data to free up limited space on the small partition:
mv /home /mnt/hda/
mv /usr /mnt/hda/
mkdir home
mkdir usr
chown root:staff home/
* Updated fstab to mount new entries
vi /etc/fstab
* Added:
/mnt/hda/home /home none bind
/mnt/hda/usr /usr none bind
* Forced fstab to mount new entries
mount -a</strike>
* Updated packages:
apt-get update
* Upgrade existing programs (always a good idea to simulate it first via apt-get upgrade -s):
apt-get upgrade
* Get my favorite minimalist command line editor, vim:
apt-get install vim
* Fix the timezone:
tzconfig (n, 2, Los_Angeles)
date -s "20 Mar 2009 15:00:00"
* Install ntpdate
apt-get install ntpdate
* Add a cron job to manage the time sync:
vim /etc/cron.daily/setdatetime
* Add the following, save, and exited:
#!/bin/sh
/usr/sbin/ntpdate pool.ntp.org
* Mark new cron job and executable:
chmod +x /etc/cron.daily/setdatetime
* Less is more, therefore we need it:
apt-get install less
* I noticed the primary partition was only about 300ish MB, so I decided I'd better resize the partitions now before I invest too much time. I used a GParted live cd to shave off 17GB from the last partition and gave it to the primary.
* Brought a few packages from being kept back:
apt-get install adduser apt apt-get bash cron gcc install passwd ssh sysvinit
* Added samba
apt-get install samba smbfs
* Added screen
apt-get install screen
* Added thttpd for movies.cgi script
apt-get install thttpd
* Added psmisc (for killall)
apt-get install psmisc
* Upgrade existing programs again:
apt-get upgrade
* Changed the "Banner" to /etc/banner in /etc/ssh/sshd_config
* Added a /etc/banner
* Edited /etc/motd
* Turn off file checks as it will cause a problem with the watchdog and can brick the box:
tune2fs -c 0 -i 0 /dev/hda1
tune2fs -c 0 -i 0 /dev/hda3

== 2.6 Kernel / iptables / knockd ==
Apparently the 2.4 kernel with FreeLink / Debian doesn't support iptables. Here's my pieced together guide on updating to the 2.6 kernel:
* Create proper directories
cd /mnt/hda/
mkdir share
cd share
* Download u-boot:
wget http://downloads.buffalo.nas-central.org/LS2_MIPSel/Bootloader/Uboot/Precompiled/u-boot-1.1.4-list-v2-1.0.1.tar.gz
tar zxfv ./u-boot-1.1.4-list-v2-1.0.1.tar.gz
mkdir u-boot
cp u-boot-v2-mips.flash.bin u-boot/
* Copy both the kernels to /boot (vmlinux-2.6.22.gz and vmlinuz)
cp vmlinu* /boot/
* Put the LS addy back to 192.168.11.150
vim /etc/network/interfaces
* Shutdown the LS
halt
* Plug the LS directly into my laptop running Debian
* Changed my laptop's addy to 192.168.11.149
* Restart my laptop's network
/etc/init.d/networking restart
* Start up netcat on my lappie
nc -uvvp 6666 192.168.11.150 6666
* Turn on the LS in "Christmas Tree Mode" aka all the lights flashing. Hold down reset and press power to boot up, as soon as you see the lights flashing let go.
* Login into LS and flash u-boot
ssh 192.168.11.150
cd /mnt/hda/share
./u-boot-load.sh
run upgrade
* Power off the LS by holding the power button
* Watch the netcat from the lappie and we should see output from the LS
* Press 's' as it says to stop
* Set the environment variable to the new kernel
setenv hdfile boot/vmlinux-2.6.22.gz
saveenv
reset
* The LS will now reboot with the 2.6 kernel
* Set the LS back to the right IP and the lappie as well, then plug back in the right network cables.
* Get the new module tools for the 2.6 kernel (bakup old ones just in case)
cd /mnt/hda/share/
mkdir x
cd x
wget http://downloads.buffalo.nas-central.org/LS2_MIPSel/Kernel/Kernels/Uboot/module-init-tools-3.3-pre1.tar.gz
tar zxvf module-init-tools-3.3-pre1.tar.gz
ls ./sbin/ <-- SEE WHAT'S GOING TO BE OVERWRITTEN
mkdir bak
cd bak
cp /sbin/depmod ./
cp /sbin/insmod ./
cp /sbin/lsmod ./
cp /sbin/modinfo ./
cp /sbin/modprobe ./
cp /sbin/rmmod ./
cd ..
tar -C / -zxvf module-init-tools-3.3-pre1.tar.gz
* Get the 2.6 modules
cd /mnt/hda/share/
mkdir y
cd y
wget http://downloads.buffalo.nas-central.org/LS2_MIPSel/Kernel/Modules/kernel-modules-2.6.22.ls2.tar.gz
tar -C / -zxvf kernel-modules-2.6.22.ls2.tar.gz
* Install knockd
apt-get install knockd
* Edit knockd.conf (see knockd.conf below)
vim /etc/knockd.conf
* Enable knockd, set START_KNOCKD to 1:
vim /etc/default/knockd
* Create /sbin/flc/allowssh.sh (see below for contents)
mkdir /sbin/flc/
vim /sbin/flc/allowssh.sh
chmod +x /sbin/flc/allowssh.sh
* Create /sbin/flc/blockssh.sh (see below for contents)
vim /sbin/flc/blockssh.sh
chmod +x /sbin/flc/blockssh.sh
* Add blockssh.sh to the rc.local (see below for addtion)
vim /etc/rc.local
* Moved /dev/hda3 from /mnt/hda/ to /share
mkdir /share
umount /mnt/hda
vim /etc/fstab
:%s/mnt\/hda/share/gc
:wq
mount -a

== JailKit ==
I use JailKit to lock down the backups as I use an identity file to script the backup process.
* Install python for JailKit
apt-get install python
* Download latest JailKit and then install via:
mkdir /share/flc/jailkit
cd /share/flc/jailkit
wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
tar zxfv jailkit-2.5.tar.gz
cd jailkit-2.5
./configure
make
make install
* Install the daemon:
cp extra/jailkit /etc/init.d/jailkit
chmod a+x /etc/init.d/jailkit
update-rc.d jailkit defaults
* Update the configs, see below and then reboot:
reboot
* Added rsync (not from Debian repository since it was older and had a bug with settings times on a directory)
mkdir /share/flc/rsync
cd /share/flc/rsync
wget http://www.samba.org/ftp/rsync/src/rsync-3.0.5.tar.gz
tar zxvf rsync-3.0.5.tar.gz
cd rsync-3.0.5
./configure
make
make install
ln -s /usr/local/bin/rsync /usr/bin/
* Create jail and add a jailed user:
mkdir /share/jail
chown root:root /share/jail
chmod 0755 /share/jail
jk_init -j /share/jail jk_lsh
jk_init -j /share/jail rsync
jk_init -j /share/jail scp
adduser <USERNAME>
jk_jailuser -m -j /share/jail <USERNAME>

== Finishing Touches ==
* Add hdparm and smartctl as required by the /sbin/flc/silentfan.sh
apt-get install hdparm smartmontools
* Add arping as required by the /sbin/flc/checkarp.sh, nmap is for follow up scans from arping
apt-get install arping nmap
* Added the following scripts: (see below) (setip.sh is not a public script and will not be documented here)
<pre>
/sbin/flc/arpcheck.sh
/sbin/flc/backup_check.sh
/sbin/flc/backup_rotate.sh
/sbin/flc/email.good
/sbin/flc/email.bad
/sbin/flc/setip.sh
/sbin/flc/silentfan.sh
/sbin/flc/silentfan_cron.sh
</pre>
* Set the hostname
vim /etc/hostname
vim /etc/hosts
* Remove Exim4 and install ssmtp, which is smaller and cleaner for what I'm trying to do:
apt-get remove --purge exim4 exim4-base exim4-config exim4-daemon-light
apt-get install ssmtp
* Configured ssmtp (see below):
vim /etc/ssmtp/ssmtp.conf
* Added scripts to /etc/crontab as:
*/5 * * * * root /sbin/flc/setip.sh
*/30 * * * * root /sbin/flc/silentfan_cron.sh
*/30 * * * * root /sbin/flc/backup_check.sh
01 1 * * * root /sbin/flc/backup_rotate.sh
* Added a blank MAILTO in crontab to avoid emails from cron:
MAILTO=""
* Fix the power button / avr (Power button wouldn't power down the LS after holding it for 3 seconds like it used to do)
vim /etc/default/avr_evtd
:%s/#DEVICE/DEVICE/gc
:%s/ttyS1/ttyS0/gc

== Configuration Files and Scripts ==
===/etc/knockd.conf===
'''NOTE:''' Don't worry, I didn't leave the ports as defined here!
<pre>
[options]
logfile = /var/log/knockd.log

[openSSHALL]
sequence = 7000,8000,9000
seq_timeout = 5
command = /sbin/flc/allowssh.sh
tcpflags = syn

[openSSH]
sequence = 9000,8000,7000
seq_timeout = 5
command = /sbin/flc/allowssh.sh %IP%
tcpflags = syn
</pre>
----
===/etc/rc.local===
<pre>
# This will block ssh for non established connections (use knockd to open)
/sbin/flc/blockssh.sh &
</pre>
----
===/etc/jailkit/jk_check.ini===
'''NOTE:''' This is only the changes
<pre>
[/share/jail]
#FLC:ignorepathoncompare = /home/testchroot/home, /home/testchroot/etc
ignorepathoncompare = /share/jail/home, /share/jail/etc, /share/jail/tmp/

#FLC:ignorewritableforgroup = /home/testchroot/home
#FLC:ignorewritableforothers = /home/testchroot/home/tmp
ignorewritableforgroup = /share/jail/home, /share/jail/tmp
ignorewritableforothers = /share/jail/home, /share/jail/tmp

#FLC:ignoresetuidexecuteforuser = /home/testchroot/usr/bin/smbmnt, /home/testchroot/usr/bin/smbumount
#FLC:ignoresetuidexecuteforgroup = /home/testchroot/usr/bin/smbmnt, /home/testchroot/usr/bin/smbumount
#FLC:ignoresetuidexecuteforothers =
ignoresetuidexecuteforuser = /share/jail/home
ignoresetuidexecuteforgroup = /share/jail/home
ignoresetuidexecuteforothers = /share/jail/home
</pre>
----

===/etc/jailkit/jk_chrootsh.ini===
'''NOTE:''' This is only the changes
<pre>
#[BOM] FLC
[DEFAULT]
env = PATH, PS1
#[EOM] FLC
</pre>
----
===/etc/jailkit/jk_init.ini===
'''NOTE:''' I didn't change anything in this file
----
===/etc/jailkit/jk_lsh.ini===
'''NOTE:''' This is only the changes
<pre>
# [BOM] FLC
[DEFAULT]
paths = /usr/bin, /bin
executables = /usr/bin/rsync
# [EOM] FLC
</pre>
----
===/etc/jailkit/jk_socketd.ini===
'''NOTE:''' This is only the changes
<pre>
# [BOM] FLC
[/share/jail/dev/log]
base=512
peek=2048
interval=10
# [EOM] FLC
</pre>
----
===/etc/jailkit/jk_update.ini===
<pre>
[/share/jail]
#FLC:skips = /usr/bin/myscript
hardlinks = 0
directories = /usr
</pre>
----
===/etc/samba/smb.conf===
'''NOTE:''' Only the options that were changed are documented here
<pre>
[global]
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = workgroup

# server string is the equivalent of the NT Description field
server string = %h server

# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no

# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
max log size = 1000

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d

# You may wish to use password encryption. See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
encrypt passwords = true

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
passdb backend = tdbsam

obey pam restrictions = yes

invalid users = root

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de>
# sending the correct chat script for the passwd program in Debian Sarge).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword

# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/speed.html
# for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY

[movies]
comment = Movies
writable = no
locking = no
path = /share/movies
public = yes
</pre>
----
===/etc/ssmtp/ssmtp.conf===
<pre>
#
# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=root

# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=smtp.windstream.net
AuthUser=*****HIDDEN*****
AuthPass=*****HIDDEN*****

# Where will the mail seem to come from?
# FLC - Must exists
rewriteDomain=crancho.com

# The full hostname
hostname=drow.crancho.com

# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=YES
</pre>
----
===/etc/thttpd/thttpd.conf===
<pre>
#------------------------------------------------------------------------------#
# thttpd version 2.23beta1 #
# Main configuration file #
#------------------------------------------------------------------------------#
#------------------------------------------------------------------------------#
# Port: portnum
# Sets the port number which will be listened by thttpd.
# Default: 80
#
port=80

# chroot/nochroot
# Sets whether thttpd will chroot after starting.
# Default: nochroot
nochroot

# user: userid
# Specified which user to switch after intialiazation when started as root.
# Default: www-data
##FLC - I need ohayden for moving movies.cgi
##user=www-data
user=ohayden

# host: hostname
# Specifies a hostname to bind to.
# Default: Bind to all supported hostnames on the local machine.
# host=grugler

# Logfile: logfile path
# Specifies a file for logging.
# Default: Log via syslog()
logfile=/var/log/thttpd.log

# throttles: file
# Specifies a file of throttle settings.
# Default: /etc/thttpd/throttle.conf
throttles=/etc/thttpd/throttle.conf

# urlpat: pattern
# Specifies which URL can only be only be accessed from the local server.
# Default: None
# urlpat=*.mpeg|*.mp3|*.wav|*.gz|*.jpg|*.gif

# dir: directory
# Specifies a directory to chdir() to after thttpd starts.
# This directory will most likely be the directory you will be serving your
# clients from.
# Default: `cwd`
dir=/var/www

# cgipat: pattern
# Specifies which URL may contain executable CGI files.
# Default: None
cgipat=/cgi-bin/**
</pre>
----
===/sbin/flc/arpcheck.sh===
<pre>
#!/bin/sh
# checkarp.sh by Frank Cardoza - Finds all devices responding to arp
#########################################################################

tIP="192.168.1."

echo "Checking $tIP.x" > /tmp/lastcheckarp.txt

for tIPX in $(seq 1 254)
do
tResult=`arping $tIP$tIPX -i eth0 -c 1`
tCount=`echo $tResult | grep "0 packets received" | wc -l`
if [ $tCount -eq 0 ]; then
tMAC=`echo $tResult | awk '{ print $6 }'`
echo "$tIP$tIPX - $tMAC"
echo "$tIP$tIPX - $tMAC" >> /tmp/lastcheckarp.txt
fi
done
</pre>
----

===/sbin/flc/allowssh.sh===
<pre>
#!/bin/sh
# This script is called by knockd
#########################################################################

if [ "$1" != "" ]; then
echo Allowing SSH for $1... >> /tmp/ssh.log
/sbin/iptables -I INPUT -s $1 --protocol tcp --dport 22 --jump ACCEPT
sleep 30
echo Closing SSH for $1... >> /tmp/ssh.log
/sbin/iptables -D INPUT -s $1 --protocol tcp --dport 22 --jump ACCEPT
else
echo Allowing SSH for ALL... >> /tmp/ssh.log
/sbin/iptables -I INPUT --protocol tcp --dport 22 --jump ACCEPT
sleep 30
echo Closing SSH for ALL... >> /tmp/ssh.log
/sbin/iptables -D INPUT --protocol tcp --dport 22 --jump ACCEPT
fi
</pre>
----

===/sbin/flc/backup_check.sh===
<pre>
#!/bin/sh
###############################################################################
# BACKUP_CHECK.SH BY FRANK CARDOZA - 02.11.2006
###############################################################################

tDirHome="/share/jail/home/"
tEmailGood=`cat /sbin/flc/email.good`
tEmailBad=`cat /sbin/flc/email.bad`

# LOOP THROUGH ALL THE HOME DIRECTORIES
for tDirUser in `ls $tDirHome`
do
# IF THE HOME DIRECTORY HAS A "backup" DIRECTORY THEN CHECK FOR FLAG FILES
if [ -d $tDirHome$tDirUser/backup ]; then
# IF WE SEE A .began FLAG FILE DO SOME PROCESSING...
if [ -f $tDirHome$tDirUser/.began ]; then
# SET THE DEFAULT CONFIGURATION
if [ -f $tDirHome$tDirUser/.config ]; then
# 1ST LINE IS EMAIL ADDRESS
tEmailAddy=`awk 'NR == 1' $tDirHome$tDirUser/.config`
# 2ND LINE IS NAME FOR THE EMAIL GREETING
tEmailName=`awk 'NR == 2' $tDirHome$tDirUser/.config`
else
tEmailAddy="*****EMAILL ADRESS HIDDEN TO AVOID SPAM*****"
tEmailName="Frank Cardoza"
fi
# CHECK IF WE HAVE THE .ended FLAG FILE, IF SO THEN ALL IS GOOD
if [ -f $tDirHome$tDirUser/.ended ]; then
# GET THE DYNAMIC INFORMATION FOR THE EMAIL
tSize=`du -sb $tDirHome$tDirUser/backup/ | awk '{print $1}'`
tDate1=`cat $tDirHome$tDirUser/.began | awk '{print $1" "$2" "$3}'`
tDate2=`cat $tDirHome$tDirUser/.ended | awk '{print $1" "$2" "$3}'`
# SUBSITUTE IN THE DYNAMIC INFORMATION
tEmailBody=$tEmailGood
tEmailBody=${tEmailBody/<<USER>>/$tEmailName}
tEmailBody=${tEmailBody/<<DT1>>/$tDate1}
tEmailBody=${tEmailBody/<<DT2>>/$tDate2}
tEmailBody=${tEmailBody/<<SIZE>>/$tSize}
# SEND THE MAIL
echo -en "From: Drow <*****EMAILL ADRESS HIDDEN TO AVOID SPAM*****>\nSubject: Backup\n\n"
echo -e $tEmailBody >> email.temp
cat email.temp | ssmtp $tEmailAddy
# DELETE ALL THE FLAG FILES
if [ -f $tDirHome$tDirUser/.began ]; then rm -f $tDirHome$tDirUser/.
if [ -f $tDirHome$tDirUser/.ended ]; then rm -f $tDirHome$tDirUser/.
if [ -f $tDirHome$tDirUser/.1.flc ]; then rm -f $tDirHome$tDirUser/.
if [ -f $tDirHome$tDirUser/.2.flc ]; then rm -f $tDirHome$tDirUser/.
# CREATE FLAG FILE FOR ROTATION SCRIPT
touch $tDirHome$tDirUser/.rotate
else
# IF WE SEE A .began AND NOT A .ended THEN THERE "MIGHT" BE A PROBLE
tCheck=`ps aux | grep $tDirUser | grep rsync | grep -v grep`
tCheckRunning=${#tCheck}
# IF NOT RUNNING RSYNC FOR THE USER THEN, WE NEED TO CHECK FLAGS
if [ $tCheckRunning -lt 1 ]; then
if [ -f $tDirHome$tDirUser/.1.flc ]; then
if [ -f $tDirHome$tDirUser/.2.flc ]; then
# GET THE DYNAMIC INFORMATION FOR THE EMAIL
tSize=`du -sb $tDirHome$tDirUser/backup/ | awk '{print $1}'
tDate1=`cat $tDirHome$tDirUser/.began | awk '{print $1" "$2
# SUBSITUTE IN THE DYNAMIC INFORMATION
tEmailBody=$tEmailBad
tEmailBody=${tEmailBody/<<USER>>/$tEmailName}
tEmailBody=${tEmailBody/<<DT1>>/$tDate1}
tEmailBody=${tEmailBody/<<SIZE>>/$tSize}
# SEND THE MAIL
echo -en "From: Drow <*****EMAILL ADRESS HIDDEN TO AVOID SPAM*****>\nSubject: Ba
echo -e $tEmailBody >> email.temp
cat email.temp | ssmtp $tEmailAddy
# DELETE ALL THE FLAG FILES
if [ -f $tDirHome$tDirUser/.began ]; then rm -f $tDirHome$t
if [ -f $tDirHome$tDirUser/.ended ]; then rm -f $tDirHome$t
if [ -f $tDirHome$tDirUser/.1.flc ]; then rm -f $tDirHome$t
if [ -f $tDirHome$tDirUser/.2.flc ]; then rm -f $tDirHome$t
else
# CREATE FLC FILE HERE
touch $tDirHome$tDirUser/.2.flc
fi
else
# CREATE FLC FILE HERE
touch $tDirHome$tDirUser/.1.flc
fi
fi
fi
fi;
fi
done;

exit 0
</pre>
----
===/sbin/flc/backup_rotate.sh===
<pre>
#!/bin/sh
###############################################################################
# BACKUP_ROTATE.SH BY FRANK CARDOZA - 02.11.2006
###############################################################################

tDirHome="/share/jail/home/"

# START LOG FILE FOR STATUS EMAIL
echo -en "From: Drow <*****EMAILL ADRESS HIDDEN TO AVOID SPAM*****>\nSubject: Rotation Report\n\n" >
echo "Rotating backups on `date`" >> rotate.log
echo "-----------------------------------------------------------" >> rotate.log

tRotateCnt=0

# LOOP THROUGH ALL THE HOME DIRECTORIES
for tDirUser in `ls $tDirHome`
do
if [ -f $tDirHome$tDirUser/.rotate ] && [ -d $tDirHome$tDirUser/backup ]; the
tDirToRotate=$tDirHome$tDirUser/rotations/backup
# DELETE .rotate FLAG FILE
rm -f $tDirHome$tDirUser/.rotate
# MAKE SURE THE ROTATION DIRECTORY EXISTS
if [ ! -d $tDirHome$tDirUser/rotations ] ; then
mkdir $tDirHome$tDirUser/rotations
fi
# ADD TO LOG
echo $tDirUser >> rotate.log
((tRotateCnt++))
# IF EXISTS, THEN DELETE THE OLDEST BACKUP
if [ -d $tDirToRotate.7 ] ; then
rm -rf $tDirToRotate.7
fi
# IF THEY EXIST, THEN ROTATE PREVIOUS BACKUPS
if [ -d $tDirToRotate.6 ] ; then
mv $tDirToRotate.6 $tDirToRotate.7
fi
if [ -d $tDirToRotate.5 ] ; then
mv $tDirToRotate.5 $tDirToRotate.6
fi
if [ -d $tDirToRotate.4 ] ; then
mv $tDirToRotate.4 $tDirToRotate.5
fi
if [ -d $tDirToRotate.3 ] ; then
mv $tDirToRotate.3 $tDirToRotate.4
fi
if [ -d $tDirToRotate.2 ] ; then
mv $tDirToRotate.2 $tDirToRotate.3
fi
if [ -d $tDirToRotate.1 ] ; then
mv $tDirToRotate.1 $tDirToRotate.2
fi
# HARD LINK LATEST BACKUP TO BACKUP.1
cp -al $tDirHome$tDirUser/backup $tDirToRotate.1
fi
done;

# MAIL THE LOG
if [ "$tRotateCnt" -gt "0" ]; then
echo "-----------------------------------------------------------" >> rotate.
echo "TOTAL ROTATIONS: $tRotateCnt" >> rotate.log
cat rotate.log | ssmtp *****EMAILL ADRESS HIDDEN TO AVOID SPAM*****
fi

exit 0;
</pre>
----
===/sbin/flc/blockssh.sh===
<pre>
#!/bin/sh
# This script is called by /etc/rc.local
#########################################################################
# Wait 60 seconds just in case bad things happen (tm) and I need a way in
sleep 60
# Allow established/related connections
/sbin/iptables -A INPUT --protocol all -m state --state ESTABLISHED,RELATED --jump ACCEPT
# Block ssh
/sbin/iptables -A INPUT --protocol tcp --dport 22 --jump DROP
</pre>
----
===/sbin/flc/email.bad===
<pre>
Hello <<USER>>,\n
\nYour backup started transfering at <<DT1>> and never finished. You may have a
\n\nKind Regards,
\nDrow (Your friendly backup server).\n
</pre>
----
===/sbin/flc/email.good===
<pre>
Hello <<USER>>,\n
\nYour backup sucessully started transfering at <<DT1>> and completed at <<DT2>>
\n\nKind Regards,\n
\nDrow (Your friendly backup server).\n
</pre>
----
===/sbin/flc/silentfan.sh===
<pre>
#!/bin/sh
# Frank Cardoza
# Turn off/on fan based on temperature and state of HD

tCurrentState=`/sbin/hdparm -C /dev/hda | /bin/grep 'standby' -c`
if [ $tCurrentState == 1 ] ; then
echo -n "\\\\\\\\" > /dev/ttyS0
else
tTHD=`/usr/sbin/smartctl -A /dev/hda | /usr/bin/awk '/^194/ {print($10)}'`
if [ $tTHD -lt 40 ] ; then
echo -n "\\\\\\\\" > /dev/ttyS0
else
echo -n "]]]]" > /dev/ttyS0
fi
fi
</pre>
----
===/sbin/flc/silentfan_cron.sh===
'''NOTE:''' Why have a script to simply call another script? Well, for whatever reason, the LS will lock up if you call the other script directly from cron. It has something to do with the avr and this hack works around the issue.<br>
<pre>
#!/bin/sh
/sbin/flc/silentfan.sh
</pre>
----
===/var/www/cgi-bin/movies.cgi===
<pre>
#!/usr/bin/perl -w

$tPath = "/share/movies";

print "Content-type: text/html\n\n<br>";

sub escape
{
my $str = shift || '';
$str =~ s/([^\w.-])/sprintf("%%%02X",ord($1))/eg;
$str;
}

if (($ENV{'REQUEST_METHOD'} eq 'GET') && ($ENV{'QUERY_STRING'} ne ""))
{
@pairs = split(/&/, $ENV{'QUERY_STRING'});
foreach $pair (@pairs)
{
($name, $value) = split(/=/, $pair);
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
#print "$name = $value<br>";
if ($name eq "move")
{
if( -d "$tPath/$value")
{
system "mv \"$tPath/$value\" \"$tPath/old/\"";
}
}
}
}

print "<script language=JavaScript>";
print "function CheckMove(tFile){";
print "if (confirm('Are you sure you want to move ' + tFile + '?'))";
print "{ document.location = '/cgi-bin/movies.cgi?move=' + tFile }";
print "}</script>";

opendir(DIR, $tPath);
@files = grep(/\.*$/,readdir(DIR));
closedir(DIR);

foreach $file (@files)
{
if( -d "$tPath/$file")
{
if ($file ne 'new' && $file ne 'old' && $file ne '.' && $file ne '..')
{
$esc_file = escape($file);
print "<a href='javascript:CheckMove(\"$esc_file\")'>[MOVE]</a> $file<br>";
}
}
}
</pre>

LinkStation - Revision history

Ohayden: /* Recovery from Six Blinking Red Lights */