Results 1 to 7 of 7

Thread: Rooter Plugin Suggestion / Enhancement

  1. #1
    Join Date
    Mar 2012
    Location
    NYC, NY
    Posts
    90

    Lightbulb Rooter Plugin Suggestion / Enhancement

    Ok,

    So I knowt that if you install rooter, it whipes out the root password on boot every time.

    I'd like to make an enhancement request (If Im allowed ).

    How about when you install rooter

    On Install:
    -----------
    It Resets Root password
    It copies the shadow files to memory were it wont be erased on reboot


    On Reboot:
    ------------
    Delete the Shadow File that is created by the reboot
    Make a symbolic link to the copied shadow file

    So now when you do set a password for root, or any other password related task, on every reboot, it will point to the permanent file

  2. #2
    Join Date
    Apr 2011
    Location
    Fremont CA
    Posts
    78

    Default

    Thank you Ruben! Can anyone else confirm that this works for them??

  3. #3
    Join Date
    Mar 2012
    Location
    NYC, NY
    Posts
    90

    Default

    I approached this a little different, after thinking about it some more....so, I kind of built my own modified version of the rooter script. I love rooter, but I like for my NAS to be more "secured".

    So I did the following...

    Added Admin to the telnet.users file
    Added Admin to the sudoers file

    Now the catch is that the crontab script /usr/sbin/chkhttpd (which is in the read-only file system) has a line that replaces/recreates the /etc/telnet.user file

    Code:
    open(OUT,">/etc/telnet.user");
    print OUT "root\n";
    print OUT "engmode\n";
    close(OUT);
    To solve that, i used chattr +i on the /etc/telnet.user file, which means the file is immuatable, and even root cant change it. Yes its going to cause part of the chkhttpd script to fail, but nothing that will break the system

    The telnet.user file and sudoer file survive reboots, but the "immutable" flag does not remain. So the script sets it every time. And now I can login to the NAS, securely, with the admin account.
    root stays locked, and if i need to run something as root, there is always sudo.

    Now without further delay, my "secure admin / root" script.

    Code:
    #!/usr/bin/perl
    
    #$app_path = $ENV{'APP_PATH'};
    #print "APP_PATH = $app_path\n";
    #$action = $ARGV[0];
    
    print "Rooter Rooting...\n";
    #system("/VOLUME1/PLUGINAPP/Rooter/bin/busybox passwd -d root");
    #print "Rooted...?";
    system("/bin/echo 'admin ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers");
    system("/bin/echo 'admin' >> /etc/telnet.user");
    system("/VOLUME1/PLUGINAPP/Rooter/bin/busybox chattr +i /etc/sudoers");
    system("/VOLUME1/PLUGINAPP/Rooter/bin/busybox chattr +i /etc/telnet.user");
    I'm happy with this. It works for me. Maybe i'll work on creating another script that will follow along the lines of my enhancement request.
    Last edited by ruben00; 03-12-2012 at 02:04 AM.

  4. #4
    Join Date
    May 2010
    Location
    In the land of make believe.
    Posts
    505

    Default

    I basically slapped rooter together before I was able to explore the Javelin properly, or really even had time to dick with it much. I'll update the rooter plugin (I have a better version of Busybox anyway than whats included) and upload it here this weekend...

    I also was working (and had some success) with enabling the javelin to play music back via a connected USB audio device with the default OS, and enabling webcam-like functionality. I may revisit the javelin and attempt to package those.

    My alternate firmware worked, but it remained extremely challenging to build and install, still requiring a serial cable to enable. I a few weeks ago think i found a way to edit the u-boot parameters from the OS without borking everything. I may revisit that as well.
    I AM NOT A PATRIOT MEMORY EMPLOYEE.

    But they have, on occasion, bribed me with hardware.



    I am happy to help, but don't PM me. Post a thread in the appropriate forum so others may benefit and offer assistance.
    Your lack of planning is not an emergency on my part.

  5. #5
    Join Date
    Mar 2012
    Location
    NYC, NY
    Posts
    90

    Default

    Hey BadIntentions,

    I figured you were off to new projects and busy with real life, so I thought i'd give it a go myself.

    I actually messed with rooter some more, and added additional functionality like moving your new busybox into bin and then running --install.
    the only bug i have found so far with this setup is that somehow the "shutdown" command is not working. So the NAS wont reboot if i tell it to.

  6. #6
    Join Date
    Mar 2012
    Location
    NYC, NY
    Posts
    90

    Default

    So after further testing, Installing the New Busybox "busybox1-18-5-INSTALLFIX" breaks the shutdown binary...
    Im removing the line that installs "busybox1-18-5-INSTALLFIX" and probably will just ln the commands i need to /bin

  7. #7
    Join Date
    Nov 2012
    Posts
    1

    Default

    I cant seem to run this script. I made a script secure_root.pl and tried to run the script ./secure_root.pl after chmod 777. I get a file not found error. Could you please help? thx.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •