Synology Cubestation


Embarrassing bug in OpenSSL for the Linux community. Also Synology-products suffered from this.
http://forum.synology.com/enu/viewtopic.php?f=232&t=84199

09 April 2014
We've addressed this CVE and are preparing the fix to the vulnerability.
We look forward to providing the fix shortly.


v 3-1-1638 - not affected.


Installed Sep 2014:
3.1-1639
2014-09-04




Nice storage-boxes from http://www.synology.com/
Not really an alternative, very immature (i.e. fuugethaboutit): FreeNAS

Black Cube 407
CS407, Marvell Orion mv5281 ARM Processor, SATA, 32-bit Memory Bus, 128MB of RAM
Cubestation 407

Previously running a sub-optimal 2xRaid1 I now (2011? 2012?) have 1xRaid5 instead.

ConfigurationOld setupCheap
Upgrade A
Cheap
Upgrade B
(Today, done)
Max
Upgrade C
slot10,5 TB 2 TB 1 TB 2 TB
slot10,5 TB 2 TB 1 TB 2 TB
slot31 TB1 TB1 TB 2 TB
slot31 TB1 TB1 TB 2 TB
Raid type2x Raid12x Raid1Raid5Raid5
Brutto3 TB6 TB4 TB8 TB
Netto1,328 TB3 TB3 TB6 TB
Utilisation44%50%75%75%
Upgrade
Cost
0 CHF 250 CHF 200 CHF 500 CHF


Old setup:
Volume 1: RAID1 with 2x 1TB, Total capacity: 913.94 GB
Volume 3: RAID1 with 2x 500GB, Total capacity: 455.49 GB




CubeWesternDigitalBiosProblem

CubeHardWare

CubeStationFileSystem


Time Machine

For Mac users - easy peasy!!!
http://www.naschenweng.info/2009/07/26/synology-easy-time-machine-integration

...until Apple upgraded the AFP-protocol just as CS407 had reached end-of-life for firmware support.
But luckily Synology decided to give us one last upgrade due to the move by Apple: Version: DSM 3.1-1636

http://forum.synology.com/enu/viewtopic.php?f=64&t=38924&sid=0ddbae99e8e28b2344d85d0506ce1f65&start=15

http://www.synology.com/releaseNote_enu/CS407.php



Logitech Squeeze Center on the CubeStation

See SqueezeCenter




PHP

Customising *php.ini*:

vi /usr/syno/etc/php.ini


Adding a separate FTP-directory for PHP-access:
open_basedir = /volume1/ftp: [ ... ]



MOTD - Message of the Day

vi /etc/motd

/----------------------\
|                      |
|     Welcome to       |
|    EbmatStation      |
|                      |
|   Cubestation 407    |
\----------------------/



SSH

Enable in the web-config panel (perhaps default nowadays?).
Store public key as:

/root/.ssh/authorized_keys


Change SSH Port-number to 5022
Lost after DSM-reinstallation/upgrade. Workaround; keep default 22, config your router to redicet WAN-5022 to local 22

vi /etc/ssh/sshd_config

....

Port 5022

...and reboot.




FTP welcome (will we ever use FTP again?)
vi /etc/ftpwelcome

FTP welcome after login
edit /etc/ftpmotd



IPKG package manager


Adding IPKG itself with a bootstrap:

http://forum.synology.com/wiki/index.php/Overview_on_modifying_the_Synology_Server,_bootstrap,_ipkg_etc

ipkg is also dependant on a few other software bits and pieces that are not installed on the synology servers. Consequently to install ipkg you need to use the appropriate bootstrap which automates the installation of ipkg and the other packages it needs.

After you have installed ipkg (see the bootstrap section below), you can install ipkg packages of programs using the command "ipkg install xxxx" where xxxx is the name of the package. Once the package is installed you can run it using "xxxx" where xxxx is the name of the program you just installed (this is normally the same as the package name, but not always).

For help with ipkg commands use "ipkg -help":

usage: ipkg [options...] sub-command [arguments...]
where sub-command is one of:

Package Manipulation:
		update                  Update list of available packages
		upgrade                 Upgrade all installed packages to latest version
		install <pkg>           Download and install <pkg> (and dependencies)
		install <file.ipk>      Install package <file.ipk>
		configure [<pkg>]       Configure unpacked packages
		remove <pkg|regexp>     Remove package <pkg|packages following regexp>



IPKG Bootstrap


Lost after DSM-reinstallation/upgrade.
For mv5281 ARM models (such as my Black CS407) http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/syno-x07-bootstrap_1.2-7_arm.xsh (Captured to be safe here: U:\bra_o_ha\_Synology\ )

The steps to install the bootstrap (provided as .xsh files) are below, you should replace the text in bold with the relevant text for your CPU's bootstrap file (listed above).
  1. Reboot your NAS.
  2. Enable and then Login to the Command Line Interface as user "root", password is the same as for admin.
  3. Change to a directory such as "/volume1/@tmp", i.e. enter the command "cd /volume1/@tmp"
  4. Get the NAS to download the bootstrap, e.g. if you have an mv5281 ARM model enter the command " wget http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/syno-x07-bootstrap_1.2-7_arm.xsh " alternatively download the bootstrap to your PC and then copy it to a shared folder on the NAS
  5. Set the .xsh script to be executable "chmod +x syno-x07-bootstrap_1.2-7_arm.xsh"
  6. Now run the .xsh script, e.g. if you have an mv5281 ARM model and used the bootstrap above enter the command "sh syno-x07-bootstrap_1.2-7_arm.xsh"
  7. After the script has finished you can delete the script file, e.g. for mv5281 ARM users using the bootstrap above enter the command "rm syno-x07-bootstrap_1.2-7_arm.xsh"
  8. NEW: If you have DSM 4.0 there is an additional step. In the file /root/.profile you need to comment out (put a # before) the lines "PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/syno/sbin:/usr/syno/bin:/usr/local/sbin:/usr/local/bin" and "export PATH". To do this enter the command "vi /root/.profile" to open the file in vi. Now change vi to edit mode by pressing the "i" key on your keyboard. Use the down cursor key to move the cursor to the start of the line "PATH=/sbin..." and put a "#" infront of this line so it is now "#PATH=/sbin...". Do the same for the line below so it is now "#export PATH". Now press the escape key (to exit edit mode) and type "ZZ" (note they are capitals) to tell vi to save the file and exit. For background info on why this is neccessary for DSM 4 refer to http://forum.synology.com/enu/viewtopic.php?p=185512#p185512
  9. Note: If you have the following error: "Cannot satisfy the following dependencies for wget-ssl: libidn", you need to manually download libidn and install with ipkg: Eg. for Synology DS108j: "wget http://ipkg.nslu2-linux.org/feeds/optware/ds101g/cross/unstable/libidn_1.21-1_powerpc.ipk" (wget should be already present on the system) and enter the command "ipkg install libidn_1.21-1_powerpc.ipk". Run the ipkg bootstrap process again (press yes when it asks to overwrite config file). For a procedure to install ipk packages without ipkg, see http://buffalo.nas-central.org/wiki/Install_an_.ipk_package_without_having_the_ipkg_package_management_system_(for_end-users)
  10. Reboot the NAS and login again to the Command Line Interface as user "root"
  11. Update the ipkg list of available packages using the command "ipkg update"
  12. Upgrade any ipkg installed packages to the latest versions using the command "ipkg upgrade"
  13. Finished, you can now install ipkg packages using the command "ipkg install xxxx" where xxxx is the name of the package. You can list all the available packages using the command "ipkg list". As this is a long list you can filter it using the command "ipkg list | grep xxxx" where xxxx is the text you want to search for. Alternatively, you view one page at a time using the "more" pipe, e.g. "ipkg list | more"

Exec summary of the above text:
cd /volume1/@tmp
wget http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/syno-x07-bootstrap_1.2-7_arm.xsh 
chmod +x syno-x07-bootstrap_1.2-7_arm.xsh
sh syno-x07-bootstrap_1.2-7_arm.xsh
rm syno-x07-bootstrap_1.2-7_arm.xsh

REM   reboot your Cube

ipkg update
ipkg upgrade



Note: ipkg expects to find your ipkg files/programs in the path "/opt". As the synology NAS's put all your files in "/volume1" the bootstraps put your IPKG files/programs in "/volume1/@optware" but then mount this directory so it ALSO appears as "/opt". Hence, do not think that "/volume1/@optware" and "/opt" are duplicated files, they are not duplicated, they are in fact exactly the same directory.



IPKG Adding the NC FTP client


EbmaStation407> ipkg install ncftp
Installing ncftp (3.2.3-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/ncftp_3.2.3-1_arm.ipk
Nothing to be done
An error ocurred, return value: 22.
Collected errors:
ipkg_download: ERROR: Command failed with return value 8: `wget --passive-ftp    -q -P /opt/ipkg-qUE4jB http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/ncftp_3.2.3-1_arm.ipk'
Failed to download ncftp. Perhaps you need to run 'ipkg update'?
EbmaStation407> ipkg update
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/Packages.gz
Inflating http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/Packages.gz
Updated list of available packages in /opt/lib/ipkg/lists/cross
Successfully terminated.
EbmaStation407>
EbmaStation407>
EbmaStation407> ipkg install ncftp
Installing ncftp (3.2.4-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/ncftp_3.2.4-1_arm.ipk
Configuring ncftp
Successfully terminated.
EbmaStation407>



IPKG Adding screen

ipkg install screen


Info on this lovely linux utility: http://www.howtoforge.com/linux_screen


IPKG Adding SCP


In short, start with

ipkg install zlib


From OpenSSH we only need the archive 'data.tar.gz':

cd /tmp
ipkg download openssh

tar -xvzf openssh_5.9p1-1_arm.ipk ./data.tar.gz


From the 'data.tar.gz'-archive we only need the files 'sftp' und 'scp'.
Move them to 'bin', and link in the required library v0.9.7:

tar -xvzf data.tar.gz ./opt/bin/sftp ./opt/bin/openssh-scp
mv ./opt/bin/* /opt/bin

cd /usr/lib
ln -s libcrypto.so.1.0.0 libcrypto.so.0.9.7


Finish off by installing a bunch of utilities. This will remove an error-message you'd face if not installing the utility 'group'.

ipkg install coreutils


Full text, in German: http://www.synology-wiki.de/index.php/SFTP_SCP



IPKG Adding BASH

http://literatitech.blogspot.com/2011/03/using-bash-on-synology-ds210j.html

First we will install the BASH package
ipkg install bash


Next we will tell the system that we prefer BASH over ASH, thank you very much. We will do this by editing the /etc/passwd file. Be very very very careful editing this file, as if you muff it up then you might not be able to log into your system!

So, let's be super extra careful and make a back-up of the file, just in case.
cp /etc/passwd ~/just-in-case


Now we'll edit the file
vi /etc/passwd


Note: I would NOT recommending to switch shell for root user. If things go belly up you sure want to be able to login again under any circumstances. Replace the shell for normal users *only*! Keep the default shell for root!

Look for a line like this: (
john:x:0:0:root:/root:/bin/ash


We want to change the end bit to point to bash, so we change "/bin/ash" to "/opt/bin/bash". When you're done it will look like this:
john:x:0:0:root:/root:/opt/bin/bash


Save the file, but *DO NOT* exit your ssh session! First, test our modification by attempting to log in again from another ssh window. If you cannot log in for whatever reason, then restore the file and try again
cp ~/just-in-case /etc/passwd


If you can login, then you delete the backup file and Bob's yer uncle.
rm ~/just-in-case


The man page for BASH is a fantastic wealth of information.
Read it. Know it. Love it.



IPKG Socks proxy


http://www.synology.com/enu/forum/viewtopic.php?t=3162&highlight=socks
  1. Configure ikpg to find the socks software over at DD-WRT.
  2. Download and install via ipkg


IPKG Subversion server

Binaries are lost after DSM-reinstallation/upgrade. Configs below are retained though.
ipkg install svn


Add a line for Subversion in '/etc/inetd.conf':
svn stream tcp nowait subba /opt/bin/svnserve svnserve -i -r /volume2/svn


Edit '/etc/services' to include Subversion data:
svn 3690/tcp # Subversion 
svn 3690/udp # Subversion


Finally, a *reboot* shall do the trick.

Full text: http://forum.synology.com/wiki/index.php/Step-by-step_guide_to_installing_Subversion

If you get problems:
http://forum.synology.com/enu/viewtopic.php?f=44&t=9556&sid=9660dd1c40234d64ed338b34969da839&start=15




Swiss File Knife

A Command Line Tools Collection

http://stahlforce.com/dev/swiss-file-knife.html

Adding Linux programs and features

Additional packages for the DiskStation (called Optware)

http://oinkzwurgl.org/diskstation_software


Create Torrent-files


http://bootstrike.com/Articles/CreateTorrent/

http://lifehacker.com/5952148/how-to-create-a-super-private-bittorrent-community-for-you-and-your-friends



Cube System administration


How to retrieve data from RAID Volumes on Linux
PPC - Big endian
Wintel - Little endian
http://www.synology.com/wiki/index.php/How_to_retrieve_data_from_RAID_Volumes_on_Linux

About little/big endian
http://lkml.org/lkml/2007/7/9/20
LkmlOrgCached


Synology DSM - Email notification annoyance


http://forum.synology.com/enu/viewtopic.php?f=19&t=45702

As I understand it the Diskstation sends through the account I specify inn the SMTP settings, however it uses the preliminary email as sender. Workaround, not pretty: sender-account = primary email and the actual receiving account as the secondary email.








There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki