Synology Cubestation


Embarrassing bug in OpenSSL for the Linux community. Also Synology-products suffer from this.
http://forum.synology.com/enu/viewtopic.php?f=232&t=84199

09 April 2014
We've addressed this CVE and are preparing the fix to the vulnerability.
We look forward to providing the fix shortly.





Nice storage-boxes from http://www.synology.com/
Not really an alternative, very immature (i.e. fuugethaboutit): FreeNAS

My Black Cube 407
CS407, Marvell Orion mv5281 ARM Processor, SATA, 32-bit Memory Bus, 128MB of RAM
Cubestation 407


A recent update (2011? 2012?) brought 1xRaid5 instead of the sub-optimal 2xRaid1 I had before:

ConfigurationOld setupCheap
Upgrade A
Cheap
Upgrade B
(Today, done)
Max
Upgrade C
slot10,5 TB 2 TB 1 TB 2 TB
slot10,5 TB 2 TB 1 TB 2 TB
slot31 TB1 TB1 TB 2 TB
slot31 TB1 TB1 TB 2 TB
Raid type2x Raid12x Raid1Raid5Raid5
Brutto3 TB6 TB4 TB8 TB
Netto1,328 TB3 TB3 TB6 TB
Utilisation44%50%75%75%
Upgrade
Cost
0 CHF 250 CHF 200 CHF 500 CHF


Old setup:
Volume 1: RAID1 with 2x 1TB, Total capacity: 913.94 GB
Volume 3: RAID1 with 2x 500GB, Total capacity: 455.49 GB




CubeWesternDigitalBiosProblem

CubeHardWare

CubeStationFileSystem


Time Machine

For Mac users - easy peasy!!!
http://www.naschenweng.info/2009/07/26/synology-easy-time-machine-integration

...until Apple upgraded the AFP-protocol just as CS407 had reached end-of-life for firmware support.
But luckily Synology decided to give us one last upgrade due to the move by Apple: Version: DSM 3.1-1636

http://forum.synology.com/enu/viewtopic.php?f=64&t=38924&sid=0ddbae99e8e28b2344d85d0506ce1f65&start=15

http://www.synology.com/releaseNote_enu/CS407.php



Logitech Squeeze Center on the Cube

See SqueezeCenter




PHP

Change php.ini:

vi /usr/syno/etc/php.ini


Adding the FTP-directory for PHP-access:
open_basedir = /volume1/ftp: [ ... ]



MOTD - Message of the Day

vi /etc/motd

/----------------------\
|                      |
|     Welcome to       |
|    EbmatStation      |
|                      |
|   Cubestation 407    |
\----------------------/



SSH

Enable in the web-config panel
store public key as

/root/.ssh/authorized_keys


Change SSH Port-number to 5022

vi /etc/ssh/sshd_config

....

Port 5022





FTP welcome
vi /etc/ftpwelcome


FTP welcome after login
edit /etc/ftpmotd




IPKG package manager


Adding IPKG itself with a bootstrap:

http://forum.synology.com/wiki/index.php/Overview_on_modifying_the_Synology_Server,_bootstrap,_ipkg_etc

ipkg is also dependant on a few other software bits and pieces that are not installed on the synology servers. Consequently to install ipkg you need to use the appropriate bootstrap which automates the installation of ipkg and the other packages it needs.

After you have installed ipkg (see the bootstrap section below), you can install ipkg packages of programs using the command "ipkg install xxxx" where xxxx is the name of the package. Once the package is installed you can run it using "xxxx" where xxxx is the name of the program you just installed (this is normally the same as the package name, but not always).

For help with ipkg commands use "ipkg -help":

usage: ipkg [options...] sub-command [arguments...]
where sub-command is one of:

Package Manipulation:
		update                  Update list of available packages
		upgrade                 Upgrade all installed packages to latest version
		install <pkg>           Download and install <pkg> (and dependencies)
		install <file.ipk>      Install package <file.ipk>
		configure [<pkg>]       Configure unpacked packages
		remove <pkg|regexp>     Remove package <pkg|packages following regexp>



IPKG Bootstrap


For mv5281 ARM models (such as my Black CS407) http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/syno-x07-bootstrap_1.2-7_arm.xsh

The steps to install the bootstrap (provided as .xsh files) are below, you should replace the text in bold with the relevant text for your CPU's bootstrap file (listed above).
  1. Reboot your NAS.
  2. Enable and then Login to the Command Line Interface as user "root", password is the same as for admin.
  3. Change to a directory such as "/volume1/@tmp", i.e. enter the command "cd /volume1/@tmp"
  4. Get the NAS to download the bootstrap, e.g. if you have an mv5281 ARM model enter the command " wget http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/syno-x07-bootstrap_1.2-7_arm.xsh " alternatively download the bootstrap to your PC and then copy it to a shared folder on the NAS
  5. Set the .xsh script to be executable "chmod +x syno-x07-bootstrap_1.2-7_arm.xsh"
  6. Now run the .xsh script, e.g. if you have an mv5281 ARM model and used the bootstrap above enter the command "sh syno-x07-bootstrap_1.2-7_arm.xsh"
  7. After the script has finished you can delete the script file, e.g. for mv5281 ARM users using the bootstrap above enter the command "rm syno-x07-bootstrap_1.2-7_arm.xsh"
  8. NEW: If you have DSM 4.0 there is an additional step. In the file /root/.profile you need to comment out (put a # before) the lines "PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/syno/sbin:/usr/syno/bin:/usr/local/sbin:/usr/local/bin" and "export PATH". To do this enter the command "vi /root/.profile" to open the file in vi. Now change vi to edit mode by pressing the "i" key on your keyboard. Use the down cursor key to move the cursor to the start of the line "PATH=/sbin..." and put a "#" infront of this line so it is now "#PATH=/sbin...". Do the same for the line below so it is now "#export PATH". Now press the escape key (to exit edit mode) and type "ZZ" (note they are capitals) to tell vi to save the file and exit. For background info on why this is neccessary for DSM 4 refer to http://forum.synology.com/enu/viewtopic.php?p=185512#p185512
  9. Note: If you have the following error: "Cannot satisfy the following dependencies for wget-ssl: libidn", you need to manually download libidn and install with ipkg: Eg. for Synology DS108j: "wget http://ipkg.nslu2-linux.org/feeds/optware/ds101g/cross/unstable/libidn_1.21-1_powerpc.ipk" (wget should be already present on the system) and enter the command "ipkg install libidn_1.21-1_powerpc.ipk". Run the ipkg bootstrap process again (press yes when it asks to overwrite config file). For a procedure to install ipk packages without ipkg, see http://buffalo.nas-central.org/wiki/Install_an_.ipk_package_without_having_the_ipkg_package_management_system_(for_end-users)
  10. Reboot the NAS and login again to the Command Line Interface as user "root"
  11. Update the ipkg list of available packages using the command "ipkg update"
  12. Upgrade any ipkg installed packages to the latest versions using the command "ipkg upgrade"
  13. Finished, you can now install ipkg packages using the command "ipkg install xxxx" where xxxx is the name of the package. You can list all the available packages using the command "ipkg list". As this is a long list you can filter it using the command "ipkg list | grep xxxx" where xxxx is the text you want to search for. Alternatively, you view one page at a time using the "more" pipe, e.g. "ipkg list | more"

Note: ipkg expects to find your ipkg files/programs in the path "/opt". As the synology NAS's put all your files in "/volume1" the bootstraps put your IPKG files/programs in "/volume1/@optware" but then mount this directory so it ALSO appears as "/opt". Hence, do not think that "/volume1/@optware" and "/opt" are duplicated files, they are not duplicated, they are in fact exactly the same directory.



Adding the NC FTP client

EbmaStation407> ipkg install ncftp
Installing ncftp (3.2.3-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/ncftp_3.2.3-1_arm.ipk
Nothing to be done
An error ocurred, return value: 22.
Collected errors:
ipkg_download: ERROR: Command failed with return value 8: `wget --passive-ftp    -q -P /opt/ipkg-qUE4jB http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/ncftp_3.2.3-1_arm.ipk'
Failed to download ncftp. Perhaps you need to run 'ipkg update'?
EbmaStation407> ipkg update
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/Packages.gz
Inflating http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/Packages.gz
Updated list of available packages in /opt/lib/ipkg/lists/cross
Successfully terminated.
EbmaStation407>
EbmaStation407>
EbmaStation407> ipkg install ncftp
Installing ncftp (3.2.4-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/ncftp_3.2.4-1_arm.ipk
Configuring ncftp
Successfully terminated.
EbmaStation407>



Adding screen
ipkg install screen


Info on this lovely linux utility: http://www.howtoforge.com/linux_screen


Adding SCP

In short, start with

ipkg install zlib


From OpenSSH we only need the archive 'data.tar.gz':

cd /tmp
ipkg download openssh

tar -xvzf openssh_5.9p1-1_arm.ipk ./data.tar.gz


From the 'data.tar.gz'-archive we only need the files 'sftp' und 'scp'.
Move them to 'bin', and link in the required library v0.9.7:

tar -xvzf data.tar.gz ./opt/bin/sftp ./opt/bin/openssh-scp
mv ./opt/bin/* /opt/bin

cd /usr/lib
ln -s libcrypto.so.1.0.0 libcrypto.so.0.9.7


Finish off by installing a bunch of utilities. This will remove an error-message you'd face if not installing the utility 'group'.

ipkg install coreutils


Full text, in German: http://www.synology-wiki.de/index.php/SFTP_SCP



Adding BASH
http://literatitech.blogspot.com/2011/03/using-bash-on-synology-ds210j.html

First we will install the BASH package using IPKG
ipkg install bash


Next we will tell the system that we prefer BASH over ASH, thank you very much. We will do this by editing the /etc/passwd file. Be very very very careful editing this file, as if you muff it up then you might not be able to log into your system!

So, let's be super extra careful and make a back-up of the file, just in case.
cp /etc/passwd ~/just-in-case


Now we'll edit the file
vi /etc/passwd


Note: I would NOT recommending to switch shell for root user. If things go belly up you sure want to be able to login again under any circumstances. Replace the shell for a normal user instead! Keep the default shell for root!

Look for a line like this: (
john:x:0:0:root:/root:/bin/ash


We want to change the end bit to point to bash, so we change "/bin/ash" to "/opt/bin/bash". When you're done it will look like this:
john:x:0:0:root:/root:/opt/bin/bash


Save the file, but DO NOT exit your ssh session! First, test our modification by attempting to log in again from another ssh window. If you cannot log in for whatever reason, then restore the file and try again
cp ~/just-in-case /etc/passwd


If you can login, then you delete the backup file and Bob's yer uncle.
rm ~/just-in-case


The man page for BASH is a fantastic wealth of information.
Read it. Know it. Love it.





Socks proxy


http://www.synology.com/enu/forum/viewtopic.php?t=3162&highlight=socks

1. enable ssh
2. install ipkg (package handler)
3. configure ikpg to find the socks software over at DD-WRT
4. download and install via ipkg



Subversion server


ipkg install svn


Add a line for Subversion in '/etc/inetd.conf':
svn stream tcp nowait subba /opt/bin/svnserve svnserve -i -r /volume2/svn


Edit '/etc/services' to include Subversion data:
svn 3690/tcp # Subversion 
svn 3690/udp # Subversion


Finally, a reboot shall do the trick.

Full text: http://forum.synology.com/wiki/index.php/Step-by-step_guide_to_installing_Subversion

If you get problems:
http://forum.synology.com/enu/viewtopic.php?f=44&t=9556&sid=9660dd1c40234d64ed338b34969da839&start=15




FTP blacklist

Block LAN-users from FTP-access

http://www.synology.com/enu/forum/viewtopic.php?p=22705#22705

I found myself a solution. And since the thread has been moved to the Modding Room (thanks for that) I will now post it:

It's quite straight forward.
1. with the administration web interface create the user which shall have FTP access and give him a fairly hard password

2. Manage the user's access privileges to the folders you want to have exposed to the web via FTP. For example I created a dedicated ftp folder which is the only folder my new ftp-user has access to.

3. Log in via telnet and edit the file /etc/ftpusers. It took me quite a while to figure out, that this file is a black list which contains all users who shall NOT be able to do an FTP login. So enter each of your users here who shall not be able to do FTP, each in a seperate line.

You're done. There is no reboot required.




Swiss File Knife

A Command Line Tools Collection

http://stahlforce.com/dev/swiss-file-knife.html



Adding Linux programs and features

Additional packages for the DiskStation (called Optware)

http://oinkzwurgl.org/diskstation_software



System administration


How to retrieve data from RAID Volumes on Linux
PPC - Big endian
Wintel - Little endian
http://www.synology.com/wiki/index.php/How_to_retrieve_data_from_RAID_Volumes_on_Linux

About little/big endian
http://lkml.org/lkml/2007/7/9/20
LkmlOrgCached



Create Torrent-files


http://bootstrike.com/Articles/CreateTorrent/

http://lifehacker.com/5952148/how-to-create-a-super-private-bittorrent-community-for-you-and-your-friends



There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki