Difference between revisions of "Netgear ReadyNAS 316"

From YobiWiki
Jump to navigation Jump to search
Line 201: Line 201:
 
<br>Login: root / infr8ntdebug
 
<br>Login: root / infr8ntdebug
 
You can display processes (ps) and kill the tunnel back to Netgear if you want more privacy.
 
You can display processes (ps) and kill the tunnel back to Netgear if you want more privacy.
  +
1002 root 0 SW [kworker/0:2]
  +
1006 root 4864 S raidard
  +
1014 root 3084 S ifplugd -i eth1
  +
1113 root 3076 R /usr/sbin/telnetd
  +
1137 root 37464 S /usr/bin/rnutil remote_access -b
  +
1139 root 3072 S /bin/sh -c /bin/sh
  +
1140 root 3084 S /bin/sh
  +
1141 root 9212 S {dropbearmulti} dropbear -E -F -p 127.0.0.1:1022
  +
1243 root 9276 S {dropbearmulti} dbclient -y -T -K 60 -p 443 -R *:513
  +
=> 1141, 1243, 1137
 
<br>There is a dropbear binary so you can launch a small ssh server, helpful to initiate some file transfers if needed:
 
<br>There is a dropbear binary so you can launch a small ssh server, helpful to initiate some file transfers if needed:
dropbear
+
# dropbear
  +
'''WARNING the commands enumerated here are what I tried, but probably not what is the best to do'''
  +
<br>/dev/md0 contains the OS
  +
<br>/dev/md1 is the swap
  +
<br>/dev/md127 contains /data
  +
  +
But before that we need to assemble the arrays:
  +
# mdadm --assemble --scan
  +
Then e.g. to mount the system partition:
  +
# mount /dev/md0 /sysroot
  +
To mount it desperately:
  +
# mount -o ro,recovery /dev/md0 /mnt
  +
To watch out a Raid resync (and wait for it to complete):
  +
# cat /proc/mdstat
  +
Personalities : [raid0] [raid1] [raid10] [raid6] [raid5] [raid4]
  +
md127 : active raid5 sda3[4] sdd3[3] sdc3[2] sdb3[1]
  +
11706499968 blocks super 1.2 level 5, 64k chunk, algorithm 2 [4/4] [UUUU]
  +
[>....................] resync = 1.8% (71255944/3902166656) finish=1418.8min speed=44998K/sec
  +
Btrfs:
  +
# btrfs filesystem show /mnt
  +
Label: deadbeef:root uuid: 12345678-1234-1234-1234-123456789abc
  +
Total devices 1 FS bytes used 854.89MiB
  +
devid 1 size 4.00GiB used 2.68GiB path /dev/md/0
  +
To attempt to fix it:
  +
# btrfs check --repair /dev/md0

Revision as of 22:01, 12 January 2015

Links

General

Initial login: admin/password

If SSH activated, root has same pwd as admin.

Update FW Alerts:

  • Email: recipient email
  • Advanced settings/SMTP Server: can be 127.0.0.1 if you've installed Exim (see below)
  • Advanced settings/From: sender email
  • Then don't forget to "Apply" after having sent successfully a test message

(since reinstall with 6.2.2, sending test message failed but still I received the test mail...)

Certificat HTTPS

To change it, cf http://readynas.sphardy.com/2010/10/installing-ssl-certificate-on-your_7476.html

  • Create directory /etc/frontview/apache/addons/
  • Copy CACert root cert (PEM format) in /etc/frontview/apache/addons/root.crt
  • Copy CACert intermediate cert (PEM format) in /etc/frontview/apache/addons/class3.crt
  • Merge your RSA cert & key in a single PEM file and replace /etc/frontview/apache/apache.pem by yours
  • Avoid frontview or fw updates to overwrite it (not sure if it could harm fw upgrade...):
chattr +i /etc/frontview/apache/apache.pem
  • Create a file /etc/frontview/apache/addons/ssl.conf with
SSLCACertificateFile /etc/frontview/apache/addons/root.crt
SSLCertificateChainFile /etc/frontview/apache/addons/class3.crt
  • Tell Apache to reload its config
killall -HUP apache2

hosts

Complete /etc/hosts

Debian

System is a Debian Wheezy
Edit /etc/apt/sources.list and add non-free:

deb http://mirrors.kernel.org/debian wheezy main non-free                       
apt-get update
apt-get install dialog
apt-get install mc screen binutils sshfs pv netcat encfs man python htop iotop p7zip p7zip-full unrar git

What is not available:

  • luks? missing some support in kernel?

mail

apt-get install exim4 bsd-mailx
dpkg-reconfigure exim4-config
3. mail sent by smarthost; no local mail
System mail name: yobi.be
IP-addresses to listen on for incoming SMTP connections: 127.0.0.1
Other destinations for which mail is accepted: 
Visible domain name for local users: yobi.be
IP address or host name of the outgoing smarthost: smtp.isp.xxx 
Keep number of DNS-queries minimal (Dial-on-Demand)? n
Split configuration into small files? y
Root and postmaster mail recipient: phil

Complete /etc/email-addresses

backuppc (old)

apt-get install backuppc libfile-rsyncp-perl libio-dirent-perl

Small issue because Apache is not running as the usual www-data but admin user:

chgrp admin /etc/backuppc/*
chgrp admin /usr/lib/backuppc/cgi-bin/index.cgi 
chmod u+s /usr/lib/backuppc/cgi-bin/index.cgi

Set backuppc password:

htpasswd /etc/backuppc/htpasswd backuppc

Move pool to the big partition, preserving hard links

/etc/init.d/backuppc stop
cp -a /var/lib/backuppc /home
rm -rf /var/lib/backuppc
ln -s /home/backuppc /var/lib/backuppc
/etc/init.d/backuppc start

If you want to encrypt backup pool, you can alternatively do:

/etc/init.d/backuppc stop
cp -a /var/lib/backuppc /home/backuppc.orig
rm -rf /var/lib/backuppc
mkdir /home/.backuppc
adduser backuppc fuse
mkdir /var/lib/backuppc
chown backuppc.backuppc /var/lib/backuppc
encfs --public /home/.backuppc /var/lib/backuppc

We need hardlinks, so use "standard" settings of encfs, no external IV chaining!
And because it will be accessed also by Apache, even if through some setuid, we need --public

su -s /bin/bash backuppc
$ rsync -avH /home/backuppc.orig/ /var/lib/backuppc
rm -rf /home/backuppc.orig
/etc/init.d/backuppc start

If you choose encryption, it cannot start automatically anymore:

for i in /etc/rc*.d/S*backuppc; do mv $i ${i/S/K};done
update-rc.d backuppc defaults
systemctl --system daemon-reload

And from now on, use scripts to start/stop manually:

#!/bin/bash
encfs --public /home/.backuppc /var/lib/backuppc && /etc/init.d/backuppc start
#!/bin/bash
/etc/init.d/backuppc stop
fusermount -u /var/lib/backuppc

Visit https://readynas/backuppc
Default backup of localhost /etc will fail due to some read access issues, we can ignore them by tuning the corresponding TarClientCmd and appending to it:

--ignore-failed-read

Transmission

There is a readynas app, but better to use the Debian one if you want to tune it.

apt-get install transmission-daemon
/etc/init.d/transmission-daemon stop

Edit /etc/default/transmission-daemon:

ENABLE_DAEMON=0

Create /data/Transmission/info/settings.json

# cf https://trac.transmissionbt.com/wiki/EditConfigFiles
"download-dir":...
"incomplete-dir":...
"rpc-password": "your_password", # note that it will be encrypted next time automatically
chown -R  phil.users /data/Transmission/info

transmission-start.sh:

#!/bin/bash
exec su -s /bin/bash phil -c "/usr/bin/transmission-daemon --config-dir /data/Transmission/info/ --logfile /data/Transmission/info/logfile --log-info"

transmission-stop.sh:

#!/bin/bash
exec su -s /bin/bash phil -c "killall transmission-daemon"

If you've some transmission settings to transfer from another machine:

  • settings.json is in /etc/transmission-daemon/settings.json
  • other stuffs (blocklists, resume, torrents,...) is in /var/lib/transmission-daemon/info/

To fix .resume files from another location, here from /shares/.... to /data/....: file is bencoded but a few bash lines are enough

#!/bin/bash
FILE="$1"
OLDDESTSIZE=$(cat "$FILE"|cut -f6 -d:|head -n1|sed 's/destination//')
OLDDEST="/shares"
NEWDEST="/data"
NEWDESTSIZE=$(($OLDDESTSIZE-${#OLDDEST}+${#NEWDEST}))
sed -i "s#:destination[0-9]\+:${OLDDEST}#:destination${NEWDESTSIZE}:${NEWDEST}#" "$FILE"
chown phil:users "$FILE"

To run it under another user:
Edit /etc/init.d/transmission-daemon -> USER=joe, then:

chown -R joe.users /var/lib/transmission-daemon 
chown -R joe.users /etc/transmission-daemon
systemctl --system daemon-reload
/etc/init.d/transmission-daemon start

Transgui / Transmission options / Network / Incoming port <> router firewall?

Android

Maintenance

WARNING this section is for "power users", some notes after I went through some troubles with my NAS.
Don't trust anything written here, don't try anything yourself, contact Netgear support in case of problems!

In two words, my NAS started behaving strangely then refused to boot, it appeared that the cause was a faulty RAM.

Locale console

You can plug a HDMI screen and a keyboard, you'll get access to the BIOS and boot sequence

Boot menu

If you press the reset button (small hole on the back) and maintain it pressed while booting till "Boot Menu" appears on the LCD screen you'll reach... the boot menu. Cf http://kb.netgear.com/app/answers/detail/a_id/23005
From here, several options, use the touchpad up/down & ok to select one:

  • Memory test -> runs memtest86 with some summary on the LCD but it's much more confortable with a HDMI screen plugged.
  • OS reinstall. Reinstalls the firmware from the internal flash to the disks. Use the OS reinstall boot mode when the system crashes and corrupts some configuration files. OS reinstall boot mode also resets some settings on your storage system, such as Internet protocol settings and the administrator password, to defaults.

So default access is root/password

  • Volume read only. Mounts a volume as read-only. Use this option when you are attempting to rescue data off a disk during a disaster recovery.
  • Disk Test. Performs an offline full disk test. This process can take four hours or more, depending on the size of your disks.

Personally I prefer to run smartmontools myself, see below

  • Tech support. Boots into a low-level diagnostic mode. Use the tech support boot mode only when a NETGEAR technical support representative instructs you to do so.

See below

  • Factory default. WARNING: The factory default reboot process resets the storage system to factory settings, erases all data, resets all defaults, and reformats the disk to X-RAID2.

Because of my faulty RAM that corrupted my filesystems, I had to go for this last option once I've backed up all my data.

Tech mode

Is one of the special boot modes.
WARNING You're not supposed to use it yourself but, well, on Internet I could find a lot of things, including the support telnet password... So, here it is:
In that mode it boots on the image contained in the flash so this works even if the HDD are completely out of order.
It launches a telnet and some tunneling to Netgear so they can operate remotely.
Login: root / infr8ntdebug You can display processes (ps) and kill the tunnel back to Netgear if you want more privacy.

1002 root         0 SW   [kworker/0:2]
1006 root      4864 S    raidard
1014 root      3084 S    ifplugd -i eth1
1113 root      3076 R    /usr/sbin/telnetd
1137 root     37464 S    /usr/bin/rnutil remote_access -b
1139 root      3072 S    /bin/sh -c /bin/sh
1140 root      3084 S    /bin/sh
1141 root      9212 S    {dropbearmulti} dropbear -E -F -p 127.0.0.1:1022
1243 root      9276 S    {dropbearmulti} dbclient -y -T -K 60 -p 443 -R *:513

=> 1141, 1243, 1137
There is a dropbear binary so you can launch a small ssh server, helpful to initiate some file transfers if needed:

# dropbear

WARNING the commands enumerated here are what I tried, but probably not what is the best to do
/dev/md0 contains the OS
/dev/md1 is the swap
/dev/md127 contains /data

But before that we need to assemble the arrays:

# mdadm --assemble --scan

Then e.g. to mount the system partition:

# mount /dev/md0 /sysroot

To mount it desperately:

# mount -o ro,recovery /dev/md0 /mnt

To watch out a Raid resync (and wait for it to complete):

# cat /proc/mdstat
Personalities : [raid0] [raid1] [raid10] [raid6] [raid5] [raid4] 
md127 : active raid5 sda3[4] sdd3[3] sdc3[2] sdb3[1]
      11706499968 blocks super 1.2 level 5, 64k chunk, algorithm 2 [4/4] [UUUU]
      [>....................]  resync =  1.8% (71255944/3902166656) finish=1418.8min speed=44998K/sec

Btrfs:

# btrfs filesystem show /mnt
Label: deadbeef:root  uuid: 12345678-1234-1234-1234-123456789abc
        Total devices 1 FS bytes used 854.89MiB
        devid    1 size 4.00GiB used 2.68GiB path /dev/md/0

To attempt to fix it:

# btrfs check --repair /dev/md0