Difference between revisions of "Indiana Storage Server"

From Earlham CS Department
Jump to navigation Jump to search
(About)
(Status: Add notes on how we hacked indiana to give us full access)
Line 7: Line 7:
  
 
==Status==
 
==Status==
The server is at indiana.cluster.earlham.edu. It is currently not available by ssh.
+
The server is at indiana.cluster.earlham.edu.
 
 
Physically we have yet to rack this server.
 
  
 
Through the browser-based tool, we've added the cluster gateway to the server, enabled NFS and SFTP, disabled some unnecessary file-sharing tools.
 
Through the browser-based tool, we've added the cluster gateway to the server, enabled NFS and SFTP, disabled some unnecessary file-sharing tools.
  
 
We've also edited /etc/fstab on hopper to take advantage of NFS mounting.
 
We've also edited /etc/fstab on hopper to take advantage of NFS mounting.
 +
 +
=== Hacking in to Indiana ===
 +
 +
Using the ACP Commander tool, downloaded as a JAR and then run via X11 from Whedon, we were able to gain access to run commands in a limited fashion. 
 +
 +
We tried a few read only commands, such as whoami and hostname, to figure out what exactly existed and worked.  Turns out, most common commands exist on indiana, contrary to what we had determined in a previous attempt at hacking into the server.
 +
 +
We then attempted to run vim, however this did not work due a limitation in how ACP Commander works.  Then we tried to run the two complex functions built into ACP Commander: Enable SSH and change root password.  The first of these worked, however the second did not seem to work, although this may have been a side effect of the fact that Indiana's sshd_config did not allow root logins. 
 +
 +
The next step was to see if we could modify any of the config files, specifically sshd_config, to allow what we were trying to do.  We determined that we could append to it, but we could not overwrite it.  We also determined that we could copy files from /etc to /mnt/array1/indiana, which is the directory that we set up for our servers to mount.  This way, we could view documents in their entirety, since ACP Commander has a limitation on the number of lines that can be transmitted to it.
 +
 +
This proved to not be useful for the sshd_config file, as we could not override the options we wanted, however we eventually realized that we could append a line to /etc/sudoers giving our admin user access to sudo privileges.  We ran <code>echo "admin\tALL=(ALL:ALL) ALL" >> /etc/sudoers</code>, and then tried again to ssh in with admin and run <code>sudo su -</code>. 
 +
 +
This time, it worked!  So we now have access to all of Indiana's capabilities!  We also now have a voided warranty :'(

Revision as of 12:49, 16 August 2019

Indiana is our new (circa summer 2018) storage server.

About

The server has been configured for RAID-5 using their built-in software.

File:Manual TeraStation5010.pdf

Status

The server is at indiana.cluster.earlham.edu.

Through the browser-based tool, we've added the cluster gateway to the server, enabled NFS and SFTP, disabled some unnecessary file-sharing tools.

We've also edited /etc/fstab on hopper to take advantage of NFS mounting.

Hacking in to Indiana

Using the ACP Commander tool, downloaded as a JAR and then run via X11 from Whedon, we were able to gain access to run commands in a limited fashion.

We tried a few read only commands, such as whoami and hostname, to figure out what exactly existed and worked. Turns out, most common commands exist on indiana, contrary to what we had determined in a previous attempt at hacking into the server.

We then attempted to run vim, however this did not work due a limitation in how ACP Commander works. Then we tried to run the two complex functions built into ACP Commander: Enable SSH and change root password. The first of these worked, however the second did not seem to work, although this may have been a side effect of the fact that Indiana's sshd_config did not allow root logins.

The next step was to see if we could modify any of the config files, specifically sshd_config, to allow what we were trying to do. We determined that we could append to it, but we could not overwrite it. We also determined that we could copy files from /etc to /mnt/array1/indiana, which is the directory that we set up for our servers to mount. This way, we could view documents in their entirety, since ACP Commander has a limitation on the number of lines that can be transmitted to it.

This proved to not be useful for the sshd_config file, as we could not override the options we wanted, however we eventually realized that we could append a line to /etc/sudoers giving our admin user access to sudo privileges. We ran echo "admin\tALL=(ALL:ALL) ALL" >> /etc/sudoers, and then tried again to ssh in with admin and run sudo su -.

This time, it worked! So we now have access to all of Indiana's capabilities! We also now have a voided warranty :'(