Difference between revisions of "Indiana Storage Server"

From Earlham CS Department
Jump to navigation Jump to search
m
m (Other annoying things we fixed)
Line 33: Line 33:
 
Since we can now run as the root user on the shell, we've begun pruning the weeds on the server. Among other things:
 
Since we can now run as the root user on the shell, we've begun pruning the weeds on the server. Among other things:
  
- We edited something with usermod to handle rbash # specifics?
+
* We edited something with usermod to handle rbash # specifics?
- We updated $PATH in /etc/bash.bashrc.
+
* We updated $PATH in /etc/bash.bashrc.
- We made the admin user own its own .ssh directory.
+
* We made the admin user own its own .ssh directory.
- We created a new sysadmin user with adduser, and its home directory is /home/sysadmin as usual.
+
* We created a new sysadmin user with adduser, and its home directory is /home/sysadmin as usual.

Revision as of 13:06, 12 September 2019

Indiana is our new (circa summer 2018) storage server.

About

The server has been configured for RAID-5 using their built-in software.

File:Manual TeraStation5010.pdf

Status

The server is at indiana.cluster.earlham.edu.

To use it, ssh into indiana as the user admin and then run sudo su -.

Through the browser-based tool, we've added the cluster gateway to the server, enabled NFS and SFTP, disabled some unnecessary file-sharing tools.

We've also edited /etc/fstab on hopper to take advantage of NFS mounting.

Hacking in to Indiana

Using the ACP Commander tool, downloaded as a JAR and then run via X11 from Whedon, we were able to gain access to run commands in a limited fashion.

We tried a few read only commands, such as whoami and hostname, to figure out what exactly existed and worked. Turns out, most common commands exist on indiana, contrary to what we had determined in a previous attempt at hacking into the server.

We then attempted to run vim, however this did not work due a limitation in how ACP Commander works. Then we tried to run the two complex functions built into ACP Commander: Enable SSH and change root password. The first of these worked, however the second did not seem to work, although this may have been a side effect of the fact that Indiana's sshd_config did not allow root logins.

The next step was to see if we could modify any of the config files, specifically sshd_config, to allow what we were trying to do. We determined that we could append to it, but we could not overwrite it. We also determined that we could copy files from /etc to /mnt/array1/indiana, which is the directory that we set up for our servers to mount. This way, we could view documents in their entirety, since ACP Commander has a limitation on the number of lines that can be transmitted to it.

This proved to not be useful for the sshd_config file, as we could not override the options we wanted, however we eventually realized that we could append a line to /etc/sudoers giving our admin user access to sudo privileges. We ran echo "admin\tALL=(ALL:ALL) ALL" >> /etc/sudoers, and then tried again to ssh in with admin and run sudo su -.

This time, it worked! So we now have access to all of Indiana's capabilities! We also now have a voided warranty :'(

Other annoying things we fixed

Since we can now run as the root user on the shell, we've begun pruning the weeds on the server. Among other things:

  • We edited something with usermod to handle rbash # specifics?
  • We updated $PATH in /etc/bash.bashrc.
  • We made the admin user own its own .ssh directory.
  • We created a new sysadmin user with adduser, and its home directory is /home/sysadmin as usual.