Random DNS Queries?

While sifting through my DNS query log, I came across these highly suspicious DNS queries:

query[A] urjhyay.local
query[A] tadzwrawzpuqdc.local
query[A] fgrxhztwffv.local
query[A] tadzwrawzpuqdc.local
query[A] urjhyay.local
query[A] fgrxhztwffv.local
query[A] qieosgbvzzhtt.local
query[A] qdjpfwezir.local
query[A] kzqwcaaq.local
query[A] qdjpfwezir.local
query[A] kzqwcaaq.local
query[A] qieosgbvzzhtt.local
query[A] prhwndine.local

While this looks like something maleware-ish, I found a plausible explaination for this weirdness, it seems to be related to the chrome browser:

Among those requests Chrome also tries to find out if someone is messing up with the DNS (i.e. “nasty”ISPs that have wildcard DNS servers to catch all domains). Chrome does this by issuing 3 DNS requests to randomly generated domain names, for every DNS extension configured.

Advertisements

Running Oracle Sun Ray 5.4 Software template in Proxmox

Aquire the Sun Ray software template (which is about to be discontinued) and unpack the template file.

Contents:

OVM_OL6U3_X86_64_SRS5.4_PVHVM.mf:  ASCII text
OVM_OL6U3_X86_64_SRS5.4_PVHVM.ova: POSIX tar archive
OVM_OL6U3_X86_64_SRS5.4_PVHVM.ovf: XML document text

Create a VM in proxmox with two ZFS volumes.
Read the OVM_OL6U3_X86_64_SRS5.4_PVHVM.ovf to get an idea on how much resources the machine should use.

Unpack the tar file:

OVM_OL6U3_X86_64_SRS5.4_PVHVM.ova

This will give you:

Product.img: gzip compressed data, was “Product.img”, last modified: Fri May  3 15:01:48 2013, max compression, from Unix

System.img:  gzip compressed data, was “System.img”, last modified: Fri May  3 14:59:13 2013, max compression, from Unix

These RAW images needs to be unpacked:

mv Product.img Product.gz && gunzip Product
mv System.img System.gz && gunzip System.gz

Now look at their properties:

System:                            DOS/MBR boot sector; GRand Unified Bootloader, stage1 version 0x3, boot drive 0x80, 1st sector stage2 0x8480e, GRUB version 0.94

Product:                           Linux rev 1.0 ext4 filesystem data, UUID=d0dd198a-031a-4dbe-8345-b411986f460e, volume name “Product-SRS54” (extents) (large files) (huge files)

Find the VM:s zfs volumes in /dev/zvol. For instance:

dd if=System of=/dev/zvol/vmpool/vm-107-disk-1 bs=1M

dd if=Product of=/dev/zvol/vmpool/vm-107-disk-2 bs=1M

When you boot your VM, you’ll probably encounter kernel panic because its unable to find the volume groups since the disks are named using xen standard (xvdb and so on)

Enter the grub menu, edit the last alternative in the menu. Remove “rhgb quiet” and add init=/bin/bash and then boot. Remount / as rw. Edit /etc/fstab and set /opt to the correct disk. Make sure /boot is correct as well.

Also adjust grub settings for new disks. Then you can enable public yum repository and install all the available updates and receive a new kernel that you can actually boot from. Make sure the grub config also points to the newest kernel.

The default sun ray admin password is 5r5demo and can be reset using 

/opt/SUNWut/sbin/utpw

If you need to restart the sun ray services, run:

Warm Restart

/opt/SUNWut/sbin/utstart

Cold Restart

/opt/SUNWut/sbin/utstart -c

Powerdns 4 – Update slaves after zone2sql

Powerdns has a very nifty tool to import BIND zone files into its database.
It has a problem though, your slaves won’t receive these new zones.

This happens because the zones are inserted as type “Native”, which means that you have to rely on SQL replication or some other way to transfer your new data to the slaves.

Luckily, the fix is rather easy, the following example uses MySQL.

Go to your master server and convert all domains to type MASTER so that pdns will start to notify its slaves about this fabolous happening.

Assuming your master database is called “powerdns-master”:

update `powerdns-master`.domains set type = ‘MASTER’

Now wait a few seconds or minutes and your slaves will recieve notifcations!

Zyxel NAS540 NFS exports all shares RW world by default ?

While poking around with nfs exports on my zyxel nas 540 I noticed that, it is useless to set any DN/IP filter since the whole nfs directory is exported world wide RW as:

/i-data/<disk id>/nfs *(rw,sync,crossmnt,fsid=0,no_subtree_check,wdelay,no_root_squash) #

This share is not visible from the web interface but can easily be confirmed using showmount on any other system on the network:

showmount -e nas_ip

Export list for nas_ip:

/i-data/<disk id>/nfs               *
/i-data/<disk id>/nfs/kitties      192.168.1.145/24

So you better comment out /i-data/<disk id>/nfs * line in /etc/exports and then run:

/i-data/sysvol/.PKG/NFS/bin/exportfs -r

You get what you pay for I guess.

SNMPD and other tools on Zyxel NAS540

Sometimes I like to buy solutions that work out of the box, I don’t want to spend time fiddeling with everything. However, I usually end up with buying a solution that does not do what I want out of the box and I spend lots of time fiddeling with it.

This NAS540 was rather cheap and houses 4 bays. It runs some semi-lockedin linux but allows ssh access with the same login for admin/root as the admin login from the web interface so you can easily poke around with its sometimes confusing internals.

 

There are tons of different 3rd party package managers I believe (or I don’t know what the hell I’m looking at).

The common Optoware is outdated/deprecated. Whats apparently cool now is metarepository which can enable several repositores, and from there you can install Entware-NG which has a crapload of packages, but its missing the glorious nmon so you will have to compile that manually (I did it and it works great).

You can probably install entware-ng without metarepository but using both should be a bit more satisfactory.

So, it starts bad. The official instructions talk about some web_prefix file that we can use to add the repository and make it visible from the filesystem. I never got that working but I found another file that was pointing to official zyxel ftp instead.

In my case, I replaced the line below which was found in /etc/package_src_url

ftp://ftp2.zyxel.com/NAS540/zypkg/5.11

with http://downloads.zyxel.nas-central.org/Users/Mijzelf/zypkg-repo/NAS540/zypkg/5.11/

5.11 is the current firmware version on my NAS. Edit to whatever you are running.

So from here you can go into the nas web ui and into packages and hit refresh.
Now your package list will only list MetaRepository. Go ahead and install.
Follow the link in the description field:
http://NAS_IP:5000/pkg/MetaRepository/pkgcgi.cgi

Here you can see how it enables several repositories.
My list looks like this:

# Official repository
ftp://ftp2.zyxel.com/+ ZyXEL
http://downloads.zyxel.nas-central.org/Users/Mijzelf/zypkg-repo/ + NAS540
# Local repository
/i-data/sysvol/admin/MyRepo/ Local

Go back and refresh the list in package management. If you still only see MetaRepository, you might need to revert /etc/package_src_url to the stock one and refresh again. Can be a little bit tricky.

So now you should install Entware-ng to get access to even more packages.
randomtools is nice as well since you’ll get rsync and so on.

Now go back into your filthy and moisty shell and install snmpd (prefer statically linked for clandestine environments such as this nas):

/opt/bin/opkg install snmpd-static

Entware creates a symlink to /opt so you can place your snmpd.conf in

/opt/etc/snmp/

You can summon the daemon by invoking:
/opt/sbin/snmpd

You might wanna hack togheter an init script for this service.

ownCloud 9 on Zyxel NAS540

This nas comes shipped with ownCloud v7 and they don’t support any newer version.

But luckily its very easy to install ownCloud 9 by (almost) simply replacing v7.
TLDR; Replace v7 installation and use external mysql database with innodb support.
SQLite database works fine though.

Replace 2eb5eb98 with whatever your disk is called in the system.

  1. Install owncloud provided by stock firmware. Just leave it, do not configure anything.
  2. Login with SSH and cd into /i-data/2eb5eb98/.PKG/ownCloud/gui
  3. mv ownCloud/ ownCloud_7_old (or delete)
    curl -O https://download.owncloud.org/community/owncloud-9.1.0.zip -k
    unzip owncloud-9.1.0.zip
    mv owncloud ownCloud
    chown -R nobody:nogroup ownCloud

If you get error 500 on https://NAS:5001/pkg/ownCloud/index.php
Try restarting the ownCloud service from the packages page in the NAS web ui by selecting disable and then enable again.

Now go to the https://NAS:5001/pkg/ownCloud/index.php site and configure your installation. Zyxel was kind enough to install MySQL so you don’t have to rely on silly flat files…but this mysql install doesn’t work with newer ownCloud like v9 because they switched from myisam db engine to innodb, which zyxels mysql doesn’t provide.

So your options here:

  • Use SQLite.
  • Use external database.
  • Upgrade the zyxel mysql to a newer version.

I went for external database on another server, but its nicer to have things consolidated in this case though…

Install Powerwalker UPS Software, “Viewpower” on RHEL 7

I’m connecting my Powerwalker UPS to one of my servers so I can benefit from features that allows my server to be shutdown nicely when my UPS battery is running out of cream.

Fetch the installer: http://www.powerwalker.com/software/ViewPower/installViewPower_Linux_text_x86_64.tar.gz

The installer can’t really been tested much, so there is some fixes to be implemented.

Make sure you edit the upsMonitor file at MONITOR_HOME  in /etc/init.d/ to match your installation directory. The installer doesn’t really care to automatically set that for you.

In my case,  I installed it into /opt/ViewPower as I don’t think it should be installed in root directory or using a version number in the directory name.

Fixes:

1) Create some symlinks so the application can find some libs:
ln -s /usr/lib64/libc.so.6 /lib/libc.so.6

2) The upsMonitor requires netstat. Since we don’t have netstat anymore we need to install net-tools:

yum install -y net-tools

3) If your /etc/init.d/upsMonitor is an empty file, just copy the file to:

cp /opt/ViewPower/upsMonitor  /etc/init.d/

Now we can start the monitor by running  /etc/init.d/upsMonitor start

While using the init script, you can see that the language is a bit broken, for instance:

“upsMonitor is not run”
“start upsMonitor servcie”
“upsMonitor service already start”

🙂

So there are many things that feels quite lax in this software.

The upsMonitor spawn 2 processes:

  • /opt/ViewPower/jre/bin/java com.zerog.lax.LAX /opt/ViewPower2.14/./StartMain.lax /tmp/env.properties.18050
  • /opt/ViewPower/jdk/bin/java -Djava.util.logging.config.file=/opt/ViewPower/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager-Djava.endorsed.dirs=/opt/ViewPower/tomcat/endorsed -classpath /opt/ViewPower/tomcat/bin/bootstrap.jar:/opt/ViewPower/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/opt/ViewPower/tomcat -Dcatalina.home=/opt/ViewPower/tomcat -Djava.io.tmpdir=/opt/ViewPower/tomcat/temp org.apache.catalina.startup.Bootstrap start

It launches the /opt/ViewPower/StartMain file which exposes tcp port 15178 that shows the default tomcat welcome page.
Some manuals actually says that the web interface can be found on another port which is wrong in this case.
You’ll find the actually ups web interface on http://serverip:15178/ViewPower/

Autostart the service using the legacy mode simply by running:

systemctl enable upsMonitor