Hacking Your Portable Linux Server
In the past few months, a small community has been budding around the Western Digital MyBook II, a popular paperback-sized external hard drive. It quickly was discovered that the Ethernet-capable version was powered by an embedded Linux system, and a word-of-Web process started to break its security to gain SSH access, install additional services, tune functionality and more. It resembles the phenomenon spawned by the hacking-friendly Linksys WRT54G, albeit on a smaller scale.
Thrilled by what I was seeing, I started to consider building a small appliance of my own, and Western Digital's sudden revamping of its product line brought the eBay prices of older models below the $100 mark, which converged nicely with my manager's request for a daily backup scheme enabling downtimes of less than a day should the worst happen to my laptop.
So, off I went, intent on hacking out my own Linux-based NAS. I acquired two units: the smaller, single-drive 500GB model (less than $100 on eBay at the time of this writing) and a larger, RAID-capable, twin-drive model spanning one terabyte ($300 for a used unit). Given the ever-falling prices of hardware and the expanding product offering, you should be able to purchase these at lower prices or with larger capacities. It also is worth noting that nothing prevents carefully opening up the device's innards and replacing the enclosed SATA drives with larger-capacity ones. One final bit of shopping advice: the drives addressed in this article are Ethernet-capable World Edition models, all of which have entirely white cases.
Upon first inspection, the device resembles a small book, with a perforated, Morse-code patterned edge that enables venting—if you actually decode the message, you will find a few words and a couple typos in it. The unit is rather silent and generates no more noise than the average hard drive. The front of the device sports two concentric LED rings, circling a single button used to power on and off the device. In addition to showing the on/off state of the device, the LEDs also are used to visualize disk activity as well as to provide a stylish disk capacity gauge (Figure 1).
On the inside are one or two 500GB 7,200 RPM SATA drives and a small board housing an Oxford Semiconductor 0XE800 ARM CPU with an ARM926EJ-S core, a 32MB Hynix RAM chip and the Via Cicada Simpliphy vt6122 Gigabit Ethernet chipset. The device also includes an externally accessible USB port to supplement the RJ-45 Ethernet connector, and it supports AES-128 encryption in-hardware. Despite its limited RAM capacity, Linux's conservative use of resources puts little bounds on the uses the device reasonably can be put to by your creativity. Do not plan to saturate the Gigabit Ethernet link, however, because the CPU will not carry you much beyond 5MB/sec—a limitation that does not affect single-user backup or applications involving several users.
The drives are ext-3 formatted in the World Edition series, as NAS access shields the predominant Windows and Macintosh user population from the actual filesystem choice—a detail that is exceedingly convenient, as it allows you to pull drives from the device and mount them in any Linux host for recovery should the support board ever fail.
Initially, you need to boot in the “World of Warcraft” partition of your system—the one running one of those proprietary operating systems—and install the Western Digital MioNet Access tools. You will need these only for the initial step—to find out what IP address your as-of-yet uncommunicative device has received from DHCP; you will not need the WD tools afterward. If you have a network sniffer set up, it may be faster for you simply to catch the DHCP assignment as it happens and save the time of registration and download. You also can check your DHCP server tables, if you have access to them, or simply read the data off the mounted Windows share that will be set up once you install the tools. Either way, once you are in possession of the IP address the device is using, you will point a Web browser to it and configure the settings that the Web interface exposes. You will be asked to provide authentication, which will match the credentials you created during the WD setup process, or, if you used a more exotic process, it will use the system defaults (“admin”, with a password of “123456”).
The device's built-in WD Shared Storage Manager (Figure 2) is a very lightweight and useful application, which you will leave enabled, even in this Linux-centric setup, as a convenient way to create users and carry out the most common configuration tasks. I recommend you take the time to configure most settings exposed here as part of your initial customization, as the convenience simply cannot be outdone. At a minimum, you should iterate over the General Setup section and configure your device name and workgroup (these configure Samba), date and time, and review your network settings. As preparation for the next step, you need to create a user (File Sharing→User Management) that you will use to log in at the console, as access via your existing Web administrator account will not be permitted.
One more change you should consider at this point is whether to set up RAID. The device supports two modes of operation: data striping (RAID 0), which has performance advantages and offers the total capacity of both drives combined, and data mirroring (RAID 1), which provides the storage capacity of only one of the drives but protects you by creating two fully redundant copies of your data. The default setting (Drive Management→Change Drive Type) is data striping—should you want to change it, this is the time to do it. Once a RAID rebuild is started, all data on the shared, nonsystem part of the drive will be lost. More important, although the drive shares will become writable in a few minutes while the rebuild is still underway, wait until it has completed entirely as you will need to tinker with the device's firmware upgrade path next (and triggering reboots while the RAID array is rebuilding is a surefire way to tempt fate into bricking your device). Just let it run overnight and come back to it the next morning. You can see whether the rebuild has completed by checking the drive status in the Shared Storage Manager; it will switch back from synchronizing to OK.
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
|diff -u: What's New in Kernel Development||Aug 20, 2014|
|Security Hardening with Ansible||Aug 18, 2014|
|Monitoring Android Traffic with Wireshark||Aug 14, 2014|
|IndieBox: for Gamers Who Miss Boxes!||Aug 13, 2014|
|Non-Linux FOSS: a Virtualized Cisco Infrastructure?||Aug 11, 2014|
|Linux Security Threats on the Rise||Aug 08, 2014|
- diff -u: What's New in Kernel Development
- Security Hardening with Ansible
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- New Products
- Tech Tip: Really Simple HTTP Server with Python
- Monitoring Android Traffic with Wireshark
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- RSS Feeds
- Linux Systems Administrator
- Raspberry Pi: the Perfect Home Server