Hacking Your Portable Linux Server
If you followed my advice to set the device name and workgroup earlier, your hostname is taken care of already. The device boots in DHCP mode by default, which can be altered easily for those who want a tiny, power-conscious but rather homebound server at their disposal. I find the greatest promise of the WDMBII in its easy mobility, however, and that poses the question of how to recognize its location quickly in a new setting—nothing that a good bit of scripting cannot fix.
The first approach to this is to have the device notify you of its IP address as it boots. I personally leverage instant messaging for these sorts of system notifications and have an “automation” group in my contact list featuring several borg-looking avatars that are authorized to send me all manner of alerts when the situation warrants. The key to this script is the SendXMPP tool (see Resources), which provides the ability to send instant messages with ease from the console. SendXMPP carries a few Perl module dependencies that you need to download from the CPAN archive and build. Retrieve the tarfiles via wget, extract and follow the customary perl Makefile.PL; make; make install procedure as root—the CPAN shell does not seem to work in the strict RAM confines of the WDMBII. After building two or three modules, you will be able to include the following one-line wizardry in /etc/init.d/post_network_start.sh (line 20):
# $SCRIPTS_PATH/mionet.sh start touch $POST_NETWORK_STARTED_FILE # Announce IP address of operation to admin OUT=`ifconfig | grep -A2 "eth0"`; \ echo -e "(lander) now operational: \n$OUT" \ | /usr/local/bin/sendxmpp -r lander-notifier \ -f /root/.sendxmpprc email@example.com fi
The script parses the current network configuration and sends it with appropriate text wrapping and an XMPP resource (-r) describing the device to one of my notification accounts. The user ID and password are retrieved from /root/.sendxmpprc (-f). Once the script is installed, the device will notify me of its IP address at every bootup in any network where DHCP is enabled and access to the Jabber server in question has not been restricted. The result message is very effective in allowing me to locate the device and possibly even troubleshoot occasional connectivity glitches:
(lander) now operational: eth0 Link encap:Ethernet HWaddr 00:90:A9:15:DD:73 inet addr:188.8.131.52 Bcast:184.108.40.206 Mask:255.255.254.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
This approach will serve most road warriors willing to put up with connecting to IP addresses. But, power users controlling their own domains can do even better. By setting up a dynamic DNS subdomain, one can enable the device to update at boot a fully qualified domain name, valid to the Internet at large. The intricacies of DNS zone configuration are beyond the scope of this article, but the Perl script to leverage a properly configured domain remains relatively simple:
# Variables to configure the script's operation my $hostname = 'ooga'; # Device hostname my $domain = 'dynamic.booga.org.'; # Domain name my $nameserver = 'ns1.booga.org'; # Primary nameserver # for your zone my $keyname = 'md5key'; # Name of the key my $key = 'se64bAsE64BASE64BasE64=='; # HMAC-MD5 TSIG key my $interface = 'eth0'; # Interface whose IP # is to be published
Refer to the Resources section of this article for a reference to the Web page where the author maintains the script. This more extensive solution makes our briefcase-friendly, quick-booting mini-server a full-fledged participant in the Internet.
The most obvious workload for our portable server is file-centric: well equipped with SMB support from Samba and NFS support built in to the kernel, as well as the lighttpd Web server and the rsync client, the system is ready to shine in this space. Enterprising users have built HOWTOs describing how to expand further the array of services to FTP and even BitTorrent, but I should not forget to mention that the system has a healthy complement of essential dæmons: ntp, cron and even Apple's mDNS are at your disposal out of the box.
The built-in toolchain enables the compilation of packages natively, but cross-compilation also is a possibility for jobs requiring more RAM than the device has available. It is, however, possible to find prebuilt packages for a number of services, as the device shares the ARM core of many others, its closest cousin being the Gumstix micro-board (check the many Gumstix sites for suitable binaries before starting a large cross-compiled build).
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- The Humble Hacker?
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- ACI Worldwide's UP Retail Payments
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide