fredriklofter.com Twitter Facebook LinkedIn

Tag: Netgear ReadyNAS Duo

Monitor your FTP logins

by on Sep.22, 2010, under Technology


This article describes how to configure an easy way to monitor the logins to your ReadyNAS FTP server. Credits to Jesper for pointing me in all the right directions – thank you! Before we get started: if you haven’t already, download PuTTY.exe from the Internet.

The first step is to create a job on the server that executes once every 15 minutes. This is done by creating a file called /etc/cron.d/backup-ftplog with the content:

0,15,30,45 * * * * root /usr/local/script/backup-ftplog.sh &>/dev/null

Double click PuTTY.exe and enter the internal IP number of the NAS (for instance 192.168.1.253). Log on as root with the same password as admin (netgear1 is default, but you should really change that).

Type cd /etc/cron.d and press enter
Type vi backup-ftplog and press enter
Type (or copy) 0,15,30,45 * * * * root /usr/local/script/backup-ftplog.sh &>/dev/null
(you may want to try hitting the Insert key)
Press ESC and type :wq to write the content to backup-ftplog and quit vi

Next step is to create a new copy of the FTP log under the /tmp folder that is available for some tampering. Create the file /usr/local/script/backup-ftplog.sh (and make it executable) with the following code:

#!/bin/bash
cp /var/log/proftpd.log /tmp/proftpd.log
chmod 644 /tmp/proftpd.log

Still in PuTTY:

Type mkdir /usr/local/script and press enter
Type cd /usr/local/script and press enter
Type vi backup-ftplog.sh and press enter
Type #!/bin/bash on the first row (you may want to press the Insert key)
Type cp /var/log/proftpd.log /tmp/proftpd.log on the second row
Type chmod 644 /tmp/proftpd.log on the third row
Press ESC and type :wq to write the content to backup-ftplog.sh and quit vi
Type chmod 0755 /usr/local/script/backup-ftplog.sh and press enter

Last, create a php-file (call it for instance ftplog.php) and place it on the Apache server. The file should contain the following code:

<html>
<body>
 
<?php
  define("LOGON_PATTERN", "/^(.*) nasnetworkname.*USER (.*):.*$/");
  $file = fopen("/tmp/proftpd.log", "r");
 
  echo "<h3>Recent logons</h3>";
  echo "<ul>";
 
  $previousDateString = "";
  $previousUSername = "";
  $logonCounter = 0;
  while (!feof($file)) {
    $line = fgets($file);
    if (preg_match(LOGON_PATTERN, $line, $groups)) {
      $dateString = $groups[1];
      $username  = $groups[2];
      if (!isEmpty($previousUsername) && !isEqual($previousUsername,$username)) {
        printLine($previousDateString, $previousUsername, $logonCounter);
        $logonCounter = 0;
      } else {
        $logonCounter++;
      }
      $previousDateString = $dateString;
      $previousUsername = $username;
    }
  }
  printLine($previousDateString, $previousUsername, $logonCounter);
  echo "</ul>";
  fclose($file);
 
  function isEqual($string1, $string2) {
    return strcmp($string1, $string2) == 0;
  }
 
  function isEmpty($string) {
    return strcmp($string, "") == 0;
  }
 
  function printLine($previousDateString, $previousUsername, $logonCounter) {
    echo "<li>";
    echo $previousDateString;
    echo " - ";
    echo $previousUsername;
    echo "(";
    echo $logonCounter + 1;
    echo ")";
    echo "</li>";
  }
 
?>
 
</body>
</html>

Change LOGON_PATTERN to reflect the network name of your ReadyNAS. For security measures you may want to make the ftplog.php inaccessible to external users or name/place it differently (less obvious).

Waiver. Accessing the device via SSH requires the add-on Enable Root SSH Access, which will void or greatly impair the warranty and/or support conditions of the device. The text in this summary has been prepared with uttermost care but is, despite of this, strictly a guide to be used in conjunction with normal and cautious computer practice, including the safe operation of electric equipment. I cannot accept liability for your actions. Work smart! Work safely!


Comments Off on Monitor your FTP logins :, more...

Setup FTPS on your ReadyNAS Duo

by on Jan.15, 2010, under Technology


One of several key features of the ReadyNAS Duo is the ability to act as an FTP server. I frequently use this to secure pictures taken with my camera when travelling. Out of the box, the traffic to/from the ReadyNAS Duo is not secure. Here’s how you can change that.

The first step is to enable and configure the FTP service in FrontView:

In Advanced Control mode, click on Services -> Standard File Protocols -> FTP
Set the port number to 21 (default)
Set authentication mode to User (default is Anonymous)
Reduce the passive port range to something like 1000 – 1020
Masquerade as the external IP (for instance 83.226.148.211) or domain name (for instance fredriklofter.com)
Click apply and await the response FTP service successfully started

Next step is to temporarily disable the FTP service in FrontView:

In Advanced Control mode, click on Services -> Standard File Protocols -> FTP (so that the box is unticked)
Click Apply and await the response FTP service successfully stopped

Now download (from www.readynas.com -> resources -> add-ons) and install the shell access patch EnableRootSSH. Download EnableRootSSH.bin from www.readynas.com

In Advanced Control mode, click on System -> Update -> Local and select the add-on image EnableRootSSH.bin

Download PuTTY.exe from the Internet.

Tweak the NAS to only allow secure FTP transfers:

Double click PuTTY.exe
Enter the internal IP number of the NAS (for instance 192.168.1.253)
Log on as root with the same password as admin (netgear1 is default)
Type cd /etc/frontview/proftpd
Type ls -l and confirm the existance of the file ftps.conf
Backup the file before editing by typing cp ftps.conf ftps.conf.old
Type vi ftps.conf
Use the cursor keys to navigate to the TLSRequired line and change off to on (you may want to try hitting the Insert key)
Press ESC and type :wq to write the changes to ftps.conf and quit vi

Change the default secure shell port (this will drastically reduce the number of hacking attempts):

Still logged in with PuTTY, type cd /etc/ssh
Type ls -l and confirm the existance of the file sshd_config
Backup the file before editing by typing cp sshd_config sshd_config.old
Type vi sshd_config
Use the cursor keys to navigate to the Port line and change it from 22 (default) to, say, 222
Press ESC and type :wq to write the changes to sshd_config and quit vi
Type exit to end the PuTTY session

Restart the NAS.

In Advanced Control mode, click on System -> Shutdown -> Shutdown and reboot device -> Apply

Enable the FTP service in FrontView.

In Advanced Control mode, click on Services -> Standard File Protocols -> FTP (so that the box is ticked)
Click Apply and await the response FTP service successfully started

Apply FTP access to user(s) to share(s):

In Advanced Control mode, click on Shares -> Shares Listing
Click on FTP/S for the share you want to access via secure FTP
Set the Default Access to Read/write
If appropriate, set rights per user(s) (groups doesn’t work in all FTP clients for some reason)
Click on Apply

Configure port forwarding on the router:

Log in to the admin page of the router (for instance http://192.168.1.254)
Locate the port forwarding page
Add a new service called NAS_FTP and forward ports 20 – 21 to the internal IP of the NAS (for instance 192.168.1.253)
Add a new service called NAS_PASV_FTP and forward the reduced port range above (1000 – 1020) to the internal IP of the NAS (192.168.1.253)
Add a new service called NAS_SSH and forward the SSH port changed above (222) to the internal IP of the NAS (192.168.1.253)
Apply the changes and leave the router admin page (logout)

Test the secure FTP connection using an FTP client (below works for CuteFTP):

Create a new site and label it something appropriate (MyNAS)
Set the external IP (for instance 83.226.148.211) or domain name (for instance fredriklofter.com) as host name
Username and password for a user with FTP/S rights to a share on the NAS (see above)
Login method must be normal (not anonymous)
Set the protocol type to FTP with TLS/SSL (AUTH TLS – Explicit)
Set the port to 21
Set the data connection type to passive (Use PASV)
Click on connect

Test the SSH connection (below works for WinSCP):

Set the external IP (for instance 83.226.148.211) or domain name (for instance fredriklofter.com) as host name
Set the port number to the SSH port changed above (222)
Username root and password same as admin (netgear1 is default)
File protocol SFTP with Allow SCP fallback or SCP (both will work)
Click on login

Waiver. Enabling Root SSH access may cause NETGEAR to deny support. The text in this summary has been prepared with uttermost care but is, despite of this, strictly a guide to be used in conjunction with normal and cautious computer practice, including the safe operation of electric equipment. I cannot accept liability for your actions. Work smart! Work safely!


Comments Off on Setup FTPS on your ReadyNAS Duo :, more...

ReadyNAS Duo Memory Upgrade

by on Nov.24, 2009, under Technology


The ReadyNAS Duo ships with 256MB RAM, which is enough for the intended usage of the device (storage). For more exhaustive services such as hosting a WordPress blog, a memory upgrade is recommended. The procedures for this, including a list of compatible memory chips, is really already described elsewhere. I just thought that while you’re at it with the fan mod you might want to take the opportunity to toss in a bigger RAM. It’s really easy. And worth it.

I went with the Kingston KVR400X64SC3A/1G and have noticed a 10-15% increase in performance. The pages on my WordPress blog load faster now, and that’s the main thing I was after. As how to do it, simply remove the right side panel by removing the two screws on the rear and pulling the panel slightly backwards. You’ll see the stock 256MB RAM chip clearly on the circuit board. Release the chip from the socket and replace it with the upgrade chip. Refit the side panel and fasten it with the screws.

For extra credit, you may want to run the memory test. Twice.

Waiver. Upgrading the RAM of the ReadyNAS Duo will not void the warranty provided that you use a memory on the hardware compatibility list. The text in this summary has been prepared with uttermost care but is, despite of this, strictly a guide to be used in conjunction with normal and cautious computer practice, including the safe operation of electric equipment. I cannot accept liability for your actions. Work smart! Work safely!


Comments Off on ReadyNAS Duo Memory Upgrade :, , more...

ReadyNAS Duo Fan Replacement

by on Nov.19, 2009, under Technology


While the ReadyNAS Duo provides easy, out of the way storage with online 24/7 access to files and folders over a diverse range of services (such as FTP, SCP, HTTP) it is notorious for the noise it makes. The noise can be traced to the stock Crown 60 mm fan and to the high pitch resonating sound that is caused when the air pushed by the fan passes through the fan finger protection on the rear casing. Replacing the fan and removing the protective grating is easy and straightforward, but will void the warranty of the NAS and build approximately 6.5 cm / 2.6 ” on the rear of the unit. On the flip side of that is that the mod will result in a quiet NAS. You will need to pick up the parts listed below, a Phillips screw driver, a pair of pliers and invest 10 minutes of your time.


The picture above shows the finished fan mod without the fan grill.

Parts:

  • Noctua NF-R8 80 mm fan
  • 60 mm to 80 mm fan adapter
  • 80 mm fan grill

The Noctua NF-R8 comes with a complete set of rubber isolation connectors and cable adapters.

Steps:

  • Turn off the device
  • Disconnect network and power cables
  • Remove the drives
  • Remove the left side panel (two screws on rear, then pull backwards)
  • Disconnect the stock fan cable from the circuit board
  • Remove the stock fan (four screws on rear)
  • Cut the stock fan finger protection with a pair of pliers and remove
  • Wire the Noctua NF-R8 through the rear casing
  • Fit the 60 mm to 80 mm adapter to the rear of the NAS using the rubber isolation connectors that came with the Noctua NF-R8
  • Fit the Noctua NF-R8 on the adapter using the four metal screws that came with the Noctua NF-R8
  • Fit the fan grill to the Noctua NF-R8
  • Connect the Noctua NF-R8 cable to the ReadyNAS (same socket as the stock fan)
  • Refit the left side panel (top screw needs some angle from the screw driver, but should come around)
  • Reattach the drives
  • Reconnect the network and power cables
  • Power up
  • Recalibrate the fan in FrontView (Status -> Health -> Recalibrate)

My drives ran at 2 000 rpm / 38°C with the stock fan and with an ambient room temperature of 21°C (inside a closed bed side table/cabinet), and now run at 1 000 rpm / 34°C with the Noctua NF-R8 fan (they idle at 1 000 rpm / 22°C). To reduce the minimum fan rpm below the factory default (1 600 rpm) you need to install the EnableFanMinRPMOverride add-on.

The life expectancy of the hard drives increase with lower operation temperature, which is a result of the bigger (80 mm) fan being capable of moving bigger quantities of air. The bigger fan also allows for lower rpm:s (the same result is achieved with less effort). A reduction of the minimum fan rpm will increase the drive temperature but will reduce the noise even further. Modify the minimum fan rpm value on your own risk.

Waiver. Replacing the stock fan will void the warranty of the device. The text in this summary has been prepared with uttermost care but is, despite of this, strictly a guide to be used in conjunction with normal and cautious computer practice, including the safe operation of electric equipment. I cannot accept liability for your actions. Work smart! Work safely!


Comments Off on ReadyNAS Duo Fan Replacement :, more...

Looking for something?

Google is your friend. All smart people use Google. Use the form below to search the site:

Custom Search

Visit my friends!

A few highly recommended friends...

Archives