Czarism.com

How do I add encrypted passwords to oper blocks?

The way to do this would be to use Unreal's MKPASSWD command. This command can be used while connected as /mkpasswd or on *nix as ./unreal mkpasswd. The syntax for this command is:

mkpasswd <auth-type> <password>

Unreal supports the following auth-types: crypt, md5, sha1, ripemd-160. This command would give you a result, which is the hashed version of that password. When you have the result from the command, enter the password in the oper block like this:

password <result> { <auth-type>; };

EXAMPLE:

If my password was "password" and I wanted it to be hashed with sha1, I would type:
/mkpassword sha1 password

Which would give me:
*** Authentication phrase (method=sha1, para=password) is: $6L/ybC6i$S8/+1SAx96FcbatLyHzoYJHxxCw=

Then I would put it in my oper block as:
password "$6L/ybC6i$S8/+1SAx96FcbatLyHzoYJHxxCw=" { sha1; };

I would then be able to oper:
/oper login password

NOTE: It will be different every time you run it! Don't worry, this is because the hashes are salted so they are different each time. It is still the same password.

Mode	Description
User Modes
A	Server Admin (Set in Oper Block)
a	Services Admin (Set in Oper Block)
B	Marks you as being a Bot
C	Co-Admin (Set in Oper Block)
d	Makes it so you can not receive channel PRIVMSGs (with the exception of text prefixed with certain characters, see set::channel-command-prefix)
G	Filters out all the bad words per configuration
g	Can send & read globops and locops
H	Hide IRCop Status (IRCop Only)
h	Available for help (HelpOp) (Set in OperBlock)
i	Invisible (not shown in /who)
N	Network Administrator (Set in Oper Block)
O	Local IRC Operator (Set in Oper Block)
o	Global IRC Operator (Set in Oper Block)
p	Hides the channels you are in from /whois
q	Only U:Lines can kick you (Services Admins Only)
R	Allows you to only receive PRIVMSGs/NOTICEs from registered (+r) users
r	Identifies the nick as being registered
S	Used to protect Services Daemons
s	Can listen to server notices (see section 3.3 above for more information)
T	Prevents you from receiving CTCPs
t	Says you are using a /vhost
V	Marks you as a WebTV user
v	Receives infected DCC Send Rejection notices
W	Lets you see when people do a /whois on you (IRCops Only)
w	Can listen to wallop messages
x	Gives user a hidden hostname
z	Indicates that you are an SSL client

7 – User & Oper Commands Table

NOTE: the /helpop documentation is more up to date, use /helpop command (or /helpop ?command if you are oper) to get more information on a command.

Command	Description	Who
nick	Changes your online nick name. Alerts others to the change of your nick	All
whois	Displays information of user requested. Includes Full Name, Host, Channels User is in, and Oper Status	All
who	Who allows you to search for users. Masks include: nickname, #channel, hostmask (*.attbi.com)	All
whowas	Displays information on a nick that has logged off. The field is optional, and limits how many records will be returned.	All
ison	Allows you to check the online status of a user, or a list of users. Simple return, best used for scripts	All
join	Allows you to join channels. Using the /join #channel1,#channel2,#channel3 will allow you to join more than one channel at a time. The /join 0 command makes you PART all channels.	All
cycle	Cycles the given channel(s). This command is equivalent to sending a PART then a JOIN command.	All
motd	Displays the servers motd. Adding a server name allows you to view motd’s on other servers.	All
rules	Displays the ircd.rules of a server. Adding a server name allows you to view rules on other servers	All
lusers	Displays current & max user loads, both global and local. Adding a server name allows you to view the statistics from other servers.	All
map	Displays a network map	All
quit	Causes you to disconnect from the server. If you include a reason, it will be displayed on all channels as you quit	All
ping	Sends a PING request to a user. Used for checking connection and lag. Servers issue pings on a timed basis to determine if users are still connected.	All
version	Sends a CTCP Version request to the user. If configured to do so, their client will respond with the client version.	All
links	Displays a list of all servers linked to the network	All
Admin	Displays the admin info of a server. If a server name is included it will display the info of that server.	All
userhost	Displays the userhost of the nick given. Generally used for scripts	All
topic	Topic will display the current topic of the given channel. Topic will change the topic of the given channel.	All
invite	Invites the given user to the given channel. (Must be a channel Op)	ChanOp
kick	Kicks a user or users out of a channel, or channels. A reason may also be supplied.	ChanOp
away	Marks you as being away. A reason may also be supplied.	All
Watch +- +-	Watch is a new notify-type system in UnrealIRCd which is both faster and uses less network resources than any old-style notify system. The server will send you a message when any nickname in your watch list logs on or off. The watch list DOES NOT REMAIN BETWEEN SESSIONS - you (or your script or client) must add the nicknames to your watch list every time you connect to an IRC server.	All
helpop ? or !	HelpOp is a new system of getting IRC Server help. You type either /HELPOP ? or /HELPOP ! The "?" in /HELPOP means query the help system and if you get no response you can choose '!' to send it to the Help Operators online. Using neither ? nor ! will mean the command will be first queried within the help system and if no match if found , it will be forwarded to the help operators	All
list	If you don't include a search string, the default is to send you the entire unfiltered list of channels. Below are the options you can use, and what channels LIST will return when you use them. >number List channels with more than people. people. C>number List channels created between now and minutes ago. C minutes ago. T>number List channels whose topics are older than minutes (Ie., they have not changed in the last minutes. T minutes. *mask* List channels that match *mask* !*mask* List channels that do not match *mask*	All
Knock	Allows you to ‘knock’ on an invite only channel and ask for access. Will not work if channel has one of the following modes set: +K +V. Will also not work if you are banned	All
setname	Allows users to change their ‘Real Name’ without reconnecting	All
vhost	Hides your host name by using a vhost provided by the server.	All
mode	Lets you set channel and user modes. See User & Channel Modes for a list.	All
credits	Lists credits for everyone that has helped create UnrealIRCd	All
license	Displays the GNU License	All
time	Displays the servers date and time. Including a server name allows you to check other servers.	All
botmotd	Displays the servers bot message of the day. Including a server name allows you to check other servers	All
identify	Sends your password to the services system to identify to your nick.	All
identify	Sends your password to the services system to identify as the founder of a channel.	All
dns	Returns information about the IRC server's DNS cache. Note, since most clients have a built-in DNS command, you will most likely need to use /raw DNS to use this. Opers may specify an l as the first parameter to the command to receive a list of entries in the DNS cache.	All
userip	Returns the IP address of the user in question.	All
oper	Command to give a user operator status if they match an Oper Block	IRCop
wallops	Sends a message to all users with umode +w	IRCop
globops	Sends a message to all global IRCops	IRCop
chatops	Sends a message to all IRCops (local and global)	IRCop
locops	Sends a message to all local IRCops	IRCop
adchat	Sends a message to all Admins	IRCop
nachat	Sends a message to all Net Admins	IRCop
kill	Kills a user from the network	IRCop
kline [+|-] [ ]	Bans the hostmask from the server it is issued on. A kline is not a global ban. time to ban is either: a) a value in seconds, b) a time value, like '1d' is 1 day or c) '0' for permanent. Time and reason are optional, if unspecified set::default-bantime (default: 0/permanent) and 'no reason' are used. To remove a kline use /kline -user@host	IRCop
zline [+|-] [ ]	Bans an IP Address from the local server it is issued on (not global). See kline for more syntax info. Use /zline -*@ip to remove.	IRCop
gline [+|-] [ ]	Adds a global ban to anyone that matches. See kline for more syntax info. Use /gline -user@host to remove.	IRCop
shun [+|-] [ ]	Prevents a user from executing ANY commands and prevents them from speaking. Shuns are global (like glines). See kline for more syntax info. Use /shun -user@host to remove a shun.	IRCop
gzline [+|-] :	Adds a global zline. See kline for more syntax info. Use /gzline -*@ip to remove a gzline.	IRCop
rehash –	Rehashes the servers config file. Including a server name allows you to rehash a remote servers config file. Several flags are also available. They Include -motd - Only rehash all MOTD and RULES files (including tld {}) -opermotd - Only rehash the OPERMOTD file -botmotd - Only rehash the BOTMOTD file -garbage - Force garbage collection	IRCop
restart	Restarts the IRCD Process. Password is required if drpass { } is present. You may also include a reason.	IRCop
die	Terminates the IRCD Process. Password is required if drpass { } is present.	IRCop
lag	This command is like a Sonar or Traceroute for IRC server. You type in /LAG irc.fyremoon.net and it will reply from every server it passes with time and so on. Useful for looking where lag is and optional TS future/past travels	IRCop
sethost	Lets you change your vhost to what ever you want it to be.	IRCop
setident	Lets you set your ident to what ever you want it to be	IRCop
chghost	Lets you change the host name of a user currently on the system	IRCop
chgident	Lets you change the ident of a user currently on the system	IRCop
chgname	Lets you change the realname of a user currently on the system	IRCop
squit	Disconnects a server from the network	IRCop
connect	If only one server is given, it will attempt to connect the server you are ON to the given server. If 2 servers are given, it will attempt to connect the 2 servers together. Put the leaf server as the first, and the hub server as the second.	IRCop
dccdeny	Adds a DCCDENY for that filemask. Preventing that file from being sent.	IRCop
undccdeny	Removes a DCCDENY	IRCop
sajoin ,	Forces a user to join a channel(s). Available to services & network admins only	IRCop
sapart ,	Forces a user to part a channel(s). Available to services & network admins only.	IRCop
samode	Allows Network & Services admins to change modes of a channel without having ChanOps.	IRCop
rping	Will calculate in milliseconds the lag between servers	IRCop
trace	When used on a user it will give you class and lag info. If you use it on a server it gives you class/version/link info.	IRCop
opermotd	Displays the servers OperMotd File	IRCop
addmotd :	Will add the given text to the end of the Motd	IRCop
addomotd :	Will add the given text to the end of the OperMotd	IRCop
sdesc	Allows server admins to change the description line of their server without restarting.	IRCop
addline	Allows you to add lines to the unrealircd.conf	IRCop
mkpasswd	Will encrypt a clear text password to add it to the unrealircd.conf	IRCop
tsctl offset +/-	Adjust the IRCD’s Internal clock (Do NOT use if you do not understand EXACTLY what it does)	IRCop
tsctl time	Will give a TS Report	IRCop
tsctl alltime	Will give a TS Report of ALL servers	IRCop
tsctl svstime	Sets the TS time of all servers (Do NOT use if you do not understand EXACTLY what it does)	IRCop
htm	Controls settings related to high traffic mode. High Traffic Mode (HTM) basically disables certain user commands such as: list whois who etc in response to extremely high traffic on the server. Options include: -ON Forces server into HTM -OFF Forces server out of HTM -NOISY Sets the server to notify users/admins when in goes in and out of HTM -QUIET Sets the server to NOT notify when going in and out of HTM -TO Tell HTM at what incoming rate to activate HTM	IRCop
stats	B - banversion - Send the ban version list b - badword - Send the badwords list C - link - Send the link block list d - denylinkauto - Send the deny link (auto) block list D - denylinkall - Send the deny link (all) block list e - exceptthrottle - Send the except throttle block list E - exceptban - Send the except ban and except tkl block list f - spamfilter - Send the spamfilter list F - denydcc - Send the deny dcc block list G - gline - Send the gline and gzline list   Extended flags: [+/-mrs] [mask] [reason] [setby]     m Return glines matching/not matching the specified mask     r Return glines with a reason matching/not matching the specified reason     s Return glines set by/not set by clients matching the specified name I - allow - Send the allow block list j - officialchans - Send the offical channels list K - kline - Send the ban user/ban ip/except ban block list l - linkinfo - Send link information L - linkinfoall - Send all link information M - command - Send list of how many times each command was used n - banrealname - Send the ban realname block list O - oper - Send the oper block list P - port - Send information about ports q - sqline - Send the SQLINE list Q - bannick - Send the ban nick block list r - chanrestrict - Send the channel deny/allow block list R - usage - Send usage information S - set - Send the set block list s - shun - Send the shun list   Extended flags: [+/-mrs] [mask] [reason] [setby]     m Return shuns matching/not matching the specified mask     r Return shuns with a reason matching/not matching the specified reason     s Return shuns set by/not set by clients matching the specified name t - tld - Send the tld block list T - traffic - Send traffic information u - uptime - Send the server uptime and connection count U - uline - Send the ulines block list v - denyver - Send the deny version block list V - vhost - Send the vhost block list X - notlink - Send the list of servers that are not current linked Y - class - Send the class block list z - zip - Send compression information about ziplinked servers (if compiled with ziplinks support) Z - mem - Send memory usage information	All
module	Lists all loaded modules	All
close	This command will disconnect all unknown connections from the IRC server.	IRCOp

The same color illusion—also known as Adelson's checker shadow illusion, checker shadow illusion and checker shadow—is an optical illusion published by Edward H. Adelson, Professor of Vision Science at MIT in 1995.^[1] The squares A and B on the illusion are the same color (or shade), although they seem to be different. This can be proven by sampling the colors of A and B in an image-editing program, which will show that they are in fact the same color. By erasing everything except the two labelled squares, the effect of the illusion can be removed.

Squares A and B are the same color.

A rectangle of the same color has been drawn connecting the two squares.

Some steps in this document require priviledged access, and you'll want to limit access to the cert files to all but the root user. So you should su to root and create a working directory that only root has read/write access to (for example: mkdir certwork, chmod 600 certwork). Go to that directory.

Generate a server key:

openssl genrsa -des3 -out server.key 4096

Then create a certificate signing request with it. This command will prompt for a series of things (country, state or province, etc.). Make sure that "Common Name (eg, YOUR name)" matches the registered fully qualified domain name of your box (or your IP address if you don't have one). I also suggest not making a challenge password at this point, since it'll just mean more typing for you.

The default values for the questions ([AU], Internet Widgits Pty Ltd, etc.) are stored here: /etc/ssl/openssl.cnf. So if you've got a large number of certificate signing requests to process you probably want to carefully edit that file where appropriate. Otherwise, just execute the command below and type what needs to be typed:

openssl req -new -key server.key -out server.csr

Now sign the certificate signing request. This example lasts 365 days:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Make a version of the server.key which doesn't need a password:

openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

These files are quite sensitive and should be guarded for permissions very carefully. Chown them to root, if you're not already sudo'd to root. I've found that you can chmod 000 them. That is, root will always retain effective 600 (read) rights on everything.

Brute-force break-in attempts are quite frequent against an SSH server and other password protected internet-services (such as ftp,pop,...). Automated scripts try multiple combinations of username/password (brute-force, dictionary attack) and sometimes changing the port to something other than the default can't be done. Furthermore, scouring your log files yourself is not only time consuming, but can be difficult too.*

Fail2ban attempts to alleviate these issues by providing an automated way of not only identifying possible break-in attempts, but acting upon them quickly and easily in a user-definable manner.

Log files contain interesting information, especially about failed logins. This information can be used to ban an offensive host. This is exactly what Fail2ban does. It scans log files and detect patterns which correspond to possible breakin attempts and then performs actions. Most of the time, it consists of adding a new rule in a firewall chain and sending an e-mail notification to the system administrator.

Here is a list of the most important features available in Fail2ban:

• client/server
• multithreaded
• Gamin support
• autodetection of the date/time format
• wildcard support in logpath option
• support for a lot of services (sshd, apache, qmail, proftpd, sasl, etc)
• support for several actions (iptables, tcp-wrapper, shorewall, mail notifications, etc)

The code has been completely rewritten since 0.6.x. Fail2ban is entirely written in Python and thus should work on most of the *nix systems.

 

Fail2ban is composed of 2 parts: a client and a server. The server is multi-threaded and listens on a Unix socket for commands. The server itself knows nothing about the configuration files. Thus, at start-up, the server is in a "default" state in which no jails are defined. The following options are available for fail2ban-server:

-b                   start in background
-f                   start in foreground
-s <FILE>            socket path
-x                   force execution of the server
-h, --help           display this help message
-V, --version        print the version

fail2ban-server should not be used directly except in case of debugging. The option -s <FILE> is probably the most important one and is used to set the socket path. Thus, it is possible to run several instances of Fail2ban on different sockets. However, this should be not required because Fail2ban can run several jails concurrently.

If fail2ban-server crashes (does it?), it is possible that the socket file has not been removed correctly. The -x option tells the server to delete the socket file before start-up. If the socket file of a running server is removed, it is not possible to communicate with this server anymore.

The server handles the signals SIGTERM and SIGINT. When receiving one of these signals, fail2ban-server will quit nicely.

Client

fail2ban-client is the frontend of Fail2ban. It connects to the server socket file and sends commands in order to configure and operate the server. The client can read the configuration files or can simply be used to send a single command to the server using either the command line or the interactive mode (which is activated with the -i option). fail2ban-client can also start the server. The following options are available for fail2ban-client:

-c <DIR>                configuration directory
-s <FILE>               socket path
-d                      dump configuration. For debugging
-i                      interactive mode
-v                      increase verbosity
-q                      decrease verbosity
-x                      force execution of the server
-h, --help              display this help message
-V, --version           print the version

As for fail2ban-server, the option -s <FILE> can be used to set the socket path. Notice that this command line option overrides the socket option set in fail2ban.conf. The default configuration directory is /etc/fail2ban but can be override with the -c <DIR> option. The -x option is simply forwarded to fail2ban-server when starting the server.

A useful option for debugging is -d. This prints the configuration parsed by fail2ban-client. The output corresponds to the stream sent to the server. If the output of -d shows:

['set', 'loglevel', 1]
['set', 'logtarget', 'STDERR']

It is possible to achieve the same with:

$ fail2ban-client set loglevel 1
$ fail2ban-client set logtarget STDERR

Everything set in the configuration files can be configured manually. The configuration is just a simple and efficient way to configure the server. fail2ban-client only translates the configuration into a suite of commands. However, fail2ban-client has 2 more commands for its internal use. The first one is start. When typing:

$ fail2ban-client start

the client will first try to fork a server instance. The client then waits for the server to start-up by sending ping requests to it. Once the server responds to these requests, fail2ban-client parses the configuration and sends the corresponding commands to the server. The second one is reload. When typing:

$ fail2ban-client reload

the client will tell the server to stop all jails, parses the configuration files again and send the commands to the server. This is useful when a new configuration must be loaded without shutting down the server. This is also very useful when debugging the server. It is possible to start the server with fail2ban-server -f in one terminal and to load the configuration by typing fail2ban-client reload in an other one. Thus, client and server output will not be mixed up.

Any other commands are simply sent to the server without any specific treatment. However, most of the time, only the 2 above commands and stop will be used.

There is probably one last useful command: status [jail]. Without a jail name, the global status of the server is returned. If jail corresponds to an existing jail, the status of this jail is displayed.

A list with all commands is available here.

Try this out, and let me know how it works for you...

================================================== ==========
I. FORMATTING YOUR DISK DRIVE
================================================== ==========

You must partition and format your hard disk drive somewhere other than your router. DD-WRT does not include the commands necessary to perform these functions. Use a Linux boot CD like Knoppix or Ubuntu on your computer. Restart your computer so it boots from the Linux CD.

1. After Linux boots, connect your USB hard disk drive.
2. Open a terminal window so you can issue Linux commands.
3. Use the command "sudo su -" to become root.
4. Find out what Linux named your USB disk with the command dmesg | more You're looking for a set of messages that include the name and a description of your hard disk drive. One line will say SCSI device sd? For the remainder of this text, replace sd? with the name of your disk. Here's an example of what you're looking for:

Code:

scsi0 : SCSI emulation for USB Mass Storage devices
  Vendor: WD        Model: 1600BEV External  Rev: 1.05
  Type:   Direct-Access                      ANSI SCSI revision: 02
Attached scsi disk sdb at scsi0, channel 0, id 0, lun 0
SCSI device sdb: 312581808 512-byte hdwr sectors (160042 MB)

5. Partition the disk using the command fdisk /dev/sd? You will be creating three partitions:
5.1) sd?1 - the /opt partition, where Optware will reside.
5.2) sd?2 - the swap partition, where Linux will swap jobs.
5.3) sd?3 - the data partition, which you will share via Samba.

It's important to understand everyone's disk drive configuration will be different. If your drive is 40 GB or smaller, use the smaller set of partition sizes below. If your drive is over 40 GB, you can use the larger set of partition sizes.

Disk 40 GB or less
---------------------
/opt 256 megabytes
swap 32 megabytes
data remainder of the disk

Disk greater than 40 GB
------------------------
/opt 512 megabytes
swap 64 megabytes
data remainder of the disk

Code:

# fdisk /dev/sd?
Command (m for help): p

Disk /dev/sd?: 64 heads, 63 sectors, 621 cylinders
Units = cylinders of 4032 * 512 bytes

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-621, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-621, default 621): +256M

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (197-621, default 197):
Using default value 197
Last cylinder or +size or +sizeM or +sizeK (197-621, default 621): +32M

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 3
First cylinder (197-621, default 197):
Using default value 197
Last cylinder or +size or +sizeM or +sizeK (197-621, default 621): <ENTER>

Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 82
Changed system type of partition 2 to 82 (Linux swap)      
Command (m for help): p

Disk /dev/sd?: 64 heads, 63 sectors, 621 cylinders
Units = cylinders of 4032 * 512 bytes
 
   Device Boot    Start       End    Blocks   Id  System
/dev/sd?1   *         1       196    395104+  83  Linux
/dev/sd?2           197       262    133056   82  Linux swap
/dev/sd?3           263       458    395136   83  Linux

Command (m for help): w

5.4) format the opt and data partitions, and prepare the swap partition:

Code:

# mke2fs -j -m 1 -L Optware /dev/sd?1
mke2fs 1.18, 11-Nov-1999 for EXT2 FS 0.5b, 95/08/09
Filesystem label=Optware
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
122112 inodes, 243964 blocks
12198 blocks (5.00%) reserved for the super user
First data block=0
8 block groups
32768 blocks per group, 32768 fragments per group
15264 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376

Writing inode tables: done
Writing superblocks and filesystem accounting information: done

# mke2fs -j -m 1 -L Shared /dev/sd?3
mke2fs 1.18, 11-Nov-1999 for EXT2 FS 0.5b, 95/08/09
Filesystem label=Shared
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
122112 inodes, 243964 blocks
12198 blocks (5.00%) reserved for the super user
First data block=0
8 block groups
32768 blocks per group, 32768 fragments per group
15264 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376

Writing inode tables: done
Writing superblocks and filesystem accounting information: done

# mkswap /dev/sd?2

5.5) Now your disk drive is partitioned and formatted for Linux.

================================================== ==========
II. CONNECTING THE DRIVE TO YOUR ROUTER
================================================== ==========

1. You should have the JFFS file system enabled on your router. On the DD-WRT web GUI screen, the Administration/Management tab contains this option in an area labeled JFFS2 Support. Enable both options and reboot your router. After it reboots, the first option (JFFS2) will remain enabled and the second option (Clean JFFS2) will be disabled.
2. On the DD-WRT web GUI screen, on the Services tab enable the options for:

• Core USB support
• USB 2.0 support
• USB storage support
• ext2/ext3 File System support

2.1 From the DD-WRT web GUI screen, on the Administration/Management tab, scroll to the bottom and click on Reboot Router.
3. After a minute, start a terminal session to your router.
4. Disconnect the disk from your computer and connect it to your router.
5. In the terminal session, use the command dmesg | more to insure your disk drive is recognized. Here's what it should look like:

Code:

SCSI subsystem driver Revision: 1.00
Initializing USB Mass Storage driver...
usb.c: registered new driver usb-storage
USB Mass Storage support registered.
Journalled Block Device driver loaded
hub.c: new USB device 00:03.1-1, assigned address 2
hub.c: USB hub found
hub.c: 4 ports detected
usb.c: registered new driver usblp
printer.c: v0.13: USB Printer Device Class driver
hub.c: new USB device 00:03.1-1.3, assigned address 3
scsi0 : SCSI emulation for USB Mass Storage devices
  Vendor: WD        Model: 1600BEV External  Rev: 1.05
  Type:   Direct-Access                      ANSI SCSI revision: 02
Attached scsi disk sda at scsi0, channel 0, id 0, lun 0
SCSI device sda: 312581808 512-byte hdwr sectors (160042 MB)
Partition check:
 /dev/scsi/host0/bus0/target0/lun0: p1 p2 p3
WARNING: USB Mass Storage data integrity not assured
USB Mass Storage device found at 3

6. Change to the directory /dev/scsi/host0/bus0/target0/lun0 and list the files there. There should be one entry for the hard disk drive, and one for each of the three disk partitions.

Code:

# cd /dev/scsi/host0/bus0/target0/lun0
# ls -la
drwxr-xr-x    1 root     root            0 Jan  1 00:00 .
drwxr-xr-x    1 root     root            0 Jan  1 00:00 ..
brw-------    1 root     root       8,   0 Jan  1 00:00 disc
brw-------    1 root     root       8,   1 Jan  1 00:00 part1
brw-------    1 root     root       8,   2 Jan  1 00:00 part2
brw-------    1 root     root       8,   2 Jan  1 00:00 part3

7. Change to the JFFS2 directory, and create directories for mounting the disk partition:

Code:

# cd /jffs
# mkdir mnt
# mkdir mnt/disk1

8. Test mount your new opt and data partitions. In the terminal window, issue these commands:

Code:

# mount /dev/scsi/host0/bus0/target0/lun0/part1 /opt
# mount /dev/scsi/host0/bus0/target0/lun0/part3 /jffs/mnt/disk1
# mount
rootfs on / type rootfs (rw)
/dev/root on / type squashfs (ro)
none on /dev type devfs (rw)
proc on /proc type proc (rw)
ramfs on /tmp type ramfs (rw)
/dev/mtdblock/4 on /jffs type jffs2 (rw)
/dev/scsi/host0/bus0/target0/lun0/part3 on /jffs/mnt/disk1 type ext3 (rw)
/dev/scsi/host0/bus0/target0/lun0/part1 on /opt type ext3 (rw)

9. On the DD-WRT web GUI screen, on the Administration/Commands tab, click the Edit button, then enter your disk mount commands:

Code:

mount /dev/scsi/host0/bus0/target0/lun0/part1 /opt
mount /dev/scsi/host0/bus0/target0/lun0/part3 /jffs/mnt/disk1

Click on Save Startup to store the commands. Your terminal session will be disconnected.
10. From the DD-WRT web GUI screen, on the Administration/Management tab, scroll to the bottom and click on Reboot Router.
11. After a minute, restart your terminal session and issue the mount command again. You should see both of your disk partitions mounted, even after the router has rebooted.

Code:

# mount
rootfs on / type rootfs (rw)
/dev/root on / type squashfs (ro)
none on /dev type devfs (rw)
proc on /proc type proc (rw)
ramfs on /tmp type ramfs (rw)
/dev/mtdblock/4 on /jffs type jffs2 (rw)
/dev/scsi/host0/bus0/target0/lun0/part3 on /jffs/mnt/disk1 type ext3 (rw)
/dev/scsi/host0/bus0/target0/lun0/part1 on /opt type ext3 (rw)

================================================== ==========
III. INSTALLING OPTWARE ON YOUR DISK
================================================== ==========

After JFFS is enabled and disk partitions are mounting, you can download and install the Optware packages that provide more Linux functionality to the router. These will be installed onto the hard disk drive, not on the router itself. Remember the /opt directory on your router actually resides on the disk drive.

1. Use the command ipkg update to update your ipkg repositories:

Code:

# ipkg update 
Downloading http://ipkg.nslu2-linux.org/feeds/optware/ddwrt/cross/stable/Packages ...
Connecting to ipkg.nslu2-linux.org[140.211.166.82]:80 
Packages             100% |**********************************************|   259 KB 00:00:00 ETA
Done.
Updated list of available packages in //jffs/usr/lib/ipkg/lists/optware

2. Now download the Optware installation script from the web to the /tmp directory:

Code:

# wget http://www.3iii.dk/linux/optware/optware-install-ddwrt.sh -O - | tr -d '\r' > /tmp/optware-install.sh

3. Execute the Optware installation script you just downloaded. It will take some time to download and configure everything, so verify it starts running, then take a break and come back in ten or fifteen minutes.

Code:

# sh /tmp/optware-install.sh
Checking system config ...
 Using 192.168.1.1 as default gateway.
 Using the following nameserver(s):
 nameserver 192.168.1.30
 Warning: local nameserver is different than gateway!
 Check config or enter:
   sed -i s/192.168.*/192.168.1.1/ /tmp/resolv.conf
 to correct this.
 Installing package uclibc-opt_0.9.28-13_mipsel.ipk ...
 Connecting to ipkg.nslu2-linux.org[140.211.166.82]:80
 uclibc-opt_0.9.28-12 100% |***********************************************|   832 KB 00:00:00 ETA
 Updating /opt/etc/ld.so.cache
 /opt/sbin/ldconfig: can't create /opt/etc/ld.so.cache~ (No such file or directory)
 Installing package ipkg-opt_0.99.163-9_mipsel.ipk ...
 Connecting to ipkg.nslu2-linux.org[140.211.166.82]:80
 ipkg-opt_0.99.163-9_ 100% |***********************************************| 75896    00:00:00 ETA
 Downloading http://ipkg.nslu2-linux.org/feeds/optware/ddwrt/cross/stable/Packages.gz
 Inflating http://ipkg.nslu2-linux.org/feeds/optware/ddwrt/cross/stable/Packages.gz
 Updated list of available packages in /opt/lib/ipkg/lists/optware
 Successfully terminated.
 Installing uclibc-opt (0.9.28-12) to /opt/...
 Downloading http://ipkg.nslu2-linux.org/feeds/optware/ddwrt/cross/stable/uclibc-opt_0.9.28-12_mipsel.ipk
 package uclibc-opt suggests installing ipkg-opt
 Configuring uclibc-opt
 Updating /opt/etc/ld.so.cache
 Successfully terminated.
 Installing ipkg-opt (0.99.163-9) to /opt/...
 Downloading http://ipkg.nslu2-linux.org/feeds/optware/ddwrt/cross/stable/ipkg-opt_0.99.163-9_mipsel.ipk
 Configuring ipkg-opt
 Successfully terminated.

4. Now install the busybox packages including links for busybox commands:

Code:

# /opt/bin/ipkg-opt install busybox-base
# /opt/bin/ipkg-opt install busybox
# /opt/bin/ipkg-opt install busybox-links

5. In your terminal session, update your default executable PATH to look for the new Optware software before the DD-WRT software:

Code:

# export PATH=/opt/bin:/opt/sbin:${PATH}

================================================== ==========
IV. ACTIVATING SWAP
================================================== ==========

0. Insure the swap partition is formatted correctly by using the Optware busybox mkswap command:

Code:

# /opt/bin/busybox mkswap /dev/scsi/host0/bus0/target0/lun0/part2

1. Test your swap partition by using the Optware busybox swapon command:

Code:

# /opt/bin/busybox swapon /dev/scsi/host0/bus0/target0/lun0/part2

2. Use the free command to verify your swap space is active:

Code:

# free
              total         used         free       shared      buffers
  Mem:        13048        12564          484            0          908
 Swap:        72252            0        72252
Total:        85300        12564        72736

3. Using the DD-WRT web GUI screen, go to the Administration/Commands screen, and click 'Edit'. Add the busybox swapon command below everything else so swap will be enabled whenever the router reboots. Click on Save Startup to save your startup commands. Your terminal session will be disconnected.

Code:

/opt/bin/busybox swapon /dev/scsi/host0/bus0/target0/lun0/part2

4. Using the DD-WRT web GUI screen, go to the Administration/Management tab, scroll to the bottom, and click on Reboot Router
5. After a minute, restart your terminal session, and use the free command again. This verifies your swap space is activated whenever the router reboots.

================================================== ==========
V. INSTALLING SAMBA
================================================== ==========

1. Using the terminal session, use the Optware ipkg-opt command to update your repository, remove any Samba packages installed with Optware, then download and install the Samba software:

Code:

# /opt/bin/ipkg-opt update 
Downloading http://ipkg.nslu2-linux.org/feeds/optware/ddwrt/cross/stable/Packages.gz
Inflating http://ipkg.nslu2-linux.org/feeds/optware/ddwrt/cross/stable/Packages.gz
Updated list of available packages in /opt/lib/ipkg/lists/optware
Successfully terminated.

# /opt/bin/ipkg-opt remove samba
# /opt/bin/ipkg-opt install samba2

2. Samba uses a default Linux user name of nobody but DD-WRT doesn't provide this user name by default. The workaround is to add this user to the DD-WRT user/password file every time the router reboots.
3. Using the DD-WRT web GUI screen, go to the Administration/Commands screen. Add the following command to the bottom of your startup commands:

Code:

echo "nobody:*:65534:65534:nobody:/var:/bin/false" >>/tmp/etc/passwd

4. Using the DD-WRT web GUI screen, go to the Administration/Management tab, scroll to the bottom, and click on Reboot Router'
5. After a minute, restart your terminal session, and check the user/password file to insure the nobody user has been added following a reboot:

Code:

# grep nobody /tmp/etc/passwd
nobody:*:65534:65534:nobody:/var:/bin/false

6. Create a shared data directory on your hard disk drive:

Code:

# cd /jffs/mnt/disk1
# mkdir share
# chmod 777 share

7. Edit the Samba configuration file to add this share at the bottom of the file:

Code:

# cd /opt/etc/samba
# cat >>smb.conf  <<EOF

[disk1]
    comment = DD-WRT shared disk
    path = /jffs/mnt/disk1/share
    public = yes
    writable = yes
    printable = no
    create mask = 0666

EOF

8. Edit the Samba configuration file to:
8.1) change the default workgroup name. Yours should match whatever is on all your other computers.
8.2) Define the range of IP addresses allowed
8.3) Announce itself on your network

Code:

# vi smb.conf

[global]

# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = MyWorkgroupName

# server string is the equivalent of the NT Description field
   server string = DD-WRT Samba Server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. 
   hosts allow = 192.168.1.  127.

# Cause this host to announce itself to local subnets here
   remote announce = 192.168.1.255

:wq
#

9. Test the Samba configuration by manually starting the two Samba daemons:

Code:

# /opt/sbin/nmbd -D
# /opt/sbin/smbd -D

10. From your computer, browse your network. Go to the address bar, enter two back-slashes followed by the IP address of your router and press ENTER. You should see your shared disk drive

Code:

\\192.168.1.1

11. If you can see the drive, create a test directory and a test file within that directory from your computer.
12. Using the DD-WRT web GUI screen, go to the Administration/Commands screen. Add the following command to the bottom of your startup commands:

Code:

/opt/etc/init.d/S80samba start

13. Using the DD-WRT web GUI screen, go to the Administration/Management tab, scroll to the bottom, and click on Reboot Router
14. After a minute, browse your network again to insure the drive is shared after the router reboots.

================================================== ==========
VI. ALL THE STARTUP COMMANDS
================================================== ==========

When you're finished, your router startup commands should look something like this:

Code:

mount /dev/scsi/host0/bus0/target0/lun0/part1 /opt
mount /dev/scsi/host0/bus0/target0/lun0/part3 /jffs/mnt/disk1
/opt/bin/busybox swapon /dev/scsi/host0/bus0/target0/lun0/part2
echo "nobody:*:65534:65534:nobody:/var:/bin/false" >>/tmp/etc/passwd
/opt/etc/init.d/S80samba start

Enjoy....