Table of Contents

Home tmade.de

Home Wiki

Configuration

Security

“Konfiguration in der aktuellen Sicherheitsstufe nicht verfügbar!”

Solution:

7270:

echo x > /tmp/flash/security
# wobei x folgende Werte annehmen kann:
# 0 : no limits
# 1 : can´t edit shell execuables or bash code, other files editable
# 2 : no config file editable
echo 0 > /tmp/flash/security
echo 2 > /tmp/flash/security

7390:

echo 0 > /tmp/flash/mod/security
echo 2 > /tmp/flash/mod/security
modsave all

Firewall

If you want the firewall configuration on command line:

cat /var/flash/ar7.cfg > /var/media/ftp/uStor01/ar7.cfg

vi /var/media/ftp/uStor01/ar7.cfg                             #Edit the settings

cat /var/media/ftp/uStor01/ar7.cfg > /var/flash/ar7.cfg
modsave all

forwarding rule:

forwardrules = "tcp 0.0.0.0:21 0.0.0.0:21 0 # ftp",
               "tcp 0.0.0.0:22 0.0.0.0:22 0 # ssh";

Check also:

http://freetz.org/wiki/help/howtos/common/first_trunk#DerFlashvorgang

Alias

Save to /var/mod/root/.profile and put

cat /var/media/ftp/uStor01/freetz/.profile > /var/mod/root/.profile

to rc.custom

Alias Content example:

alias ll='ls -al'
alias ..='cd ../'
alias cd..='cd ../'
alias hd='cd /var/media/ftp/uStor01/'
alias ...='cd ../../'

"rc.custom"

cat /var/tmp/flash/smbpasswd > /mod/etc/smbpasswd

or

cat /var/tmp/flash/smbpasswd > /mod/etc/samba/smbpasswd

/var/media/ftp/uStor01/freetz/user.sh
cat /var/media/ftp/uStor01/freetz/.profile > /var/mod/root/.profile

adduser

/var/media/ftp/uStor01/freetz # cat adduser.sh

#!/bin/sh
read -p "Enter your name : " name
echo "User, $name added!"
adduser -h /var/media/ftp/uStor01/ftp/ -G filme $name
#passwd $name
echo "User $name added!"
addgroup $name filme
cat /etc/group
cat /etc/passwd

</code>

user.sh

#!/bin/sh
cat > /var/tmp/passwd << 'EOF'
root:x:0:0:root:/mod/root:/bin/sh
ftpuser:x:1:1:ftp user:/var/media/ftp/uStor01:/bin/sh
tmade:x:1001:1001:Linux User,,,:/var/media/ftp/uStor01/:/bin/sh
EOF
chmod 644 /var/tmp/passwd

vsftpd.conf

Example config:

background=yes
check_shell=no
listen=yes
anonymous_enable=no
local_enable=yes
local_umask=022
chroot_local_user=yes
passwd_chroot_enable=yes
write_enable=yes
banner_file=/var/media/ftp/uStor01/freetz/vsftpd_welcome
nopriv_user=root
secure_chroot_dir=/var/run/vsftpd
listen_port=21
userlist_enable=yes
anon_root=/mod/home/ftp
xferlog_std_format=no
xferlog_enable=yes
vsftpd_log_file=/var/media/ftp/uStor01/freetz/vsftpd.log
log_ftp_protocol=yes
syslog_enable=no
max_clients=25
max_per_ip=5
pasv_min_port=0
pasv_max_port=0
pasv_promiscuous=no
delay_failed_login=15
chroot_list_enable=yes
ssl_enable=no
ssl_sslv2=no
ssl_sslv3=no
ssl_tlsv1=no
force_local_data_ssl=no
force_local_logins_ssl=no
user_config_dir=/var/media/ftp/uStor01/freetz/vsftp_user_conf/

VSFTPD with SSL

Execute:

openssl req -new -x509 -nodes -out vsftpd.pem -keyout vsftpd.pem

makes vsftpd.pem

cat vsftpd.pem

insert into http://fritz.box:81/cgi-bin/file/vsftpd/crt

activate SSL on

http://fritz.box:81/cgi-bin/conf/vsftpd

See also:

http://www.widhalm.or.at/node/122

Samba

In “extented” mode paste:

[windows_share]
 #inherit acls = yes
 #write cache size = 65536
 comment = windows_share
 path = /path/to/share/
 guest ok = no
 read only = no
 valid users = user1

Samba Users

Check System users with

/var/tmp # cat /etc/passwd
user1:x:1001:1001:Linux User,,,:/var/media/ftp/uStor01/:/bin/sh

Afterwards take the userid of the user you want (1001) and save the output and passsword to

/var/tmp/smbpasswd.cleartext 

with the following syntax:

user1:1001:PASSWORD_IN_PLAIN_TEXT:[U]:LCT-00000001:

NOTE: The file will be destroyed after reboot!!

Then execute:

/var/tmp # smbpasswd
1 samba users written to /mod/etc/smbpasswd 

Check output of

/var/tmp # cat /mod/etc/smbpasswd
user1:1001:A5936F0BD09EA3D642:ED8F7E 6D748305AE7D4573945B6BA8D6:[U ]:LCT-00000001:

or

cat /mod/etc/samba/smbpasswd
cat /var/tmp/flash/smbpasswd > /mod/etc/samba/smbpasswd

Save it to the box:

/var/tmp # cp /mod/etc/smbpasswd /var/tmp/flash
/var/tmp # modsave all
Saving users, groups and passwords...done.
Saving config...done.
Writing /var/flash/freetz...done.
11264 bytes written. 

Disable security settings

/var/tmp # echo 0 > /tmp/flash/security

Save the following to rc.custom

cat /var/tmp/flash/smbpasswd > /mod/etc/smbpasswd

then enable security settings

/var/tmp # echo 2 > /tmp/flash/security

DONE!

SSHD Dropbear

options:

Just public key authentication (authorized_keys):      
-s

Swap

/var/media/ftp/uStor01/freetz/swapfile

LOGGING

/var/media/ftp/uStor01/freetz/log/messages

VSFTPD

cat /var/media/ftp/uStor01/freetz/vsftpd_welcome > /etc/motd

http://trac.freetz.org/wiki/packages/vsftp#Anmeldebildschirmbeivsftpd%C3%A4ndern

Expert Options:

banner_file=/var/media/ftp/uStor01/freetz/vsftpd_welcome
user_config_dir=vsftpd_user_conf

Create GUI

http://trac.freetz.org/wiki/help/howtos/development/create_gui

SSH

http://trac.freetz.org/wiki/packages/dropbear

External

http://trac.freetz.org/wiki/help/howtos/common/external

16 or 8 MB Memory

http://trac.freetz.org/wiki/help/fritz_faq