Linux-Fu: Your Own Dynamic DNS

August 25, 2020 by Al Williams 14 Comments

It is a problem as old as the Internet. You want to access your computer remotely, but it is behind a router that randomly gets different IP addresses. Or maybe it is your laptop and it winds up in different locations with, again, different IP addresses. There are many ways to solve this problem and some of them are better than others.

A lot of routers can report their IP address to a dynamic DNS server. That used to be great, but now it seems like many of them hound you to upgrade or constantly renew so you can see their ads. Some of them disappear, too. If your router vendor supplies one, that might be a good choice, until you change routers, of course. OpenWRT supports many such services and there are many lists of common services.

However, if you have a single public accessible computer, for example a Web server or even a cloud instance, and you are running your own DNS server, you really don’t need one of those services. I’m going to show you how I do it with an accessible Linux server running Bind. This is a common setup, but if you have a different system you might have to adapt a bit.

There are many ways to set up dynamic DNS if you are willing to have a great deal of structure on both sides. Most of these depend on setting up a secret key to allow for DNS updates and some sort of script that calls nsupdate or having the DHCP server do it. The problem is, I have a lot of client computers and many are set up differently. I wanted a system where the only thing needed on the client side was ssh. All the infrastructure remains on the DNS server.

Continue reading “Linux-Fu: Your Own Dynamic DNS” →

FBI Reports On Linux Drovorub Malware

August 22, 2020 by Al Williams 26 Comments

The FBI and the NSA released a report on the Russian-based malware that attacks Linux known as Drovorub (PDF) and it is an interesting read. Drovorub uses a kernel module rootkit and allows a remote attacker to control your computer, transfer files, and forward ports. And the kernel module takes extraordinary steps to avoid detection while doing it.

What is perhaps most interesting though, is that the agencies did the leg work to track the malware to its source: the GRU — Russian intelligence. The name Drovorub translates into “woodcutter” and is apparently the name the GRU uses for the program.

A look inside the code shows it is pretty mundane. There’s a server with a JSON configuration file and a MySQL backend. It looks like any other garden-variety piece of code. To bootstrap the client, a hardcoded configuration allows the program to make contact with the server and then creates a configuration file that the kernel module actively hides. Interestingly, part of the configuration is a UUID that contains the MAC address of the server computer.

The rootkit won’t persist if you have UEFI boot fully enabled (although many Linux computers turn UEFI signing off rather than work through the steps to install an OS with it enabled). The malware is easy to spot if you dump raw information from the network, but the kernel module makes it hard to find on the local machine. It hooks many kernel functions so it can hide processes from both the ps command and the /proc filesystem. Other hooks remove file names from directory listings and also hides sockets. The paper describes how to identify the malware and they are especially interested in detection at scale — that is, if you have 1,000 Linux PCs on a network, how do you find which ones have this infection?

This is a modern spy story, but not quite what we’ve come to expect in Bond movies. “Well, Moneypenny, it appears Spectre is using the POCO library to generate UUIDs,” is hard to work into a trailer. We prefer the old days when high-tech spying meant nonlinear junction detectors, hacking Selectrics, moon probe heists, and passive bugging.

Exotic Device Gets Linux Support Via Wireshark And Rust

August 20, 2020 by Sven Gregori 10 Comments

What can you do if you have a nice piece of hardware that kinda works out of the box, but doesn’t have support for your operating system to get the full functionality out of it? [Harry Gill] found himself in such a situation with a new all-in-one (AIO) water cooling system. It didn’t technically require any operating system interaction to perform its main task, but things like settings adjustments or reading back statistics were only possible with Windows. He thought it would be nice to have those features in Linux as well, and as the communication is done via USB, figured the obvious solution is to reverse engineer the protocol and simply replicate it.

His first step was to set up a dual boot system (his attempts at running the software in a VM didn’t go very well) which allowed him to capture the USB traffic with Wireshark and USBPcap. Then it would simply be a matter of analyzing the captures and writing some Linux software to make sense of the data. The go-to library for USB tasks would be libusb, which has bindings for plenty of languages, but as an avid Rust user, that choice was never really an issue anyway.

How to actually make use of the captured data was an entirely different story though, and without documentation or much help from the vendor, [Harry] resorted to good old trial and error to find out which byte does what. Eventually he succeeded and was able to get the additional features he wanted supported in Linux — check out the final code in the GitHub repository if you’re curious what this looks like in Rust.

Capturing the USB communication with Wireshark seems generally a great way to port unsupported features to Linux, as we’ve seen earlier with an RGB keyboard and the VGA frame grabber that inspired it. If you want to dig deeper into the subject, [Harry] listed a few resources regarding USB in general, but there’s plenty more to explore with reverse engineering USB.

Linux-Fu: One At A Time, Please! Critical Sections In Bash Scripts

August 18, 2020 by Al Williams 12 Comments

You normally think of a critical section — that is, a piece of a program that excludes other programs from using a resource — as a pretty advanced technique. You certainly don’t often think of them as part of shell scripting but it turns out they are surprisingly useful for certain scripts. Most often, a critical section is protecting some system resource like a shared memory location, but there are cases where a shell script needs similar protection. Luckily, it is really easy to add critical sections to shell scripts, and I’ll show you how.

Sometimes Scripts Need to Be Selfish

One very common case is where you want a script to run exactly one time. If the same script runs again while the original is active, you want to exit after possibly printing a message. Another common case is when you are updating some file and you need undisturbed access while making the change.

That was actually the case that got me thinking about this. I have a script — may be the subject of a future Linux-Fu — that provides dynamic DNS by altering a configuration file for the DNS server. If two copies of the script run at the same time, it is important that only one of them does modifications. The second copy can run after the first is totally complete.

Continue reading “Linux-Fu: One At A Time, Please! Critical Sections In Bash Scripts” →

Rack ’em Stack ’em Raspberry Pi Controller Board

August 12, 2020 by Al Williams 14 Comments

It isn’t that hard to assemble an array of Raspberry Pi boards and there are several reasons you might want to do so. The real trick is getting power to all of them and cooling all of them without having a mess of wires and keeping them all separated. The ClusterCTRL stack lets you stack up to five Raspberry Pi boards together. The PCB aligns vertically along the side of the stack of Pis with sockets for each pin header. Using a single 12 to 24V supply, it provides power for each board, a USB power connection, and provisions for two fans. There is also a USB port to control the fans and power.

There’s also a software component to deliver more granular control. Without using the software, the PI’s power on in one second and monitor a GPIO pin to control the fans. With the software, you can turn on or off individual nodes, gang the two fans to turn on together, and even add more stacks.

There is a case that you can print from STL files, although you can buy them preprinted on the Tindie listing where the bulk of information on ClusterCTRL is found. You could also have a 3D printing vendor run off a copy for you if you’d rather.

The power supply is a 10A 5.1V DC to DC converter. That works out to 2A per Pi and 51W total. The power supply for the input, then, needs to be enough to cover 51W, the power for the fans, and some overhead for regulator inefficiency and other small overhead.

We’ve seen a lot of Pi clusters over the years including one that is a good learning tool for cluster management. Of course, there’s always the Oracle cluster with 1,060 boards, which is going to take a bigger power supply.

Popcorn Pocket P. C. Open Sourced

August 11, 2020 by Al Williams 19 Comments

If you miss the days you could get an organizer that would — sort of — run Linux, you might be interested in Popcorn computer’s Pocket P. C., which was recently open-sourced on GitHub. Before you jump over to build one, though, there are a few things you should know.

First, the files are untested since the first unit hasn’t shipped yet. In addition, while the schematic looks pretty complete, there’s no actual bill of materials and the PCB layers in the PDF file might not be very easy to replicate, since they are just a series of images, one for each layer. You can see an overview video of the device, below.

Continue reading “Popcorn Pocket P. C. Open Sourced” →

Linux Fu: Remote Execution Made Easy

August 11, 2020 by Al Williams 20 Comments

If you have SSH and a few other tools set up, it is pretty easy to log into another machine and run a few programs. This could be handy when you are using a machine that might not have a lot of memory or processing power and you have access to a bigger machine somewhere on the network. For example, suppose you want to reencode some video on a box you use as a media server but it would go much faster on your giant server with a dozen cores and 32 GB of RAM.

Remote Execution

However, there are a few problems with that scenario. First, you might not have the software on the remote machine. Even if you do, it might not be the version you expect or have all the same configuration as your local copy. Then there’s the file problem. the input file should come from your local file system and you’d like the output to wind up there, too. These aren’t insurmountable, of course. You could install the program on the remote box and copy your files back and forth manually. Or you can use Outrun.

There are a few limitations, though. You do need Outrun on both machines and both machines have to have the same CPU architecture. Sadly, that means you can’t use this to easily run jobs on your x86-64 PC from a Raspberry Pi. You’ll need root access to the remote machine, too. The system also depends on having the FUSE file system libraries set up.

Continue reading “Linux Fu: Remote Execution Made Easy” →