Now that I’ve managed to copy all my important files onto the USB disk plugged into DISK1 of my NSLU2, I wanted to make sure I kept a backup of everything, and decided a good strategy would be to mirror files to the hard disk plugged into DISK2 (via my USB hub) of the NSLU2.

After looking at the linksys web tool and realising the backup stuff doesn’t work properly, I went looking for a smart way to do this, and settled on RSYNC, which can be installed via IPKG.

I use RSYNC to copy changes to a directory from one disk to another, and then have this scheduled to run once a week.  I created a number of scripts to backup certain directories, and then schedule these to run on different nights of the week.

The script looks like the following:

#!/bin/sh

before="$(date +%s)"

fromdir="/home/user/"

todir="/share/flash/data/backup/user/"

logfile="/var/log/backup_users.log"

Set_Led beep2

date >$logfile

echo "----------------------------" >>$logfile

/opt/bin/rsync -avrlHpEog $fromdir $todir >>$logfile

echo "----------------------------" >>$logfile

after="$(date +%s)"

elapsed_seconds="$(expr $after - $before)"

date >>$logfile

echo Elapsed time: $elapsed_seconds secs >>$logfile

Set_Led beep1

And then I change the fromdir/todir and logfile depending on what I’m backing up.  I’ve also put some time recording into the log file, and some beep commands so you know when its starting and finishing should you be using the NSLU2 at the time.
The only thing left is to schedule this through CRON.  I created a symbollic link into /etc/cron.daily then added the entries.  The run-parts command for cron doesn’t work on the default version with the NSLU2, hence why you have to add each entry.

My 3 cron entries I have for backups are as follows:

01 0 * * 0  /etc/cron.daily/backupUserDirs.sh

01 0 * * 1  /etc/cron.daily/backupRestorePC.sh

01 0 * * 2  /etc/cron.daily/backupMultimedia.sh

My only criticism – because the NSLU2 is pretty slow, RSYNC can take a while – but then I don’t care as it scheduled to run when I’m not doing anything on my NSLU2.  The other tip – copy the files yourself before running a sync – if you make RSYNC do all the work, it could take a while!

I’ve succesfully compiled figlet on my NSLU2.

FIGlet is a program that creates large characters out of ordinary screen characters

FIGlet can create characters in many different styles and can kern and “smush” these characters together in various ways.  FIGlet output is generally reminiscent of the sort of “signatures” many people like to put at the end of e-mail and UseNet messages.This is available to download from the following link as an NSLU2 binary.  Simply untar somewhere useful, make it executable and run it!

[download#18#nohits]

So to add a user, I first using the Linksys/Unslung web admin interface to create a user. 

I wanted the users main command shell to be bash, as I find this more friendly to use, so once the user was added, I then edited the /etc/passwd file.

The last token on the line for the user contains the shell to be used.  I changed this to: /opt/bin/bash (Bash needs to be installed via ipkg before you do this)

If you don’t understand the passwd file format, take a look at http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/ which explains if pretty well.

 If you want the user to be able to access the slug via SSH, then you’ll need to follow the guide in my previous post to do this.  Once you’ve done this you should be able to log on and use the user.

 

Now the user has been added, you’ll want to change a few things and setup a few defaults.  As the user, in the home directory, create a .profile file (e.g. touch .profile).  Once this is created you can edit this.  My default .profile for my user looks like the following:

 

alias vi="vim" 

alias ls="ls --color=auto" 

PS1='${debian_chroot:+($debian_chroot)}[33[01;32m]u@h[33[00m]:[33[01;34m]w[33[00m]$ ' 

EDITOR=vim   

export TERM=xterm-pcolor

 

You’ll notice I have vim installed (available via ipkg) and set the default editor to that rather than vi.  Vim is a bit smarter and colour codes the files you are looking at, making it much easier to edit them, plus it also fills the terminal window unlike the vi implementation that ships with the NSLU.

You can also see that I’ve aliased the ls command to issue the color parameter, to colour code directory listings. 

Finally, the PS1 line changes the prompt to show the current path where you are and uses some colour to help separate things out.  The combination of all this means my putty screen looks something like the following:

 

 

The bits I’ve blurred showed my username and server name. 

 

Vi (of S88cups) looks like:

 

 

After all this, I was nearly satisfied, though one thing still annoyed me.  Home and End didn’t work on the command line.  To make these work, I created a .bashrc file in my home directory.  In here I added one line:

 

export TERM=linux

 

This seems to  make the home and end key work, and still keeps the colour terminal as defined in the .profile file.

So, I’ve been accessing my NSLU2 via SSH for quite a while now (open SSH server) using putty, and I’ve made my SSH server available via the internet by mapping the SSH port (22) in my ADSL router through to the SSH port on the NSLU2.

This opens up all kinds of possibilities.  I can access my NSLU2 from anywhere in the world via the internet, and also, I can use SSH tunnels to access my Windows PC via remote desktop if its turned on.

To install OpenSSH, I used the guide found here: http://www.nslu2-linux.org/wiki/HowTo/UseOpenSSHForRemoteAccess

I also followed the guide to set up the SSH server for public key access – anyone who wants to log into my NSLU via the internet will need the private key file that matches the public key provided during SSH logon.  The one change I did make – I didn’t allow root to access via SSH, I setup another user on the box and gave that user SSH access.  Once I’m logged in as that user, I either ‘su’ to root, or use ‘sudo’ (available via ipkg) to run anything that requires root access.

I can’t stress how important this is if you are going to put your NSLU2 on the internet.  Within a few hours of my NSLU2 being on the internet there had already been a number of brute force hack attempts to gain entry to the server via SSH.  Since they didn’t have a key, they couldn’t get in, but it doesn’t stop most of them from trying as its likely to be a script they are running to connect via SSH with password/users from a dictionary file.

You can spot the hack attempts easily in the /var/log/messages file.  They look something like:

 

Apr 10 16:07:41 NASSERVER auth.info sshd[3012]: Invalid user newsroom from 216.167.162.253 

Apr 10 16:07:46 NASSERVER auth.info sshd[3016]: Invalid user magazine from 216.167.162.253 

Apr 10 16:07:51 NASSERVER auth.info sshd[3020]: Invalid user research from 216.167.162.253 

Apr 10 16:07:55 NASSERVER auth.info sshd[3024]: Invalid user cjohnson from 216.167.162.253 

Apr 10 16:08:00 NASSERVER auth.info sshd[3028]: Invalid user export from 216.167.162.253

 

Of course, they can be trying for quite a while so inorder to deal with these sort of hack attempts, I’d recommend installation of the denyhosts package through ipkg.  Deny Hosts monitors the /var/log/messages file, and after a configurable number of failed attempts to login, it will take the IP address and add it to the hosts.deny file, preventing the user from further accessing the system.

The hosts.deny file on the latest unslung can be found in /opt/etc/hosts.deny

 

So far the IP addresses that have been blocked (to name and shame) are as follows:

IP Address	Host Name
212.55.199.242	svrnat.stepx.ch
190.144.35.210	190.144.35.210
80.203.202.130	130.80-203-202.nextgentel.com
193.151.12.36	jabber.alba.ua
59.120.182.211	fsd.com.tw
209.104.200.6	200-104-209.galaxyvisions.com
66.48.73.107	66.48.73.107
219.239.105.51	219.239.105.51
208.71.208.190	208.71.208.190
89.41.197.113	pc197113.static.is.airbites.ro
69.60.115.14	cantsitstill.com.115.60.69.in-addr.arpa
88.176.20.140	vil93-12-88-176-20-140.fbx.proxad.net
219.93.25.93	219.93.25.93
216.133.192.20	npu20.npu.edu
203.94.8.149	203.94.8.149
220.68.74.168	220.68.74.168
203.199.212.36	illchn-static-203.199.212.36.vsnl.net.in
202.143.136.2	202.143.136.2
121.180.100.15	121.180.100.15
59.144.174.187	dsl-del-static-187.174.144.59.airtelbroadband.in
61.34.78.200	61.34.78.200
213.251.184.171	ks35220.kimsufi.com
85.14.168.78	85.14.168.78
202.134.91.60	static-ip-60-91-134-202.rev.dyxnet.com
195.38.107.55	aquila.euroexpert.tvnet.hu
83.14.125.114	eav114.internetdsl.tpnet.pl
87.106.210.109	s15285217.onlinehome-server.info
210.212.176.20	210.212.176.20
76.76.15.121	unknown.carohosting.net
216.167.162.253	nts-253.162-167-216.nts-online.net

 

If you do manage to lock yourself out of the NSLU via SSH for whatever reason, you’ll need to login to the web interface, enable telnet access, and then remove your IP address from the hosts.deny file.

 

I connect to my NSLU2 using putty, and set up quite a few tunnelled ports to access the HTTP servers/etc that aren’t exposed to the internet, e.g.

 

Port	Application
9000	Twonkyvision
631	CUPS (Printer server)
80	NSLU2 Admin Interface
2370	CTorrent Web Interface

 

To name a few.  To access my Windows PC via an SSH tunnel, I setup a tunnel on port 3389 to my Windows PC’s ip address on the same port.  This then means that once I’m logged into the NSLU2, I can remote desktop to my PC.

So, after getting some time back on my PC again, I’ve now managed to set up my NSLU2 with a USB 2.0 Hub.  I first tried it with my belkin 7 port hub thats connected to my windows box to check it worked, and it did, so I went out and purchased a small 4 port hub to leave plugged into my NSLU2.

 The one I went for in the end was an Advent one from PC World for £9.99:

When it scanned in the till, it came up as £24.99 much to my shock, though they sold it to me at the shelf price of £9.99.

It does have some stupid colour changing light on the top of the hub (the white bit) though it is actually quite useful as a reminder that my Linksys NSLU2 is actually turned on, as I can’t see the slug itself as its hidden behind my monitor and I can’t miss the light on the hub!

It doesn’t come with a power supply (which I wasn’t too bothered about, as my printer is normally turned off anyway!) though it does have a power socket to allow one to be plugged in.

 This plugs into the disk2 usb port of the slug, and then in the hub I’ve got my second hard disk, and my printer currently plugged into the hub, leaving me two ports spare to ponder what to run next 🙂

I might have a try getting my webcam working, but I don’t think it’s going to be straight forward as it’s a very old logitech quickcam express.