aot2002
asked on
debian router installed trying to make sense of how its setup
i am helping a customer and thier current computer guy has abandon them !
I went in to eval the network and they have two subnet networks.
Main DSL line -> 10/100 SWITCH ->
-> external machine
->external machine
-> internal linux debian router -> .57 network switch -> .100 network switch
all current computers are in the pool of 100 network and are DHCP except one or two.
a few are DHCP and have pcanywhere remote host running and the users use them actively from home to work !
trouble is the debian machine has no cdrom only two usb ports etc...its a slim server case missing the cdrom for security purposes. the bios has removable storage device as first boot then the hard drive.
i was thinking of finding a way to reset the password for the debian machine (root) but even when i accomplish that im unsure where or what would i be looking for ?
this router has two nics one for a static ip and one for the .100 switch
Does anyone know what popular router programs or builtin devices that debian has that this old computer guy might of used ?
My question is where do i start on tracking down what this guy used for a router ?
ip tables ? or something ?
im familar with redhat and fedora distro but i dont use iptables nor have i played much with them ive always purchased a commercial router and used that instead...
any help would be appriceated.
thanks
I went in to eval the network and they have two subnet networks.
Main DSL line -> 10/100 SWITCH ->
-> external machine
->external machine
-> internal linux debian router -> .57 network switch -> .100 network switch
all current computers are in the pool of 100 network and are DHCP except one or two.
a few are DHCP and have pcanywhere remote host running and the users use them actively from home to work !
trouble is the debian machine has no cdrom only two usb ports etc...its a slim server case missing the cdrom for security purposes. the bios has removable storage device as first boot then the hard drive.
i was thinking of finding a way to reset the password for the debian machine (root) but even when i accomplish that im unsure where or what would i be looking for ?
this router has two nics one for a static ip and one for the .100 switch
Does anyone know what popular router programs or builtin devices that debian has that this old computer guy might of used ?
My question is where do i start on tracking down what this guy used for a router ?
ip tables ? or something ?
im familar with redhat and fedora distro but i dont use iptables nor have i played much with them ive always purchased a commercial router and used that instead...
any help would be appriceated.
thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://archive.progeny.com/debian/dists/woody/main/disks-i386/current/images-1.44/ has floppy images (grab rescue.bin and root.bin...might not need root.bin but it's been a while since I've messed w/ floppies so you may need both...I just forget)
dos/windows util to write the floppy image to disk:
http://archive.progeny.com/debian/dists/woody/main/disks-i386/current/dosutils/
(grab rawrite and read the txt file for instructions)
then from the root shell you get you can:
mkdir /mnt/blah
mount /dev/hda /mnt/blah (/dev/hda is for IDE, /dev/sda for SCSI)
chroot /mnt/blah /bin/bash
passwd
just as above.
dos/windows util to write the floppy image to disk:
http://archive.progeny.com/debian/dists/woody/main/disks-i386/current/dosutils/
(grab rawrite and read the txt file for instructions)
then from the root shell you get you can:
mkdir /mnt/blah
mount /dev/hda /mnt/blah (/dev/hda is for IDE, /dev/sda for SCSI)
chroot /mnt/blah /bin/bash
passwd
just as above.
ASKER
i have a usb superdisk 120mb on the disk and ive downloaded the damn small linux
can i use that distro?
also is there some reason i wouldnt be able to get an internet connection when switching the linux machine into a real router? i've setup the settings for the DSL DNS and static ip info but i couldnt reach the net?
do i need to shutoff the network switch and reboot the client computers?
can i use that distro?
also is there some reason i wouldnt be able to get an internet connection when switching the linux machine into a real router? i've setup the settings for the DSL DNS and static ip info but i couldnt reach the net?
do i need to shutoff the network switch and reboot the client computers?
ASKER
i did check the bios for a bootable usb device i just didnt know if a super disk was bootable?
sometimes superdisks will work like a champ....sometimes they won't...depends mostly on the BIOS.
You should be able to use damn small linux....and setting your static IP settings should be no problem, but possibly the distro you used improperly identifies the network card or passes the wrong parameters to it leaving it in a configurable but broken state. You could try to troubleshoot the distro (searching help forums for proper nic parameters to pass at boot with your hardware, usually) or it may be easier just to download a different distro....it could go either way :(
*any* distro (well, any for x86 architecture that matches your hardware.....686 optimized distros won't boot on a 386, obviously) in theory should work just fine....but here in the real world, things don't always go as they "should". I'd google for "Damn small linux" +realtek (or whatever your nic is) "kernel options" and see what help forum links turn up...if nothing appropriate hits, personally I'd d/l another distro and repeat instead of fidgeting around w/ the DSL you already downloaded.
Don't LS 120's also read standard 1.44MB floppies? Try booting to a floppy image I posted above....or floppies from any modern distro (you can use slackware or redhat rescue floppies to fix a debian box.....distro doesn't really matter, all ya gotta do is have a root shell to chroot to & reset the password)
You should be able to use damn small linux....and setting your static IP settings should be no problem, but possibly the distro you used improperly identifies the network card or passes the wrong parameters to it leaving it in a configurable but broken state. You could try to troubleshoot the distro (searching help forums for proper nic parameters to pass at boot with your hardware, usually) or it may be easier just to download a different distro....it could go either way :(
*any* distro (well, any for x86 architecture that matches your hardware.....686 optimized distros won't boot on a 386, obviously) in theory should work just fine....but here in the real world, things don't always go as they "should". I'd google for "Damn small linux" +realtek (or whatever your nic is) "kernel options" and see what help forum links turn up...if nothing appropriate hits, personally I'd d/l another distro and repeat instead of fidgeting around w/ the DSL you already downloaded.
Don't LS 120's also read standard 1.44MB floppies? Try booting to a floppy image I posted above....or floppies from any modern distro (you can use slackware or redhat rescue floppies to fix a debian box.....distro doesn't really matter, all ya gotta do is have a root shell to chroot to & reset the password)
ASKER
i also have a thumb drive too....1gig ...didnt know if this was something worth using too.
I also have an USB 2.0 hard drive 6gig blank not sure if this too would work better?
i dont know alot about linux boot devices so im just wondering what your opinion is on this?
the nic looks like INTEL well not that it matters much since im only resetting the password.
most importantly is the fact the entire system is hooked to the net and i need to make sure its quite secure too like hidden users or something?
is there a command for listing all users beside looking at /etc/password
i could run checkrootkit too.
I also have an USB 2.0 hard drive 6gig blank not sure if this too would work better?
i dont know alot about linux boot devices so im just wondering what your opinion is on this?
the nic looks like INTEL well not that it matters much since im only resetting the password.
most importantly is the fact the entire system is hooked to the net and i need to make sure its quite secure too like hidden users or something?
is there a command for listing all users beside looking at /etc/password
i could run checkrootkit too.
weather or not you can boot to a USB hard drive or thumb drive really won't matter what OS you try to boot to...if your BIOS and device are able to be booted from, then it should boot weather you've got a windows, dos, linux, be, rhapsody, or any other os boot environment.
I'm not aware of any method of having a user that isn't listed in /etc/passwd. Having a username and password isn't the only way to have access to the system though. The prior admin could have, for example, set up a shell that listens on a certain port or calls back to a preconfigured IP address...or even other ports listening for a special packet sequence that trigger binding a shell to a port, etc. Basically, if you don't trust *anyone* that had root access on the box at *any* time since the OS installation, the box isn't necessarily yours and there's no way to be 100% certain there are *no* backdoors. You can run a bunch of root kit detectors, boot to a live cd and compare binary file sizes and hashes to your heart's content....but you'll never be able to completely check every script and binary....and even if you could, that wouldn't ensure no unknown exploits have been used.
Most would argue that your only course of action if a prior admin left on bad terms is to back up the data and reformat from known good media. There could be one rarely used command binary that was replaced with one that wipe out the hard drive, an innocent looking cron job that does something similar or even some disasterous event that won't get triggered for 9 months, etc. The possibilities are endless. Probably not what you wanted to hear, but that's how it is.
If you decide not to reformat for whatever reasons, to update debian packages that are currently installed, issue the comands 'apt-get update' and 'apt-get upgrade'. The first will grab the updated list of packages and the second will upgrade currently installed packages with newer versions available.
I'm not aware of any method of having a user that isn't listed in /etc/passwd. Having a username and password isn't the only way to have access to the system though. The prior admin could have, for example, set up a shell that listens on a certain port or calls back to a preconfigured IP address...or even other ports listening for a special packet sequence that trigger binding a shell to a port, etc. Basically, if you don't trust *anyone* that had root access on the box at *any* time since the OS installation, the box isn't necessarily yours and there's no way to be 100% certain there are *no* backdoors. You can run a bunch of root kit detectors, boot to a live cd and compare binary file sizes and hashes to your heart's content....but you'll never be able to completely check every script and binary....and even if you could, that wouldn't ensure no unknown exploits have been used.
Most would argue that your only course of action if a prior admin left on bad terms is to back up the data and reformat from known good media. There could be one rarely used command binary that was replaced with one that wipe out the hard drive, an innocent looking cron job that does something similar or even some disasterous event that won't get triggered for 9 months, etc. The possibilities are endless. Probably not what you wanted to hear, but that's how it is.
If you decide not to reformat for whatever reasons, to update debian packages that are currently installed, issue the comands 'apt-get update' and 'apt-get upgrade'. The first will grab the updated list of packages and the second will upgrade currently installed packages with newer versions available.
ASKER
ok understandable.....
i have a 133mhz toshibia sonicwall router/VPN device.....which i was going to replace this router with.
but after looking at the specs on the linux router in place i see its a 2.4gig P4 512mb RAM etc....
would a huge performance decrease go or would this router be able to handle this?
i will check the linux system uptime performance but i would imagine a simple vpn router could handle up to 15 users ?
were NOT USING VPN AND DONT PLAN TOO, but since they had the router there i assumed it would be a quick replacement for this machine and use the linux box for better purposes.
Whats your opinion?
i have a 133mhz toshibia sonicwall router/VPN device.....which i was going to replace this router with.
but after looking at the specs on the linux router in place i see its a 2.4gig P4 512mb RAM etc....
would a huge performance decrease go or would this router be able to handle this?
i will check the linux system uptime performance but i would imagine a simple vpn router could handle up to 15 users ?
were NOT USING VPN AND DONT PLAN TOO, but since they had the router there i assumed it would be a quick replacement for this machine and use the linux box for better purposes.
Whats your opinion?
ASKER
ohh i also have a 50 user vpn sonicwall there maybe that would work better?
if all it's doing is routing (and even VPN for a few users) it doesn't take much power. I have a 96 meg P75 I have IPCop (very small linux firewall distro configurable via a web interface with lots of 3rd party addons available..www.ipcop.org) at my old office with about 10 users and 3 VPN tunnels. It has plenty of breathing room. Now i you were to use a web proxy or content filtering addon, the resources required would go up substantially, but for just routing and a few VPN's if doesn't take much power. I know I'm talking from a linux perspective...but I couldn't imagine the sonicwall having much different hardware requirements, especially in a small office like you described.
Personally, I'd use the 133MHz sonicwall and free up the P4 to do something else (and I'd reformat it since it is unknown what might have been done to it). Just my opinion. Thx for the points! Sounds like you were able to reset the root password okay :)
Personally, I'd use the 133MHz sonicwall and free up the P4 to do something else (and I'd reformat it since it is unknown what might have been done to it). Just my opinion. Thx for the points! Sounds like you were able to reset the root password okay :)
mount /dev/hda /mnt/gentoo
chroot /mnt/gentoo /bin/bash
passwd
(obviously you'd need to download and burn a live cd first.)
The same can be done via floppy (much less of a download than a cd iso!) but you didn't mention if it had a floppy drive (of course you could temporarily throw one in just as with the cd).