Locked down my Bubba good
Posted: 03 Apr 2007, 19:07
Hi,
I bought a Bubba to use as a web server. I did all the sensible things, changing all the passwords to secure ones. I also changed the /etc/apt/sources.list to Debian-only, added MySQL and php4-mysql and removed some services, specifically Samba and DAAP...
Anyhoo, my Bubba now doesn't complete booting. Apache2 and MySQL come up no problem, and my blog runs perfectly fine on it. However, the LED is still flashing (after an hour), which suggests to me that it hasn't worked its way through init.d. And---crucially---Sshd isn't running. At least, it's refusing my connection requests on that port. So I can't debug it.
I know this is completely unsupported, and the official advice is probably to restore the thing from a USB drive, but I wondered if there is some way to get a console connection into a Bubba, perhaps on one of the USB ports? The other thing I thought about was to take the hard drive out, mount it on another machine and look at the log files... Or stick one of these PHP command shells on the web space...
In any case, I would quite like to be able to do what I am doing (even if, if I try it again, I just disable the extraneous services rather than removing the packages).
Any ideas welcome. Thanks very much,
--Andrew
P.S. I can write files to the webspace (because the Bubba is mounting the webspace off my NFS server), so potentially I could stick some kind of thing in there which would gain privileges and dump out /var/log/messages... Can't seem to do it with setuid scripts in Perl, though. Any ideas?
I bought a Bubba to use as a web server. I did all the sensible things, changing all the passwords to secure ones. I also changed the /etc/apt/sources.list to Debian-only, added MySQL and php4-mysql and removed some services, specifically Samba and DAAP...
Anyhoo, my Bubba now doesn't complete booting. Apache2 and MySQL come up no problem, and my blog runs perfectly fine on it. However, the LED is still flashing (after an hour), which suggests to me that it hasn't worked its way through init.d. And---crucially---Sshd isn't running. At least, it's refusing my connection requests on that port. So I can't debug it.
I know this is completely unsupported, and the official advice is probably to restore the thing from a USB drive, but I wondered if there is some way to get a console connection into a Bubba, perhaps on one of the USB ports? The other thing I thought about was to take the hard drive out, mount it on another machine and look at the log files... Or stick one of these PHP command shells on the web space...
In any case, I would quite like to be able to do what I am doing (even if, if I try it again, I just disable the extraneous services rather than removing the packages).
Any ideas welcome. Thanks very much,
--Andrew
P.S. I can write files to the webspace (because the Bubba is mounting the webspace off my NFS server), so potentially I could stick some kind of thing in there which would gain privileges and dump out /var/log/messages... Can't seem to do it with setuid scripts in Perl, though. Any ideas?