NetScaler 修改 kernel image 及制作 FlashBoot
一、修改 kernel image
1) netscaler-adc下载页面地址 https://www.citrix.com/downloads/netscaler-adc/
2) netscaler-vpx-express 版下载页面地址 https://www.citrix.com/downloads/netscaler-adc/virtual-appliances/netscaler-vpx-express.html
获取 NetScaler VPX Build 升级包文件,此压缩文件中包含 netscaler kernel 镜像。
获取一个免费的试用 License 序列号。
3) 查看下载后的文件的sha256值是否和官网列出的一致。
root@lsgxbsd10:~/nsdev # ls -alh . total 464594 drwxr-xr-x 2 root wheel 3B 1月 12 14:11 . drwxr-xr-x 11 root wheel 28B 1月 12 14:10 .. -rw-r--r-- 1 root wheel 453M 1月 12 14:10 build-12.0-56.20_nc_32.tgz root@lsgxbsd10:~/nsdev # sha256 build-12.0-56.20_nc_32.tgz SHA256 (build-12.0-56.20_nc_32.tgz) = 0933d78e50d367ac99e284e89d6f265daeddaf6b32d800d71bd7e966566f373b root@lsgxbsd10:~/nsdev #
4) 解压文件提取 netscaler kernel 文件 ns-12.0-56.20.gz
root@lsgxbsd10:~/nsdev # tar -zxvpf build-12.0-56.20_nc_32.tgz ns-12.0-56.20.gz x ns-12.0-56.20.gz root@lsgxbsd10:~/nsdev # ls -alh . total 617998 drwxr-xr-x 2 root wheel 4B 1月 12 14:19 . drwxr-xr-x 11 root wheel 28B 1月 12 14:10 .. -rw-r--r-- 1 root wheel 453M 1月 12 14:10 build-12.0-56.20_nc_32.tgz -rwxr-xr-x 1 root wheel 150M 12月 19 23:16 ns-12.0-56.20.gz root@lsgxbsd10:~/nsdev #
5) 使用 gunzip 命令解压 ns-12.0-56.20.gz 文件
root@lsgxbsd10:~/nsdev # cp ns-12.0-56.20.gz ns-12.0-56.20-ori.gz root@lsgxbsd10:~/nsdev # gunzip -d ns-12.0-56.20.gz root@lsgxbsd10:~/nsdev # mv ns-12.0-56.20 ns-12.0-56.20-ori.bin root@lsgxbsd10:~/nsdev # ls -alh . total 832887 drwxr-xr-x 2 root wheel 5B 1月 12 14:23 . drwxr-xr-x 11 root wheel 28B 1月 12 14:22 .. -rw-r--r-- 1 root wheel 453M 1月 12 14:10 build-12.0-56.20_nc_32.tgz -rwxr-xr-x 1 root wheel 423M 1月 12 14:21 ns-12.0-56.20-ori.bin -rwxr-xr-x 1 root wheel 150M 1月 12 14:23 ns-12.0-56.20-ori.gz root@lsgxbsd10:~/nsdev #
6) 查找ns-12.0-56.20-ori.bin文件中ufs区块起始边界位置
root@lsgxbsd10:~/nsdev # cp ../ufs.magic /root/nsdev/ root@lsgxbsd10:~/nsdev # binwalk -m ./ufs.magic ./ns-12.0-56.20-ori.bin | grep "mdroot" WARNING: Signature ‘42332 lelong 0x19540119 Unix Fast File system [v2] (little-endian)‘ is a self-overlapping signature! WARNING: Signature ‘66908 lelong 0x19540119 Unix Fast File system [v2] (little-endian)‘ is a self-overlapping signature! WARNING: Signature ‘42332 belong 0x19540119 Unix Fast File system [v2] (big-endian)‘ is a self-overlapping signature! WARNING: Signature ‘66908 belong 0x19540119 Unix Fast File system [v2] (big-endian)‘ is a self-overlapping signature! 17968464 0x1122D50 Unix Fast File system [v2] (little-endian) last mounted on /tmp/netscaler_mdroot/a81a1f9f3da5511e6348b8998ce7bb68, last written at 1513692003, 17993040 0x1128D50 Unix Fast File system [v2] (little-endian) last mounted on /tmp/netscaler_mdroot/a81a1f9f3da5511e6348b8998ce7bb68, last written at 1513692003, root@lsgxbsd10:~/nsdev #
7) 从ns-12.0-56.20-ori.bin文件提取ufs内存系统区块和bootkernel引导区块 (注意:这里使用dd命令读写文件操作很慢,建议使用winhex软件进行操作)
root@lsgxbsd10:~/nsdev # ls -alh . total 832899 drwxr-xr-x 2 root wheel 6B 1月 12 14:34 . drwxr-xr-x 11 root wheel 28B 1月 12 14:27 .. -rw-r--r-- 1 root wheel 453M 1月 12 14:10 build-12.0-56.20_nc_32.tgz -rwxr-xr-x 1 root wheel 423M 1月 12 14:21 ns-12.0-56.20-ori.bin -rwxr-xr-x 1 root wheel 150M 1月 12 14:23 ns-12.0-56.20-ori.gz -rw-r--r-- 1 root wheel 2.0K 1月 12 14:33 ufs.magic root@lsgxbsd10:~/nsdev # dd bs=1 count=17968463 if=ns-12.0-56.20-ori.bin of=ns-12.0-56.20-bk.bin root@lsgxbsd10:~/nsdev # dd bs=1 skip=17968463 if=ns-12.0-56.20-ori.bin of=ns-12.0-56.20-md.bin
定义选块 1122D50(十六进制数值) - 1A6DCB40(文件尾部),然后点击编辑中的移除,完成后保存文件。此文件内容即为bootkernel引导区块。
定义选块 0 - 1122D4F(十六进制数值),然后点击编辑中的移除,完成后保存文件。此文件内容ufs内存系统区块。
文件列表:ns-12.0-56.20-kb.bin(17968464) + ns-12.0-56.20-md.bin(425434609) = ns-12.0-56.20-ori.bin(443403073)
root@lsgxbsd10:~/nsdev # ls -al
total 1047652
drwxr-xr-x 2 root wheel 8 1月 12 17:07 .
drwxr-xr-x 11 root wheel 28 1月 12 14:27 ..
-rw-r--r-- 1 root wheel 475345478 1月 12 16:51 build-12.0-56.20_nc_32.tgz
-rw-r--r-- 1 root wheel 17968464 1月 12 17:07 ns-12.0-56.20-kb.bin
-rw-r--r-- 1 root wheel 425434609 1月 12 17:07 ns-12.0-56.20-md.bin
-rwxr-xr-x 1 root wheel 443403073 1月 12 16:53 ns-12.0-56.20-ori.bin
-rwxr-xr-x 1 root wheel 157124251 1月 12 16:52 ns-12.0-56.20-ori.gz
-rw-r--r-- 1 root wheel 2021 1月 12 16:51 ufs.magic
root@lsgxbsd10:~/nsdev #
8) 挂载ufs内存系统区块文件ns-12.0-56.20-md.bin
root@lsgxbsd10:~/nsdev # mdconfig -a -t vnode -f ns-12.0-56.20-md.bin -u 3 root@lsgxbsd10:~/nsdev # gpart show -p /dev/md3 => 0 830926 md3 BSD (406M) 0 16 - free - (8.0K) 16 827376 md3a !0 (404M) 827392 3534 - free - (1.7M) root@lsgxbsd10:~/nsdev # mount /dev/md3 /mnt/nsmd root@lsgxbsd10:~/nsdev # cd /mnt/nsmd root@lsgxbsd10:/mnt/nsmd # ls -alh . total 49 drwxr-xr-x 19 root wheel 512B 12月 19 21:10 . drwxrwxrwx 9 root wheel 9B 8月 26 23:54 .. drwxrwxr-x 2 root operator 512B 12月 19 20:27 .snap drwxr-xr-x 2 root wheel 1.0K 12月 19 20:29 bin drwxr-xr-x 3 root wheel 512B 12月 19 21:10 compat drwxr-xr-x 2 root wheel 512B 12月 19 20:28 dev drwxr-xr-x 8 root wheel 1.5K 12月 19 20:29 etc drwxr-xr-x 2 root wheel 512B 12月 19 20:28 flash drwxr-xr-x 2 root wheel 512B 12月 19 20:28 home drwxr-xr-x 3 root wheel 2.0K 12月 19 21:10 lib drwxr-xr-x 2 root wheel 512B 12月 19 21:07 libexec drwxr-xr-x 2 root wheel 512B 12月 19 20:28 mnt drwxr-xr-x 13 root wheel 5.0K 12月 19 22:00 netscaler drwxr-xr-x 2 root wheel 512B 12月 19 20:28 proc drwxr-xr-x 2 root wheel 512B 12月 19 20:28 root drwxr-xr-x 2 root wheel 2.0K 12月 19 20:28 sbin drwxrwxrwt 2 root wheel 512B 12月 19 20:28 tmp drwxr-xr-x 10 root wheel 512B 12月 19 21:10 usr drwxr-xr-x 8 root wheel 512B 12月 19 20:28 var root@lsgxbsd10:/mnt/nsmd #
9) 添加修改配置文件
a: 修改 /etc/httpd.conf
在 154 行增加以下内容
# Set the content-type to always set the default charset to UTF-8 AddDefaultCharset UTF-8
b: 修改 /etc/profile
在末尾增加以下内容
if [ -f /var/python/bin/python ] ; then export PATH=$PATH:/var/python/bin fi
c: 修改 /etc/sshd_config
增加以下配置项
Protocol 2 UsePrivilegeSeparation no
d: 增加文件 /etc/ftpd_ctl 并且文件的权限为444 只读权限
#!/bin/sh ftpd_program="/usr/libexec/ftpd" ftpd_flags="-D -l" case $1 in start) echo "Starting FTPD" $ftpd_program $ftpd_flags ;; stop) echo "Stopping FTPD" killall ftpd ;; restart) $0 stop sleep 1 $0 start ;; esac
e: 修改 /etc/rc
增加以下内容
if [ ! -f $1/ssh/ssh_host_key ] then echo -n ‘Creating ssh1 RSA host key: ‘ /usr/bin/ssh-keygen -t rsa1 -N ‘‘ -f $1/ssh/ssh_host_key /bin/ln -fs $1/ssh/ssh_host_key /etc/ssh_host_key echo ‘.‘ fi
增加以下内容,已经注释的语句,并没有起作用,此语句本意为设置开机启动ftpd程序。
但是ftp进程,并不安全,容易导致风险。故注释此语句。
#/bin/sh /etc/ftpd_ctl start;
f) 修改 /etc/rc.conf.defaults
#ftpd_enable="YES"
g) 修改 /etc/monitrc
增加以下语句
check process ftpd with pidfile /var/run/ftpd.pid start program "/bin/sh /etc/ftpd_ctl start" stop program "/bin/sh /etc/ftpd_ctl stop" #if failed port 21 then restart #if 5 restarts within 5 cycles then timeout
在最后增加以下语句
## Check nscrlrefresh, a netscaler daemon check process nscrlrefresh with pidfile /var/run/nscrlrefresh.pid start program "/bin/sh /etc/nscrlrefresh_ctl start" stop program "/bin/sh /etc/nscrlrefresh_ctl stop" ## Check websocketd, a netscaler daemon check process websocketd with pidfile /var/run/websocketd.pid start program "/bin/sh /etc/websocketd_ctl start" stop program "/bin/sh /etc/websocketd_ctl stop" ## Check nskrb, the netscaler kerberos daemon check process nskrb with pidfile /var/run/nskrb.pid start program "/bin/sh /etc/nskrb_ctl start" stop program "/bin/sh /etc/nskrb_ctl stop" ## Check iked, which is a daemon to do IKE handshake for IPSEC check process iked with pidfile /var/run/iked.pid start program "/bin/sh /etc/iked_ctl start" stop program "/bin/sh /etc/iked_ctl stop"
h) 修改 /netscaler/nsstart.sh
增加以下内容
# Load default local start sript echo -n ‘Loading default local rc start phase sript...‘ sleep 5 [ -f $NSCONFIG/rc.local.start ] && . $NSCONFIG/rc.local.start
i) 修改 /netscaler/nsstop.sh
增加以下内容
# Load default local stop sript echo -n ‘Loading default local rc stop phase sript...‘ sleep 5 [ -f $NSCONFIG/rc.local.stop ] && . $NSCONFIG/rc.local.stop
二、制作 FlashBoot
