Tape Library

Gp's Tape Infrastructure!

Scalar i500, i2000, and i6000 Security - Service Account

Submitted by gpmidi on Mon, 12/17/2018 - 09:51

If you're using a Quantum, Dell, or ADIC Scalar product you should check to see if the password of the GUI's 'service' account is static. If it is then there is a pretty trivial way to get into the system using the vendor's maintenance account. The one system I have access to, an i2000, has a login of service:10101100. 

Scalar i500, i2000, and i6000 Security - Service Port

Submitted by gpmidi on Mon, 12/17/2018 - 09:51

If you're using a Quantum, Dell, or ADIC Scalar product you need to make sure the 'service port' isn't remotely accessible. If it is then there is a pretty trivial way to get into the system as 'root'. The port is explicitly listed in the manual as not for "normal" use. 

tl;dr If you aren't plugging in stuff you shouldn't (per manual) then the risk isn't that bad. 

Not So Bad Robotics Switch

Submitted by gpmidi on Sat, 12/15/2018 - 21:38

Looks like the buttons are both fine - Once I got it apart and tested it with a multi meter it became apparent that the robotics enable button is just momentary - it's a different kind of switch from the power switch. Based on the LEDs on the LMD (Library Motor Driver) it looks like that might be the problem. I'm going to check the rest of the fuses first though.

Bad Robotics Switch

Submitted by gpmidi on Sat, 12/15/2018 - 17:49

Looks like the robotics enable/disable switch on the i2000 is probably bad. Ordered a new switch panel but it'll be a while before it gets here. Gonna see what I can do in the meantime. At the very least I'd like to test and make sure that there aren't other issues I can be working on.

The attached image is the replacement one I got. It was around $34 on ebay.

The Gibson

Submitted by gpmidi on Sat, 12/15/2018 - 11:44

Thanks to my sister and her husband my tape libraries will now be the "Gibsons". I think I'll go with gibson2 and gibson6 for hostnames. Non-sequential just to mess with people...

Logging In Via GUI - Scalar i2000 (and maybe i6000)

Submitted by gpmidi on Fri, 12/14/2018 - 20:20

The default GUI accounts are:

  • admin:password
  • service:10101100

 

How to decode /usr/local/amc/app/Server/LMAccts.xml:

You can get root access via telnet to fetch LMAccts.xml per this doc: https://www.gpmidi.net/node/46

 

with open('/path/to/LMAccts.xml','rb') as f:
    root=bs4.BeautifulSoup(f,'xml')

i2000 Service Login - Interesting Findings

Submitted by gpmidi on Fri, 12/14/2018 - 16:10

Root's SSH Key

The root user has an ssh key allowed by default: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA17NPD/1mXAN2kZ/E4YneYYLD7UEi+MiZ94ijJ2+b+oUxdZlGrpZH3zEsJZZGdLrAD+iDs1a0DS44CPEUmh1IF9i/joV4dmJctZEp7H15Z09p+r/1SIsfjwdJ7yNxLy2gc5wmrr09vjmNq0v8+yTWdawll2zjvygqvtYMYR2kD8QT9GT+6yTjWNCq+l1LFXM8wwwK3NI9DTxJh7KcLt1OgbrAlc4ZUhcS/4oOunMASVa0FCxtu5yVetoVdGC8b7YWQQTkzs3z3mpK1iqVNBxfs+LcPJDed35BVwb4Ajm2SWR6XJxK/Evj5jDqekEU23M2i2E4+2L9zQANzZoq6AbUvQ=='

/etc/exports