Gp's Tape Infrastructure!
If you're using a Quantum, Dell, or ADIC Scalar product you should check to see if the password of the GUI's 'service' account is static. If it is then there is a pretty trivial way to get into the system using the vendor's maintenance account. The one system I have access to, an i2000, has a login of service:10101100.
If you're using a Quantum, Dell, or ADIC Scalar product you need to make sure the 'service port' isn't remotely accessible. If it is then there is a pretty trivial way to get into the system as 'root'. The port is explicitly listed in the manual as not for "normal" use.
tl;dr If you aren't plugging in stuff you shouldn't (per manual) then the risk isn't that bad.
/etc/extaccess.conf
engineeringMode=0
/etc/adic/I000000/lcm.inf
VPS 0
EVPS 0
VPM 0
AMC 0
LLS 1
COD 5
SRS -1
DATAMOVER -1
MULTIPATHING -1
HPORTFAILOVER 0
BPORTFAILOVER -1
DRIVEMONITOR 0
EKM -1
MEDIA -1
DPS -1
/etc/adic/M000127/lcm.inf
Checked all of the fuses and they're all good - Looking more and more like the LMD is bad.
Looks like the buttons are both fine - Once I got it apart and tested it with a multi meter it became apparent that the robotics enable button is just momentary - it's a different kind of switch from the power switch. Based on the LEDs on the LMD (Library Motor Driver) it looks like that might be the problem. I'm going to check the rest of the fuses first though.
Looks like the robotics enable/disable switch on the i2000 is probably bad. Ordered a new switch panel but it'll be a while before it gets here. Gonna see what I can do in the meantime. At the very least I'd like to test and make sure that there aren't other issues I can be working on.
The attached image is the replacement one I got. It was around $34 on ebay.
Thanks to my sister and her husband my tape libraries will now be the "Gibsons". I think I'll go with gibson2 and gibson6 for hostnames. Non-sequential just to mess with people...
The default GUI accounts are:
How to decode /usr/local/amc/app/Server/LMAccts.xml:
You can get root access via telnet to fetch LMAccts.xml per this doc: https://www.gpmidi.net/node/46
with open('/path/to/LMAccts.xml','rb') as f:
root=bs4.BeautifulSoup(f,'xml')
The root user has an ssh key allowed by default: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA17NPD/1mXAN2kZ/E4YneYYLD7UEi+MiZ94ijJ2+b+oUxdZlGrpZH3zEsJZZGdLrAD+iDs1a0DS44CPEUmh1IF9i/joV4dmJctZEp7H15Z09p+r/1SIsfjwdJ7yNxLy2gc5wmrr09vjmNq0v8+yTWdawll2zjvygqvtYMYR2kD8QT9GT+6yTjWNCq+l1LFXM8wwwK3NI9DTxJh7KcLt1OgbrAlc4ZUhcS/4oOunMASVa0FCxtu5yVetoVdGC8b7YWQQTkzs3z3mpK1iqVNBxfs+LcPJDed35BVwb4Ajm2SWR6XJxK/Evj5jDqekEU23M2i2E4+2L9zQANzZoq6AbUvQ=='
I found this by using john the ripper on /etc/shadow in 10.10.1.1:/tftpboot/cmboot/initrd-dmcb (NFS). The initrd is gzip'ed. Once unzipped you can mount it with a loop device.
/etc/passwd