NetScaler 修改 kernel image 及制作 FlashBoot
一、修改 kernel image
1) netscaler-adc下载页面地址 https://www.citrix.com/downloads/netscaler-adc/
2) netscaler-vpx-express 版下载页面地址 https://www.citrix.com/downloads/netscaler-adc/virtual-appliances/netscaler-vpx-express.html
获取 NetScaler VPX Build 升级包文件,此压缩文件中包含 netscaler kernel 镜像。
获取一个免费的试用 License 序列号。
3) 查看下载后的文件的sha256值是否和官网列出的一致。
root@lsgxbsd10:~/nsdev # ls -alh .total 464594drwxr-xr-x ??2 root ?wheel ????3B ?1月 12 14:11 .drwxr-xr-x ?11 root ?wheel ???28B ?1月 12 14:10 ..-rw-r--r-- ??1 root ?wheel ??453M ?1月 12 14:10 build-12.0-56.20_nc_32.tgzroot@lsgxbsd10:~/nsdev # sha256 build-12.0-56.20_nc_32.tgz SHA256 (build-12.0-56.20_nc_32.tgz) = 0933d78e50d367ac99e284e89d6f265daeddaf6b32d800d71bd7e966566f373broot@lsgxbsd10:~/nsdev #
4) 解压文件提取 netscaler kernel 文件 ns-12.0-56.20.gz
root@lsgxbsd10:~/nsdev # tar -zxvpf build-12.0-56.20_nc_32.tgz ns-12.0-56.20.gzx ns-12.0-56.20.gzroot@lsgxbsd10:~/nsdev # ls -alh .total 617998drwxr-xr-x ??2 root ?wheel ????4B ?1月 12 14:19 .drwxr-xr-x ?11 root ?wheel ???28B ?1月 12 14:10 ..-rw-r--r-- ??1 root ?wheel ??453M ?1月 12 14:10 build-12.0-56.20_nc_32.tgz-rwxr-xr-x ??1 root ?wheel ??150M 12月 19 23:16 ns-12.0-56.20.gzroot@lsgxbsd10:~/nsdev #
5) 使用 gunzip 命令解压 ns-12.0-56.20.gz 文件
root@lsgxbsd10:~/nsdev # cp ns-12.0-56.20.gz ns-12.0-56.20-ori.gzroot@lsgxbsd10:~/nsdev # gunzip -d ns-12.0-56.20.gzroot@lsgxbsd10:~/nsdev # mv ns-12.0-56.20 ns-12.0-56.20-ori.binroot@lsgxbsd10:~/nsdev # ls -alh .total 832887drwxr-xr-x ??2 root ?wheel ????5B ?1月 12 14:23 .drwxr-xr-x ?11 root ?wheel ???28B ?1月 12 14:22 ..-rw-r--r-- ??1 root ?wheel ??453M ?1月 12 14:10 build-12.0-56.20_nc_32.tgz-rwxr-xr-x ??1 root ?wheel ??423M ?1月 12 14:21 ns-12.0-56.20-ori.bin-rwxr-xr-x ??1 root ?wheel ??150M ?1月 12 14:23 ns-12.0-56.20-ori.gzroot@lsgxbsd10:~/nsdev #
6) 查找ns-12.0-56.20-ori.bin文件中ufs区块起始边界位置
root@lsgxbsd10:~/nsdev # cp ../ufs.magic /root/nsdev/root@lsgxbsd10:~/nsdev # binwalk -m ./ufs.magic ./ns-12.0-56.20-ori.bin | grep "mdroot"WARNING: Signature ‘42332 ??lelong ?????????0x19540119 ?????Unix Fast File system [v2] (little-endian)‘ is a self-overlapping signature!WARNING: Signature ‘66908 ??lelong ?????????0x19540119 ?????Unix Fast File system [v2] (little-endian)‘ is a self-overlapping signature!WARNING: Signature ‘42332 ??belong ?????????0x19540119 ?????Unix Fast File system [v2] (big-endian)‘ is a self-overlapping signature!WARNING: Signature ‘66908 ??belong ?????????0x19540119 ?????Unix Fast File system [v2] (big-endian)‘ is a self-overlapping signature!17968464 ?????0x1122D50 ??????Unix Fast File system [v2] (little-endian) last mounted on /tmp/netscaler_mdroot/a81a1f9f3da5511e6348b8998ce7bb68, last written at 1513692003,17993040 ?????0x1128D50 ??????Unix Fast File system [v2] (little-endian) last mounted on /tmp/netscaler_mdroot/a81a1f9f3da5511e6348b8998ce7bb68, last written at 1513692003,root@lsgxbsd10:~/nsdev #
7) 从ns-12.0-56.20-ori.bin文件提取ufs内存系统区块和bootkernel引导区块 (注意:这里使用dd命令读写文件操作很慢,建议使用winhex软件进行操作)
root@lsgxbsd10:~/nsdev # ls -alh .total 832899drwxr-xr-x ??2 root ?wheel ????6B ?1月 12 14:34 .drwxr-xr-x ?11 root ?wheel ???28B ?1月 12 14:27 ..-rw-r--r-- ??1 root ?wheel ??453M ?1月 12 14:10 build-12.0-56.20_nc_32.tgz-rwxr-xr-x ??1 root ?wheel ??423M ?1月 12 14:21 ns-12.0-56.20-ori.bin-rwxr-xr-x ??1 root ?wheel ??150M ?1月 12 14:23 ns-12.0-56.20-ori.gz-rw-r--r-- ??1 root ?wheel ??2.0K ?1月 12 14:33 ufs.magicroot@lsgxbsd10:~/nsdev # dd bs=1 count=17968463 if=ns-12.0-56.20-ori.bin of=ns-12.0-56.20-bk.binroot@lsgxbsd10:~/nsdev # dd bs=1 skip=17968463 if=ns-12.0-56.20-ori.bin of=ns-12.0-56.20-md.bin
定义选块 1122D50(十六进制数值) - 1A6DCB40(文件尾部),然后点击编辑中的移除,完成后保存文件。此文件内容即为bootkernel引导区块。
定义选块 0 - 1122D4F(十六进制数值),然后点击编辑中的移除,完成后保存文件。此文件内容ufs内存系统区块。
文件列表:ns-12.0-56.20-kb.bin(17968464) + ns-12.0-56.20-md.bin(425434609) = ns-12.0-56.20-ori.bin(443403073)
root@lsgxbsd10:~/nsdev # ls -al
total 1047652
drwxr-xr-x ??2 root ?wheel ?????????8 ?1月 12 17:07 .
drwxr-xr-x ?11 root ?wheel ????????28 ?1月 12 14:27 ..
-rw-r--r-- ??1 root ?wheel ?475345478 ?1月 12 16:51 build-12.0-56.20_nc_32.tgz
-rw-r--r-- ??1 root ?wheel ??17968464 ?1月 12 17:07 ns-12.0-56.20-kb.bin
-rw-r--r-- ??1 root ?wheel ?425434609 ?1月 12 17:07 ns-12.0-56.20-md.bin
-rwxr-xr-x ??1 root ?wheel ?443403073 ?1月 12 16:53 ns-12.0-56.20-ori.bin
-rwxr-xr-x ??1 root ?wheel ?157124251 ?1月 12 16:52 ns-12.0-56.20-ori.gz
-rw-r--r-- ??1 root ?wheel ??????2021 ?1月 12 16:51 ufs.magic
root@lsgxbsd10:~/nsdev #
8) 挂载ufs内存系统区块文件ns-12.0-56.20-md.bin
root@lsgxbsd10:~/nsdev # mdconfig -a -t vnode -f ns-12.0-56.20-md.bin -u 3root@lsgxbsd10:~/nsdev # gpart show -p /dev/md3=> ????0 ?830926 ??md3 ?BSD ?(406M) ??????0 ?????16 ???????- free - ?(8.0K) ?????16 ?827376 ?md3a ?!0 ?(404M) ?827392 ???3534 ???????- free - ?(1.7M)root@lsgxbsd10:~/nsdev # mount /dev/md3 /mnt/nsmdroot@lsgxbsd10:~/nsdev # cd /mnt/nsmdroot@lsgxbsd10:/mnt/nsmd # ls -alh .total 49drwxr-xr-x ?19 root ?wheel ?????512B 12月 19 21:10 .drwxrwxrwx ??9 root ?wheel ???????9B ?8月 26 23:54 ..drwxrwxr-x ??2 root ?operator ??512B 12月 19 20:27 .snapdrwxr-xr-x ??2 root ?wheel ?????1.0K 12月 19 20:29 bindrwxr-xr-x ??3 root ?wheel ?????512B 12月 19 21:10 compatdrwxr-xr-x ??2 root ?wheel ?????512B 12月 19 20:28 devdrwxr-xr-x ??8 root ?wheel ?????1.5K 12月 19 20:29 etcdrwxr-xr-x ??2 root ?wheel ?????512B 12月 19 20:28 flashdrwxr-xr-x ??2 root ?wheel ?????512B 12月 19 20:28 homedrwxr-xr-x ??3 root ?wheel ?????2.0K 12月 19 21:10 libdrwxr-xr-x ??2 root ?wheel ?????512B 12月 19 21:07 libexecdrwxr-xr-x ??2 root ?wheel ?????512B 12月 19 20:28 mntdrwxr-xr-x ?13 root ?wheel ?????5.0K 12月 19 22:00 netscalerdrwxr-xr-x ??2 root ?wheel ?????512B 12月 19 20:28 procdrwxr-xr-x ??2 root ?wheel ?????512B 12月 19 20:28 rootdrwxr-xr-x ??2 root ?wheel ?????2.0K 12月 19 20:28 sbindrwxrwxrwt ??2 root ?wheel ?????512B 12月 19 20:28 tmpdrwxr-xr-x ?10 root ?wheel ?????512B 12月 19 21:10 usrdrwxr-xr-x ??8 root ?wheel ?????512B 12月 19 20:28 varroot@lsgxbsd10:/mnt/nsmd #
9) 添加修改配置文件
a: 修改 /etc/httpd.conf
在 154 行增加以下内容
# Set the content-type to always set the default charset to UTF-8AddDefaultCharset UTF-8
b: 修改 /etc/profile
在末尾增加以下内容
if [ -f /var/python/bin/python ] ; then ??export PATH=$PATH:/var/python/binfi
c: 修改 /etc/sshd_config
增加以下配置项
Protocol 2UsePrivilegeSeparation no
d: 增加文件 /etc/ftpd_ctl 并且文件的权限为444 只读权限
#!/bin/shftpd_program="/usr/libexec/ftpd"ftpd_flags="-D -l"case $1 instart) ???????echo "Starting FTPD" ???????$ftpd_program $ftpd_flags;;stop) ???????echo "Stopping FTPD" ???????killall ftpd;;restart) ???????$0 stop ???????sleep 1 ???????$0 start;;esac
e: 修改 /etc/rc
增加以下内容
if [ ! -f $1/ssh/ssh_host_key ]thenecho -n ‘Creating ssh1 RSA host key: ‘/usr/bin/ssh-keygen -t rsa1 -N ‘‘ -f $1/ssh/ssh_host_key/bin/ln -fs $1/ssh/ssh_host_key /etc/ssh_host_keyecho ‘.‘fi
增加以下内容,已经注释的语句,并没有起作用,此语句本意为设置开机启动ftpd程序。
但是ftp进程,并不安全,容易导致风险。故注释此语句。
???#/bin/sh /etc/ftpd_ctl start;
f) 修改 /etc/rc.conf.defaults
#ftpd_enable="YES"
g) 修改 /etc/monitrc
增加以下语句
check process ftpd with pidfile /var/run/ftpd.pid ??start program ?"/bin/sh /etc/ftpd_ctl start" ??stop program ??"/bin/sh /etc/ftpd_ctl stop" ??#if failed port 21 then restart ??#if 5 restarts within 5 cycles then timeout
在最后增加以下语句
## Check nscrlrefresh, a netscaler daemoncheck process nscrlrefresh with pidfile /var/run/nscrlrefresh.pid ?start program ?"/bin/sh /etc/nscrlrefresh_ctl start" ?stop program ??"/bin/sh /etc/nscrlrefresh_ctl stop"## Check websocketd, a netscaler daemoncheck process websocketd with pidfile /var/run/websocketd.pid ?start program ?"/bin/sh /etc/websocketd_ctl start" ?stop program ??"/bin/sh /etc/websocketd_ctl stop"## Check nskrb, the netscaler kerberos daemoncheck process nskrb with pidfile /var/run/nskrb.pid ?start program ?"/bin/sh /etc/nskrb_ctl start" ?stop program ??"/bin/sh /etc/nskrb_ctl stop"## Check iked, which is a daemon to do IKE handshake for IPSECcheck process iked with pidfile /var/run/iked.pid ?start program ?"/bin/sh /etc/iked_ctl start" ?stop program ??"/bin/sh /etc/iked_ctl stop"
h) 修改 /netscaler/nsstart.sh
增加以下内容
# Load default local start sriptecho -n ‘Loading default local rc start phase sript...‘sleep 5[ -f $NSCONFIG/rc.local.start ] && . $NSCONFIG/rc.local.start
i) 修改 /netscaler/nsstop.sh
增加以下内容
# Load default local stop sriptecho -n ‘Loading default local rc stop phase sript...‘sleep 5[ -f $NSCONFIG/rc.local.stop ] && . $NSCONFIG/rc.local.stop
二、制作 FlashBoot
NetScaler 修改 kernel image 及制作 FlashBoot
原文地址:https://www.cnblogs.com/lsgxeva/p/8277656.html