Plugin for automatic monitoring and remote maintenance of dreamboxes (or any other linux-based STB). This plugin is experimental and unfinished, it doesn't do much unless extended further. It requires a remote agent running on the box (included as part of this plugin) and uses a separate httpd that the agent will periodically report to. It gives the proxy admin potentially limitless control over the box, so it can only be used where the users fully trusts the admin.
The remote agent is made up entirely of shell scripts (busybox builtin ash compatible), and works as follows:
- User installs the agent via an install script retrieved from the plugin httpd. I.e: User runs wget from /tmp/ to fetch http://user:passwd@proxy-host:plugin-httpd-port/installer.sh then executes the installer (chmod +x installer.sh; ./installer.sh).
- The installer will find a method for auto-starting the agent that works on any box (hopefully), and launch it.
- The agent will connect back to the plugin-httpd and perform a login, by sending various custom http headers.
- If the login succeeds the response will be a generated hash id that will identify this box from now on.
- The agent will then report back to the plugin-httpd every 5 minutes, checking for further instructions and reporting various usage stats.
- If the plugin has a task to run, the periodic check-in will result in downloading and executing more ash scripting generated by the plugin, allowing the proxy admin to perform any task locally on the box. The output resulting from the script is returned to the plugin (using a telnet pipe to do a http connect operation). This allows the proxy admin to perform lengthy/continous tasks (i.e tail a logfile, run dvbsnoop). NOTE: The agent doesn't work on images that don't have the telnet applet in busybox.
- Tasks (ash scripts) are placed either within the dreamboxplugin.jar under web/open/scripts or in the directory that the plugin creates (dreamboxplugin/scripts). Both locations are checked and the resulting list merged for the web ui. The included dreamboxplugin/scripts/test.sh script shows which substitution variables are available to scripters.
Once a box is running the agent, the plugin will connect the box identity with any existing newcamd sessions. It will do this by proxy username alone for now, so there is no protection against abuse by users spoofing.
The plugin also has the option of running an embedded sshd (separate from whatever other sshd the system may have). This is intended to be used mainly for port-fowarding, i.e having agent-scripts use dropbear to create reverse ssh tunnels that lead back to the box through a port opened by the plugin on the proxy server. This way the admin could log into individual boxes at will even though they're behind firewall/nat.
Enabling the sshd will show a custom script (ssh_tunnel.sh) for deploying dropbear and starting a reverse tunnel. To do this, dropbear binaries first have to be placed in dreamboxplugin/binaries/ and they have to be specific versions in order to run on as many boxes as possible. A dreamboxplugin/fetch_binaries.sh script exists to automatically install a combination of ppc and mips dropbear binaries that have been found to work well (and are available precompiled in public repositories). The dreamboxplugin dir tree is created by the plugin when it is first loaded.