Redstar OS Server

For a few years now, iso files of both the desktop and server edition of North Korea's homegrown linux distribution, Redstar OS, have been floating around the internet. There's been an awful lot of analysis of the desktop edition, made famous in part by the blatant aping of MacOS and the kernel level file watermarking it does (Which you can read up on Here
and Here). However there doesn't seem to be that much information on the server edition.

So what better way than to setup a server with Redstar OS and see what's what? The system seems geared towards web servers and comes with packages for the full LAMP stack with httpd 2.2, PHP 5.3 and MySQL 5.5. If you're curious for the full package list on the disk, you can view it here (that is the only source of packages, no yum repos are added as default). You can view the whole site here. EDIT: The server has been taken down as I needed the IP!

At its core the OS seems to be based on RHEL 6 and is running kernel version 2.6.32-201305.RSS3.i686 (Only an i686 version of the server seems to be floating around publicly, but apparently an x64 version does exist). There's no redhat-release or lsb-release, but /etc/system-release gives the OS name as: 《붉은별》봉사기용체계 3.0(갱신판 1) which according to google translates to "Red Star" Service System 3.0 (Update 1).

Installation was a relatively simple TUI and I was able to guess what needed to go where on the pages without too much hassle, though I did need to manually adjust the ifcfg-eth0 file since it seems I filled some details in incorrectly, but nothing too major. Within the OS itself, the kernel boot flags set the system language to ko_KP.UTF-8 and most config files for the web services are in Korean. Interestingly, despite the desktop OS having selinux enforced, this isn't the case in the server edition. Nothing in the grub.conf and getenforce returns a Disabled response. Unlike the desktop edition, which doesn't provide root access, the setup here prompts you for a root password and the account is fully enabled and usable.

The server edition also comes with iptables, so the first thing I did (as little as it may help) was block 175.45.176.0/22 and 210.52.109.0/24 for both INPUT and OUTPUT which are the two ranges North Korea are known to use. I also deactivated access logging in the httpd.conf and just disabled rsyslog completely just in case there was something streaming data off somewhere in spite of the iptables block.

I then started tcpdump running on the VM's vnet device on my node, and after approximately ten minutes, there was nothing I could see that looked suspect in terms of network traffic in or out. Just the odd https requests, a few OVH health checks and of course attempts to get at SSH from miscellaneous locations (One from Japan, none from anywhere else in East Asia).

Next I was interested in the kernel module called rtscan that handles the watermarking as mentioned in the above post. Unfortunately, an lsmod seems to show this wasn't loaded and modprobe doesn't show it as being installed. However, I still wanted to test this, so I uploaded a set of files of different formats (.doc, .docx, .jpg, .mp4 and .txt) and md5'd them before uploading them to the server, and got the following outputs:

MD5 (kimjongun.doc) = 9c1bb78d8eb1daebd94ef93f6f981669
MD5 (kimjongun.docx) = d59a2e0aaf3a488183325918d4e130d1
MD5 (rat-with-teddy.jpg) = 9569b73ca7e41099aca434fb6f54e99d
MD5 (text.txt) = cae9c9e0816032b265c58db8e96afc70
MD5 (waterfall.mp4) = 33cdd0d874dcf9cc653f98164b3efb72

Post upload to the server (and after moving them around/touching/etc as both root and a new user) and rsyncing them back md5 gave this output:

MD5 (kimjongun.doc) = 9c1bb78d8eb1daebd94ef93f6f981669
MD5 (kimjongun.docx) = d59a2e0aaf3a488183325918d4e130d1
MD5 (rat-with-teddy.jpg) = 9569b73ca7e41099aca434fb6f54e99d
MD5 (text.txt) = cae9c9e0816032b265c58db8e96afc70
MD5 (waterfall.mp4) = 33cdd0d874dcf9cc653f98164b3efb72

As you can see, no difference. But just to be doubly safe, I popped open both the original file and the modified one in a hex editor side by side to look at Offset 80 for the watermark that has been added (original on left, downloaded off of the server on the right):

hex.png

As you can see, no watermark or change to the file at all.

So from poking at the server edition, unless they're being very very sneaky, it doesn't seem to have the same sort of tracking code that the desktop edition comes with. Of course, due to the context and history of this release, I personally still find it quite interesting. However, from a technical perspective, it's basically your run of the mill Red Hat inspired distribution albeit somewhat crippled in terms of available packages.

There is apparently a version 4 of Redstar in existence, but as yet, there doesn't seem to be a copy of it on the internet, perhaps that will end up being more interesting?

PHP 5.3 in EasyApache 4

N.B. PHP 5.3 has not been supported now for almost 3 years, the best approach really would be to port any code over to a newer version, as the provided versions in EA4 are having fixes backported into them.

With the advent of EasyApache 4, cPanel have made management of multiple PHP versions so much easier, with generally no more needing to hack at custom apache configs or having to keep old, unsupported modules, like mod_suphp, to hand.

However, at $work, we are currently migrating client servers away from Centos 5 due to its imminent EoL and some of who still have requirements for PHP 5.3, but cPanel no longer provide EA3 on a newly provisioned box, cutting off access to PHP 5.3 as standard. Getting PHP 5.3 added as a CGI handler is pretty easy though and it mostly plays nice with cPanel's built in MultiPHP tools. For example if a user is using PHP 5.3 and makes a change in cPanel's MultiPHP ini that change will apply to the 5.3 instance.

Most of the required dependencies are already provided by cPanel but there's a few things you'll want to get installed, so run the following commands to install your dev tools, epel (needed for one of the dependencies) and the dependencies themselves:

yum groupinstall 'Development Tools'
yum install epel-release
yum install sqlite-devel libxml2-devel bzip2-devel libcurl-devel libc-client-devel libmcrypt-devel aspell-devel libedit-devel libtidy-devel

Then acquire PHP 5.3 (the newest build is 5.3.29 and at the time of writing can be gotten from: http://php.net/get/php-5.3.29.tar.gz/from/a/mirror) and extract it into /usr/src before cd'ing in.

To get this to build successfully, I took the ./configure line from an EA3 server and modified it to use system libraries rather than the custom ones bundled with EA3. You can use this as-is or feel free to modify it for your own needs:

./configure  --enable-bcmath --enable-calendar --enable-exif --enable-ftp --enable-gd-native-ttf --enable-libxml --enable-mbstring --enable-pdo=shared --enable-sockets --enable-zip --prefix=/opt/php53  --with-bz2 --with-curl=/usr --with-freetype-dir=/usr --with-gd --with-imap=/usr --with-imap-ssl --with-jpeg-dir=/usr --with-kerberos --with-libdir=lib64 --with-libexpat-dir=/usr --with-libxml-dir=/usr --with-mcrypt=/usr --with-mysql=/usr --with-mysql-sock=/var/lib/mysql/mysql.sock --with-mysqli=/usr/bin/mysql_config --with-openssl=/usr --with-openssl-dir=/usr --with-pcre-regex=/usr --with-pdo-mysql=shared --with-pdo-sqlite=shared --with-pic --with-png-dir=/usr --with-sqlite=shared --with-tidy=/usr --with-xmlrpc --with-xpm-dir=/usr --with-zlib --with-zlib-dir=/usr

Once the configure is done, and you've done your make, make test and make install, you'll have your shiny new PHP in /opt/php53 and you're ready to get apache up and running.

You'll want to edit /etc/apache2/conf.d/includes/pre_main_global.conf and add the following lines to it:

ScriptAlias /local-bin /opt/php53/bin
Action application/x-httpd-php53 /local-bin/php-cgi

<Directory "/opt/php53/bin">
    Order allow,deny
    Allow from all
</Directory>

At this point, if you want PHP 5.3 to be the default serverwide version, you would also need to add the following line after the ones above:

AddHandler application/x-httpd-php53 php

Otherwise you can put it in the .htaccess for the site that needs PHP 5.3 support.

Caveat
With this method, if you have PHP 5.3 set to the system default version, the standard cPanel .htaccess line to change versions won't work, so if you want another version, after selecting it you need to edit the user's .htaccess, changing the following:

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php70” package as the default “PHP” programming language.
<IfModule mime_module>
  AddType application/x-httpd-ea-php70 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

To:

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php70” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php70 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

(changing the AddType to AddHandler)