Oscam init scripts running multiple Oscam
Regarding init scripts for Oscam, they manage the initialization and startup of the Oscam service. Init scripts vary depending on the operating system you are using. Here are examples of init scripts for different operating systems: Oscam init scripts running multiple Oscam 2024 instances and Oscam hardening
Hi all,
Oscam init scripts are running multiple Oscam instances
In this tutorial, I will
Oscam init scripts are running multiple Oscam 2024
I – give you some useful init scripts, to make an easy start/stop/restart and check of a Oscam instance.
II – Show you how you can run and easily manage multiple Oscam instances on the same host.
This is useful if, for example, you have multiple cards on your system and you want to use
different load-balancing modes for each card or a bunch of the same cards.
Or for better performance, you run two or more instances instead of overloading one running oscam instance.
III – show you how to harden and increase the security of Oscam when running as a server that is exposed to the Internet.
This is useful to not getting hacked.
Copyright:
All presented information and code is released under the terms of the GPL-v3 licence
PART I
Prerequisites:
I assume you have compiled/downloaded Oscam, so you got 2 binaries, “oscam” and “list_smargo”
Installation:
As user “root,” you do:
Table of Contents
Credit & Thanks to the script developer
Oscam init scripts are running multiple Oscam 2024
sudo su –
mkdir -p /opt/oscam/{bin,conf,init}
cp oscam /opt/oscam/bin/oscam_svn_v1.23_build1234
chmod +x /opt/oscam/bin/oscam_svn_v1.23_build1234
ln -s /opt/oscam/bin/oscam_svn_v1.23_build1234 /opt/oscam/bin/oscam.bin
cp list_smargo /opt/oscam/bin/list_smargo_svn_v1.23_build1234
chmod +x /opt/oscam/bin/list_smargo_svn_v1.23_build1234
ln -s /opt/oscam/bin/list_smargo_svn_v1.23_build1234 /opt/oscam/bin/list_smargo
Creation of an OSCAM instance:
Now I will create my first instance, and I call it “hotbabe1”
mkdir /opt/oscam/conf/hotbabe1
I place my config files (oscam.conf, oscam.server, oscam. user …) for Oscam instance “hotbabe1” into “/opt/oscam/conf/hotbabe1”
Now I create the init script for Oscam instance “hotbabe1”
touch /opt/oscam/init/oscam.hotbabe1
chmod +x /opt/oscam/init/oscam.hotbabe1
Now, copy the following code into “/opt/oscam/init/oscam.hotbabe1”
#!/bin/bash
#
OSCAM_BIN_DIR=”/opt/oscam/bin”
OSCAM_LOG_DIR=”/opt/oscam/log”
OSCAM_TMP_DIR=”/opt/oscam/tmp”
RUNASUSER=”root”
OSCAM_BIN=”oscam.bin”
DEVNULL=”/dev/null”
OSCAM_CONF_DIR=”/opt/oscam/conf/hotbabe1″
PROCESSNAME=”oscam.hotbabe1″
NICELEVEL=”-15″
#
check_oscam( ){
ps aux|grep -v grep|grep -q “$OSCAM_BIN_DIR/$OSCAM_BIN -c $OSCAM_CONF_DIR “
}
#
start_oscam( ){
sudo -u “$RUNASUSER” sh -c “”$OSCAM_BIN_DIR”/”$OSCAM_BIN” -c “$OSCAM_CONF_DIR” -t “$OSCAM_TMP_DIR” -b -d 1 -r 2″
for i in $(ps aux|grep -v grep|grep “$OSCAM_BIN_DIR/$OSCAM_BIN -c $OSCAM_CONF_DIR “|awk ‘{ print $2 }’); do
renice -n $NICELEVEL $i > “$DEVNULL” 2>&1
done
}
#
kill_oscam( ){
for i in $(ps aux|grep -v grep|grep “$OSCAM_BIN_DIR/$OSCAM_BIN -c $OSCAM_CONF_DIR “|awk ‘{ print $2 }’); do
kill -9 $i > “$DEVNULL” 2>&1
done
}
#
check_log_tmp_dir( ){
[ -d “$OSCAM_LOG_DIR” ] || mkdir -p “$OSCAM_LOG_DIR”
[ -d “$OSCAM_TMP_DIR” ] || mkdir -p “$OSCAM_TMP_DIR”
if [ $RUNASUSER != “root” ] ; then
[ $(ls -dl “$OSCAM_LOG_DIR”|awk ‘{print $3}’) == “$RUNASUSER” ] || chown -R “$RUNASUSER”:”$RUNASUSER” “$OSCAM_LOG_DIR”
[ $(ls -dl “$OSCAM_TMP_DIR”|awk ‘{print $3}’) == “$RUNASUSER” ] || chown -R “$RUNASUSER”:”$RUNASUSER” “$OSCAM_TMP_DIR”
fi
}
#
check_log_tmp_dir
case “$1” in
start)
check_oscam && echo “$PROCESSNAME allready running. Exiting!” && exit 1
echo “starting $PROCESSNAME!”
start_oscam
sleep 0.1
check_oscam && echo “$PROCESSNAME started successfully!” && exit 0
echo “Failed to start $PROCESSNAME. Exiting!” && exit 1
;;
stop)
! check_oscam && echo “$PROCESSNAME allready stopped!” && exit 1
echo “shutting down $PROCESSNAME!”
kill_oscam
sleep 0.1
! check_oscam && echo “$PROCESSNAME shutdown successfully!” && exit 0
echo “Failed to stop $PROCESSNAME. Exiting!” && exit 1
;;
restart)
! check_oscam && echo “$PROCESSNAME allready stopped!” && exit 1
echo “restarting $PROCESSNAME!”
kill_oscam
sleep 0.1
check_oscam && echo “Failed to stop $PROCESSNAME. Exiting!” && exit 1
start_oscam
sleep 0.1
check_oscam && echo “$PROCESSNAME restarted successfully!” && exit 0
echo “Failed to restart $PROCESSNAME. Exiting!” && exit 1
;;
status)
check_oscam && echo “$PROCESSNAME is running!” && exit 0
echo “$PROCESSNAME is stopped!” && exit 1
;;
*)
N=”/etc/init.d/$PROCESSNAME”
echo “Usage: “$N” {start|stop|restart|status}” >&2
exit 1
;;
esac
#
exit 0
Install the sript with:
ln -s /opt/oscam/init/oscam.hotbabe1 /etc/init.d/
Now you should be able to “start/stop/restart/status” your very “hotbabe1” Oscam instance
Just run:
Oscam init scripts are running multiple Oscam 2025
service oscam.hotbabe1 status
service oscam.hotbabe1 stop
service oscam.hotbabe1 start
service oscam.hotbabe1 restart
Now, for every additional Oscam instance, we choose a different name, e.g. “hotbabe2” and repeat the steps in “Creation of an Oscam instance:”,
and change the variables “OSCAM_CONF_DIR” and “PROCESSNAME” in the start script of the new instance.
Note that you have to choose a different port/ports for every new instance in the “oscam.conf” when running multiple instances! Oscam init scriptsare running multiple Oscam 2023
PART II
Now, once you have lots of running instances and hopefully lots of RAM
You need to manage them all easily. Thus, we need a master Oscam init script.
I call it “oscam”
touch /opt/oscam/init/oscam
chmod +x /opt/oscam/init/oscam
ln -s /opt/oscam/init/oscam /etc/init.d/
Copy the following code into “/opt/oscam/init/oscam”
#!/bin/bash
#
case “$1” in
start)
for i in /etc/init.d/oscam.*; do $i start; done
;;
stop)
for i in /etc/init.d/oscam.*; do $i stop; done
;;
restart)
for i in /etc/init.d/oscam.*; do $i restart; done
;;
status)
for i in /etc/init.d/oscam.*; do $i status; done
;;
*)
N=”/etc/init.d/oscam”
echo “Usage: “$N” {start|stop|restart|status}” >&2
exit 1
;;
esac
exit 0
Now you can manage all of your Oscam instances by running:
service oscam status
service oscam stop
service oscam start
service oscam restart
PART III
First, I will go through hardening Oscam on the GNU-Linux OS level.
As you can see, I use a “RUNASUSER” variable in the init script of the oscam instance.
Oscam init scripts are running multiple Oscam 2023
When using oscam as a card reader, we set it to run as root, as we need root privileges to write to the USB device file of the card reader.
Another approach would be writing a udev rule to change the owner/permissions of the device file when it is created.
E.g. find out what device class your reader belongs to under GNU-Linux … write an udev rule …. and then set the “RUNASUSER” variable to an unpriviliged user.
But when using Oscam as a proxy or as a frontend server to other (not trusted internet) clients, then hardening comes into play.
So these are the steps to harden your Oscam server. Oscam init scripts running multiple Oscam 2023
groupadd -g 34523 oscam
useradd -d /dev/null -g 34523 -u 34523 -s /bin/false oscam
Now we just set “RUNASUSER” to oscam, e.g., RUNASUSER=”oscam” in the oscam instance init script and restart oscam.
Now, oscam is running as a non-privileged user with no shell and no home directory.
There are no performance issues with this setup.
By doing so, it is hard to break into your system now.
Now we need to harden Oscam and protect your cards on the CS level. To do so, just check the “ecm whitelisting option in oscam.conf”
Also, only allow EMM from trusted clients.
The best practice is also to handle most “untrusted” ECM traffic via caching.
P.S. In the next tutorial, I will introduce you to a watchdog that I have written for Oscam.
Also, a tutorial on how to protect your server against syn flooding and port knocking attacks will follow.
Howto: Oscam watchdog
Credit to copyleft
Oscam is capable of restarting itself on errors/segfaults. But I wanted to make sure that Oscam is “REALLY” handling some traffic (doing its job properly).
And here comes the Oscam watchdog into play. The idea of the watchdog is quite simple.
If no successful ECMs are logged within a defined time frame, then the Oscam is started again.
Copyright:
All presented information and code is released under the terms of the GPL-v3 licence
Prerequisites:
– Oscam started with the level 1 debugging option. Just look at the init script above – howto-oscam-init-scripts-running-multiple-oscam-instances-oscam-hardening.
-d 1
Installation:
We are going to create two scripts. One is the Oscam watchdog daemon, that will run as a proccess under GNU-Linux.
and an init script for the Oscam watchdog.
touch /opt/oscam/bin/oscam.watchdog.sh
touch /opt/oscam/init/oscamwatchdog
chmod +x /opt/oscam/bin/oscam.watchdog.sh
chmod +x /opt/oscam/init/oscamwatchdog
ln -s /opt/oscam/init/oscamwatchdog /etc/init.d/
update-rc.d oscamwatchdog defaults
Copy the following code into “/opt/oscam/bin/oscam.watchdog.sh”
#!/bin/bash
# Restart/start oscam if we dont log any successful cw transactions within a defined time frame”
OSCAM_INSTANCE=”$1″
CCCAM_INSTANCE=cccam.$(echo $OSCAM_INSTANCE|cut -d. -f2)
LOG_FILE=”/opt/oscam/log/$OSCAM_INSTANCE.log”
CHECK_INTERVALL=60
DATE_STAMP_LAST_CW=start # Dont touch this
SCRIPTNAME=”oscam.watchdog.sh”
CTR=0 # Dont touch this
MAX_RETRY=4
check_oscam( ){
DATE_STAMP_ACTUAL_CW=$(tail -n 1000 $LOG_FILE|grep “fail 0$”|tail -n 1|awk ‘{print $1 $2}’)
if [ ! -z “$DATE_STAMP_ACTUAL_CW” ] ; then
if [ $DATE_STAMP_LAST_CW = ‘start’ ] ; then
DATE_STAMP_LAST_CW=$DATE_STAMP_ACTUAL_CW
CTR=0
fi
if [ “$DATE_STAMP_LAST_CW” = “$DATE_STAMP_ACTUAL_CW” ] ; then
DATE_STAMP_LAST_CW=”$DATE_STAMP_ACTUAL_CW”
((CTR++))
if [ $CTR -gt $MAX_RETRY ] ; then
TIME_FRAME=$((${MAX_RETRY}*${CHECK_INTERVALL}))
logger -t $SCRIPTNAME “No successful cw transaction for $TIME_FRAME sec. Restarting $OSCAM_INSTANCE!”
service $OSCAM_INSTANCE stop > /dev/null 2>&1
sleep 2
service $OSCAM_INSTANCE start > /dev/null 2>&1
if [ -x /etc/init.d/$CCCAM_INSTANCE ] ; then
service $CCCAM_INSTANCE stop > /dev/null 2>&1
sleep 2
service $CCCAM_INSTANCE start > /dev/null 2>&1
fi
CTR=0
fi
else
DATE_STAMP_LAST_CW=”$DATE_STAMP_ACTUAL_CW”
fi
else
((CTR++))
if [ $CTR -gt $MAX_RETRY ] ; then
TIME_FRAME=$((${MAX_RETRY}*${CHECK_INTERVALL}))
logger -t $SCRIPTNAME “No successful cw transaction for $TIME_FRAME sec. Restarting $OSCAM_INSTANCE!”
service $OSCAM_INSTANCE stop > /dev/null 2>&1
sleep 2
service $OSCAM_INSTANCE start > /dev/null 2>&1
if [ -x /etc/init.d/$CCCAM_INSTANCE ] ; then
service $CCCAM_INSTANCE stop > /dev/null 2>&1
sleep 2
service $CCCAM_INSTANCE start > /dev/null 2>&1
fi
CTR=0
fi
fi
}
if [ -z $OSCAM_INSTANCE ] ; then
echo “Error: No Oscam instance specified!”
logger -t $SCRIPTNAME “Error: No Oscam instance specified!”
echo “Please give an Oscam instance. Exiting!”
logger -t $SCRIPTNAME “Please give an Oscam instance. Exiting!”
exit 1
fi
if [ ! -x /etc/init.d/$OSCAM_INSTANCE ] ; then
echo “Error: No valid Oscam instance specified!”
logger -t $SCRIPTNAME “Error: No valid Oscam instance specified!”
echo “Please give a valid Oscam instance. Exiting!”
logger -t $SCRIPTNAME “Please give a valid Oscam instance. Exiting!”
exit 1
fi
while true; do
check_oscam
sleep $CHECK_INTERVALL
done
Copy the following code into “/opt/oscam/init/oscamwatchdog”
echo “stopping “$OSCAM_WATCHDOG_PROCESS_NAME” daemon!”
stop_oscamwatchdog
exit 0
else
echo “$OSCAM_WATCHDOG_PROCESS_NAME is stopped. Exiting!”
exit 1
fi
;;
status)
if check_oscamwatchdog ; then
echo “$OSCAM_WATCHDOG_PROCESS_NAME is running!”
exit 0
else
echo “$OSCAM_WATCHDOG_PROCESS_NAME is stopped!”
exit 1
fi
;;
*)
N=”/etc/init.d/oscamwatchdog”
echo “Usage: “$N” {start|stop|status}” >&2
exit 1
;;
esac
exit 0
Now you can start or stop the Oscam watchdog by running
service oscamwatchdog start
service oscamwatchdog stop
service oscamwatchdog statusEvery time you add a new Oscam instance, you have to add it to the variable “OSCAM_SERVERS” in “/opt/oscam/init/oscamwatchdog”
and stop and start the watchdog.
There are also the variables “CHECK_INTERVAL” and “MAX_RETRY” in “/opt/oscam/bin/oscam.watchdog.sh”
With “CHECK_INTERVALL=60”, the watchdog will check every 60 seconds. This is a reasonable value since it would not stress your system.
Decreasing this value will put more load on your system.
With “MAX_RETRY=4,” you tell the watchdog to restart/start Oscam if no ECMs are seen after 4 minutes.
Higher values are better to avoid a lot of disconnection/reconnection when you are connected to other servers.
