Some of the things provided with the Bootable CD augment normal Unix/Linux commands in simple ways. These common things to do are documented here.
Making file systems write-locked/enabled: The Bootable CD mounts file systems it can find in read only mode at bootup, locating them in the /mnt directory. To write enable these file systems, type we. To relock them, type wl. This is particularly handy when connected to a network. We regularly we to save something from the network and wl afterwards to protect ourselves from unauthorized modification. These functions can be accessed from the X11 security menu for ease of use when browsing.
Disk Wiping: The Bootable CD is pretty good at removing all previous content from a hard disk or floppy disk. This is particularly handy when, for example, a company is trying to prepare large numbers of systems for resale during a down sizing. To wipe disks, boot the Bootable CD in Diskless mode. Login as root, and type:
diskwipe
Answer the prompts and our Bootable CD will overwrite the contents of hard disks appropriately and completely. Please note that: (1) this is not recoverable, and (2) you can do one system after another pretty quickly in diskless mode. On the average, you can do one hard disk per minute by going from one system to the next and returning to the first one after it is done. Cycle multiple times to wipe out multiple disks. Diskwipe also offers options of how many times the disk should be overwritten. More overwrites is generally more secure - with the 35 option providing special pattern-based disk wiping to increase assurance that compression and other similar features are not overlooked in the overwriting process. More details are available here.
Partition Table Decoding: The Bootable CD uses 'pd' to decode partition tables for tasks like automatic mounting of disks read-only at bootup, etc. To run it on a disk (e.g., /dev/hda), use:
pd -d /dev/hda
To make it provide you with mount commands for all disk partitions, use:
pd -d /dev/hda -m
Duplicating floppy disks: We often want to make a few exact copies of a floppy, so we copy the contents of the floppy to memory (ram disk) using the Bootable CD like this:
dd if=/dev/fd0 of=/tmp/flop
We can then make copy after copy by typing:
dd of=/dev/fd0 if=/tmp/flop
Just wait till the floppy stops, and pop another one in. To repeat the last command, press the [up-arrow] key and then press [enter].
Duplicating hard disks: For forensic imaging of disks - or for ease of installation when we have a lot of identical computers to install, we use dd in this way:
dd if=/dev/hda of=/dev/hdc bs=4096
In this case, we are copying FROM the primary master IDE drive (/dev/hda) TO the secondary master IDE drive (/dev/hdc). It copies the whole disk - partition tables, boot sectors, etc. The primary slave is normally /dev/hdb and the secondary slave is normally /dev/hdd. You normally get far better performance by copying from the primary to the secondary rather than copying from a master to a slave on the same IDE chain. In this case we have chosen a 'block size' of 4096 bytes. For some disks this may be too large - make sure you choose a power of 2 - typically one of 512, 1024, 2048, 4096. We chose 4096 here because the larger the blocksize the faster the execution.
The dd program will overwrite entire disks even if write protection is enabled. It is easy to wipe out a disk with dd!
Checking results of dd: If you want to make sure you have an exact copy of a disk, try this:
dd if=/dev/hda bs=4096 | md5sum dd if=/dev/hdc bs=4096 | md5sum
This does an MD5 checksum of each of the disks. Compare the results to see if the bit images are identical. If the disks (or partitions) are of different sizes, use the same block size as above, only specify 'count=NNNNN' where NNNNN is replaced by the number of records out printed out by the original dd used to make the copy.
Searching file systems: Sometimes people want to search file systems to see what's there. For example, they might want to find all of the graphical files on a disk and look at all the pictures. This command (be sure to do it from an X11 command window) will search all mounted file systems and show you all of the graphical files:
findimages /mnt
If you want to find images elsewhere, replace /mnt with another directory area. This program does not rely on the file extension, but rather tries to 'type' the file by looking at its contents.
Here's a trick for making forensically sound images of a hard drive to a series of CD ROMs. It starts by putting in a phoney SCSI driver for the IDE CD-ROM drive. Next it cycles through 640Meg at a time making images of the next portion of the hard disk (/dev/hda in this case). Be careful - it probably won't work on your system without some additional modifications.
/sbin/modprobe ide-scsi echo "Place first CD in the drive now... wait till the drive light stops and press" read ok i=0; while true; do j=`expr $i + 320000` dd if=/dev/hda bs=2048 skip=$i count=320000 | \ cdrecord dev=0,0,0 fs=4096k -v -useinfo speed=12 driveropts=burnproof \ -dao -eject -pad -data - i=$j echo "Place next CD in the drive now and wait for the CD light to stop flashing..." echo "Press ^C if done... to continue" read ok done