-
Notifications
You must be signed in to change notification settings - Fork 20
/
grml-doc-4.html
393 lines (354 loc) · 9.53 KB
/
grml-doc-4.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
<TITLE>grml - Linux for system administrators and texttool users: sysadmin tasks</TITLE>
<LINK HREF="grml-doc-5.html" REL=next>
<LINK HREF="grml-doc-3.html" REL=previous>
<LINK HREF="grml-doc.html#toc4" REL=contents>
</HEAD>
<BODY>
<A HREF="grml-doc-5.html">Next</A>
<A HREF="grml-doc-3.html">Previous</A>
<A HREF="grml-doc.html#toc4">Contents</A>
<HR>
<H2><A NAME="s4">4.</A> <A HREF="grml-doc.html#toc4">sysadmin tasks</A></H2>
<H2><A NAME="ss4.1">4.1</A> <A HREF="grml-doc.html#toc4.1">resize NTFS partition</A>
</H2>
<P>Let's assume you have a harddisk with a single partition using NTFS as the
filesystem. Now you would like to resize the partition so you can install
Linux to it. Run:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
ntfsresize --no-action --size 20000M /dev/hda1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>to check wheter it works. If you do not notice any errors you can drop the
'--no-action'-option and resize the partition. For more details take a look
at
<A HREF="http://linux-ntfs.sourceforge.net/info/ntfsresize.html">the ntfsresize-homepage</A>.</P>
<H2><A NAME="ss4.2">4.2</A> <A HREF="grml-doc.html#toc4.2">backup and restore Master Boot Record (MBR)</A>
</H2>
<P>Backup the MBR via:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
dd if=/dev/hda of=hda.mbr bs=512 count=1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>and restore it via:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
dd if=hda.mbr of=/dev/hda bs=512 count=1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>Caution: the MBR contains the partition table (the first four primary
entries). If you changed the partition since creating the backup-file
you will probably lose your partitions.</P>
<P>If you do not want to restore the partition table you should use with
'bs=448' instead. This will write only the first 448 bytes of the
MBR leaving the last 64 bytes intact (4 partition table entries * 16
bytes/entry).</P>
<H2><A NAME="ss4.3">4.3</A> <A HREF="grml-doc.html#toc4.3">backup and restore harddisc</A>
</H2>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
zcat /mnt/Backup/hda1.dd.gz | dd of=/dev/hdb1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>You might want to use a specific blocksize to improve performance.
Specify it via 'bs=...k', values from 4k up to 1024k might fit your
needs.</P>
<H2><A NAME="ss4.4">4.4</A> <A HREF="grml-doc.html#toc4.4">clone harddisc</A>
</H2>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
dd if=/dev/hda of=/dev/hdb
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>Notice: this includes of course the bootsector too!
More detailed information is available in the
<A HREF="http://www.tldp.org/HOWTO/Hard-Disk-Upgrade/">Hard-Disk-Upgrade HowTo</A>.</P>
<P>TODO: backup via network (netcat/scp/...)</P>
<P>tar -cf - directory | ssh user@remote tar -xf - -C /dest/dir
dd if=image | ssh fileserver "cd /tmp; dd of=image"</P>
<P>vom client zum server:
dd if=/dev/hda1 | ssh fileserver 'cat > image'</P>
<P>vom server zum client:
ssh client 'dd if=/dev/hda' > image</P>
<P>-> unbedingt Blocksize anpassen wegen Performance!</P>
<P>http://lists.suse.com/archive/suse-linux/2004-May/2786.html</P>
<P>Komplettes Partitions Backup (Image):</P>
<P>mount /dev/hda1 / -o remount,rw;
dd if=/dev/zero of=/delme1 bs=4048; rm /delme1;
mount /dev/hda1 / -o remount,ro;</P>
<P>Lokal:</P>
<P>dd if=/dev/hda1 bs=4048 | bzip2 > /mountpoint/image_hda1.bz;</P>
<P>Netzwerk:</P>
<P>ssh host -c blowfish 'dd if=/dev/hda1 bs=4048 | bzip2' | dd of=/image_hda1.bz</P>
<P>Entfernten Rechner mit tar sichern:</P>
<P>ssh root@otherhost -c blowfish 'tar -f - -p -P -c --exclude=/tmp --exclude=/var/cache /' | dd of=/daten/backup.tar</P>
<P>Remote backup via rsync:
rsync --delete -avze ssh /home/mika/ mika@mari:/Backup/</P>
<P>grml-system klonen:
rsync -avzp --rsh="ssh -l root -p 66" /Grml/grml_uncompressed remote:/Grml/</P>
<H2><A NAME="ss4.5">4.5</A> <A HREF="grml-doc.html#toc4.5">install lilo</A>
</H2>
<P>Mount your root partition with the dev-flag:
<BLOCKQUOTE><CODE>
<HR>
<PRE>
mount -o dev /mnt/hda1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>Then adjust /mnt/hda1/etc/lilo.conf. Now execute lilo in the chroot:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
chroot /mnt/hda1 lilo
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<H2><A NAME="ss4.6">4.6</A> <A HREF="grml-doc.html#toc4.6">install grub</A>
</H2>
<P>TODO: grub-install</P>
<H2><A NAME="ss4.7">4.7</A> <A HREF="grml-doc.html#toc4.7">rescue partition(s)/-tables</A>
</H2>
<P>TODO: ntfsresize, parted, ntfsclone</P>
<H2><A NAME="ss4.8">4.8</A> <A HREF="grml-doc.html#toc4.8">restore password</A>
</H2>
<P>You can change the password of a Linux system via chrooting into:
<BLOCKQUOTE><CODE>
<HR>
<PRE>
mount /dev/hda1 # mount rootpartition, make sure it is mounted read-writeable!
chroot /mnt/hda1
passwd root
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>or via using /bin/sh instead of the init-system:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
linux init=/bin/sh # boot with bootparam init
mount -o remount,rw / # mount root partition read-writeable
/usr/bin/passwd # now set the password
mount -n -o remount,ro / # remount / read-only
/sbin/init 6 # reboot
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>If you don't have /usr/bin/passwd available you could change
/etc/passwd. Just remove the 'x' in the line containing information
about user root, just change:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
root:x:0:0:root:/root:/bin/zsh
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>to something like:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
root::0:0:root:/root:/bin/zsh
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>or you could even remove the hash in /etc/shadow, change:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
root:foooobaaaarrrr.:11808:0:10000::::
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>into something like this:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
root::11808:0:10000:::
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<H2><A NAME="ss4.9">4.9</A> <A HREF="grml-doc.html#toc4.9">rescue a Linux system (Debian)</A>
</H2>
<P>You have a system which does not boot anymore because there have been
problems at the last upgrade? Just mount the root-partition and chroot
into it:
<BLOCKQUOTE><CODE>
<HR>
<PRE>
mount /mnt/hda1
chroot /mnt/hda1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>Now you can run commands within your 'damaged system'.
Notice: 'chroot /mnt/hda1 /bin/bash' might be required
if /mnt/hda1 does not contain a zsh because chroot invokes
$SHELL.</P>
<H2><A NAME="ss4.10">4.10</A> <A HREF="grml-doc.html#toc4.10">setting up a firewall</A>
</H2>
<H2><A NAME="ss4.11">4.11</A> <A HREF="grml-doc.html#toc4.11">setting up a gateway</A>
</H2>
<H2><A NAME="ss4.12">4.12</A> <A HREF="grml-doc.html#toc4.12">setting up a transparent bridge</A>
</H2>
<H2><A NAME="ss4.13">4.13</A> <A HREF="grml-doc.html#toc4.13">scan for virus</A>
</H2>
<P>Let's assume you want to check for virus on your hard disc.
Mount the partition and run clamscan:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
mount /mnt/hda1 # mount the partition you want to scan
clamscan -r /mnt/hda1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>TODO: freshclam</P>
<H2><A NAME="ss4.14">4.14</A> <A HREF="grml-doc.html#toc4.14">rootkits, intruders & co</A>
</H2>
<P>Use chkrootkit to scan for rootkits.
<BLOCKQUOTE><CODE>
<HR>
<PRE>
mount /mnt/hda1 # assuming that hda1 contains your root-partition, adjust it!
chkrootkit -r /mnt/hda1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>If you don't want to run integrity checkers like tripwire/aide on your systems
you could create md5sums of the binaries:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
mount /mnt/hdaX # assuming that hda1 contains your root-partition, adjust it!
find /mnt/hda1/bin /mnt/hda1/usr/bin /mnt/hda1/sbin /mnt/hda1/usr/sbin -type f -print0 | xargs -0 md5sum > /tmp/md5sum.clean
sort /tmp/md5sum.clean > /tmp/md5sum.clean.sorted
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>In case of a possible infection you could run the command again
(adjusting 'clean' to e.g. 'check') and compare the two md5sum-files
(preferably the sorted ones) via the diff-command.</P>
<H2><A NAME="ss4.15">4.15</A> <A HREF="grml-doc.html#toc4.15">System information</A>
</H2>
<P>Interactive tools:
<BLOCKQUOTE><CODE>
<HR>
<PRE>
Performance Tools: System CPU.
vmstat (Virtual Memory Statistics)
top
procinfo (Display Info from the /proc File System)
gnome-system-monitor
mpstat (Multiprocessor Stat)
sar (System Activity Reporter)
oprofile
Performance Tools: System Memory.
vmstat (Virtual Memory Statistics)
top
procinfo
gnome-system-monitor
free
slabtop
sar
/proc/meminfo
Performance Tools: Process-Specific CPU.
time
strace
ltrace
ps (Process Status)
ld.so (Dynamic Loader)
gprof
oprofile
Performance Tools: Process-Specific Memory.
ps
/proc/\<PID\>
memprof
valgrind (cachegrind)
kcachegrind
oprofile
ipcs
Performance Tools: Disk I/O.
vmstat
dstat
iostat
sar
lsof (List Open Files)
Performance Tools: Network.
mii-tool (Media-Independent Interface Tool)
ethtool
ifconfig (Interface Configure)
ip
sar
gkrellm
iptraf
netstat
etherape
Utility Tools: Performance Tool Helpers.
bash/zsh
tee
script
watch
ldd
objdump
GNU Debugger (gdb)
gcc (GNU Compiler Collection)
Schedutils: CPU related stuff
schedtool
chrt
taskset
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<HR>
<A HREF="grml-doc-5.html">Next</A>
<A HREF="grml-doc-3.html">Previous</A>
<A HREF="grml-doc.html#toc4">Contents</A>
</BODY>
</HTML>