Slashdot Mirror
True Stories of Knoppix Rescues
Omniscientist writes "We've all been there: Our system is on the edge of death and we need to either fix it or retrieve important data that still remains hidden away in its dying clutches. LinuxDevCenter has a funny article on a heroic tale of a sysadmin relying on Knoppix to save the day. I for one, always make a boot disk in case of problems, but Knoppix can turn a bad day into a good one for just about anyone. Perhaps every administrator should have a Knoppix CD on reserve."
but how is this story "Hardware Hacking"?
Aw, fuck it.
DAMN YOU OCTODOG! DAMN YOU TO HELL!
I have used knoppix and dd to migrate virtual machines from Virtual Server/Virtual PC to VMware. Now if that ain't a rescue, I don't know what is.
I suppose the moral of this story is to be careful when you play around with the dd command and your MBR.
DOY!
works like a charm to save data on corrupted windows boxes..
i just burnt myself a cd of knoppix-3.8 the other day, for just this reason! although i've had no reason to use it (yet), im hoping my system starts acting up soon so i finally have an excuse to use it :P
Enjoy an e-piphany
In case you need a smaller, Knoppix based, distro : Damn Small Linux is much smaller and is very good as a system rescue tool too.
A co-worker was trying to salvage some files from a dying Windows 98 machine. Win98 was having the damndest time accepting a USB memory drive (even with the right drivers installed). Five minutes with Knoppix and all his important files (mainly family tree stuff) was backed up to the USB memory drive.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
...what's with the "Perhaps..."? IMHO, some kind of linux rescue cd is a sysadmin must-have.
Not only Knoppix, but many of the new "live CDs" work very well for such rescues on hosed (Windows, and others) systems. I, myself, have used Knoppix, Mandrake, PClinuxOS and Mepis as rescue CDs (preferring Mepis, but that's just me), and I've seen Ubuntu, SUSE, and some others used in the same ways.
OK let me see if I have this straight.
Some "battle-hardened" sysadmin (who apparently doesn't to do regular backups... hmm...) salvages a few systems with Knoppix, and it's front-page news?
Must be a real slow news day.
"Ask not what your country can do for you." --John F. Kennedy
Oh, come on, like you've never fouled anything up the first time you tried to play with it.
[insert witty sig here]
yes, but everyone does something profoundly stupid every once in awhile.
Knoppix is good for fixing the problem, regardless of whether the problem was caused by an ID10T error or an OS crash.
upon the advice of my lawyer, i have no sig at this time
I've used bootable linux CD-ROM for many system saving tasks. Usually it is to fix windows machines that have been infected with a virus. A friend, neighbor, or coworker will be unable to boot due to some registry corruption or 'missing lsass.exe' virus corruption. Using knoppix I've been able to mount the NTFS file system and repair from a special hidden copy of the system hives.
I've also used Toms root boot disk - which is linux based but much smaller (designed to fit on a floppy).
Recently, I've been using Kanotix distro which was derived/inspired by Knoppix. Its debian sid based and includes many more drivers built in - my laptop wireless works out of the box with Kanotix and the ndiswrapper. It includes 'captive-ntfs' which lets me mount NTFS as writeable (important when modifying those registry hives). Kanotix website is in both German and English. I wont link to it since I haven't asked permission.
I recommend downloading it via bit torrent here.
Ditto!
I presume parent is some godlike person who never makes a mistake.
Where i work, at the University of Cincinnati, our "official" (official because it's what my boss favors, not because of university policy or anything) live distro is knoppix and it has certainly helped in situations where machines have been royally screwed up, for whatever reason. i've had better luck with mepis, hower. i find that it is faster and more compatible (especially with properly recognizing and using sound cards), and that it is also more fully featured. it makes a good install, too.
Yeah, but lotion seems to take care of that, after a little while.
My young sister brought me her laptop which was probably the most compromised machine I'd ever seen: tons of adware, spyware, and viruses had made it almost unusable. I'd promised I'd fix it, but I couldn't even get it to boot to the point where I could rescue her files. I made some fixes so that I could boot it, but whenever I tried to copy her files to a special share on my Linux box, some virus would pop up and kill the connection before it was done. I was just about to give up, when I thought of booting up the computer with a Knoppix CD I had. So I did, and mounted her hard drive and tar'ed up all of her files and copied them to the Linux share. I scanned all of her files for viruses and whatnot on that computer while wiping her computer and reinstalling Windows. I wasn't able to convince her to switch to Debian, but I did install AdAware, Spybot S&D, Thunderbird, and Firefox, and hid all links to IE (I did install the "View in IE" extension for her, just in case).
She's gotten a new laptop since then, one which runs WinXP. But she's now a Firefox fanatic; she even asked for a Firefox T-shirt for Christmas. I'm so proud. Now if only she'd let me dual-boot her machine.
-- The reason it's called the right wing? Irony.
He didn't make these mistakes on a production server either. The first was on his main workstation (not a server) and the second was on his laptop (also not a server).
Really, if you wanna flame him, you'd be safer pointing out that this is just some guy dicking around on his home machine and managing to not scrag his mp3 collection thanks to the wonder of Knoppix.
[insert witty sig here]
"The first and only time I experimented with out-of-spec IDE cables was on my main workstation."
And he had a reason for out of spec cables: he couldn't reach the connector on the motherboard.
For not reading GRUB parameters, well, there's just no excuse for that.
I disagree. Every sysadmin I have ever known has made mistakes. Knowing how to bail yourself out is what makes you a great sysadmin. The person behind the previous post denies his/her own human qualities.
One other thing.... avoid doing dangerous admin commands when highly stressed or tired. I once deleted an entire directory I didn't intend to because I forgot the directory was hardlinked to another location.
As a result, 10 Virtual Servers, including a domain controller, suddenly blinked off. I had blown every one of them away in one misguided command.
Reality is Relative.
I built a brand new system and took that drive out and put it into another XP system as a slave....no problems at all. Then we had a power failure. I have 9 computers in my house, many with several drives, every system was fine, with the exception of that one drive. XP decided that this drive was no longer formatted.
I took my lumps from the wife and began to look into data recovery. I tried SalvageNTFS, ScroungeNTFS and a demo from OnTrack. I forget the actual status that each tool reported but suffice it to say that none of them were successful and I just moved on. I did keep the drive though. A few weeks ago I stuffed it into what is to be a new webserver and put in a knoppix live cd. *poof* got everything back...every photo was recovered.
Can't explain it, but I'm keeping a Knoppix CD in my box of tricks from now on.
Contains 130Mb of tools on a 50 MB ISO. Can run from RAM, so CD can be removed after boot.
The trick is, after you rsync the /cdrom directory to the master directory (see the book), cd to master/boot/isolinux and edit the isolinux.cfg file. Put your favorite cheat in the first APPEND line.
This worked for Knoppix 3.4 and up. Don't know about earlier versions.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
as a sysadmin for many years; you learn very quickly NOT to put anything valuable on the same drive that boots/manages the operating system.
/hda for booting/system and /hdb for *data*. if something screws up on any of the /hda partitions - you *reinstall* (or, try to recover it). bottom line is that none of your data gets messed up, because its on a *seperate drive* (note: not just seperate partition).
/etc/ files *sigh, those were the days*
i use
i even take it one level further now by putting anything i need (especially development tools/kits) as vmware disc images. this way, i can easily move stuff between machines - and, i just need to install vmware to get started (beats installing everything again).
operating systems should be something you can swap in/out without putting any of your valuable data at risk. hell, if you wanted to use a bootable linux from CD, and rom everything from a ram drive - why shouldn't you?
i wasn't sure how to interpret this article. first, a guy who screws up his own systems; then tries to get acclaim on the "recovery stories". did anyone miss the guy wrote a book on this as well? seems like a publicity stunt.
what happened to the old linux slackware days where all you needed was a boot and root floppy disc and you were all hunky dorey. nothing like vi'ing
If you're going to suggest a Knoppix-STD alternative, why not name one that's intended for data recovery and system restoration...
The only recovery disks that I've found worth using are a custom gentoo based live-cd and INSERT
Knoppix-STD or some other live disk is good for imaging and file recovery, but lacks real utility... like editing a windows 2000 registry, or doing vfat/ntfs hacking
Go Ahead, try INSERT (and yes, i know it's Knoppix Based)
The Geek in Black
I know my BCD's (when I'm Sober)
If you want your system to start acting up, just boot that 3.8. Considering that 3.7 is the newest released, there is likely to be a big suprise waiting in whatever you downloaded marked Knoppix 3.8.
I'm an American. I love this country and the freedoms that we used to have.
I had always read about this happening to other guys, but never thought it would happen to me.
.
I was coiming into work early Monday morning knowing I had to reinstall everything on the secondary email server that went down on Sunday. I thought I would be the only one in, but Suzie from accounting had come in early too.
I always loved her emails when she needed some help. They were cheerful and she had clearly always researched the problem she was haveing rather than the normal "it just doesn't work".
She came up and told me when she booted up the system it wouldn't get past the initial Windows boot screen. She was wearing a tight baby blue collared shirt with a short black skirt. No stockings and black high heals. She leaned low and as I was looking at her black bra said in a slow sexy voice - "Can you fix it?"
That's when I pulled out my Knoppix . .
Oddly enought, I found out the answer to that last night (and I wasn't even asking about that particular problem):
dd if=/dev/hda of=hda.mbr bs=512 count=1
Got that from this site. So take their word for it, not mine.
"Hardly used" will not fetch you a better price for your brain.
Knoppix just takes way too long to boot and doesn't have some of the features that System Rescue does. Plus he's got a PPC version. I've use the PPC version to repair a OS X box (yes, they do crash too) and the Intel version to constantly recover user and Administrator passwords in XP. It's so easy with this disk!
This is a test. This is a test of the emergency sig system. This has been only a test.
Just this morning, mozingod had to come rescue my win2k workstation with knoppix to reset the local admin password.
*Somehow* my machine got deleted off of an AD domain so I coulnd't log on. Everything's been running so smooth with this machine - no, seriously - that no one, me included, knew the local admin password.
Knoppix to the rescue, 13 reboots later, I'm back in and the new admin password is 'asdf'.... I mean... it's really long and... un-crackable....
If you do what you always did, you get what you always got.
The mortgage broker, two floors up from us, was sold a "firewall/e-mail server that runs some kind of Linux". He was experiencing e-mail issues and tried to get the "vendor" to come out and service his "product". Unfortunately the vendor couldn't remember the root password to his own box. In addition, he wanted to charge the MB for more hours to re-install and configure it a second time.
/etc/shadow password file /etc/shadow file /etc/shadow file, replacing the old line
:-D
After NOT agreeing to the vendor's plan and showing him the door, the MB asked me if I could "crack into it" (yes, he actually used the right term). So... Knoppix to the rescue!
The following procedure worked well:
* 'mount' the HDD's main partition, rw
* From a shell prompt, enter 'su -' (in Knoppix this just drops you in, with no p/w required)
* Change the root passwd
* Make a backup copy of HDD's
* Copy the line for the root user in the Knoppix
* Paste it into the HDD's
* Profit.
Also noted that there were no users created (the vendor had been logging into Gnome as root to do everything). So added an user account with sudo 'ALL=(ALL) ALL' rights, etc., etc.
It was a strange way to find a new customer
Forgot to mention: BECAUSE of Knoppix, and its ilk, the servers we build and sell support loop-AES, exclusively!
(i.e. When you go to mount the HDD from Knoppix, it looks like a bunch of garbage and Knoppix refuses to mount it).
STUX, a live cd with pretty much everything, but very "heavy", only for 256mb+ machines
Knoppix STD, primarily because it's still the best for working wireless cards. Also some mp3s on the cd to listen to, and some fiddling with mkisofs means that from non-nix OSes it looks like that's all that's on the cd
SLAX, plus a few modules. I like modularness and I really really like ovlfs - basically you can treat the cd like a normal filesystem, and install new programs on it or anything.
Austrumi - simply AMAZING 50mb business card CD. Full versions of abiword, gnumeric, mplayer, the GIMP, Opera, nmap, skype, and more on the linux boot, plus they've included aida, chntpw etc. all on the 50mb cd
Finally, MoviX for some relaxation when I've finished fixing systems.
I am trolling
As mentioned in TFA, you'll be copying the partition table too, so if the destination partitions aren't the same you'll end up just like the author did, having a good boot record but erroneous partition table. Read the article for his fix (using "gpart" from his knoppix).
I've been using Pebuilder for my recovery needs with great success.
It's easy to customize with plugins that you can create, download, and add. The UBCD for Windows is a must have for pebuilder and makes it a real powerful tool. from browsing to e-mail, web browsing, disk recovery and lots more. I basicially used one of these CD's as my PC's OS while I was waiting for Dell to send me a new hard drive when the one in my machine at work crashed.
In Soviet Russia, Trojan exploits YOU!
People are using knoppix for this all the time; I can tell by the amount of email I deal with on the subject.
I was asked once to recover a windows 2000 laptop for a colleague.
His wife had booted a partition magic cd and accidently moved the windows partition over, causing a new partition to be created at the beginning of the disk. For some reason, partition magic wouldn't move the damn thing back.
Apparently, a DOS/Windows MBR always tries to boot the 1st partition. So when booting the machine, all we were getting were "no bootable disk" errors...
But, I had an idea.
I booted a knoppix cd and created a c:\grub directory. I copied grub files to it and configured a menu.lst to boot the 2nd partition, (where Windows 2000 was stuck at). Lastly, I installed grub to the MBR. After I rebooted, the grub boot menu came up with the "Windows 2000" option I had created. I hit enter and it loaded Windows 2000!
My colleague had no idea what I had just done, but was happy otherwise and no longer mad at his wife.
-Joe
Better yet, don't put anything valuable on the same computer that boots/manages the operating system...
Sounds to me like you're using vmware for no good reason. You could, quite easily, install all your programs (and libraries, and headers, etc) into a directory, in some arbitrary location on your hard drive, and just copy that directory from system to system.
I also can't see how your method could possibly be any good, because under vmware, you're going to be running yet another OS anyhow, so now you have two OSes running on top of each other, and twice as much that could go wrong. Where's the advantage, I don't see it?
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Actually you can remove the CD./ hack05.pdf
As an exmaple: http://www.oreilly.com/catalog/knoppixhks/chapter
ZERO ZERO ONE ZERO ONE ZERO ONE ONE! Just brushing up for my next big invention: Ethernet over Voice (EoV)