1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
4 <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
5 <TITLE>grml - Linux for system administrators and texttool users: sysadmin tasks</TITLE>
6 <LINK HREF="grml-doc-5.html" REL=next>
7 <LINK HREF="grml-doc-3.html" REL=previous>
8 <LINK HREF="grml-doc.html#toc4" REL=contents>
11 <A HREF="grml-doc-5.html">Next</A>
12 <A HREF="grml-doc-3.html">Previous</A>
13 <A HREF="grml-doc.html#toc4">Contents</A>
15 <H2><A NAME="s4">4.</A> <A HREF="grml-doc.html#toc4">sysadmin tasks</A></H2>
17 <H2><A NAME="ss4.1">4.1</A> <A HREF="grml-doc.html#toc4.1">resize NTFS partition</A>
21 <P>Let's assume you have a harddisk with a single partition using NTFS as the
22 filesystem. Now you would like to resize the partition so you can install
28 ntfsresize --no-action --size 20000M /dev/hda1
33 <P>to check wheter it works. If you do not notice any errors you can drop the
34 '--no-action'-option and resize the partition. For more details take a look
36 <A HREF="http://linux-ntfs.sourceforge.net/info/ntfsresize.html">the ntfsresize-homepage</A>.</P>
38 <H2><A NAME="ss4.2">4.2</A> <A HREF="grml-doc.html#toc4.2">backup and restore Master Boot Record (MBR)</A>
41 <P>Backup the MBR via:</P>
46 dd if=/dev/hda of=hda.mbr bs=512 count=1
51 <P>and restore it via:</P>
56 dd if=hda.mbr of=/dev/hda bs=512 count=1
61 <P>Caution: the MBR contains the partition table (the first four primary
62 entries). If you changed the partition since creating the backup-file
63 you will probably lose your partitions.</P>
64 <P>If you do not want to restore the partition table you should use with
65 'bs=448' instead. This will write only the first 448 bytes of the
66 MBR leaving the last 64 bytes intact (4 partition table entries * 16
69 <H2><A NAME="ss4.3">4.3</A> <A HREF="grml-doc.html#toc4.3">backup and restore harddisc</A>
76 zcat /mnt/Backup/hda1.dd.gz | dd of=/dev/hdb1
81 <P>You might want to use a specific blocksize to improve performance.
82 Specify it via 'bs=...k', values from 4k up to 1024k might fit your
85 <H2><A NAME="ss4.4">4.4</A> <A HREF="grml-doc.html#toc4.4">clone harddisc</A>
92 dd if=/dev/hda of=/dev/hdb
97 <P>Notice: this includes of course the bootsector too!
98 More detailed information is available in the
99 <A HREF="http://www.tldp.org/HOWTO/Hard-Disk-Upgrade/">Hard-Disk-Upgrade HowTo</A>.</P>
101 <P>TODO: backup via network (netcat/scp/...)</P>
102 <P>tar -cf - directory | ssh user@remote tar -xf - -C /dest/dir
103 dd if=image | ssh fileserver "cd /tmp; dd of=image"</P>
104 <P>vom client zum server:
105 dd if=/dev/hda1 | ssh fileserver 'cat > image'</P>
106 <P>vom server zum client:
107 ssh client 'dd if=/dev/hda' > image</P>
108 <P>-> unbedingt Blocksize anpassen wegen Performance!</P>
109 <P>http://lists.suse.com/archive/suse-linux/2004-May/2786.html</P>
110 <P>Komplettes Partitions Backup (Image):</P>
111 <P>mount /dev/hda1 / -o remount,rw;
112 dd if=/dev/zero of=/delme1 bs=4048; rm /delme1;
113 mount /dev/hda1 / -o remount,ro;</P>
115 <P>dd if=/dev/hda1 bs=4048 | bzip2 > /mountpoint/image_hda1.bz;</P>
117 <P>ssh host -c blowfish 'dd if=/dev/hda1 bs=4048 | bzip2' | dd of=/image_hda1.bz</P>
118 <P>Entfernten Rechner mit tar sichern:</P>
119 <P>ssh root@otherhost -c blowfish 'tar -f - -p -P -c --exclude=/tmp --exclude=/var/cache /' | dd of=/daten/backup.tar</P>
120 <P>Remote backup via rsync:
121 rsync --delete -avze ssh /home/mika/ mika@mari:/Backup/</P>
122 <P>grml-system klonen:
123 rsync -avzp --rsh="ssh -l root -p 66" /Grml/grml_uncompressed remote:/Grml/</P>
125 <H2><A NAME="ss4.5">4.5</A> <A HREF="grml-doc.html#toc4.5">install lilo</A>
128 <P>Mount your root partition with the dev-flag:
132 mount -o dev /mnt/hda1
137 <P>Then adjust /mnt/hda1/etc/lilo.conf. Now execute lilo in the chroot:</P>
142 chroot /mnt/hda1 lilo
148 <H2><A NAME="ss4.6">4.6</A> <A HREF="grml-doc.html#toc4.6">install grub</A>
151 <P>TODO: grub-install</P>
153 <H2><A NAME="ss4.7">4.7</A> <A HREF="grml-doc.html#toc4.7">rescue partition(s)/-tables</A>
156 <P>TODO: ntfsresize, parted, ntfsclone</P>
158 <H2><A NAME="ss4.8">4.8</A> <A HREF="grml-doc.html#toc4.8">restore password</A>
161 <P>You can change the password of a Linux system via chrooting into:
165 mount /dev/hda1 # mount rootpartition, make sure it is mounted read-writeable!
172 <P>or via using /bin/sh instead of the init-system:</P>
177 linux init=/bin/sh # boot with bootparam init
178 mount -o remount,rw / # mount root partition read-writeable
179 /usr/bin/passwd # now set the password
180 mount -n -o remount,ro / # remount / read-only
181 /sbin/init 6 # reboot
186 <P>If you don't have /usr/bin/passwd available you could change
187 /etc/passwd. Just remove the 'x' in the line containing information
188 about user root, just change:</P>
193 root:x:0:0:root:/root:/bin/zsh
198 <P>to something like:</P>
203 root::0:0:root:/root:/bin/zsh
208 <P>or you could even remove the hash in /etc/shadow, change:</P>
213 root:foooobaaaarrrr.:11808:0:10000::::
218 <P>into something like this:</P>
223 root::11808:0:10000:::
229 <H2><A NAME="ss4.9">4.9</A> <A HREF="grml-doc.html#toc4.9">rescue a Linux system (Debian)</A>
232 <P>You have a system which does not boot anymore because there have been
233 problems at the last upgrade? Just mount the root-partition and chroot
244 <P>Now you can run commands within your 'damaged system'.
245 Notice: 'chroot /mnt/hda1 /bin/bash' might be required
246 if /mnt/hda1 does not contain a zsh because chroot invokes
249 <H2><A NAME="ss4.10">4.10</A> <A HREF="grml-doc.html#toc4.10">setting up a firewall</A>
252 <H2><A NAME="ss4.11">4.11</A> <A HREF="grml-doc.html#toc4.11">setting up a gateway</A>
255 <H2><A NAME="ss4.12">4.12</A> <A HREF="grml-doc.html#toc4.12">setting up a transparent bridge</A>
258 <H2><A NAME="ss4.13">4.13</A> <A HREF="grml-doc.html#toc4.13">scan for virus</A>
261 <P>Let's assume you want to check for virus on your hard disc.
262 Mount the partition and run clamscan:</P>
267 mount /mnt/hda1 # mount the partition you want to scan
268 clamscan -r /mnt/hda1
273 <P>TODO: freshclam</P>
275 <H2><A NAME="ss4.14">4.14</A> <A HREF="grml-doc.html#toc4.14">rootkits, intruders & co</A>
278 <P>Use chkrootkit to scan for rootkits.
282 mount /mnt/hda1 # assuming that hda1 contains your root-partition, adjust it!
283 chkrootkit -r /mnt/hda1
288 <P>If you don't want to run integrity checkers like tripwire/aide on your systems
289 you could create md5sums of the binaries:</P>
294 mount /mnt/hdaX # assuming that hda1 contains your root-partition, adjust it!
295 find /mnt/hda1/bin /mnt/hda1/usr/bin /mnt/hda1/sbin /mnt/hda1/usr/sbin -type f -print0 | xargs -0 md5sum > /tmp/md5sum.clean
296 sort /tmp/md5sum.clean > /tmp/md5sum.clean.sorted
301 <P>In case of a possible infection you could run the command again
302 (adjusting 'clean' to e.g. 'check') and compare the two md5sum-files
303 (preferably the sorted ones) via the diff-command.</P>
307 <H2><A NAME="ss4.15">4.15</A> <A HREF="grml-doc.html#toc4.15">System information</A>
310 <P>Interactive tools:
314 Performance Tools: System CPU.
315 vmstat (Virtual Memory Statistics)
317 procinfo (Display Info from the /proc File System)
319 mpstat (Multiprocessor Stat)
320 sar (System Activity Reporter)
323 Performance Tools: System Memory.
324 vmstat (Virtual Memory Statistics)
333 Performance Tools: Process-Specific CPU.
338 ld.so (Dynamic Loader)
342 Performance Tools: Process-Specific Memory.
346 valgrind (cachegrind)
351 Performance Tools: Disk I/O.
356 lsof (List Open Files)
358 Performance Tools: Network.
359 mii-tool (Media-Independent Interface Tool)
361 ifconfig (Interface Configure)
369 Utility Tools: Performance Tool Helpers.
377 gcc (GNU Compiler Collection)
379 Schedutils: CPU related stuff
389 <A HREF="grml-doc-5.html">Next</A>
390 <A HREF="grml-doc-3.html">Previous</A>
391 <A HREF="grml-doc.html#toc4">Contents</A>