Merge remote-tracking branch 'origin/github/pr/45'

[grml.org.git] / docs / grml-doc-4.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
 <TITLE>grml - Linux for system administrators and texttool users: sysadmin tasks</TITLE>
 <LINK HREF="grml-doc-5.html" REL=next>
 <LINK HREF="grml-doc-3.html" REL=previous>
 <LINK HREF="grml-doc.html#toc4" REL=contents>
</HEAD>
<BODY>
<A HREF="grml-doc-5.html">Next</A>
<A HREF="grml-doc-3.html">Previous</A>
<A HREF="grml-doc.html#toc4">Contents</A>
<HR>
<H2><A NAME="s4">4.</A> <A HREF="grml-doc.html#toc4">sysadmin tasks</A></H2>

<H2><A NAME="ss4.1">4.1</A> <A HREF="grml-doc.html#toc4.1">resize NTFS partition</A>
</H2>


<P>Let's assume you have a harddisk with a single partition using NTFS as the
filesystem. Now you would like to resize the partition so you can install
Linux to it. Run:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
ntfsresize --no-action --size 20000M /dev/hda1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>to check wheter it works. If you do not notice any errors you can drop the
'--no-action'-option and resize the partition. For more details take a look
at 
<A HREF="http://linux-ntfs.sourceforge.net/info/ntfsresize.html">the ntfsresize-homepage</A>.</P>

<H2><A NAME="ss4.2">4.2</A> <A HREF="grml-doc.html#toc4.2">backup and restore Master Boot Record (MBR)</A>
</H2>

<P>Backup the MBR via:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
dd if=/dev/hda of=hda.mbr bs=512 count=1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>and restore it via:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
dd if=hda.mbr of=/dev/hda bs=512 count=1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>Caution: the MBR contains the partition table (the first four primary
entries). If you changed the partition since creating the backup-file
you will probably lose your partitions.</P>
<P>If you do not want to restore the partition table you should use with
'bs=448' instead. This will write only the first 448 bytes of the
MBR leaving the last 64 bytes intact (4 partition table entries * 16
bytes/entry).</P>

<H2><A NAME="ss4.3">4.3</A> <A HREF="grml-doc.html#toc4.3">backup and restore harddisc</A>
</H2>

<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
zcat /mnt/Backup/hda1.dd.gz | dd of=/dev/hdb1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>You might want to use a specific blocksize to improve performance.
Specify it via 'bs=...k', values from 4k up to 1024k might fit your
needs.</P>

<H2><A NAME="ss4.4">4.4</A> <A HREF="grml-doc.html#toc4.4">clone harddisc</A>
</H2>

<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
dd if=/dev/hda of=/dev/hdb
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>Notice: this includes of course the bootsector too!
More detailed information is available in the
<A HREF="http://www.tldp.org/HOWTO/Hard-Disk-Upgrade/">Hard-Disk-Upgrade HowTo</A>.</P>

<P>TODO: backup via network (netcat/scp/...)</P>
<P>tar -cf - directory | ssh user@remote tar -xf - -C /dest/dir
dd if=image | ssh fileserver "cd /tmp; dd of=image"</P>
<P>vom client zum server:
dd if=/dev/hda1 | ssh fileserver 'cat > image'</P>
<P>vom server zum client:
ssh client 'dd if=/dev/hda' > image</P>
<P>-> unbedingt Blocksize anpassen wegen Performance!</P>
<P>http://lists.suse.com/archive/suse-linux/2004-May/2786.html</P>
<P>Komplettes Partitions Backup (Image):</P>
<P>mount /dev/hda1 / -o remount,rw;
dd if=/dev/zero of=/delme1 bs=4048; rm /delme1;
mount /dev/hda1 / -o remount,ro;</P>
<P>Lokal:</P>
<P>dd if=/dev/hda1 bs=4048 | bzip2 > /mountpoint/image_hda1.bz;</P>
<P>Netzwerk:</P>
<P>ssh host -c blowfish 'dd if=/dev/hda1 bs=4048 | bzip2' | dd of=/image_hda1.bz</P>
<P>Entfernten Rechner mit tar sichern:</P>
<P>ssh root@otherhost -c blowfish 'tar -f - -p -P -c --exclude=/tmp --exclude=/var/cache /' | dd of=/daten/backup.tar</P>
<P>Remote backup via rsync:
rsync --delete -avze ssh /home/mika/ mika@mari:/Backup/</P>
<P>grml-system klonen:
rsync -avzp --rsh="ssh -l root -p 66" /Grml/grml_uncompressed remote:/Grml/</P>

<H2><A NAME="ss4.5">4.5</A> <A HREF="grml-doc.html#toc4.5">install lilo</A>
</H2>

<P>Mount your root partition with the dev-flag:
<BLOCKQUOTE><CODE>
<HR>
<PRE>
mount -o dev /mnt/hda1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>Then adjust /mnt/hda1/etc/lilo.conf. Now execute lilo in the chroot:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
chroot /mnt/hda1 lilo
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>

<H2><A NAME="ss4.6">4.6</A> <A HREF="grml-doc.html#toc4.6">install grub</A>
</H2>

<P>TODO: grub-install</P>

<H2><A NAME="ss4.7">4.7</A> <A HREF="grml-doc.html#toc4.7">rescue partition(s)/-tables</A>
</H2>

<P>TODO: ntfsresize, parted, ntfsclone</P>

<H2><A NAME="ss4.8">4.8</A> <A HREF="grml-doc.html#toc4.8">restore password</A>
</H2>

<P>You can change the password of a Linux system via chrooting into:
<BLOCKQUOTE><CODE>
<HR>
<PRE>
mount /dev/hda1    # mount rootpartition, make sure it is mounted read-writeable!
chroot /mnt/hda1
passwd root
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>or via using /bin/sh instead of the init-system:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
linux init=/bin/sh       # boot with bootparam init
mount -o remount,rw /    # mount root partition read-writeable
/usr/bin/passwd          # now set the password
mount -n -o remount,ro / # remount / read-only
/sbin/init 6             # reboot
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>If you don't have /usr/bin/passwd available you could change
/etc/passwd. Just remove the 'x' in the line containing information
about user root, just change:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
root:x:0:0:root:/root:/bin/zsh
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>to something like:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
root::0:0:root:/root:/bin/zsh
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>or you could even remove the hash in /etc/shadow, change:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
root:foooobaaaarrrr.:11808:0:10000::::
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>into something like this:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
root::11808:0:10000:::
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>

<H2><A NAME="ss4.9">4.9</A> <A HREF="grml-doc.html#toc4.9">rescue a Linux system (Debian)</A>
</H2>

<P>You have a system which does not boot anymore because there have been
problems at the last upgrade? Just mount the root-partition and chroot
into it:
<BLOCKQUOTE><CODE>
<HR>
<PRE>
mount /mnt/hda1
chroot /mnt/hda1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>Now you can run commands within your 'damaged system'.
Notice: 'chroot /mnt/hda1 /bin/bash' might be required
if /mnt/hda1 does not contain a zsh because chroot invokes
$SHELL.</P>

<H2><A NAME="ss4.10">4.10</A> <A HREF="grml-doc.html#toc4.10">setting up a firewall</A>
</H2>

<H2><A NAME="ss4.11">4.11</A> <A HREF="grml-doc.html#toc4.11">setting up a gateway</A>
</H2>

<H2><A NAME="ss4.12">4.12</A> <A HREF="grml-doc.html#toc4.12">setting up a transparent bridge</A>
</H2>

<H2><A NAME="ss4.13">4.13</A> <A HREF="grml-doc.html#toc4.13">scan for virus</A>
</H2>

<P>Let's assume you want to check for virus on your hard disc.
Mount the partition and run clamscan:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
mount /mnt/hda1        # mount the partition you want to scan
clamscan -r /mnt/hda1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>TODO: freshclam</P>

<H2><A NAME="ss4.14">4.14</A> <A HREF="grml-doc.html#toc4.14">rootkits, intruders &amp; co</A>
</H2>

<P>Use chkrootkit to scan for rootkits.
<BLOCKQUOTE><CODE>
<HR>
<PRE>
mount /mnt/hda1  # assuming that hda1 contains your root-partition, adjust it!
chkrootkit -r /mnt/hda1
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>If you don't want to run integrity checkers like tripwire/aide on your systems
you could create md5sums of the binaries:</P>
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>
mount /mnt/hdaX  # assuming that hda1 contains your root-partition, adjust it!
find /mnt/hda1/bin /mnt/hda1/usr/bin /mnt/hda1/sbin /mnt/hda1/usr/sbin -type f -print0 | xargs -0 md5sum > /tmp/md5sum.clean
sort /tmp/md5sum.clean > /tmp/md5sum.clean.sorted
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>
<P>In case of a possible infection you could run the command again
(adjusting 'clean' to e.g. 'check') and compare the two md5sum-files
(preferably the sorted ones) via the diff-command.</P>



<H2><A NAME="ss4.15">4.15</A> <A HREF="grml-doc.html#toc4.15">System information</A>
</H2>

<P>Interactive tools:
<BLOCKQUOTE><CODE>
<HR>
<PRE>
Performance Tools: System CPU.
      vmstat (Virtual Memory Statistics)
      top
      procinfo (Display Info from the /proc File System)
      gnome-system-monitor
      mpstat (Multiprocessor Stat)
      sar (System Activity Reporter)
      oprofile

Performance Tools: System Memory.
      vmstat  (Virtual Memory Statistics)
      top
      procinfo
      gnome-system-monitor
      free
      slabtop
      sar
      /proc/meminfo

Performance Tools: Process-Specific CPU.
      time
      strace
      ltrace
      ps (Process Status)
      ld.so (Dynamic Loader)
      gprof
      oprofile

Performance Tools: Process-Specific Memory.
      ps
      /proc/\&lt;PID\>
      memprof
      valgrind (cachegrind)
      kcachegrind
      oprofile
      ipcs

Performance Tools: Disk I/O.
      vmstat
      dstat
      iostat
      sar
      lsof  (List Open Files)

Performance Tools: Network.
      mii-tool (Media-Independent Interface Tool)
      ethtool
      ifconfig (Interface Configure)
      ip
      sar
      gkrellm
      iptraf
      netstat
      etherape

Utility Tools: Performance Tool Helpers.
      bash/zsh
      tee
      script
      watch
      ldd
      objdump
      GNU Debugger (gdb)
      gcc (GNU Compiler Collection)

Schedutils: CPU related stuff
      schedtool
      chrt
      taskset
</PRE>
<HR>
</CODE></BLOCKQUOTE>
</P>

<HR>
<A HREF="grml-doc-5.html">Next</A>
<A HREF="grml-doc-3.html">Previous</A>
<A HREF="grml-doc.html#toc4">Contents</A>
</BODY>
</HTML>