Rescue: Difference between revisions

From ALT Linux Wiki
m (→‎Software spotlights: forensic mode: rootfs hash check added)
Line 64: Line 64:
There's more than a hundred of specialized programs there and many more are available through ALT Linux Sisyphus repository which serves as the base for this rescue image.  You can also rebuild it with the tools you need<ref>contact mike at altlinux org, it's about [https://www.ohloh.net/p/mkimage-profiles mkimage-profiles]</ref>.
There's more than a hundred of specialized programs there and many more are available through ALT Linux Sisyphus repository which serves as the base for this rescue image.  You can also rebuild it with the tools you need<ref>contact mike at altlinux org, it's about [https://www.ohloh.net/p/mkimage-profiles mkimage-profiles]</ref>.


'''Forensic mode''' boot aims to [http://www.forensicswiki.org/wiki/ALT_Linux_Rescue minimize impact on media] by avoiding activation of swap partitions, software RAID and LVM, mounting no filesystems and switching {{cmd|mount-system}} to readonly mode using loopback devices.  If UEFI boot is needed press F2, F2 and append <tt>forensic</tt> to kernel parameters at the moment.
'''Forensic mode''' boot aims to [http://www.forensicswiki.org/wiki/ALT_Linux_Rescue minimize impact on media] by avoiding activation of swap partitions, software RAID and LVM, mounting no filesystems and switching {{cmd|mount-system}} to readonly mode using loopback devices; if UEFI boot is needed press F2, F2 and append <tt>forensic</tt> to kernel parameters at the moment.  This mode enables '''hardening''' against rescue [http://www.forensicswiki.org/wiki/Forensic_Live_CD_issues root filesystem spoofing].


= References =
= References =

Revision as of 16:32, 23 April 2014

Screenshots

What is it for

ALT Linux Rescue is a moderate sized[1] LiveCD distribution that is designed to help sysadmins fix and repair many kinds of problems with systems they are or feel responsible for; so it comes with tools aiding to:

  • perform hardware diagnostics
  • resize partitions
  • fix bootloaders, partitions, filesystems
  • recover partitions and files deleted by accident
  • backup and restore to network servers
  • deal with optical, tape and file archives
  • optimize filesystem usage
  • diagnose network problems and remote services
  • wipe partitions or drives clean of residual information[2]
  • access Android devices, reset Windows passwords, etc
  • investigate unauthorized access/security breach events

All of that is packaged into a convenient hybrid ISO image file suitable for both CD/DVD media and USB Flash pendrives[3].

The resulting media should be bootable on most x86 systems:

  • 32-bit ones starting roughly with Intel Pentium II/128M or equivalent,
  • 64-bit ones on any AMD64 compatible hardware with BIOS or UEFI[4].

But above all, don't panic, we've been there too!

Download

Gnome-media-optical.svg A Regular Build

These images are automatically built weekly[5], here are the direct download links to files which have been verified to boot already:

This is free software, you can use it, share it and enchance it too! And here are some alternatives.

Software spotlights

This is a GNU/*/Linux based LiveCD so all the software runs under Linux kernel[6]. Contents can be extended in runtime, dhcpcd; apt-get update and install away.

Here are some of the packages included to get you started:

  • refind to cope with the lack of EFI boot manager menu
  • smartmontools for HDD/SSD S.M.A.R.T. monitoring
  • testdisk/photorec to recover partitions and data files
  • memtest86 for UEFI[7] and memtest86+ for BIOS
  • android-tools, bonnie++, chntpw, cpuburn, dc3dd/dcfldd/ddrescue, exfat-utils, gpart, hdparm, ipmitool, lft, netcat, parted, rsync, scalpel, sleuthkit (aff/ewf), uudeview, whdd, wipefreespace...

There's more than a hundred of specialized programs there and many more are available through ALT Linux Sisyphus repository which serves as the base for this rescue image. You can also rebuild it with the tools you need[8].

Forensic mode boot aims to minimize impact on media by avoiding activation of swap partitions, software RAID and LVM, mounting no filesystems and switching mount-system to readonly mode using loopback devices; if UEFI boot is needed press F2, F2 and append forensic to kernel parameters at the moment. This mode enables hardening against rescue root filesystem spoofing.

References

Windows-infographic share.png
Upgrade from Windows 8!
 
  1. roughly 280 Mb in 64-bit flavour
  2. ...which could be undeletable
  3. with dd(8) or win32diskimager
  4. you might prefer to disable SecureBoot though even if it's handled in late November 2013 snapshots and on
  5. there are quarterly starterkits including a twin rescue image built using stable branch
  6. the kernel version usually either the latest one or pretty close to that, BTW
  7. with PassMark's permission
  8. contact mike at altlinux org, it's about mkimage-profiles