PDA

View Full Version : Remastering Knoppix as a Windows Rescue CD (aioscript)



bizarro
09-25-2004, 01:46 AM
I'm remastering Knoppix to act as a dedicated Windows Rescue CD. Here are my ideas so far on what it can perform on broken Windows PC's.

1. Backup client data to a network share or USB/Firewire drive using Samba
2. Blank out the administrative password using chntpw
3. Force a scandisk on next windows boot using ntfsfix
4. Restore data onto an NTFS drive using captive-ntfs
5. Test the PC's memory using memtest86
6. Test the PC's hard drive using Drive Fitness Test
7. Test the PC's hardware using Aida16
8. Undelete files from an NTFS partition using ntfsundelete
9. Resize partitions using QTParted
10. Have limited rescue tools in a console menu for PC's with low memory.
11. Have the ability to setup static IP's for sites with no DHCP or crossover cable connections.
12. Use icewm and nautilus as the GUI portion and place an XP theme on it.
13. Set expirations and login passwords on the CD itself
14. Use isolinux and memdisk to allow for booting other boot image files like DOS bootdisks

Although all of this can be done with the current Knoppix CD it cannot be done easily by a Microsofty tech ;)

With the Microsofty in mind I've customized the GUI to resemble XP and placed all of the rescue tools under the start button. The rescue tools in the past were a set of scripts but for future portability I'm consolidating all of them into one script called "aioscript" (All In One script ;)

The script can run the different functions by just setting the function after its name...for example...if you would like to reset the admin password to blank then just type:

aioscript ntpasswd
this calls the ntpasswd) function inside the script. So you get the idea.

The project is for my dept in the company I work for. Being that it can get any data and reset any admin password some security has been placed into the CD to avoid loss or misuse:

1. Expiration date using the time off of NTP servers
2. Username and passwords using /bin/login or GDM

Since there around 300 Microsofty's in my company I had to devise a way of distribution with customization...thats where the web came in...

Currently the old version of the RCD can be requested from our internal website. The website requires you to authenticate, once authenticated the website knows your email address, company ID # (HRID) and other little tidbits about the tech requesting...
The requesting tech can customize some features of the CD before compilation:
1. Username - extracted from authentication into the website, tech cannot change this.
2. HRID stamped into the bootscreen
3. Creation date stamped on the bootscreen
4. Account expiration - tech cannot change this
4. Password - given by the requesting client.
5. Other internal customizations for our dept.

Once requested the website ftp's a file with the clients info inside over to the Rescue CD Server...from there a cron job runs each minute to check if there is a request in its queue...once a request is entered the server then process' that info into an uncompressed copy of the CD then creates the ISO from it. This part is yet to be done so I may need some help :)
Once compiled the server will email the client stating that their CD is available for download, also another job is entered to lock the tech from being able to request another CD for 5 months and yet another email set to be emailed to the tech 5 months from creation date notifying the tech that they have 30 days to request another. The site is also able to email forgotten passwords to the techs :)

Obviously the current version right now is not releasable to this forum since there are alot of internal customizations done so it would work on our network environment but with my current rewrite hopefully I'll be able to release the "aioscript" for input, improvement and corrections...

The aioscript is written entirely in bash and requires the following on top of your base linux live-cd:

Samba
Captive-NTFS
expect
smbclient
ntfsprogs

I may be missing some things but thats the bulk of it...

Another thing I'm aiming to do with this release is to make every CD able to act as a distribution server. Just another script that will prep the hdd, ftp and mail and done :)

This is my first real linux project that I'm making public and wanted to gauge interest on it...so far 2 other member expressed interest...

I also consider myself an intermediate linux user and I'm sure you'll see that in my script so please be gentle on the criticism :oops:

I'll be posting the script as soon as I have a more complete version of it...

In the mean time if you have any ideas of what to add please post here.

HitmanKB
09-25-2004, 06:15 AM
You would also need some type of registry editing utility!!!!!!!!!!!! That is major if you are going to attempt to repair windows, from viruses, spyware, and other annoying problems.

bizarro
09-25-2004, 06:51 AM
there is a windows registry editor that is native to linux but it is so cryptic that i don't even bother...

the question then becomes if you can rescue the client data from the machine with in a few minutes...why not just reimage the hard drive with ghost and restore the client data...?

in most cases it is a faster solution than going through the registry and deleting spyware and worrying about virus'...

thats why its called a rescue instead of a repair :roll:

but you just gave me another good idea! i'll leave the knoppix install to hd script intact JUST in case we get some believers ;)

firebyrd10
09-25-2004, 05:58 PM
Very well thought out.

I can see this woule be very useful. Plus the auto creation of the cd and iso I think is just plain cool. :D

Are you the same one who said that you were already doing something like this?

HitmanKB
09-25-2004, 08:19 PM
there is a windows registry editor that is native to linux but it is so cryptic that i don't even bother...

the question then becomes if you can rescue the client data from the machine with in a few minutes...why not just reimage the hard drive with ghost and restore the client data...?

in most cases it is a faster solution than going through the registry and deleting spyware and worrying about virus'...

thats why its called a rescue instead of a repair :roll:

but you just gave me another good idea! i'll leave the knoppix install to hd script intact JUST in case we get some believers ;)

If you are imaging data thats infected with viruses using ghost and you restore the image, your not getting rid of the problem. For instance if you fixing the famous windows logon problem, in which the userinit is missing or pointing to some random location, Its much easier to go into the registry and fix the proper key that to do a format and restore. I fix registry issues with bartPE all of the time, I was just wondering if the same could be done with linux. Also, you say that why its called a rescue instead of repair, same thing to me, as fixing an os is just as good as restoring one if you know what you are doing, but it your post, so let me sotp hijacking it. :twisted:

asjones
09-26-2004, 03:24 PM
bizarro,

This sounds like a cool project. Instead of just limiting it to your company have you considered shaing it with all of us?

As far as security and password resetting you sounded worried about I am sure most here have seen
The Offline NT Password and Registry Editor
http://home.eunet.no/~pnordahl/ntpasswd/

It does sound like you have enough Linux knowledge that you could even take things to the next step and offer disk backup, cloaning/imaging.

Knoppix comes with Mondo Rescue http://mondorescue.org/ . However that won't run on a RAM drive i.e. Knoppix Live CD. The author even says he has two lines of C code that could be changed by "anybody" to make it work on a RAM drive etc. Unfortunatly the Author does not want to create an open source project that supports closed suource work.

If you or someone could add backup/cloaning/imaging support it would truly make a strong rescue disk.

Here are a few references to the Mondo/Windows issue:
http://forum.mondorescue.org/viewtopic.php?t=475&highlight=windows+knoppix

http://forum.mondorescue.org/viewtopic.php?t=463&highlight=windows+knoppix

http://forum.mondorescue.org/viewtopic.php?t=572&highlight=windows+knoppix+2+lines

bizarro
09-26-2004, 05:41 PM
Are you the same one who said that you were already doing something like this?

Dunno which thread you are referring to...but I do currently have a debian based rescue cd that is distributed through my company...


If you are imaging data thats infected with viruses using ghost and you restore the image, your not getting rid of the problem.

The rescue cd backs up data via zip or just plain copy...there is no imaging...the servers we connect to on our network are all antivirus managed so whatever files we copy up to or zip up to the server is cleaned or blocked

The company standardizes on Ghost so no imaging on the rescue cd although I have played with partimage before and even recommended it to the company...


This sounds like a cool project. Instead of just limiting it to your company have you considered shaing it with all of us?

I am...as soon as I have a working aioscript I will post it here for everyone to use and work and fix and clean up and add to...etc etc etc :)


As far as security and password resetting you sounded worried about I am sure most here have seen
The Offline NT Password and Registry Editor
:shock: shhhhh!!!!! don't tell anyone!!! :lol: actually like I said before...the tech in my company are mostly Windows savy and have no clue on Linux...in the documentation that I have for the cd I give credit to the actual developers and reference their links...

Thing is there is no one in my company that can take all of the tools and put them together in a working fashion as I have done...


If you or someone could add backup/cloaning/imaging support it would truly make a strong rescue disk.

I'm assuming when you speak of imaging you speak of ghost or partimage or something like that...if so...I haven't figured out how to run Ghost within the linux session...if anyone here has figured it out using dosemu please let me know :)

Partimage does work but its not part of my tools since my company doesn't standardize on that.

OErjan
09-26-2004, 05:54 PM
dd should make great "image" backup of partitions or whole drives.
if you flag it with dd conv=ignerror. and/or conv=noerrors and bs=X where X is 512, 1024, 2048...
or perhaps dd-rescue (never used by me)

bizarro
09-27-2004, 02:50 AM
Here is what I have so far to give to the forum...

Run the following command to see if you have some of the tools needed.

aioscript test

That test is complete though...once you look inside the script you'll see the files it checks.

So far its the console section I've been working on...once the console section is complete I will work on the X version which will be inside the same script...

Just cut and paste the file into /usr/bin/aioscript and chmod +x to make it executable and remaster...

Some things are still buggy I'm sure...just let me know or post corrections...thanx!



#!/bin/bash

PATH=/sbin:/bin:/usr/sbin:/usr/bin:/etc/xdscripts
IP=`ifconfig | grep inet | grep -v 127\.0\.0\.1 | cut -f2 -d':' | cut -f1 -d' '`

if [ ! -d /mount ]; then
mkdir /mount
fi

case "$1" in
## Main Menu Section
menu)
MAP=`mount | grep smbfs | cut -f1 -d' '`
FUNCTION=`dialog --stdout --no-cancel \
--title "Rescue CD Console" \
--menu "IP: $IP - Mapped to: $MAP" 0 60 0 \
1 "Map to Network Share" \
2 "Backup local drive to ... $MAP" \
3 "Run NTFS Check Disk" \
4 "NTFS Undelete" \
5 "Reset Admin Password" \
6 "Set Static IP" \
7 "Exit"`
if [ $FUNCTION = 1 ]; then
aioscript map
aioscript menu
elif [ $FUNCTION = 2 ]; then
aioscript backup
aioscript menu
elif [ $FUNCTION = 3 ]; then
aioscript checkdisk
aioscript menu
elif [ $FUNCTION = 4 ]; then
aioscript ntfsundelete
aioscript menu
elif [ $FUNCTION = 5 ]; then
aioscript ntpasswd
aioscript menu
elif [ $FUNCTION = 6 ]; then
aioscript staticip
aioscript menu
elif [ $FUNCTION = 7 ]; then
echo "Returning to login..."
fi
exit 1
;;

## Map to network share section
map)
if mount | grep smbfs > /dev/null; then
SMBMOUNTS=`mount | grep smbfs | cut -f1 -d' '`
for i in $SMBMOUNTS; do
umount $i
done
fi
USERNAME=`dialog --no-cancel --stdout --title "Map to Network Share" \
--inputbox "Enter your Domain Username" 0 0`
DOMAIN=`dialog --no-cancel --stdout --title "Map to Network Share" \
--inputbox "Enter your Domain" 0 0 ""`
SERVER=`dialog --no-cancel --stdout --title "Map to Network Share" \
--inputbox "Enter just the server name" 0 0`
SHARE=`dialog --no-cancel --stdout --title "Map to Network Share" \
--inputbox "Enter the share name" 0 0`
if ! nmblookup $SERVER > /dev/null; then
dialog --infobox "Cannot lookup server, starting over" 0 0
sleep 2
aioscript map
fi
if dialog --yesno "Username: $USERNAME \n Domain: $DOMAIN \n Server: $SERVER \n Share: $SHARE" 0 0; then
if [ ! -d /mount/$SERVER.$SHARE ]; then
mkdir -p /mount/$SERVER-$SHARE
fi
if ! mount -t smbfs -o username=$DOMAIN\\$USERNAME //$SERVER/$SHARE /mount/$SERVER-$SHARE; then
dialog --infobox "Cannot map to share, starting over" 0 0
sleep 2
aioscript map
fi
else
dialog --infobox "Lets try again..." 0 0
sleep 2
aioscript map
fi
exit 1
;;

## Backup hard drive section
backup)
if dialog --yesno "Due to having no GUI this script will copy the ENTIRE hard drive.
\nThis may take a long time, please be patient. \nContinue?" 0 0; then
if ! mount | grep smbfs; then
dialog --infobox "You must be mapped to a network share to use this tool..." 0 0
sleep 1
aioscript map
else
MAPDIR=`mount | grep smbfs | cut -f3 -d' '`
DIRNAME=`dialog --stdout --no-cancel --inputbox "Enter a unique directory name for the backup..." 0 0`-`date +%d%m%y`
MOUNTS=`fdisk -l | grep -i "ntfs\|fat" | cut -f3 -d'/' | cut -f1 -d' '`

for i in $MOUNTS; do
if [ ! -d /mount/$i ]; then
mkdir /mount/$i ; mount /dev/$i /mount/$i
fi
done
if [ -e /mount/$SERVER-$SHARE/$DIRNAME ]; then
if dialog --yesno "SAME DIRECTORY NAME EXISTS, CONTINUE?" 0 0; then
for i in $MOUNTS; do
dialog --infobox "Copy in progress..." 0 0
cp -auv /mount/$i/* /$MAPDIR/$DIRNAME/. >> /dev/null
dialog --msgbox "HardDrive backup completed.\nPress OK to return to Main Menu" 0 0
done
else
dialog --infobox "Lets try this again..." 0 0
sleep 2
aioscript backup
fi
else
mkdir $MAPDIR/$DIRNAME
for i in $MOUNTS; do
dialog --infobox "Copy in progress..." 0 0
cp -auv /mount/$i/* $MAPDIR/$DIRNAME/. >> /dev/null
dialog --msgbox "HardDrive backup completed.\nPress OK to return to Main Menu" 0 0
done
fi
fi
fi
exit 1
;;

## Run ntfsfix section
checkdisk)
if dialog --yesno "This option will unmount all partition(s), run a checkdisk then automatically reboot.\n\nContinue?" 0 0; then
PARTS=`fdisk -l /dev/hd[a-z] /dev/sd[a-z] | grep "NTFS" | cut -f1 -d' '`
umount -t ntfs /dev/hd[a-z][1-9] /dev/sd[a-z][1-9]>/dev/null 2>/dev/null
for i in $PARTS; do
clear
ntfsfix $i
clear
done
dialog --infobox "Rebooting now..." 0 0 & sleep 2
echo reboot
fi
exit 1
;;

## Run ntfsundelete section
ntfsundelete)
if ! mount | grep smbfs; then
dialog --infobox "You must be mapped to a network share to use this tool..." 0 0
sleep 1
aioscript map
fi
if dialog --yesno "This will undelete all files from a chosen partition that are 90% undeletable and copy them to a network share. \n\nContinue?" 0 0; then
PART=`fdisk -l /dev/hd[a-z] /dev/sd[a-z] | grep "NTFS" | cut -f1 -d' '`

PART1=`echo $PART | awk --source 'BEGIN { FS=" " }' --source '{ print $1 }'`
PART2=`echo $PART | awk --source 'BEGIN { FS=" " }' --source '{ print $2 }'`
PART3=`echo $PART | awk --source 'BEGIN { FS=" " }' --source '{ print $3}'`
PART4=`echo $PART | awk --source 'BEGIN { FS=" " }' --source '{ print $4}'`

umount -t ntfs /dev/hd[a-z][1-9] /dev/sd[a-z][1-9]>/dev/null 2>/dev/null

UNDELETE=`dialog --stdout --separator " " \
--radiolist "Select a partition and press SpaceBar:" 0 0 0 \
"$PART1" "" "on" \
"$PART2" "" "" \
"$PART3" "" "" \
"$PART4" "" ""`
echo $UNDELETE
fi
exit 1
;;

## Run NT password reset section
ntpasswd)

##Creating expect script!!!
echo '#!/usr/bin/expect -f
#

set timeout -1
spawn chntpw -u 0x1f4 /tmp/.ntpasswd/SAM
match_max 100000
expect -exact "Please enter new password: "
send -- "*\r"
expect -exact "Do you really wish to change it? (y/n) \[n\] "
send -- "y\r"
expect -exact "Write hive files? (y/n) \[n\] : "
send -- "y\r"
expect eof' > /tmp/chntpw.exp
chmod +x /tmp/chntpw.exp

if dialog --yesno "This will reset the administrative password to blank, \
run NTFS Check and automatically reboot.\n\nContinue?" 0 0; then
dialog --infobox "Blanking out admin password" 0 0
if [ -d /tmp/.ntpasswd ]; then
umount /tmp/.ntpasswd > /dev/null 2>/dev/null ; rm -rf /tmp/.ntpasswd
fi
if [ -d /tmp/ntfsdrive ]; then
umount /tmp/ntfsdrive > /dev/null 2>/dev/null ; rm -rf /tmp/ntfsdrive
fi
mkdir /tmp/.ntpasswd
mkdir /tmp/ntfsdrive
mount -t tmpfs tmpfs /tmp/.ntpasswd
mount -t ntfs `fdisk -l /dev/hd[a-z] /dev/sd[a-z] 2>/dev/null | grep NTFS | \
grep "\*" | cut -f1 -d' '` /tmp/ntfsdrive
DEFROOT="winnt windows"
if [ -d /tmp/ntfsdrive/winnt ]; then
DEFDIR="/tmp/ntfsdrive/winnt"
elif [ -d /tmp/ntfsdrive/windows ]; then
DEFDIR="/tmp/ntfsdrive/windows"
fi
cp $DEFDIR/system32/config/SAM /tmp/.ntpasswd

expect /tmp/chntpw.exp >> /dev/null
rm -f /tmp/chntpw.exp
mount -o remount,rw /tmp/ntfsdrive
cp /tmp/.ntpasswd/SAM $DEFDIR/system32/config/.
umount /tmp/ntfsdrive
dialog --infobox "Running NTFS fix on mondified partition" 0 0
ntfsfix `fdisk -l /dev/hd[a-z] /dev/sd[a-z] 2>/dev/null | grep NTFS | \
grep "\*" | cut -f1 -d' '` > /dev/null
dialog --infobox "REBOOTING" 0 0 && sleep 2
echo init 6
fi
exit 1
;;

## Set static IP section
staticip)
if dialog --yesno "This option will setup a static IP \
for sites without DHCP.\nContinue?" 0 0; then
IP=`dialog --stdout --title "example: 321.123.321.123" \
--no-cancel --inputbox "IP Address" 0 0`
IPGW=`echo $IP | cut -f-3 -d'.'`.1
SUBNET=`dialog --stdout --no-cancel --inputbox "Subnet Mask" 0 0 255.255.255.0`
GW=`dialog --stdout --no-cancel --inputbox "Defautl Gateway" 0 0 $IPGW`
DNS=`dialog --stdout --no-cancel --inputbox "DNS" 0 0 ""`
SUFFIX=`dialot --stdout --no-cancel --inputbox "Suffix Search Order \
(separated by spares)" 0 0 \
""`
if dialog --yesno "Is this information correct? \n
IP Address: $IP \n
Subnet Mask: $SUBNET \n
Default Gateway: $GW \n\n
Suffix Search Order:\n$SUFFIX" 0 0; then
ETH=`ifconfig | grep eth| grep -v 0.0.0.0 | cut -f1 -d' '`
ifconfig $ETH $IP
ifconfig $ETH netmask $SUBNET
route add default $ETH
route add default gw $GW
echo search $SUFFIX > /etc/resolv.conf
echo nameserver $DNS >> /etc/resolv.conf
else
aioscript staticip
fi
fi
exit 1
;;


*)
echo "Usage: aioscript {menu|backup|map|checkdisk|ntfsfix|ntpasswd|ntfsun delete|staticip|checkdisk|?}"
exit 1
;;


esac
exit 0

firebyrd10
09-27-2004, 10:27 PM
I belive there is an attempt to create linux usable Ghost image program

Last I saw it, it work with unecrpyted, un compressed. That was a while ago so they might have it working now. I don't have a link.

mikekgr
09-28-2004, 08:57 PM
Dear firebyrd10,
can you try to find the "linux usable Ghost image program" link.
I have search the net many times but without any success...

Best Regards,
Mike Kranidis

bizarro
09-30-2004, 05:17 AM
I found clones of Ghost but nothing that can read Ghost image files...

I have tinkered a little with DOSEMU and running Ghost from within that session but its been unsuccessful. If someone knows how to run Ghost from within a DOSEMU session please post it here...

:)

firebyrd10
10-01-2004, 01:32 AM
I found clones of Ghost but nothing that can read Ghost image files...

I have tinkered a little with DOSEMU and running Ghost from within that session but its been unsuccessful. If someone knows how to run Ghost from within a DOSEMU session please post it here...

:)

Don't think that would wrok as ghost needs direct access to the raw sectors.
Something that dosemu can't do.