I am a noob so...... I have an old(ish) server that was hacked and I am pretty sure is now as viral as a chinese chicken.
ERGO I wish to format all (there are 8 of 'em) SCSI drives and reinstall an OS.
I am getting more and more interested in LINUX so project no1 (not including Smoothwall which ROCKS).
I want to examine the partitions via Knoppix.
Should I use fdisc or what I am a little confused here.
Any advice gratefully received.
It would be nice to examine the disks also before I send their data to the great electromagnet in the sky
Thnks folks :wink:

It would be nice to examine the disks also before I send their data ...
So what are you asking here? If you have used Knoppix at all it should be simple to examine any partitions that are there, assuming the infections have not destroyed the partitions or the partition tables.


Should I use fdisc or what I am a little confused here.
There are several partitioning tools, including fdisk (not fdisc). fdisk should server you fine. It is worth noting that if you just go ahead and run a Debian installer (not Knoppix, Debian, one of the Linux distros intended for hard disk install) it will offer you the chance to just use an entire hard disk. You will want to go back and recover the space for the other seven on your own though, and again fdisk is a viable tool for this.

OK thanks for the response.
I know I could install Debian etc, thats not really what I menat, I would like to format all of the drives without installing anything. So what would be a good tool?
Also I must be doing something wrong with knoppix as I cant find a tool to examine the HDD's :oops:

To view the partition table of the first scsi drive:
<code>
fdisk -l /dev/sda
</code>

What is called "formatting" in the DOS/Windows world is called
"making a file system" in Unix. There are a number of different
file systems available - the manual page will help you:
<code>
man mkfs
</code>

thankyou angor
will do

Without installing anything is somewhat cryptic. While you can certainly format the disks without installing an OS, what OS you plan to use the system with may influence your choice of partition types a lot. There are actually two parts to "formatting a disk"; deciding what type(s) of partitions you want and how many, which is partitioning, and then laying down the basics of the empty file system, which is formatting. But if the drives had old FAT partitions on them and you wanted to use Knoppix and FAT partitions then you could just format (which would wipe out any old infections on the partitions and start them fresh). But you might want to change the type of partitions to more native Linux partition types.

And while formatting will clean the partitions, it does not remove any virus that might be installed in the Master Boot Record. This might not be a problem if you only ever boot from Live CDs, but it is something that you should really deal with so that your infections don't come back to haunt you when you do install something to hard disk.

OK Harry,

well I intend to install Windows Server 2003 and Exchange to the box when its "clean" so the intention was to "wipe" all of the HDD's from the live Knoppix distro.

As to the file system I would ultimatly use it would be NTFS. I beleive that NTFS is invisible to Linux??

I would install Debian to this box but at the moment I have to stay with MS.

So to summarise. ..
I wish to "disinfect" by wiping the drives prior to a MS install, and I wish to do this via Knoppix ( so as to learn Knoppix tools)

I also wouldnt mind examining the discs, its not esentiall its again to learn Knoppix tools and for my own curiosity.

If I have understood you correctly though I am going to need to "wipe" the MBR to ensure that nothing nasty is lurking. How would I go about that ??

As to partitioning I wont be, or rather I shall leave each disc as an entire volume.

Thankyou for your patience

well I intend to install Windows Server 2003 and Exchange to the box when its "clean" so the intention was to "wipe" all of the HDD's from the live Knoppix distro.


WARNING! THIS WILL DESTROY YOUR DATA

To "clean" the HDD /dev/hda from everything, you can use

sudo dd if=/dev/zero of=/dev/hda bs=65536
This overwrites everything on /dev/hda with zeroes, including MBR, partition-table, and all partitions.
Just repeat this for all of the HDDs you have, and after that there won't be anything left on any of them.

ps. If you want to examine the disks, remember to do it before this command :wink:
(I'm not sure what to suggest for this.)

ps. There's also a small LiveCD with nice graphical partition-editor which you might like: http://gparted.sourceforge.net/livecd.php

Ok have managed (finally) to examine stuff using the Knoppix STD distro (good tool!)

Thanks for all the input! :D

As to the file system I would ultimatly use it would be NTFS. I beleive that NTFS is invisible to Linux??
Just to clear out the one outstanding issue, NTFS is not invisible to Linux, that is, Linux can see (read) NTFS partitions just fine. But it can't write to them and it sure can't format them.

so using dd to change everything on the drive to zeros won't work to format an NTFS partition?

so using dd to change everything on the drive to zeros won't work to format an NTFS partition?

Well, it doesn't "format" the NTFS partition - it removes it completely.
So after this operation you need to create a new NTFS partition on the disk. If you are going to install Windows, this will be done during the install when Windows detects that there are no partitions on the disk.

If you'd just format the partition, you wouldn't need to re-create it during install. And just formatting a partition wouldn't clear MBR, which is located outside of any partition.