LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-16-2009, 09:27 AM   #1
Completely Clueless
Member
 
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 814

Rep: Reputation: 69
A fresh installation every day!


Hi guys,

I like to be sure my system is entirely clean of viruses and other malware and needless clutter, and have come to the conclusion that the best way (for my needs at any rate) to achieve this would be to re-instate the *complete* hard disk contents from scratch every day. This isn't such a big deal as the hard drive in question is only a SSD of 8Gb in size, comprising an MBR and two partitions; 7Gb ext2 for the system and 1Gb swap.

So I would like to image the *entire* pristine disk, save it as a file somewhere on the system, and have it automatically re-install from scratch every night at say 3AM (cron job) so every morning I boot-up to a known good system again. So that's the concept, but as usual its a little ahead of my abilities to implement it. This particular machine is a netbook with no built in CDrom drive, but several memory card slots. Could it be implemented using a script which say accesses an SD card for the clean backup image's location?
Thanks, CC.

Last edited by Completely Clueless; 04-16-2009 at 09:30 AM.
 
Old 04-16-2009, 09:39 AM   #2
kentyler
Member
 
Registered: Dec 2008
Location: Cleveland Ohio
Distribution: CentOS
Posts: 235

Rep: Reputation: 36
You could create a crontab on the image to overwrite the drive with a copy of the drive from another card.

if you run the following command as root you will make a bootable copy of the drive including all the partitions and files.


to create the image you can use either an entire drive/card

dd if=/dev/hdx of=/dev/hdy

or save as a file image

dd if=/dev/hdx of=/path/filename

Then reverse the command to re-image the disk

dd if=/dev/hdy of=/dev/hdx

or

dd if=/path/filename of=/dev/hdx

Of course in your situation it may be /dev/sda or /dev/hda even if you are using vgfs where you see

/dev/mapper/VolGroup***

fdisk -l shows the raw devices.

Since you can't overwrite the live hard disk you need to have 3 cards, one for the pristine image, one to run to create a copy of the pristine image, then once the copy is done swap the next day.

I'm sure you will figure it out.
 
Old 04-16-2009, 11:41 AM   #3
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285
Um ... um ... with an SSD ... are you ok ? You want to do this with a SDD ?

You do realize they have a much more limited number of writes than regular HDDs don't you ?
 
Old 04-16-2009, 12:03 PM   #4
Completely Clueless
Member
 
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 814

Original Poster
Rep: Reputation: 69
Talking

Quote:
Originally Posted by H_TeXMeX_H View Post
Um ... um ... with an SSD ... are you ok ? You want to do this with a SDD ?

You do realize they have a much more limited number of writes than regular HDDs don't you ?
Yup. I'm not bothered about that or anything else bar ensuring that the original image integrity is preserved and re-written every day and that includes the swap partition and the MBR!
 
Old 04-16-2009, 12:06 PM   #5
Completely Clueless
Member
 
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 814

Original Poster
Rep: Reputation: 69
Unhappy

Quote:
Originally Posted by kentyler View Post
[snip]
Since you can't overwrite the live hard disk you need to have 3 cards, one for the pristine image, one to run to create a copy of the pristine image, then once the copy is done swap the next day.

I'm sure you will figure it out.
Many thanks for the suggestion.
It's a real pity there doesn't appear to be a more elegant solution using just one SD card, but if there is, I'm also struggling to see it.
 
Old 04-16-2009, 12:12 PM   #6
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,527

Rep: Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898
Why don't you use puppy or dsl, and run it in memory?
 
Old 04-16-2009, 01:45 PM   #7
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 376Reputation: 376Reputation: 376Reputation: 376
Saving an image like this on the same system being imaged kind of defeats the purpose doesn't it? I mean, someone (or something) with root privileges could just as easily make malicious modifications to your saved image. I've got nothing against a full-disk backup (on separate media), but it seems to me like instead of restoring a disk image every day you could simply use a HIDS like AIDE or Tripwire (coupled with a disposable guest account, if desired). This not only saves you a lot of time (and a lot of wear and tear on your disk), it also alerts you whenever something goes wrong, so you can take measures to prevent it from happening again instead of just going back to the same vulnerable disk image every time.

Last edited by win32sux; 04-16-2009 at 01:53 PM.
 
Old 04-16-2009, 02:07 PM   #8
Completely Clueless
Member
 
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 814

Original Poster
Rep: Reputation: 69
Quote:
Originally Posted by win32sux View Post
Saving an image like this on the same system being imaged kind of defeats the purpose doesn't it? I mean, someone (or something) with root privileges could just as easily make malicious modifications to your saved image.
My intention was to save the clean image to one of the SD chips which have a physical write-protect switch, so once saved it would be imune from such interference. In fact maybe I could swap over the duty of the chips and let the removable/replacable chips take the lion's share of the read/write cycles. There's got to be a way of implementing this elegantly, but as with most things I try to do in Linux, my capabilities are always a few steps behind my imagination. :-/

And Repo, I had some incomplete notion about doing something along the lines of what you suggested, but maybe with TinyMe Or TinyCore; something that would easily fit on the removeable chip alongside the image...
 
Old 04-16-2009, 03:01 PM   #9
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285
I think this solution is 1) not the best solution, 2) overkill, 3) a bad idea => not a solution
 
Old 04-16-2009, 03:14 PM   #10
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738
Quote:
Originally Posted by H_TeXMeX_H View Post
I think this solution is 1) not the best solution, 2) overkill, 3) a bad idea => not a solution
Ditto......
 
Old 04-16-2009, 05:15 PM   #11
Completely Clueless
Member
 
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 814

Original Poster
Rep: Reputation: 69
Quote:
Originally Posted by H_TeXMeX_H View Post
I think this solution is 1) not the best solution, 2) overkill, 3) a bad idea => not a solution
Many thanks.
And your REASONING behind these far-reaching conclusions is....?
 
Old 04-16-2009, 09:57 PM   #12
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430

Rep: Reputation: 67
why dont you transfer a live cd image to the ssd and then write-protect it so it would be just like a live cd but on an ssd. it can not be written to and nothing persists through reboots. Then just set a cron job to reboot every morning at like 5 am. doesn't destroy the life of the drive and still achieves what you want to do.
 
Old 04-17-2009, 05:45 AM   #13
Completely Clueless
Member
 
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 814

Original Poster
Rep: Reputation: 69
Lightbulb

Quote:
Originally Posted by slimm609 View Post
why dont you transfer a live cd image to the ssd and then write-protect it so it would be just like a live cd but on an ssd. it can not be written to and nothing persists through reboots. Then just set a cron job to reboot every morning at like 5 am. doesn't destroy the life of the drive and still achieves what you want to do.
This is such a great idea there HAS to be a catch. It's too straightforward to be for real.

How would the SSD best be write-protected under this scheme? Would an entry in fstab to mount the drive read-only do the job?
 
Old 04-17-2009, 06:00 AM   #14
hurry_hui
Member
 
Registered: Oct 2008
Location: Near Jakarta
Distribution: Slackware, Arch, Slax, Porteus, Tiny Core, Slitaz
Posts: 355
Blog Entries: 1

Rep: Reputation: 51
Quote:
Why don't you use puppy or dsl, and run it in memory?
Or just use your Slax with 'Always Fresh' option. Just a thought.
 
Old 04-17-2009, 06:09 AM   #15
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285Reputation: 1285
First, let's get a few things straight ... we're talking about Linux here not Window$, so I don't see where viruses and malware come into play or are a significant concern. If you have the right security measures in place, i.e. a firewall, rootkit checker, not running as root, and even a virus scanner if you're paranoid, then there is an infinitesimal chance of you getting any kind of malware or being hacked.

These extreme measures are only really plausible for a Window$ system. But, my brother has tried similar methods for Window$ and they are much harder to work with than you realize. How do you install new software ? How do you update software ? When you update software are you not just as likely to taint your pristine, safe image that you are storing ? If you choose not to upgrade will you not actually be more susceptible to being hacked because you miss important security fixes ?

Compound this with the fact that writing this amount of data to an SSD every day will likely make it last at most 1-2 years at best.

There is a right way and a wrong way to go about things.

Why not just use a live CD, your method has about the same amount of security.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot boot after fresh installation jpostma Slackware - Installation 11 07-17-2007 07:11 PM
KDE 3.5 - Fresh Installation Toods Slackware 1 12-09-2005 06:45 AM
Fresh Debian Installation quite slow Canaris Debian 10 08-22-2005 03:03 AM
new pc fresh installation prob spooky008 Linux - Newbie 12 01-28-2005 07:09 PM
fresh mandrake 10.1 installation need help cracksternation Linux - Laptop and Netbook 4 12-14-2004 04:23 PM


All times are GMT -5. The time now is 11:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration