Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I like to be sure my system is entirely clean of viruses and other malware and needless clutter, and have come to the conclusion that the best way (for my needs at any rate) to achieve this would be to re-instate the *complete* hard disk contents from scratch every day. This isn't such a big deal as the hard drive in question is only a SSD of 8Gb in size, comprising an MBR and two partitions; 7Gb ext2 for the system and 1Gb swap.
So I would like to image the *entire* pristine disk, save it as a file somewhere on the system, and have it automatically re-install from scratch every night at say 3AM (cron job) so every morning I boot-up to a known good system again. So that's the concept, but as usual its a little ahead of my abilities to implement it. This particular machine is a netbook with no built in CDrom drive, but several memory card slots. Could it be implemented using a script which say accesses an SD card for the clean backup image's location?
Thanks, CC.
Last edited by Completely Clueless; 04-16-2009 at 08:30 AM.
You could create a crontab on the image to overwrite the drive with a copy of the drive from another card.
if you run the following command as root you will make a bootable copy of the drive including all the partitions and files.
to create the image you can use either an entire drive/card
dd if=/dev/hdx of=/dev/hdy
or save as a file image
dd if=/dev/hdx of=/path/filename
Then reverse the command to re-image the disk
dd if=/dev/hdy of=/dev/hdx
or
dd if=/path/filename of=/dev/hdx
Of course in your situation it may be /dev/sda or /dev/hda even if you are using vgfs where you see
/dev/mapper/VolGroup***
fdisk -l shows the raw devices.
Since you can't overwrite the live hard disk you need to have 3 cards, one for the pristine image, one to run to create a copy of the pristine image, then once the copy is done swap the next day.
Um ... um ... with an SSD ... are you ok ? You want to do this with a SDD ?
You do realize they have a much more limited number of writes than regular HDDs don't you ?
Yup. I'm not bothered about that or anything else bar ensuring that the original image integrity is preserved and re-written every day and that includes the swap partition and the MBR!
[snip]
Since you can't overwrite the live hard disk you need to have 3 cards, one for the pristine image, one to run to create a copy of the pristine image, then once the copy is done swap the next day.
I'm sure you will figure it out.
Many thanks for the suggestion.
It's a real pity there doesn't appear to be a more elegant solution using just one SD card, but if there is, I'm also struggling to see it.
Saving an image like this on the same system being imaged kind of defeats the purpose doesn't it? I mean, someone (or something) with root privileges could just as easily make malicious modifications to your saved image. I've got nothing against a full-disk backup (on separate media), but it seems to me like instead of restoring a disk image every day you could simply use a HIDS like AIDE or Tripwire (coupled with a disposable guest account, if desired). This not only saves you a lot of time (and a lot of wear and tear on your disk), it also alerts you whenever something goes wrong, so you can take measures to prevent it from happening again instead of just going back to the same vulnerable disk image every time.
Saving an image like this on the same system being imaged kind of defeats the purpose doesn't it? I mean, someone (or something) with root privileges could just as easily make malicious modifications to your saved image.
My intention was to save the clean image to one of the SD chips which have a physical write-protect switch, so once saved it would be imune from such interference. In fact maybe I could swap over the duty of the chips and let the removable/replacable chips take the lion's share of the read/write cycles. There's got to be a way of implementing this elegantly, but as with most things I try to do in Linux, my capabilities are always a few steps behind my imagination. :-/
And Repo, I had some incomplete notion about doing something along the lines of what you suggested, but maybe with TinyMe Or TinyCore; something that would easily fit on the removeable chip alongside the image...
why dont you transfer a live cd image to the ssd and then write-protect it so it would be just like a live cd but on an ssd. it can not be written to and nothing persists through reboots. Then just set a cron job to reboot every morning at like 5 am. doesn't destroy the life of the drive and still achieves what you want to do.
why dont you transfer a live cd image to the ssd and then write-protect it so it would be just like a live cd but on an ssd. it can not be written to and nothing persists through reboots. Then just set a cron job to reboot every morning at like 5 am. doesn't destroy the life of the drive and still achieves what you want to do.
This is such a great idea there HAS to be a catch. It's too straightforward to be for real.
How would the SSD best be write-protected under this scheme? Would an entry in fstab to mount the drive read-only do the job?
First, let's get a few things straight ... we're talking about Linux here not Window$, so I don't see where viruses and malware come into play or are a significant concern. If you have the right security measures in place, i.e. a firewall, rootkit checker, not running as root, and even a virus scanner if you're paranoid, then there is an infinitesimal chance of you getting any kind of malware or being hacked.
These extreme measures are only really plausible for a Window$ system. But, my brother has tried similar methods for Window$ and they are much harder to work with than you realize. How do you install new software ? How do you update software ? When you update software are you not just as likely to taint your pristine, safe image that you are storing ? If you choose not to upgrade will you not actually be more susceptible to being hacked because you miss important security fixes ?
Compound this with the fact that writing this amount of data to an SSD every day will likely make it last at most 1-2 years at best.
There is a right way and a wrong way to go about things.
Why not just use a live CD, your method has about the same amount of security.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.