Guardian Digital, Inc.

EnGarde Secure Linux - Hard Disk Recovery HowTo

Objective

This procedure was tested by copying a working EnGarde installation from a 6.4GB drive to a 2.1GB drive that replaced it in the same machine. The archive was created on and restored from an NFS mount. Other media are equally valid; for example, tape, or a third physical drive.

It helps to understand the procedure below if you know that the machine this was tested on is named "cypress", and the NFS host is "sequoia".

It is assumed that the reader is familiar operating as the root user and knows how to use a text editor such as vi(1) or pico(1). This document applies to EnGarde Linux 1.0.1 (Finestra).

The proper forum to ask questions is one of the "EnGarde Mailing Lists" (see "Resources" below). Should you have any issues with the steps below, please send an email to the 'engarde-users' list.

Additional Software Required

A Linux-on-a-floppy boot/rescue disk. We recommend tomsrtbt (Toms Root Boot Disk), available at:
http://www.toms.net/rb/home.html

This procedure was tested with version 1.7.361.

Summary Procedure

1. Boot with tomsrtbt and tar everything to other media.
2. Replace the machine's disk drive.
3. Reboot with tomsrtbt and partition and format the new drive.
4. Restore everything from the archive media.

Disk Configuration

EnGarde is installed by default into four partitions as follows:
/dev/hda1 swap
/dev/hda2 /
/dev/hda3 /home
/dev/hda4 /var

In the procedure below, EnGarde is reinstalled onto a single partition, resulting in the following configuration:

/dev/hda1 Swap
/dev/hda2 /

This is acceptable for the intended use of the machine tested here. However, this procedure could be modified to change the partitioning to any desired scheme, including one with multiple disks. To do this, create the necessary directories and mount the various partitions on them as desired. Create only the directories actually needed for this; for example, a separate disk could be used for /var/spool/mail. A sample configuration might be:

/dev/hda1 swap
/dev/hda2 /
/dev/hda3 /home
/dev/hda4 /var
/dev/hdb1 /var/spool/mail

User and Group Considerations

The first time I did this, I lost file ownership information. This may be
because I used the wrong arguments to tar (actually pax on tomsrtbt), but I
solved the problem by making certain all EnGarde users were valid in the
tomsrtbt configuration. This is easy, because tomsrtbt defines only three
users and one group; simply merge the files as shown below.

Unix Socket Considerations

Unix sockets (mode srw-rw-rw-) do not archive properly; they lose the 's' and become ordinary files. EnGarde comes with a number of programs that use these sockets. Some of them, notably postfix, recognize this problem and re-create the sockets as necessary. Others do not. In particular, syslog-ng does NOT.
What this means is that when you start the machine on the new drive, logging does not work at all. To fix this, the sockets must be deleted before the machine is rebooted so they can be recreated. The details are listed below.

Detailed Procedure

1. Boot with tomsrtbt and go to the /mnt directory:
# cd /mnt

2. Mount the drive to be copied:

# mkdir cypress # mount -t ext2 /dev/hda2 cypress # mount -t ext2 /dev/hda3 cypress/home # mount -t ext2 /dev/hda4 cypress/var

2. Mount the temporary storage drive:

# mkdir sequoia # mount -t nfs -o rsize=8192 -o wsize=8192 sequoia:/home sequoia

3. Fix up the passwd and group files, and save copies:

# grep -v root cypress/etc/passwd | grep -v shutdown | grep -v halt >>/etc/passwd # grep -v root:: cypress/etc/group >>/etc/group
or
# cp cypress/etc/group /etc/group # cp /etc/passwd sequoia # cp /etc/group sequoia

4. Create the archive:

# cd cypress # pax -w -p e -f /mnt/sequoia/cypress.tar .

5. Power off the machine, and physically exchange the drives.

Note: Make sure that the BIOS recognizes the new drive.

6. Boot with tomsrtbt and prepare the new drive:

# dd if=/dev/zero of=/dev/hda bs=512 count=1 # fdisk <create whatever partitions are needed> # mkswap /dev/hda1 # mke2fs /dev/hda2 <repeat as required>

7. Mount the partitions to be restored:

# cd /mnt # mkdir cypress # mount -t ext2 /dev/hda2 cypress # rmdir lost+found

8. Mount the temporary storage drive:

# mkdir sequoia # mount -t nfs -o rsize=8192 -o wsize=8192 sequoia:/home sequoia

9. Fix up the password and group files again:

# cp sequoia/passwd /etc # cp sequoia/group /etc

10. Restore the archive to the new drive:

# cd cypress # pax -r -p e -f /mnt/sequoia/cypress.tar

11. Perform post-installation procedures:

# rm dev/log # rm var/chroot/named/dev/log # vi etc/fstab <modify to match new partitioning scheme>

12. Install the boot partition and reboot (remove floppy!):

# chroot /mnt/cypress /sbin/lilo # shutdown -r now

That's it; the machine should be just as it was when you last powered it down.

Disclaimer

Guardian Digital shall not be liable in contract, tort (including without limitation negligence), breach of any statutory duty and/or any law for any direct special indirect consequential damages and/or loss including, but not limited to, loss of data loss of profits loss of business arising from or in connection with this or any other documents viewed at www.engardelinux.org.

In other words, backup all critical data before attempting any system changes, and enjoy!

Acknowledgements

The core of this technique came from

Unix Backup & Recovery
First Edition, November 1999
W. Curtis Preston
ISBN: 1-56592-642-0
Published by O'Reilly

Document provided and written by Marcus Redivo

[ Company ] - [ Press ] - [ Contact ] - [ System Activation ] - [ Partners ] - [ Store ] - [ Newsletters ] - [ Site Map ]
Copyright (c) 2000- 2010 Guardian Digital, Inc. Linux Lockbox and EnGarde are Trademarks of Guardian Digital, Inc.