HACK#23: Ghosting Systems - Administration

Use an open source alternative to commercial ghosting software.

Do you find yourself installing multiple systems, all containing the same operating system and applications? As an IT instructor, Im constantly installing systems for my next class or trying to fix the ramifications of a misconfiguration from a previous class.

As any system administrator can attest to, ghosting or hard drive-cloning software can be a real godsend. Backups are one thing; they retain your data. However, an image is a true timesaver--it's a copy of the operating system itself, along with any installed software and all of your configurations and customizations.

I haven't always had the luxury of a commercial ghosting utility at hand. As you can well imagine, I've tried every homegrown and open source ghosting solution available. I started with various invocations ofdd,gzip,ssh, anddump, but kept running across the same fundamental problem: it was easy enough to create an image, but inconvenient to deploy that image to a fresh hard drive. It was doable in the labs that used removable drives, but, otherwise, I had to open up a system, cable in the drive to be deployed, copy the image, and recable the drive into its own system.

Forget the wear and tear on the equipment; that solution wasn't working out to be much of a timesaver! What I really needed was a floppy that contained enough intelligence to go out on the network and retrieve and restore an image. I tried several open source applications and found that Ghost For Unix,g4u, best fit the bill.

Creating the Ghost Disk

You're about two minutes away from creating a bootableg4ufloppy. Simply download g4u-1.12fs from http://theatomicmoose.ca/g4u/  and copy it to a floppy:

  # cat g4u-1.12fs > /dev/fd0

Your only other requirement is a system with a drive capable of holding your images. It can be any operating system, as long as it has an installed FTP server. If it's a FreeBSD system, you can configure an FTP server through /stand/sysinstall. Choose Configure from the menu, then Networking. Use your spacebar to choose Anon FTP.

ChooseYesto the configuration message and accept the defaults by tabbing toOK. The welcome message is optional. Exitsysinstallonce you're finished.

You'll then need to remove the remark (#) in front of the FTP line in /etc/ inetd.conf, so it looks like this:

  ftp  stream  tcp  nowait root /usr/libexec/ftpd   ftpd -l

Ifinetdis already running, inform it of the configuration change usingkillall -1 inetd. Otherwise, startinetdby simply typinginetd. To ensure the service is running:

  # sockstat | grep 21
  root inetd 22433 4 tcp4 *:21  *:*

In this listing, the local system is listening for requests on port 21, and there aren't any current connections listed in the remote address section (*:*).

g4urequires a username and a password before it will create or retrieve an image. The default account isinstall, but you can specify another user account when you useg4u. To create theinstallaccount on a FreeBSD FTP server:

  # pw useradd install -m -s /bin/csh

Make sure that the shell you give this user is listed in /etc/shells or FTP authentication will fail.

Then, usepasswd installto give this account a password you will remember.

Creating an Image

Before you create an image, fully configure a test system. For example, in my security lab, I usually install the latest release of FreeBSD, add my customized /etc/motd and shell prompt, configure X, and install and configure the applications students will use during their labs.

It's a good idea to know ahead of time how large the hard drive is on the test system and how it has been partitioned. There are several ways to find out on a FreeBSD system, depending upon how good you are at math. One way is to go back into/stand/sysinstalland chooseConfigurethenFdisk. The first long line will give the size of the entire hard drive:

  Disk name:      ad0
  DISK Geometry:  19885 cyls/16 heads/63 sectors = 20044080 sectors (9787MB)

Pressqto exit this screen. If you then typefdiskat the command line, you'll see the size of your partitions:

  # fdisk
  <snip>
  The data for partition 1 is:
  sysid 165 (0xa5), (FreeBSD/NetBSD/386BSD)
      start 63, size 4095441 (1999 Meg), flag 80 (active)
  <snip>
  The data for partition 2 is:
  <UNUSED>
  The data for partition 3 is:
  <UNUSED>
  The data for partition 4 is:
  <UNUSED>

This particular system has a 9787 MB hard drive that has one 1999 MB partition containing FreeBSD.

Whenever you're using any ghosting utility, create an image using the smallest hard drive size that you have available, but which is also large enough to hold your desired data. This will reduce the size of the image and prevent the problems associated with trying to restore an image to a smaller hard drive.

Once you're satisfied with your system, insert the floppy and reboot.

g4u will probe for hardware and configure the NIC using DHCP. Once it's finished, you'll be presented with this screen:

  Welcome to g4u Harddisk Image Cloning V1.12! 
  * To upload disk-image to FTP, type: uploaddisk serverIP [image] [disk]
  * To upload partition to FTP, type: uploadpart serverIP [image]
  [disk+part] 
  * To install harddisk from FTP, type: slurpdisk serverIP [image] [disk]
  * To install partition from FTP, type: slurppart serverIP [image]
  [disk+part]
  * To copy disks locally, type: copydisk disk0 disk1
  [disk] defaults to wd0 for first IDE disk, [disk+part] defaults to wd0d
  for the whole first IDE disk. Use wd1 for second IDE disk, sd0 for first
  SCSI disk, etc. Default image for slurpdisk is 'rwd0d.gz'. Run 'dmesg' to
  see boot messages, 'disks' for recognized disks, 'parts <disk>' for list
  of (BSD-type!) partitions on disk '<disk>" (wd0, ...), run any other
  commands without args to see usage message.

Creating the image is as simple as invokinguploaddiskwith the IP address of the FTP server. If you wish, include a useful name for the image; in this example, I'll call the image securitylab.gz:

  # uploaddisk 192.168.2.95 securitylab.gz
  ( cat $tmpfile ; dd progress=1 if=/dev/rwd0d bs=1m | gzip -9 ) | ftp -n
  tmpfile:
  open 192.168.2.95
  user install
  bin
  put - securitylab.gz
  bye
  5
  4
  3
  2
  1
  working...
  Connected to 192.168.2.95.
  220 genisis FTP server (Version 6.00LS) ready.
  331 Password required for install.
  Password: type_password_here
  230 User install logged in.
  Remote system type is UNIX.
  Using binary mode to transfer files.
  200 Type set to I.
  remote: securitylab.gz
  227 Entering Passive Mode (192,168,2,95,192,1)
  150 Opening BINARY mode data connection for 'securitylab.gz'.
  ...................

This will take a while. How long depends upon the size of the drive and the speed of your network. When it is finished, you'll see a summary:

  9787+1 records in
  9787+1 records out
  10262568960 bytes transferred in 6033.533 secs (1700921 bytes/sec)
  226 Transfer complete.
  3936397936 bytes sent in 1:40:29 (637.58 KB/s)
  221 Goodbye.
  #

You can also check out the size of the image on the FTP server:

  % du -h ~install/securitylab.gz 
  3.7G /home/install/securitylab.gz

That's not too bad. It took just over an hour and a half to compress that 9 GB drive to a 3.7 GB image. Theg4uweb site also has some hints for further reducing the size of the image or increasing the speed of the transfer.

If you use images on a regular basis, consider upgrading hubs or older switches to 100 MB switches. This can speed up your transfer rates significantly.

It's also possible to create an image of each particular filesystem, but I find it easier just to image a fairly small drive. This is because an image of the entire drive includes the master boot record (MBR) or the desired partitioning scheme.

Deploying the Image

When you wish to install the image, use the floppy to boot the system to receive the image. Once you receive the prompt, specify the name of the image and the IP address of the FTP server:

  # slurpdisk 192.168.2.95 securitylab.gz

It doesn't matter what was previously on that drive. Since the MBR is recreated, the new drive will just contain the imaged data. Once the deployment is finished, simply reboot the system without the floppy.

See Also

• The Ghost For Unix web site (http://www.feyrer.de/g4u/)