210 likes | 345 Views
CSC 486/586. *nix and Non-Intel Platform issues. Objectives. Non-Intel hardware (RISC platform) issues Other *nix issues (any platform) Network scanning Backup Tapes. Non Intel-based (x86) hardware platforms - RISC. SUN, HP-UX, IBM, Apple, etc. How do I boot it?.
E N D
CSC 486/586 *nix and Non-Intel Platform issues
Objectives • Non-Intel hardware (RISC platform) issues • Other *nix issues (any platform) • Network scanning • Backup Tapes
Non Intel-based (x86) hardware platforms - RISC SUN, HP-UX, IBM, Apple, etc.
How do I boot it? • Your Intel boot disks (CD/floppy) won’t boot it • Usually no floppy drive and may be no CD drive either • If you don’t have a boot CD for the proprietary platform, you may need to boot to the native UNIX OS and perform any data acquisition from within the native OS using built-in UNIX commands • May need to use native system to access NAS or other storage medium….better practice ahead of time!!!
Can I attach my drive to it? • Proprietary drive controllers • Usually no PCI slot for your own controller • Usually SCSI… • Is it “High Voltage” SCSI (HVD) or Low Voltage (LVD)? • Don’t fry your drive!!! • Their high voltage drive + your low voltage system = nothing • Your low voltage drive + their high voltage system = smoke • Adaptec 2944 controller card • Look for a standard SCSI controller in drive. Usually a standard SCSI tape backup drive attached to the standard SCSI controller.
You’ve attached your drive now what? • Better get online or start reading the Sys admins manuals… • Identify your drive from the subject hard drives within the OS • You need to partition and format your drive with a UFS file system…..using Unix commands If you are not sure what to do….call someone!!!
Data Acquisition??? • Image with “dd” • Capture files and folders with “tar” onto your UFS formatted drive • CP or CPIO (but the first two options are better) • FTP data across the network to another machine • You should always have an FTP client on your laptop (i.e. SmartFTP). • FTP command line version is built into all OSs. • Use WinRAR or tar (in the native Unix OS) to put a “wrapper” around files pulled off by FTP • This is usually the best way to deal with machines like an IBM AS-400 If you are not sure what to do….call someone!!!
How will you analyze the data? • Do you need the RISC system to “analyze” the data you are seizing? • Do you need to “run” the Unix software or just look at files? • FTP’d database files may not do much good without the front-end database app. • Linux can be used to view, search, extract files you seize onto your UFS formatted drive.
Other Linux/Unix Issues • Network Scanning • Nmap • Backup Tapes • How to read tapes, pull data off and uncompress it with Linux/Unix
Windows scanning tools vs. Nmap • Scanned 10.10.10.1-10.10.10.103
Windows scanning tools vs. Nmap • Same IP address range scanned….this time in Linux with Nmap 4.23RC1 • Detected ALL machines, even those running firewalls!
Backup Tapes • Tape data is linear…just a stream of data in whatever form the backup utility writes. • No Partition, no file system • Normally can not “map out” files and directories without the backup utility that created the data stream. • Tapes come in many sizes, capacities, and use a variety of different tape drives. • Many commonly used backup programs/utilities.
Backup Tapes • Unless you have a tape drive of the same type used, also seize the tape drive so you have a device that reads the tapes. • If seizing backup tapes, also seize the backup software used by the subject. • …but what do you do if someone just gives you tapes and you don’t know what program created the backup data.
Working with Tapes in Linux • mt – SCSI tape control • dd – device copy • file – File signature identification • Proper SCSI tape device driver • /dev/st0 – rewinding tape device • /dev/nst0 – non-rewinding tape device • First set the block size of your tape drive to 0 so that you can read variable block sizes. • mt -f /dev/st0 setblk 0
Determining allocation (how much data is on the tape) • Run to end of data (EOD) on tape mt -f /dev/nst0 eod • Determine position on tape mt -f /dev/nst0 tell • Response is total blocks allocated on the tape Tape is at block 24088 • Rewind tape mt –f /dev/st0 rewind
Finding block size • Grab an arbitrary large block of data to force error reporting dd if=/dev/nst0 of=test ibs=128k obs=1 count=1 • Error report gives correct block size 0+1 records in 5120+0 records out
Identifying the data • Use file command to identify file test Test: gzip compressed data, deflated, last modified: Wed Jan 26 16:43:42 205, os: Unix • Uses /usr/share/magic file which identifies file signatures • Gzipped or otherwise compressed data must be decompressed to identify • Typically such data is a compressed archive (tar, cpio, or dump)
Pulling data off the tape • Start at beginning of session mt –f /dev/nst0 bsfm 1 • Read entire session to a file dd if=/dev/nst0 of=/mnt/session1.txt bs=5120 • The dd command reports blocks copied 15198+0 records in 15198+0 records out • May need to set block size of tape drive to block size determined on tape. • mt –f /dev/st0 setblk 5120
Uncompressing the data • You may need a third-party tool to interpret the data file you pulled off the tape. • If it is a *nix archive such as tar or gz, use standard tar and gunzip commands to uncompress into logical files and folders. tar –zxf /mnt/session1.txt
Questions??? Use the discussion board, as usual…