I was assigned to advise an Investment Bank in Milan in how to deploy an agent for discovery of their Mainframe systems for dependency mapping.

The solution was straightforward which involved downloading and installing an additional agent for the BMC Discovery tool. During the brief consultancy visit I also identified and advised on their general issues with credential discovery. They had had a cyber-attack the previous year and as a precaution had altered all Linux servers to have individual named service accounts – over an estate of (IIRC) 500 Linux servers.

It was pointed out that whilst this would certainly slow down a hacker and limit the the damage, it would also be more difficult to trace and manage in the event of an attack. A much better solution was suggested of proactive management and linking service accounts to an AD service with monitoring and least privilege.

The post Italian Investment Bank – Mainframe Discovery appeared first on fitzmoskal.

Well after a month of use, Windows 7 was already showing the signs that it was going the way of its predecessors in growing exponentially, slow boots and sloooow shutdowns… I heard Ubuntu calling.

You see, Linux takes a while to get used to when you come from a Windows background, things aren’t done the same way, but after time you realise this new way of doing things makes much more sense and takes much less time. So when you go back to Windows after a few years in Linux, you feel like you’re taking a step back in time – to slower, less advanced OS, where a problem can’t be fixed unless you are prepared to fork out a lot of money for a proprietary app that you’re only ever going to need to use to solve that one problem.

It was time to stop the rot and cage Windows 7, I still needed it for Outlook and Exchange (well until Crossover can support 2010) but I don’t need 90% of that operating system. I had done plenty of duel boots before but I wanted to try my hand at turning my Win 7 partition into a VM, and despite the ubiquity of home-brew tutorials out there on the web, I had to turn to several for different problems I experienced along the way. I’m documenting the steps here completely, and will provide attribute the relevant tutorials that helped.

Step 0: Backup

It needs to be said, it needs to be done. I always hate using Windows Backup and sometimes opt to use a Linux live CD to do the backup instead, guaranteeing I can view the process. I usually just make sure that documents are saved, I’m not worried about settings as these can be reset. This time I used Windows backup to an external HDD which seemed to work adequately enough.

Step 1: Shrink Windows 7 Partition

Although it’s not recommended, I always found GParted to be a trouble-free tool and never had a problem with it, so I booted into an Ubuntu Live CD and fired it up. I was then presented with a disk that had no less than 4 partitions. One was a boot partition, one was recovery, the other I couldn’t tell, and the final one was Windows 7. Here is where I made my first mistake, I got cocky and deleted the Windows boot partition thinking I could restore the boot record later with a recovery disk – it seems Microsoft have made that process much less efficient along with making partitions a lot more complicated than necessary.

Anyway, don’t delete the boot partition, but if you do, then here’s what to do:

The first problem I had was that Windows 7 wouldn’t boot I had the following error:

“autochk program not found, skipping autocheck”

Some Googling brought me to a Microsoft Answers post.

• Use your recovery CD or download one if you got a crappy OEM pre-installed system – Neosmart have some links and instructions for torrent files.
• Boot into recovery and then when you get to the System Recovery Options screen, you can choose the automatic System Repair option but I’ve never found it any use so go straight to Command Prompt.
• Run the following command to check your disk for errors and fix them (where x: is the drive containing your Win 7 install):

CHKDSK x: /F /R

• Once that runs restart the computer.

In my case chkdsk didn’t work and I still got the error, so the next thing I attempted was to attempt to use bootrec to fix the mbr.

• Boot back into System Restore, go to the command prompt and run:

bootrec /fixmbr

then
bootrec /fixboot

then
bootrec /rebuildbcd

In my case after the last command I got the following error:

“total identified windows installations 0”

Exporting the bcd didn’t work either:

bcdedit /export C:\BCD_Backup
c:
cd boot
attrib bcd -s -h -r
ren c:\boot\bcd bcd.old
bootrec /RebuildBcd

So I attempted the following fix to this following the instructions from Neosmart again, Recovering the Bootloader:

x:\boot\bootsect.exe /nt60 all /force
del C:\boot\bcd
bcdedit /createstore c:\boot\bcd.temp
bcdedit.exe /store c:\boot\bcd.temp /create {bootmgr} /d "Windows Boot Manager"
bcdedit.exe /import c:\boot\bcd.temp
bcdedit.exe /set {bootmgr} device partition=C:
bcdedit.exe /timeout 10
del c:\boot\bcd.temp

But I didn’t get that far because I didn’t have a bootsect file, so I had to do a bit more digging and found a better solution halfway down this thread. These are just the steps, but more detail about why we do this is in the original post.

First of all I seemed to have some kind of corruption in my filesystem telling me that the c:\boot\bcd file didn’t exist, except it was there, when I attempted to copy memtest.ext to BCD it said that a file already existed. This is where the Live CD came to the rescue:

• Boot into Linux live cd.
• Mount your Windows 7 partition.
• Navigate to /Boot
• Delete the ‘BCD’ file.
• After a startup repair your original BCD file is renamed to BCD.Backup.0001.
• Copy memtest.exe memtest.exe.org.
• Copy BCD.Backup.0001 memtest.exe.
• Rename memtest.exe to BCD.
• Rename memtest.exe.org memtest.exe.
• Now reboot Windows.

In my case, this solution finally worked and I got Windows working again. Now for virtualisation…

Step 2: Virtualising Windows 7 Partition as a VM

I followed instructions given by Rajat Arya on his blog, apart from the 5th step which didn’t work without some slight modification as I had installed VirtualBox v4.0.4 from http://www.virtualbox.org/, not the Open Source Edition.

These are just the steps, Rajat goes into more detail in the post which is worth reading:

You need to take ownership of the disk first under your username. The original way stated is to chmod the /dev/sda file but this is less secure.
sudo usermod -a -G disk wafitz
Then log out and back in to make the changes take effect. Next install the mbr package:
sudo apt-get install mbr
The -e flag below is to set the partitions you wish to make available to Windows boot, so in this case I set 1 (Windows partition) and 2 (recovery).
install-mbr -e12 --force ~/vm.mbr
Then create the vmdk file. I found that the -relative flag didn’t work, neither did the -mbr flag, but it was fine with these left out:
VBoxManage internalcommands createrawvmdk -filename /home/wafitz/wind7part.vmdk -rawdisk /dev/sda -partitions 1,2 -relative
Now create your VM in VirtualBox and boot into Windows 7. If you get a boot error, you’ll need to do Windows recovery again. Set the VM to mount your CD drive then press F12 at startup and boot into recovery… and follow through on Step 1 of this post again.

Now I installed VirtualBox tools and with Seamless mode, I’m able to Outlook as a full-on desktop app within Ubuntu.

The post Converting Duel Boot Windows 7 Partition to a VM appeared first on fitzmoskal.

Of course, the obvious solution was unscrew and take out the hard drive, however these Netbooks are tightly built, and since I’m still considering the possibility of replacing the screen, I don’t want to create any superficial damage to the case.

So I googled for options, initially hoping to snag a Linux liveCD that would automatically boot with sshd in order for me to log in remotely.

Aside from some vague forum references to Knoppix and editing configuration files, I got nowhere. However what did occur to me was that Ubuntu LiveCD on a usb flash drive can be set to be persistent so it saves any changes including packages and settings.

The following steps are what I did to get access to my netbook data despite having a smashed screen, without needing to take out the hard drive, hook up an external monitor or building my own distro. Hopefully it may be useful for anyone finding themselves in a similar situation.

This is by no means a silver bullet. You will require the following setup for this to work:

• The system with the broken screen must be capable of booting from USB.
• The Bios must already be set to boot from USB (unless you have some way to set it without a screen).
• A second ‘puter with sshd installed and running.

This will not work with a LiveCD, it needs to be a USB pen drive so that changes can be easily saved on the drive.

1. Download an ISO of Ubuntu or Netbook Remix, which is what I used, and then use the Startup Disk Creator to create a live USB pen drive – check the box for persistent mode (“Stored in reserved extra space”).
2. Run the LiveUSB and when it boots to desktop open a terminal and type:

   sudo apt-get update
sudo apt-get install openssh-server

3. When installing openssh on a LiveCD/USB you need a password to log in remotely. This can be done 1 of 2 ways, either by setting ‘passwd’ for the default ubuntu user or creating a new user. NerdNotes.org offers a nice and easy tutorial. In practice I found that when I rebooted the liveUSB for some reason the default ubuntu user ‘lost’ the password so I had to create a new user instead.
4. If you have created a new user, be sure to add the username to the admin group, giving root privileges:

sudo adduser <username> admin

5. Test the ssh daemon by logging in remotely to the machine you will use for recovery. If you are prompted for a key then type ‘yes’ and hit enter:

ssh username@hostname

6. Then make sure you can ssh back to your ubuntu LiveUSB. You may also want to do a quick reboot and test run to see if you can ssh without problems and without touching the LiveUSB keyboard.
7. Now shutdown the LiveUSB and plug it into your headless netbook/laptop, switch it on and let it boot up, it should take about 30 seconds to boot automatically after the menu and then another 30-45 seconds before you can ssh in.
8. Create a directory you are going to use to copy all your files from your netbook.

wafitz@ $ mkdir /media/bkup

9. Once you can ssh to the LiveUSB, you want to mount your hard disk partition.

wafitz@ubuntu$ sudo fdisk -l

Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1         182    160101883+  82  Linux swap / Solaris
/dev/sda2   *       53782       60802    69389632    7  HPFS/NTFS

wafitz@ubuntu$ sudo mount /dev/sda1 /mnt

10. It should now be easy after this to grab your files and scp them back to your curent system, whether you previously had Windows or Ubuntu (or other distro) Linux installed. However if like me, you had an encrypted home partition, then keep following the steps:
    I got the original instructions for this from Dustin Kirklands blog – nb: I needed to use ecryptfs-add-passphrase in order to record my passphrase manually before mounting the encrypted directory.

wafitz@ubuntu$ sudo mount -o bind /dev /mnt/dev
wafitz@ubuntu$ sudo mount -o bind /dev/shm /mnt/dev/shm
wafitz@ubuntu$ sudo mount -o bind /proc /mnt/proc
wafitz@ubuntu$ sudo mount -o bind /sys /mnt/sys
wafitz@ubuntu$ sudo chroot /mnt
root@ubuntu$ su - wafitz
wafitz@ubuntu$ ecryptfs-add-passphrase --fnek
wafitz@ubuntu$ ecryptfs-mount-private
Enter your login passphrase:

Warning: Using default salt value (undefined in ~/.ecryptfsrc)
Inserted auth tok with sig [xxx] into the user session keyring

wafitz@ubuntu$ cd $HOME
wafitz@ubuntu$ ls -a

11. Finally you can do a secure copy from your netbook back to your host pc:

wafitz@ubuntu$ scp -pr * wafitz@:/media/bkup

If you have found this post whilst searching for a solution and this helps you, please let me know. Even more so, if this method can be refined or improved then I’d also like to read your comments!

The post Headless Recovery with Persistent Ubuntu Live USB appeared first on fitzmoskal.