...making Linux just a little more fun!

<-- prev | next -->

Secure Knoppix on CD-ROM for Disaster Recovery

By Edgar Howell


A friend recently sent me a CD with a version of Knoppix designed to enable surfing the Internet without risk. For its intended purpose alone worth looking at, to me the real mind-blower is its use to recover from disaster.

As chance would have it, I had barely started to play around with it a bit when our nephew called: Blue Screen of Death. No back-up. Cool. Yeah, OK, come on over tomorrow afternoon and I'll see what I can do. Windows?! Well...

This thing was put together by people who really know what they are doing. Their use of symbolic links was sheer genius. Well, OK, if you insist, pretty straight-forward — that's what they're there for.

What is Knoppix?

Knoppix is a self-contained mini-version of Linux on CD-ROM. I had heard of it, of course, but never had the time to investigate it. Big mistake. It is well worth being familiar with.

This particular version is intended basically to turn your PC into something like a diskless workstation. You boot from the CD-ROM and it sets up an environment analogous to a chroot-jail without access to any hard drive. In this environment you can surf with Firefox. Even save settings — to diskette or USB. And when you are all done, whatever you haven't yourself explicitly saved somewhere is history.

No virus. No trojan. No spyware. No cookies. Nada. Niente. Rien. Nichevo.

It is worth noting that this was introduced to me by a friend who had no prior experience with GNU/Linux because the software he requires professionally is only available under Windows. But he is using it now for Internet access. Pretty easy to understand. I like Firefox, too.

Putting it to work

OK, so I admit, I haven't gone surfing with it just yet. But is it ever a powerful recovery tool! I like Tom's Boot Disk, which is on the Ultimate Boot CD along with quite a few other useful tools. But you have to experience what this thing can do.

Perhaps it should be pointed out that this is based on Debian and the kernel is a bit old, 2.4.29. But so what? There aren't too many exploits possible if there is nowhere to store anything. And nothing unusual to look at.

Once you boot, you are given a gui — user, not root — under X11 and options to do things needed to surf. That's it. No hard drive. Everything you need to access the Internet and not a single thing more.

However — this is Linux after all — there are the other virtual terminals. All already logged in as root.

Very quickly I was able to put together a simple script with which to establish a network connection. And mounting a drive or partition is no biggey — Knoppix has /etc/fstab all set up for us, mount-points for every single formatted partition.

During the time I needed to use it, the only things I really missed were Midnight Commander and netcat. Apparently netcat is entirely self-contained because there was no no trouble running it copied from a floppy, copied there from SuSE 8.0. On the fly (and without SSH) over the network "cp -R" along with netcat had to substitute for "mc".

Knoppix seems to deal fairly well with "mature" hardware. While X11 baled out on the Pentium 166 with 32 MB, I didn't want to surf on it anyway. And several command-line interfaces as root anywhere is nirvana!

I ought to mention that I was unable to boot the 5-year-old Toshiba notebook (AMD K-5) from the CD. There are numerous options one can enter at boot but none of them helped. My guess is that there is something wrong with a file needed only for the notebook — repeated read errors on one specific block. Proprietary that they are, notebooks are notoriously difficult to configure and deal with anyhow, so no real surprise and not particularly important to me.

Tinkering Under the Hood

Ignoring its original intent, this is a wonderful tool for disaster recovery with both network and mountable devices on which to rescue data. You likely will still want whatever tools you have collected over time to diagnose things like hardware problems. And we're root, so we still do need to be extremely careful about what we do. I had no trouble using fdisk to re-format our nephew's second hard drive and allocate partitions.

The way the people who put this together went about it was very impressive. Instead of hard-wiring everything in, they made skillful use of soft-links. Once I noticed that /etc/hosts etc. were soft-links, it didn't take long to do a script on a floppy to copy what I really wanted from it to /tmp, remove the links and replace them with references to the files in /tmp.

All that was necessary to set up networking was to copy /etc/hosts, /etc/hosts.allow and /etc/hosts.deny from one machine to diskette and then shut it down while our nephew was here and his machine was attached to the network. No long-term approach, but effective in haste.

I looked at the contents of /bin, /sbin, /usr/bin, and /usr/sbin and it would seem that this is a fairly complete Linux distribution: a couple of shells, lilo, miscellaneous mkfs*, awk, sed, ipchains, iptables and so forth. Almost nothing in the way of daemons, window managers or bells-and-whistles, as if anyone should care in the intended environment. Since this CD isn't even half full, you might want to check for your favorite programs before producing your own.

The version I was given was in German but included texts for English prompts at boot. It looks like it ought to be pretty straight-forward to rename two files in order to change to English before burning a CD. And they might serve as patterns for other languages. Pure speculation.

[The ISO image for Knoppix version 3.8.1-2005-04-08 (the latest as of 05 May 2005) is almost 690 MB - not much space for additions! See the mirrors page to download the latest version in several languages. — dsrich]

So our nephew brought his PC over and we connected it to the LAN. Between that and a USB-stick we were able to recover about 90 percent of the stuff he hadn't backed up properly from a drive that seems to have developed a heat-allergy leading to read errors — this drive also had operating system. When all was said and done, he was pretty impressed with what I was able to do.

But was I ever impressed with Knoppix!


If you decide to use this software for Internet access, do be aware of the significance of those root sessions — without password! The only services available are printer and monitor. /etc/hosts and friends are tightly locked down. But it was extremely easy for me to open up network access.

So if some SOB somehow can get some sort of attachment past you and executed... Certainly an unlikely eventuality given the target — not the universe of PCs, not even GNU/Linux, just a variety of a specialized version of Linux. But maybe root should have a password before you burn your own copy.

[A book that discusses this and other Knoppix uses is Knoppix Hacks by Kyle Rankin — dsrich]


[BIO] Edgar is a consultant in the Cologne/Bonn area in Germany. His day job involves helping a customer with payroll, maintaining ancient IBM Assembler programs, some occasional COBOL, and otherwise using QMF, PL/1 and DB/2 under MVS.

(Note: mail that does not contain "linuxgazette" in the subject will be rejected.)

Copyright © 2005, Edgar Howell. Released under the Open Publication license unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 114 of Linux Gazette, May 2005

<-- prev | next -->