1 / 21

*nix and Non-Intel Platform issues

CSC 486/586. *nix and Non-Intel Platform issues. Objectives. Non-Intel hardware (RISC platform) issues Other *nix issues (any platform) Network scanning Backup Tapes. Non Intel-based (x86) hardware platforms - RISC. SUN, HP-UX, IBM, Apple, etc. How do I boot it?.

alaina
Download Presentation

*nix and Non-Intel Platform issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSC 486/586 *nix and Non-Intel Platform issues

  2. Objectives • Non-Intel hardware (RISC platform) issues • Other *nix issues (any platform) • Network scanning • Backup Tapes

  3. Non Intel-based (x86) hardware platforms - RISC SUN, HP-UX, IBM, Apple, etc.

  4. How do I boot it? • Your Intel boot disks (CD/floppy) won’t boot it • Usually no floppy drive and may be no CD drive either • If you don’t have a boot CD for the proprietary platform, you may need to boot to the native UNIX OS and perform any data acquisition from within the native OS using built-in UNIX commands • May need to use native system to access NAS or other storage medium….better practice ahead of time!!!

  5. Can I attach my drive to it? • Proprietary drive controllers • Usually no PCI slot for your own controller • Usually SCSI… • Is it “High Voltage” SCSI (HVD) or Low Voltage (LVD)? • Don’t fry your drive!!! • Their high voltage drive + your low voltage system = nothing • Your low voltage drive + their high voltage system = smoke • Adaptec 2944 controller card • Look for a standard SCSI controller in drive. Usually a standard SCSI tape backup drive attached to the standard SCSI controller.

  6. You’ve attached your drive now what? • Better get online or start reading the Sys admins manuals… • Identify your drive from the subject hard drives within the OS • You need to partition and format your drive with a UFS file system…..using Unix commands If you are not sure what to do….call someone!!!

  7. Data Acquisition??? • Image with “dd” • Capture files and folders with “tar” onto your UFS formatted drive • CP or CPIO (but the first two options are better) • FTP data across the network to another machine • You should always have an FTP client on your laptop (i.e. SmartFTP). • FTP command line version is built into all OSs. • Use WinRAR or tar (in the native Unix OS) to put a “wrapper” around files pulled off by FTP • This is usually the best way to deal with machines like an IBM AS-400 If you are not sure what to do….call someone!!!

  8. How will you analyze the data? • Do you need the RISC system to “analyze” the data you are seizing? • Do you need to “run” the Unix software or just look at files? • FTP’d database files may not do much good without the front-end database app. • Linux can be used to view, search, extract files you seize onto your UFS formatted drive.

  9. Other Linux/Unix Issues • Network Scanning • Nmap • Backup Tapes • How to read tapes, pull data off and uncompress it with Linux/Unix

  10. Windows scanning tools vs. Nmap • Scanned 10.10.10.1-10.10.10.103

  11. Windows scanning tools vs. Nmap • Same IP address range scanned….this time in Linux with Nmap 4.23RC1 • Detected ALL machines, even those running firewalls!

  12. Backup Tapes • Tape data is linear…just a stream of data in whatever form the backup utility writes. • No Partition, no file system • Normally can not “map out” files and directories without the backup utility that created the data stream. • Tapes come in many sizes, capacities, and use a variety of different tape drives. • Many commonly used backup programs/utilities.

  13. Backup Tapes • Unless you have a tape drive of the same type used, also seize the tape drive so you have a device that reads the tapes. • If seizing backup tapes, also seize the backup software used by the subject. • …but what do you do if someone just gives you tapes and you don’t know what program created the backup data.

  14. Working with Tapes in Linux • mt – SCSI tape control • dd – device copy • file – File signature identification • Proper SCSI tape device driver • /dev/st0 – rewinding tape device • /dev/nst0 – non-rewinding tape device • First set the block size of your tape drive to 0 so that you can read variable block sizes. • mt -f /dev/st0 setblk 0

  15. Determining allocation (how much data is on the tape) • Run to end of data (EOD) on tape mt -f /dev/nst0 eod • Determine position on tape mt -f /dev/nst0 tell • Response is total blocks allocated on the tape Tape is at block 24088 • Rewind tape mt –f /dev/st0 rewind

  16. Finding block size • Grab an arbitrary large block of data to force error reporting dd if=/dev/nst0 of=test ibs=128k obs=1 count=1 • Error report gives correct block size 0+1 records in 5120+0 records out

  17. Identifying the data • Use file command to identify file test Test: gzip compressed data, deflated, last modified: Wed Jan 26 16:43:42 205, os: Unix • Uses /usr/share/magic file which identifies file signatures • Gzipped or otherwise compressed data must be decompressed to identify • Typically such data is a compressed archive (tar, cpio, or dump)

  18. Pulling data off the tape • Start at beginning of session mt –f /dev/nst0 bsfm 1 • Read entire session to a file dd if=/dev/nst0 of=/mnt/session1.txt bs=5120 • The dd command reports blocks copied 15198+0 records in 15198+0 records out • May need to set block size of tape drive to block size determined on tape. • mt –f /dev/st0 setblk 5120

  19. Uncompressing the data • You may need a third-party tool to interpret the data file you pulled off the tape. • If it is a *nix archive such as tar or gz, use standard tar and gunzip commands to uncompress into logical files and folders. tar –zxf /mnt/session1.txt

  20. Questions??? Use the discussion board, as usual…

More Related