True Stories of Knoppix Rescues

Omniscientist writes "We've all been there: Our system is on the edge of death and we need to either fix it or retrieve important data that still remains hidden away in its dying clutches. LinuxDevCenter has a funny article on a heroic tale of a sysadmin relying on Knoppix to save the day. I for one, always make a boot disk in case of problems, but Knoppix can turn a bad day into a good one for just about anyone. Perhaps every administrator should have a Knoppix CD on reserve."

I once saved the day with Knoppix

[Rude Turnip]

A co-worker was trying to salvage some files from a dying Windows 98 machine. Win98 was having the damndest time accepting a USB memory drive (even with the right drivers installed). Five minutes with Knoppix and all his important files (mainly family tree stuff) was backed up to the USB memory drive.

Mepis may be a better choice

[EdipisReks]

Where i work, at the University of Cincinnati, our "official" (official because it's what my boss favors, not because of university policy or anything) live distro is knoppix and it has certainly helped in situations where machines have been royally screwed up, for whatever reason. i've had better luck with mepis, hower. i find that it is faster and more compatible (especially with properly recognizing and using sound cards), and that it is also more fully featured. it makes a good install, too.

Knoppix used to save WIn98

[rscrawford]

My young sister brought me her laptop which was probably the most compromised machine I'd ever seen: tons of adware, spyware, and viruses had made it almost unusable. I'd promised I'd fix it, but I couldn't even get it to boot to the point where I could rescue her files. I made some fixes so that I could boot it, but whenever I tried to copy her files to a special share on my Linux box, some virus would pop up and kill the connection before it was done. I was just about to give up, when I thought of booting up the computer with a Knoppix CD I had. So I did, and mounted her hard drive and tar'ed up all of her files and copied them to the Linux share. I scanned all of her files for viruses and whatnot on that computer while wiping her computer and reinstalling Windows. I wasn't able to convince her to switch to Debian, but I did install AdAware, Spybot S&D, Thunderbird, and Firefox, and hid all links to IE (I did install the "View in IE" extension for her, just in case).

She's gotten a new laptop since then, one which runs WinXP. But she's now a Firefox fanatic; she even asked for a Firefox T-shirt for Christmas. I'm so proud. Now if only she'd let me dual-boot her machine.

Re:Damn Small Linux

[BaldGhoti]

Unfortunately, the name is frequently frowned upon by PHB's. "Does the name of that program use... PROFANITY?"

I've used Knoppix to recover data from a WinXP box with locked-down security--my fiancee's OS bit it when she installed XP SP2 and the files were restricted to her account, so I put a spare HD in her machine and copied over all of her data using Knoppix (which conveniently ignores Windows security settings). Then we did a full reinstall from scratch--no data loss at all.

Re:I once saved the day with Knoppix

[advocate_one]

Christmas at my Daughter's house... her machine was playing up and I'd bought her a 256Mb USB Keydrive to use to keep her important data on...

cut a long story short... how the heck do you install a USB key drive onto a win98 system that has no internet connection and the driver files are only to be found on the USB drive that win98 recognises as new hardware, but won't actually scan it for the drivers as it hasn't allocated it a drive letter yet... well, Knoppix saved the day and allowed me to get the drivers copied off to a fresh directory on her hard drive so that win98 could then find them...

She now wants me to set it up dual boot for her as she was mightily impressed with how far Linux has come in the few years since she last played with it (Mandrake 7.2)

My dead drive

[superid]

I had a slave drive with about 4GB of family photos. This included years of photos of my kids, and many irreplacable photos of my wifes mother who has since passed away. [ this is known as foreshadowing ]

I built a brand new system and took that drive out and put it into another XP system as a slave....no problems at all. Then we had a power failure. I have 9 computers in my house, many with several drives, every system was fine, with the exception of that one drive. XP decided that this drive was no longer formatted.

I took my lumps from the wife and began to look into data recovery. I tried SalvageNTFS [salvagentfs.com], ScroungeNTFS [memberwebs.com] and a demo [ontrack.com] from OnTrack. I forget the actual status that each tool reported but suffice it to say that none of them were successful and I just moved on. I did keep the drive though. A few weeks ago I stuffed it into what is to be a new webserver and put in a knoppix live cd. *poof* got everything back...every photo was recovered.

Can't explain it, but I'm keeping a Knoppix CD in my box of tricks from now on.

What "Knoppix Hacks" Didn't Include

[Esion Modnar]

Like how to "build in" a cheat code into your Knoppix remaster.

The trick is, after you rsync the /cdrom directory to the master directory (see the book), cd to master/boot/isolinux and edit the isolinux.cfg file. Put your favorite cheat in the first APPEND line.

This worked for Knoppix 3.4 and up. Don't know about earlier versions.

Re:Knoppix used to save WIn98

[Nintendork]

I usually try to prevent a reinstall by mounting the drive on another computer and scanning it with AV software, Ad-Aware, and Spybot. Toss the drive back in the bastard system and boot up. From there, run Hijack This to manually rip out things that Spybot and Ad-Aware miss. After that, they're "Fixed." If they're using 95/98/ME and are willing to buy the upgrade, I get them on the latest NT OS (WinXP currently). The 9x family is a complete pile of shit and a stark contrast to the stable NT family. After that, I recommend that they add more memory (512MB for XP is perfect for most users, including myself) and more importantly, a faster hard drive (A new model 7200RPM drive will make older systems seem like new). I can migrate them to the new hard drive very easily using NTBackup (Included with Windows). As far as where I order from, I basically do a pricewatch search for 7200RPM and pick the least expensive drive with internal transfer rates on par with the newest models. Storage capacity usually isn't an issue unless the system is for someone who pirates all day every day. For the memory, I go to www.18004memory.com to ensure compatability and get great prices. If they are really liking the improvements thus far, a $75-$100 video card is last. You can find roundup reviews to figure out which card has the best bang for the buck, then do a pricewatch search on the model. To help prevent future housecalls, I explain to them that it's best to read all messages when browsing the Internet so they know what they are downloading and aren't suckered into installing by clicking a No button. I show them how to update and use the spyware removal tools. I rarely ever have to go back after one of my housecalls. The most I'lll see is a call or two from the user, paranoid about installing something they're not sure if they need such as Macromedia Flash.

-Lucas

System Rescue

[bigjnsa500]

Knoppix just takes way too long to boot and doesn't have some of the features that System Rescue [sysresccd.org] does. Plus he's got a PPC version. I've use the PPC version to repair a OS X box (yes, they do crash too) and the Intel version to constantly recover user and Administrator passwords in XP. It's so easy with this disk!

HOWTO: Recovering the root Password

[soloport]

The mortgage broker, two floors up from us, was sold a "firewall/e-mail server that runs some kind of Linux". He was experiencing e-mail issues and tried to get the "vendor" to come out and service his "product". Unfortunately the vendor couldn't remember the root password to his own box. In addition, he wanted to charge the MB for more hours to re-install and configure it a second time.

After NOT agreeing to the vendor's plan and showing him the door, the MB asked me if I could "crack into it" (yes, he actually used the right term). So... Knoppix to the rescue!

The following procedure worked well:
* 'mount' the HDD's main partition, rw
* From a shell prompt, enter 'su -' (in Knoppix this just drops you in, with no p/w required)
* Change the root passwd
* Make a backup copy of HDD's /etc/shadow password file
* Copy the line for the root user in the Knoppix /etc/shadow file
* Paste it into the HDD's /etc/shadow file, replacing the old line
* Profit.

Also noted that there were no users created (the vendor had been logging into Gnome as root to do everything). So added an user account with sudo 'ALL=(ALL) ALL' rights, etc., etc.

It was a strange way to find a new customer :-D

Re:Damn Small Linux

[kaustik]

I actually posted this a couple of days ago, but don't think I got it in in time to have actually been read:

----------------
There is a very handy little tool called the Metropipe Virtual Privacy Machine [metropipe.net] that fits nicely on a 128MB USB drive. You pop it into a computer that is booted into Windows and can bring up a virtual machine running a tiny version of Linux, complete with GUI, web, email, etc. There is even a tool included that opens up an encrypted tunnel to Metropipe, bypassing any proxy servers or web filtering that may be in place on your network. The entire OS remains on the USB drive, leaving no temporary Internet files or other traces behind. It is nice to have if you commonly walk into restricted or monitored networks and want some privacy. The tools might also include a file browser so that you can bypass local NTFS security, but I haven't looked. I know that Knoppix (sp?) can do similar things, but this does not require a reboot or access to BIOS to allow booting of a CD ROM. It only requires that the USB is active.
The site includes download links.

One More Important Thing

[soloport]

Forgot to mention: BECAUSE of Knoppix, and its ilk, the servers we build and sell support loop-AES [sourceforge.net], exclusively!

(i.e. When you go to mount the HDD from Knoppix, it looks like a bunch of garbage and Knoppix refuses to mount it).

Live-cds need lossless re-patitioning tools.

[Anonymous Coward]

Linux badly needs lossless re-partitioning and tools
to seemlessly dual-boot along with win98/2k/etc.
Its really curious how they still rely on old MS-DOS
utilities and assume Win-usage to get alot of maintenance tasks accomplished.

Re:The obviousness

[drooling-dog]

I suppose the moral of this story is to be careful when you play around with the dd command and your MBR.

I messed up my MBR once, back when I was dual-booting Linux and WinNT. Had to type the hex in manually (I found it in a book) before converting it to binary and dd'ing it back onto the disk. I was surprised myself when that worked. Since then I've always kept a copy of it on hand, Just In Case...

Re:Knoppix - a lifesaver

[peter_gzowski]

Usually it is to fix windows machines that have been infected with a virus.

What would be killer is if there were a Linux-based program that would scan a Windows file system for viruses and remove them, for those times that you don't have a hidden copy of the system.

Re:I use it on crapped on WIndows boxes too..

[dmaxwell]

If the hardware is sufficiently fubared then probably nothing is going to save you. If the data on a failed disk is valuable enough, you can pay $1000 or so to MAYBE get it back.

I don't know what procedures you may have tried but if you suspect hard drive failure then the best thing do is use something like dd_recover to copy off as much of the partition as possible and then use filesystem repair tools on a copy of that. Of course, this presumes you have twice as much free storage space as the afflicted partition laying around.....

Re: GRUB Hack To Boot Windows 2000

[jcole]

I was asked once to recover a windows 2000 laptop for a colleague.

His wife had booted a partition magic cd and accidently moved the windows partition over, causing a new partition to be created at the beginning of the disk. For some reason, partition magic wouldn't move the damn thing back.

Apparently, a DOS/Windows MBR always tries to boot the 1st partition. So when booting the machine, all we were getting were "no bootable disk" errors...

But, I had an idea.

I booted a knoppix cd and created a c:\grub directory. I copied grub files to it and configured a menu.lst to boot the 2nd partition, (where Windows 2000 was stuck at). Lastly, I installed grub to the MBR. After I rebooted, the grub boot menu came up with the "Windows 2000" option I had created. I hit enter and it loaded Windows 2000!

My colleague had no idea what I had just done, but was happy otherwise and no longer mad at his wife.

-Joe

Re:I agree, but... (system design)

[evilviper]

as a sysadmin for many years; you learn very quickly NOT to put anything valuable on the same drive that boots/manages the operating system.

Better yet, don't put anything valuable on the same computer that boots/manages the operating system...

i can easily move stuff between machines - and, i just need to install vmware to get started (beats installing everything again).

Sounds to me like you're using vmware for no good reason. You could, quite easily, install all your programs (and libraries, and headers, etc) into a directory, in some arbitrary location on your hard drive, and just copy that directory from system to system.

I also can't see how your method could possibly be any good, because under vmware, you're going to be running yet another OS anyhow, so now you have two OSes running on top of each other, and twice as much that could go wrong. Where's the advantage, I don't see it?