Subject: Re: making bootable rescue CD?
To: None <netbsd-users@netbsd.org>
From: Rob Quinn <rquinn+11121@sec.sprint.net>
List: netbsd-users
Date: 04/16/2001 10:15:58
>> I decided it would be good to have a bootable rescue CD
I'm doing something similar. I want to make a bootable image holding forensics
tools, to let me boot up a suspect machine into a trusted environment. Is there
a group or mailing list working on creating rescue disks? I wouldn't mind
observing, since I think a `rescue CD' and a `forensics CD' will probably
overlap a lot.
>> -- one that had all of /bin, /usr/bin, etc.
Don't forget your favorite tools from /usr/pkg/.
>> I was rather surprised, when it booted, to find myself in sysinst.
Same here. I think a custom kernel (without the root on memory disk stuff)
would have fixed this, but instead I just made a boot floppy holding my CD's
gzipped "root on cd0" kernel. It would be nice if the boot program allowed
"cd0a:", in case I ever get a kernel that can't fit on a floppy.
> I'm not sure if a cd9660 filesystem supports device entries for /dev.
Except for the fact that I forgot to make them the first time, this seems to
mostly work as expected. Some of the boot scripts complained about not being
able to chown the devices. I think that might be why my alternate wscons
displays failed. sshd won't allow interactive logins because it can't chown the
new tty device. A "ssh cdhost somecommand" worked fine once I created some
(non-world readable) keys in /tmp.
> You should be able to mount an mfs against "swap"
That's what I'm doing for /tmp and /var/tmp. I'm thinking of changing /var/tmp
to be a symlink to /tmp/var.tmp/ so I can have just one mount. I tried some
overlay mounts to fake up a writable /etc and /var, but I didn't get very far.
The worst problem I've found so far is that the date resets to 1 Jan 1970.