Checking Integrity of A Debian/Ubuntu System

Sometimes, a Linux filesystem becomes corrupted, system files are damaged, or some crucial files get lost. This often happens, regardless of which filesystem (ext2, ext3, ext4, jfs, reiserfs, reiser4, or xfs) is used. There are many possible reasons, such as:

• Unstable hardware, for example, memory or hard drive problem
• Overheat, power surge, quake or another environmental disaster
• Buggy software, such as a bug in the kernel or the filesystem driver
• Compromised security, for example, network intrusion or attack
• Worm or virus infection

Files in Linux systems can be categorized into the following three:

1. Verifiable System Files
   In Linux systems that are managed by packages (such as Debian and Ubuntu), these files are installed by packages and make up the bulk of the filesystem. These files reside in such directories as /bin, /lib, /sbin and /usr. They are usually static, which means they don't normally change except when the system is updated, or locally compiled binaries are installed.
2. Changeable System Files
   These files are auxiliary system files for system configuration, initialization or customization, and system data (such as logs and cache). They reside in /boot, /etc, /opt, /srv and /var.
3. User Data
   These files are created and used by superuser (a.k.a root) and normal users, or software-generated during casual user activities. Typically, they are in /home, /media, /mnt and /root.

This post focuses on verifiable system files (installed by packages). When the filesystem becomes corrupted (but not completely unreadable), it is possible to verify and restore the system integrity by using package checksums. Before you continue, make sure to fsck the filesystem.

e2fsck -r -v /dev/sda7

In this example, /dev/sda7 points to an ext2 partition we're going to check. Be aware that you cannot fsck a mounted filesystem. Therefore, boot with a Debian Live CD (or a Ubuntu CD) and run fsck. After you've performed fsck, there may be some files created in the /lost+found directory. We'll deal with them later. First, mount the filesystem.

mount -t ext2 /dev/sda7 /mnt

Go to /var/lib/dpkg/info. Then, concatenate all the md5sums files. Most, if not all, Debian and Ubuntu packages come with a md5sum file that we can use to check the integrity of the package and the files installed by the package.

cd /var/lib/dpkg/info
cat *.md5sums | sort > /dev/shm/all.md5

all.md5 has md5 checksums of all the files installed on the system. Now, check the files on the Debian/Ubuntu system against the concatenated md5sums file.

cd /
md5sum -c /dev/shm/all.md5 > /dev/shm/check.txt 2>&1

/dev/shm/check.txt now contains the results of the integrity check. It looks like this:

bin/bash: OK
bin/bunzip2: OK
bin/bzcat: FAILED

In this example, /bin/bzcat is damaged. To find all the missing or damaged files, use a command like this one:

grep -v ': OK$' /dev/shm/check.txt

Let's reinstall this file. First, find out which package this file belongs to.

dpkg -S /bin/bzcat

We'll see the following result.

bzip2: /bin/bzcat

Now we know that we need to reinstall bzip2. Let's download the package.

dpkg -p bzip2 | grep 'Filename: '

This command will let us know the name of the package to download. Use wget to download it.

wget ftp://ftp.us.debian.org/debian/pool/main/b/bzip2/bzip2_1.0.5-4_i386.deb

You can just reinstall the package.

dpkg -i bzip2_1.0.5-4_i386.deb

Or, you can just extract one file:

dpkg --fsys-tarfile bzip2_1.0.5-4_i386.deb | tar xf - ./bin/bzcat

Alternatively,

dpkg --fsys-tarfile bzip2_1.0.5-4_i386.deb | tar xOf - ./bin/bzcat > /mnt/bin/bzcat

To restore a file from the /lost+found directory, you can also use the MD5SUMS file. First, run md5sum on files in /lost+found.

cd /lost+found
md5sum *

You may get an output like this.

9aaa2176d20c1b1203e3abbac55a2513  #124531

To find out what #124531 file is originally, find its md5 checksum from the all.md5 file above.

grep 9aaa /dev/shm/all.md5

You'll get a result like this.

9aaa2176d20c1b1203e3abbac55a2513  bin/bzip2

Now you can just move it to its place.

mv \#124531 /mnt/bin/bzip2

After you restore all damaged files and restore files from /lost+found, you can find missing files in the system. Go to /var/lib/dpkg/info again and concatenate all the list files.

cd /var/lib/dpkg/info
cat *.list | sort | uniq > /dev/shm/all.txt

The .list files in the /var/lib/dpkg/info directore show the list of files installed by packages. Let's find what's missing from the system.

cd /
for f in $(cat /dev/shm/all.txt ); do test -e "$f" || echo "$f" >> /dev/shm/nonexist.txt ; done

The file /dev/shm/nonexist.txt will show which files are missing from the system. You can then replace the missing files as done previously.

Linux: Using dd To Back Up Hard Drive Partitions

I am going to use the omnipresent and omnipotent tool called dd to back up a hard drive partition. I am working with the drive /dev/sdb. First, I save a text file that has information on the partition table layout.

fdisk -l /dev/sdb > hdpt.txt
fdisk -l -u /dev/sdb >> hdpt.txt

Then, I choose the compression format to use for the backup archive.

• gzip
• bzip2
• lzma
• xz

My choice for the compression format is lzma which provides superior compression and faster decompression. The following command backs up a partition at /dev/sdb1 with dd and lzma.

dd if=/dev/sdb1 | lzma -9c > backup01.bin.lzma

To restore this backup later, use the following command:

lzcat backup01.bin.lzma | dd of=/dev/sdb1

Linux Commands To Partition and Format a Drive

Partitioning

In addition to the wonderful gparted, we can also use fdisk to partition a disk:

fdisk /dev/sdb

The device names for hard disks and USB drives are typically /dev/sd?, for example, /dev/sda, /dev/sdb, /dev/sdc, etc. For Linux kernels 2.6.18 or older, IDE hard drives may be called /dev/hda, /dev/hdb, etc.

Formatting

To format a FAT16 partition:

mkdosfs -F 16 -n LABEL -r 512 -v /dev/sdb1

To format EXT2 partition:

mke2fs -L SID -v /dev/sdb2

To format a JFS partition:

jfs_mkfs -c -L Debian_Sid /dev/sdb2

Installing MBR

MBR is a boot code necessary for booting from the hard drive or USB flash.

install-mbr /dev/sdb -v --drive 0x80 --enable +12

Installing bootloaders

For SYSLINUX:

syslinux /dev/sdb1

Checking Filesystem Integrity

For FAT16/FAT32:

dosfsck -r -v -V /dev/sdb1

List of Useful Software for Windows

I just finished setting up my laptop. It's got Windows 7 Home Premium installed. The following is a list of software I installed onto my laptop:

• 7-Zip or PeaZip
  Allows you to extract files from ZIP and RAR archives.
• Adobe Digital Editions
  An ebook reader
• Adobe Reader 9.0
• Aria2 command-line downloader
• avast! Antivirus Home or ClamWin
• Barnes and Noble eReader
• Calibre e-book manager
• CDBurnerXP, ImgBurn or InfraRecorder
  Free utility for burning CD's and DVD's
• Code::Blocks
  Free Integrated Development Environment for software programming
• Dia diagram editor
• Impact Color Fax
• eMule or aMule
  With *Mule client, you download files from eDonkey/Kademlia file-sharing network.
• FileZilla Server and FTP Client
  Free FTP server and client
• FlashPlayer
• FoxyTunes for Firefox
  Allows you to control music while surfing the Internet
• GIMP
  Helps you draw pictures and edit photographs.
• GnuCash
  Free accounting software
• GnuPlot
  plotting and graphing software
• Haansoft Hangul 2007
  Korean wordprocessor. More information is available here.
• Halogenware Retriever
  Download utility
• HashCheck Shell Extension or md5deep
  A tool for calculating hash values of a file to verify its integrity
• IBM Lotus Symphony
  Free office productivity software
• Impact ColorFax Lite
  Sends and receives fax.
• IfoEdit
  Allows you to edit DVD IFO files.
• ImgBurn
  a lightweight CD / DVD / HD-DVD / Blu-ray burning application
• Inkscape
  Lets you create and edit vector graphics.
• IsoBuster
  Allows you to retrieve data from ISO files.
• iTunes
• Java
• JetAudio
  music player
• jEdit
  Programmer's editor
• Maxima computer algebra system
• Microsoft Office 2010
• Mozilla Firefox, Google Chrome or Maxthon
  Popular and powerful web browser
• MyDefrag
  FreeWare hard disk defragmenter
• OpenOffice.org 3.1
  Free powerful office productivity software
• OpenType Font Properties Extension 2.30
• PChat
  Lets you chat with friends on IRC networks.
• PDFCreator
• Pidgin
  Multi-protocol instant messaging software
• RealPlayer
• Sancho is a graphical frontend to mldonkey p2p daemon.
• Scribus
  Open-source desktop publishing software
• Sigil ePub editor
• Skype
• SMplayer
  Free movie player based on mplayer
• Songbird music player
• TMPGEnc 4.0 XPress
  Helps you to create and convert MPEG files.
• Transmission-Remote-Dotnet or Transmission-Remote-GUI
  Allows you to download files from bittorrent networks. Needs transmission Cygwin port.
• Unikey
  Helps you type Vietnamese.
• VirtuaWin
  A virtual desktop manager.
• VLC media player
• Windows Live Essentials
  Windows Messenger and Windows Live Mail
• WinImage
  Allows you to create and extract floppy and CD images.
• wxHexeditor
• XnView
  Software for viewing images and pictures
• XVid codec
• Yahoo! Messenger 9
• Yahoo! Toolbar
• Yahoo! Widgets
  Similar to Windows sidebar, displays useful information along the side of screen
• Zimbra Desktop
  Allows you to read and compose email offline.
• Zoom Player
• Zumodrive
  Network storage service

Related Posts

• Windows Vista Home Premium Lite CD
• Installing Hangul 2007
• Audacity Installation