Leave the CDs in the Office
There are few things more aggravating than going out to a coworker's office to work on their computer and finding that to fix it you need a CD that is sitting in your office. If you have ever experienced that, or would simply like to no longer need to tote that book of CDs with you every day, then this article is for you.
Even though I work in an environment where the desktop is dominated by Windows, there are several Linux-based tools that are used on a regular basis. These include tools for blanking a Windows password, destroying all the data on a hard drive, repartitioning a hard drive, and testing memory. The nice thing is that all of these tools natively boot via SYSLINUX (aka ISOLINUX), which means they can also be booted via PXE over the network. All that is required is a little time, a place on your network to store the files, and some free software. Interested? Good, let's make it happen.
First, configure a TFTP server on the same server that you want to store files on. Naturally, Linux is preferred here but a Windows server (not desktop) will work fine too via TFTPD32 or the like. Once that is setup we need something to serve out to our clients so lets download the latest version of SYSLINUX from kernel.org and copy the following files from it to our TFTP root:
Be sure to actually use THIS version of pxelinux.0 as several Linux distros have modified theirs and somewhat broken it (details here).
Now that these files are in place we need to make one more server-side configuration -- we need to set two DHCP options:
1. next-server = IP-ADDRESS-OR-FQDN-OF-YOUR-TFTP-SERVER 2. filename = /pxelinux.0
** If your network uses MS DHCP then these are set in Options 66 & 67.
The first of these tells clients where to find your TFTP server and the second tells them what file to request. Pxelinux.0 loads into memory then boots. The kicker is that we need to tell it what to do and that requires a plain text file named default (no extension) that is placed inside a folder called pxelinux.cfg, which, in turn, is in your TFTP root. So, thus far our directory structure should look like this:
/ # (the TFTP root) /pxelinux.0 /vesamenu.c32 /pxelinux.cfg/ /pxelinux.cfg/default
The file default contains your boot menu entries and can call other files if you are like me and want to separate out static menu configuration information and sub-menus. To get started, open "default" in your favorite text editor and enter the following:
DEFAULT vesamenu.c32 PROMPT 0 MENU INCLUDE pxelinux.cfg/pxe.conf NOESCAPE 1 TIMEOUT 300 ONTIMEOUT localboot MENU AUTOBOOT Normal booting will start in # seconds LABEL localboot MENU LABEL ^1. Boot from Local Hard Drive LOCALBOOT 0 LABEL memtest MENU LABEL ^2. Run Memtest86+ v4 kernel memtest/memtest LABEL ntpasswd MENU LABEL ^3. Blank a Windows Password TEXT HELP Runs Offline NT Password & Registry Editor ENDTEXT kernel ntpasswd/vmlinuz append rw vga=1 initrd=ntpasswd/initrd.cgz,ntpasswd/scsi.cgz LABEL dban MENU LABEL ^4. Launch Darik's Boot and Nuke TEXT HELP Use this to remove ALL data from a PC. ENDTEXT KERNEL memdisk/memdisk APPEND iso initrd=memdisk/iso/dban-beta.2006042900_i386.iso
Save that file and now create the file pxelinux.cfg/pxe.conf and enter the following:
MENU TITLE Choose from the below options: menu color border 30;44 #ffffffff #00000000 std NOESCAPE 1 ALLOWOPTIONS 0 PROMPT 0 menu width 80 menu rows 14 MENU TABMSGROW 24 MENU MARGIN 14 MENU VSHIFT 6
This is all info that never changes and just takes up a lot of room in default so I moved it to a separate file.
Now for the fun stuff...
As you can see from the menu we are setting up Memtest86+ to test a computer's RAM, Offline NT Password & Registry Editor, and Darik's Boot and Nuke for wiping hard drives. The partitioning tool I mentioned earlier is Gnome Partition Editor, a.k.a. GPartEd. Making gparted available via PXE is documented on their site but requires a bit more work than these three tools do. To setup Memtest86+ download the latest pre-compiled binary from their site and copy the contained file to a folder named memtest in your TFTP root. Rename the binary to memtest, otherwise it will fail to boot. Ntpasswd is similarly simple. Just download the bootable CD image from their site, mount the .iso, and copy the following files to ntpasswd in your TFTP root:
Booting DBAN requires chainloading its ISO via memdisk, which is provided by the SYSLINUX package in a folder by the same name. Copy it to a folder named memdisk in the TFTP root, create a folder inside of there called iso, and save your dban disk image in there. So, thus far our directory structure should look like this:
/ # (the TFTP root) /pxelinux.0 /vesamenu.c32 /pxelinux.cfg/ /pxelinux.cfg/default /pxelinux.cfg/pxe.conf /memtest/memtest /ntpasswd/vmlinuz /ntpasswd/initrd.cgz /ntpasswd/scsi.cgz /memdisk/memdisk /memdisk/iso/dban-beta.2006042900_i386.iso
That's it -- everything is now setup. Hook a computer or virtual machine (with bridged networking) up to the network and reboot. Generally you press F12 to get a boot menu which will have your network adapter listed as an option (if not, look for a setting to enable it with PXE in the BIOS). Select your NIC and you should rapidly be greeted by a blue menu showing the options we just setup. The numbers in the menu are hot keys because we put the ^ symbol before them in the menu. If you do not pick anything within 30 seconds your computer will boot to its local hard drive automatically.
As a final note, there are many other tools that can be added to this boot menu and menu options can be protected via a plain text or encrypted password to keep users from messing up their computers. For example, I set this menu up where I work and it includes the following options:
1. Local boot
2. Symantec Ghost 2.5.1 (these all use a WinPE environment)
- Regular Ghost Client
- Ghost Console Client
- Windows 7 Enterprise x86 Installer (via a network share)
6. Ultimate Boot CD for Windows
7. Knoppix DVD (terminal server client environment)
9. Older Ghost Servers
- A Ghost 2.0 server
10. Ubuntu internet based installers
- 8.04 LTS amd64
- 8.04 LTS x86
- 9.04 amd64
- 9.04 x86
- 9.10 amd64
- 9.10 x86
- Gentoo amd64 minimal cd11.
- Gentoo x86 minimal cd
I hope you all find this as helpful in your day-to-day activities as it has been for me.
Gene Liverman is a Systems Administrator of *nix and VMware at a university.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- May 2016 Issue of Linux Journal
- Open-Source Project Secretly Funded by CIA
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Death of RoboVM
- The Humble Hacker?
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide