Hack and / - Lightning Hacks Strike Twice
It was exactly one year ago when I wrote my first Lightning Hacks column. The column was inspired by lightning talks that often occur at conferences. In a lightning talk, instead of one speaker giving a presentation for an hour, different people give 5–10-minute presentations. The idea is that many people are working on cool projects but may not have an hour's worth of material to present. And, the audience gets a rapid-fire presentation of a few different topics instead of one long lecture.
The idea behind lightning hacks is similar—I can cover some quick hacks I think are interesting but that don't warrant a full column. For example, in the first Lightning Hacks column [June 2008], I talked about an expanded wmctrl script that reset all of my windows to default locations and sizes, another script that toggled my laptop output for when I connect to a projector, and finally, I discussed how to use rdiff to create small diff files for large binaries. Now that a year has passed, I think it's time for lightning to strike twice.
Here's a quick one. I've mentioned this trick to a number of people, and I get one of two responses. This is one of those tricks (like Ctrl-R shell expansion in bash) that you either already know about and seems obvious to you, or one that you can't believe took so long to discover.
If you have spent a lot of time on the command line, you probably have heard about the pushd and popd scripts. These scripts let you create a stack that you can push directories on to and later pop them when you want to return to a previous directory. This script is cool, except you have to know in advance you want to save a directory and push it, so you can pop it later—I never seem to remember. Generally speaking, what I need is some quick way to go back to my previous directory. Lucky for me, bash's cd has this feature built in. All I do is type:
$ cd -
Bash keeps track of your current working directory in the $CWD variable and your previous directory in $OLDPWD. If you type cd -, bash substitutes - with $OLDPWD. Although you certainly could just type cd $OLDPWD, cd - is faster and easier to remember.
If you have to manage a lot of servers or run remote scripts in cron, SSH keys are a lifesaver. It's so nice to be able to ssh to a machine and instantly log in without typing a password. Of course, one of the more annoying parts of the process can be setting up the SSH keys on the remote host. Typically, the process goes something like this: run ssh-keygen locally, scp the ~/.ssh/id_rsa.pub to the remote server, then ssh to the remote server and append that key to your remote ~/.ssh/authorized_keys file.
The above method works, but if you can do the entire thing with a one-liner, why wouldn't you? Here's the SSH one-liner that will copy your local SSH key to the remote host, so you have to type the password only once in the whole process:
$ ssh firstname.lastname@example.org "cat >> ~/.ssh/authorized_keys" ↪< ~/.ssh/id_rsa.pub
Many great imaging tools are available, but for me, it's still hard to beat dd (unless your drive is dying, in which case you should use ddrescue). It is such a powerful, blunt, ancient UNIX tool, it's hard not to love it. These days, I don't image too many drives. I use kickstart for server deployments and rsync when I want to migrate files. That said, I still do image drives when I want to perform forensics on the host.
One problem you often have when you image drives is that your server might be in a data center hundreds or thousands of miles away. Even if the server is close by, you might not be able to add an extra drive on the fly. In either case, most sysadmins end up imaging the drive over the network. Traditionally, this was done via netcat, but these days, you always have to figure out some port you can use that won't be blocked by the firewall. Another problem is that netcat will transmit potentially sensitive data over the network in plain text. The modern solution to this problem is to use SSH. Many servers now have SSH running and available out of the box, and with modern processor speeds, the encryption overhead shouldn't be too bad either.
The one-liner to image drives over SSH works much like the one I used for SSH keys above. It takes advantage of the fact that if you pipe data or redirect input to SSH on the command line, it will forward it to the remote connection. So, if I wanted to image /dev/sda on my local machine to a file called /media/disk1/sda-image.img on server.example.net, I would type the following:
$ sudo dd if=/dev/sda | ssh email@example.com "cat ↪> /media/disk1/sda-image.img"
If I didn't want to image to a file and instead wanted to image directly to a drive on server.example.net, I simply could replace /media/disk1/sda-image.img with that device file (I just would need to log in as root).
Because you can image a drive over SSH, it makes sense that you can use a variation on the command to restore your image back to a drive. Here's the inverted version of the above command that I would use if I wanted to restore the /media/disk1/sda-image.img image I created back to /dev/sda:
$ ssh firstname.lastname@example.org "cat /media/disk1/sda-image.img" ↪| sudo dd of=/dev/sda
Kyle Rankin is VP of engineering operations at Final, Inc., the author of many books including Linux Hardening in Hostile Networks, DevOps Troubleshooting and The Official Ubuntu Server Book, and a columnist for Linux Journal. Follow him @kylerankin
|Chemistry on the Desktop||Mar 23, 2017|
|Five HPC Cost Considerations to Maximize ROI||Mar 23, 2017|
|Two Ways GDPR Will Change Your Data Storage Solution||Mar 22, 2017|
|Android Candy: That App Is for the Birds!||Mar 22, 2017|
|Hodge Podge||Mar 21, 2017|
|William Rothwell and Nick Garner's Certified Ethical Hacker Complete Video Course (Pearson IT Certification)||Mar 20, 2017|
- Chemistry on the Desktop
- Five HPC Cost Considerations to Maximize ROI
- Preseeding Full Disk Encryption
- William Rothwell and Nick Garner's Certified Ethical Hacker Complete Video Course (Pearson IT Certification)
- Hodge Podge
- Two Factors Are Better Than One
- Two Ways GDPR Will Change Your Data Storage Solution
- GRUB Boot from ISO
- Minifree Ltd.'s GNU+Linux Computers
- Flash ROMs with a Raspberry Pi