Monday, January 10, 2011

Handling RAID 5 Failover, when 1 disk gets dead .

Handling RAID 5 Failover, when 1 disk gets dead .

As everything eventually does break (some sooner than others) a drive in the array will fail. It is a very good idea to run smartd on all drives in your array (and probably ALL drives period) to be notified of a failure or a pending failure as soon as possible. You can also manually fail a partition, meaning to take it out of the RAID array, suppose in your scenario "/dev/sdc1" drive is faulty, then first we add another drive "/dev/sde" change it to "RAID auto detect partition",

1. Now here we make a RAID partition by,

#fdisk /dev/sde

Now, make a primary partition with full size and "fd" partition id.

After creating RAID partition "/dev/sde1", it'll look like as below snap;

2. Next, we will detach faulty drive "/dev/sdc1" by,

#mdadm /dev/md0 -f /dev/sdc1

3. Add new RAID partition "/dev/sde1" in RAID 5 device "/dev/md0",

Note : If you will notice here, i am adding new drive or partition of the same size as the previous faulty drive or partition.

We will wait here till the rebuilding RAID reaches to 100%.

Note : During the rebuild process the system performance may be somewhat impacted but the data should remain in-tact.

How to extend LVM Volume online ?

How to extend LVM Volume online ?

Note : If you see my current setting of LVM is as below;

1. Here with below command i am extending my "/dev/vg0_data/vol0_Data" volume by "2GB"

#lvextend -L +2048M /dev/vg0_data/vol0_Data

But to get that 2GB memory online you need to execute one more command,

# resize2fs /dev/vg0_data/vol0_Data

Now to verify, do as below in snap;

   In LVM, online memory extend of LV is possible, but to reduce LV size will need a reboot.

#lvreduce -L -1024M /dev/vg0_data/vol0_Data

Implimenting LVM over RAID 5

Implimenting LVM over RAID 5 

What is LVM : LVM stands for Logical Volume Manager, It is needed to be implimented if you want to increase your Logical Volume size in online (Increase without restart) condition, mostly in case of large production scenarios. In normal scenarios, we just setup server with normal "Ext3" to which we cant expand if it gets full. So here LVM concept comes.

Why LVM on RAID 5 : To get data redundancy as well as online memory expand.

As you saw in my previous article, how to impliment RAID 5 on RHEL / CentOS now next step is what you will do if you want Data redundancy as well as online memory expanding feature ?
Yes, we impliment LVM over the RAID 5 volume. See below how ???

1. Here i am assuming that we have successfully created a "/dev/md0" raid volume.

2. Now in LVM 1st we will create Physical Volume

#pvcreate /dev/md0
   Physical volume "/dev/md0" successfully created (Output)

3. Next create Volume Group named "vg0_data" with device "/dev/md0"

#vgcreate vg0_data /dev/md0
   /dev/cdrom: open failed: No medium found (Output)
   Volume group "vg0_data" successfully created (Output)

4. Make Logical Volume "vol0_Data" of 20GB on Volume group "vg0_data". Here if you notice i have total 39.98 GB space on my Physical Volume and Voume Group.

#lvcreate -L 20G -n vol0_Data vg0_data
   Logical volume "vol0_Data" created (Output)

5. Check all four below commands as in below two snap, see what type of output you get on your system,

5. The last thing is remaining guess what ??? Making a file system :)

#mkfs -t ext3 /dev/vg0_data/vol0_Data
#mkdir /data
#mount /dev/vg0_data/vol0_Data /data

6. To make it permanent, edit "/etc/fstab" file, as in below snap

check it using "mount -a".


How to implement and configure RAID 5 on RHEL / CentOS ?

How to implement and configure RAID 5 on RHEL / CentOS ?

What is RAID 5 : RAID-5 eliminates the use of a dedicated parity drive and stripes parity information across each disk in the array.

Why we use RAID 5 : RAID-5 has become extremely popular among Internet and e-commerce companies because it allows administrators to achieve a safe level of fault-tolerance without sacrificing the tremendous amount of disk space necessary in a RAID-1 configuration or suffering the bottleneck inherent in RAID-4. RAID-5 is especially useful in production environments where data is replicated across multiple servers, shifting the internal need for disk redundancy partially away from a single machine. RAID level 5 can replace a failed drive with a new drive without user intervention. This functionality, known as Hot-spares. Also supports Hot-Swap, Hotswap is the ability to removed a failed drive from a running system so that it can be replaced with a new working drive. This means drive replacement can occur without a reboot. Hot-swap is useful in two situations. First, you might not have enough space in your cases to support extra disks for the Hot-Spare feature. So when a disk failure occurs, you may want to immidiately replace the failed drive in order to bring the array out of degraded mode and begin reconstruction. Second, although you might have hot-spares in a system, it is useful to replace the failed disk with a new hot-spare in anticipation of future failures.

1. Here first we will check all the detected HDD's, as you can see in the below snap 1st three HDD's (/dev/sdb, sdc and sdd) we will use to make RAID 5 (/dev/md0) partition.

2. Now we will make a RAID partition on each three drives (sdb, sdc, sdd) one by one, here we go with "/dev/sdb" first,

#fdisk /dev/sdb

A. Note : Here in this tutorial we will use only highlighted options in the next snap,

B. Press "n" to create new partition, then select "p" for creating Primary partition, here we are making only 1 partition so choose "1", keep first & last cylinder defualt so press double "enter", If you check in below snap "p" will display recentely created partition (/dev/sdb1) with Partition ID "83".

C. As we have to make "RAID" partition we will change it's partition ID to "fd" from "83", you will get all partition ID lists by pressing "l",

D. Next press "t" & then enter "fd" & press enter, now after pressing "p" you can see that your partition ID has been changed to "fd" i.e. Linux raid autodetect.

E. Now, if you will check this setting what you made just now is just temporary, to make it permanent we need to update partition table, So here what "w" option will do for you, it'll update your partition table & exit from fdisk prompt.

3. Do same with other two HDD's i.e. /dev/sdc & /dev/sdd . After you complete the process it'll look like this as below,

4. Next we will implement RAID 5 and make a saftware RAID 5 device "/dev/md0"

#mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/sdb1 /dev/sdc1 /dev/sdd1

Note : To check /dev/md0 status,

#mdadm --detail /dev/md0

Note : As in above snap wait till Rebuild status reaches to 100%. To check it continuously without executing command again and again do as,

Here in next snap, if you check after it reaches to 100% it should show "Status - Clean" and below all the three disks should be in "active - Sync".

5. And thats it ... our RAID 5 partition "/dev/md0" is ready. Now you have two ways to access it, either you impliment LVM on it or directly access it by formating it and mounting it on a mount point. But keep in mind if you want LVM on Raid device then dont follow next steps and see my other article for "Implimenting LVM over RAID 5"

Here in this tutorial i am making ext3 filesystem and mounting it on a folder to access it.

#mkfs -t ext3 /dev/md0

6. Then to mount "/dev/md0" we will make a new folder "/Raid5_Data",

#mkdir /Raid5_Data

#mount /dev/md0 /Raid5_Data (Temp Mount)

7. To make it permanent edit "/etc/fstab" file and add below line,

/dev/md0 /Raid5_Data ext3 defaults 1 2

Note : Dont make any other modification, else if you reboot next time it will go to emergency mode.

To check if you edited it properly, execute "mount -a" if it shows any error  make it correct.

And start accessing your "/Raid5_Data" for your use. I am including second method "LVM on RAID 5" in my another article.

Thursday, January 6, 2011

Simple Nagios Installation and Configuration.

Nagios Prerequisites:

1. Packages - Apache Web Server, PHP, gcc & gd libraries for compilation.

2. Should be configured with static IP & valid FQDN.

3. All the monitoring devices should be accessible from Nagios Host.

A. Installation of Apache :

#yum install httpd*

Note : Now after httpd installation start webserver by,

#service httpd start

#chkconfig httpd on

B. Install all dependency packages like,

#yum install php* gcc* gd*

C. Download Nagios "nagios-3.2.3.tar.gz" & "nagios-plugins-1.4.15.tar.gz" packages from below website,


D. Nagios Installation :

1. Extract nagios-3.2.3.tar.gz package,

#cd /root/Desktop/

#tar -zxvf nagios-3.2.3.tar.gz

It will extract all files in "nagios-3.2.3" folder,

2. Add User "nagios"  & provide password,

#useradd nagios
#passwd nagios

#usermod -a -G nagios apache

Note : The above command will permit users to execute commands through Web Interface.

3. Go to "nagios-3.2.3" folder,

#cd nagios-3.2.3


Copy it's configuration output in a file for your info as below,


*** Configuration summary for nagios 3.2.3 10-03-2010 ***:

 General Options:
        Nagios executable:  nagios
        Nagios user/group:  nagios,nagios
       Command user/group:  nagios,nagios
            Embedded Perl:  no
             Event Broker:  yes
        Install ${prefix}:  /usr/local/nagios
                Lock file:  ${prefix}/var/nagios.lock
   Check result directory:  ${prefix}/var/spool/checkresults
           Init directory:  /etc/rc.d/init.d
  Apache conf.d directory:  /etc/httpd/conf.d
             Mail program:  /bin/mail
                  Host OS:  linux-gnu

 Web Interface Options:
                 HTML URL:  http://localhost/nagios/
                  CGI URL:  http://localhost/nagios/cgi-bin/
 Traceroute (used by WAP):  /bin/traceroute


Next, execute these commands;

#make all
#make install
#make install-init
#make install-config
#make install-commandmode
#make install-webconf

4. Create a user & provide password to access nagios on web,

#htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

#service httpd restart (Restart httpd service)

5. Nagios Plug-in installation:

#tar -zxvf nagios-plugins-1.4.15.tar.gz
#cd nagios-plugins-1.4.15
#make install

6. Add nagios service in chkconfig,

#cd /etc/init.d/
#chkconfig --add nagios
#chkconfig nagios on

E. Checking nagios configuration for errors;

#/usr/local/nogios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

F. Accessing Nagios through Web, open Web browser;

Login Cridentials will be same as u configured in #Step D.4  i.e.

Username - nagiosadmin
Password - *******

G. Configuring remotehost or device in nagios:

#cp /usr/local/nagios/etc/objects/localhost.cfg  /usr/local/nagios/etc/objects/LinuxHost1.cfg

Note : Comment the hostgroup entries in order to prevent duplicate entries and change the localhost entries to the remote machine hostname and IP address.]

Wednesday, January 5, 2011

What is Patch ?

What Is a Patch?

A patch is an update. It incorporates changes in source code. Patches are normally applied to specific software components, such as the kernel, or a service, such as vsFTP. Patches may fix bugs, address security issues, or incorporate new features. As an administrator, you're responsible for testing the new software, making sure that it addresses any problems before your users see them on their systems. Patches can be released from developer or some 3rd parties.

It can be apply for,

1. Security Fixes
2. Service Upgrades
3. Bug Fixes
4. Kernel Patches
5. Kernel Upgrades

Patch Sources:

There are several sources for patches and upgrades. The best source is generally the upgrade repository preconfigured for your distribution. However, there is often a delay when distribution developers process updates from other sources, such as the kernel, or services, such as the Apache Web server.

Red Hat Enterprise Linux Updates :

If you want RHEL, you may have already taken the following steps:

1.  Register with the Red Hat Network at

2.  Examine available RHEL distributions.

3.  Purchase one or more subscriptions for RHEL.

4.  Activate your subscription(s).

5.  Download or acquire the CDs for RHEL.

6.  Install RHEL on your computers.

7.  Update your system through the Red Hat Network.

The Red Hat Update Agent:

RHEL's Update Agent, also known as up2date, provides a complete system for updating the RPM packages installed on your RHEL computers. It allows you to register with and monitor appropriate Red Hat repositories for updates.

Sudo How to ..?

Sudo (superuser do) allows a system administrator to work using his own account and switch to root or other user identity available on the system only for commands that need it.

Here i have added four users ashish, akshay, agent and mach for this tutorial to make them sudo users.

Log File for Sudo :


SUDO file:


What we will do here:

1. User "ashish" will have access of all commands as root, but with password.
2. User "akshay" will have access of all commands as root, but without password.
3. User "agent" will have limited access of network service, but with password.
4. User "mach" will have limited access of adding users & setting password for them, with password.

To Set sudo users,


To set access for Users "Ashish" and "Akshay" add entry as below after "root    ALL=(ALL)       ALL",

ashish  ALL=(ALL)       ALL
akshay  ALL=(ALL)       NOPASSWD: ALL

To set Network service access for user "agent" with Password,

  User_Alias NETSERVICE=agent
Cmnd_Alias NETSERVICE_CMDS=/etc/init.d/network

To give access to user "mach" for two commands "useradd" and "passwd" with passwd

User_Alias LOGIN=mach
Cmnd_Alias LOGIN_CMDS=/usr/sbin/useradd, /usr/bin/passwd

Now login with each user & verify .

You will notice here :

1. User "ashish" will have full command access with below syntex, Login with User "ashish";

$sudo fdisk -l

It'll ask for password & show you result.

2. User "akshay" will have full command access with below syntex, Login with User "akshay";

$sudo fdisk -l

It'll not ask you any password & directly show you results.

3. User "agent" will have only network service access with below syntex, Login with User "agent";

$sudo /etc/init.d/network restart {You can also use "start, stop, status" options}

It'll ask for password & show you result.

4. User "mach" will have access for two commands "useradd & passwd" with below syntex, Login with User "mach";

$sudo useradd User1 {Can add User}

$sudo passwd User1 {Can set password for any user}

It'll ask for password & show you result.

_Enjoy  :)

Tuesday, January 4, 2011

How to install Grub natively on your HDD ?

Installing GRUB natively :

Caution: Installing GRUB's stage1 in this manner will erase the normal boot-sector used by an OS.

GRUB can currently boot GNU Mach, Linux, FreeBSD, NetBSD, and OpenBSD directly, so using it on a boot sector should be okay. But generally, it would be a good idea to back up the first sector of the partition on which you are installing GRUB's stage1. This isn't as important if you are installing GRUB on the first sector of a hard disk, since it's easy to reinitialize it (e.g. by running `FDISK /MBR' from DOS).

If you decide to install GRUB in the native environment, which is definitely desirable, you'll need to create the GRUB boot disk, and reboot your computer with it.

Once started, GRUB will show the command-line interface. First, set the GRUB's root device, to the boot directory, like this:

grub> root (hd0,0)

If you are not sure which partition actually holds these files, use the command like this;

grub> find /boot/grub/stage1

Note : This will search for the file name `/boot/grub/stage1' and show the devices which contain the file.

Once you've set the root device correctly, run the command as below,

grub> setup (hd0)

Note : This command will install GRUB on the MBR in the first drive. If you want to install GRUB into the boot sector of a partition instead of the MBR, specify a partition into which you want to install GRUB:

grub> setup (hd0,0)

If you install GRUB into a partition or a drive other than the first one, you must chain-load GRUB from another boot loader like,

 grub> rootnoverify (hd0,0)
 grub> makeactive
grub> chainloader +1

To make it permanently;

Go to "/boot/grub/grub.conf" and edit it. Add a new section at last of the file,

#Windows XP Boot Setting
title Windows XP
rootnoverify (hd0,0)
chainloader +1

For more info about grub.conf check out "menu.lst" file in "/usr/share/doc/grub*/" .

"grub-install" How to.

1. How to create GRUB boot floppy with a filesystem ?

# mke2fs /dev/fd0
# mount -t ext2 /dev/fd0 /mnt
# grub-install --root-directory=/mnt fd0
# umount /mnt

2. How to install GRUB in USB pendrive ?

Some BIOSes have a bug of exposing the first partition of a USB drive as a floppy instead of exposing the USB drive as a hard disk (they call it “USB-FDD” boot). In such cases, you need to install like this:

# losetup /dev/loop0 /dev/sdb1
# mount /dev/loop0 /mnt/usb
# grub-install --boot-directory=/mnt/usb/bugbios --force --allow-floppy /dev/loop0

3. How to install GRUB if you have saparate /boot partition on any Hard disk ? # grub-install --root-directory=/boot /dev/hda OR, in grub menu to install GRU on available hardisk, root (hd0,0) setup (hd0)

grub-install accepts the following options: ‘--help’ Print a summary of the command-line options and exit. ‘--version’ :Print the version number of GRUB and exit. ‘--root-directory=dir’ :Install GRUB images under the directory dir instead of the root directory. This option is useful when you want to install GRUB into a separate partition or a removable disk. Here is an example in which you have a separate boot partition which is mounted on ‘/boot’: grub-install --root-directory=/boot hd0 ‘--recheck’ :Recheck the device map, even if ‘/boot/grub/’ already exists. You should use this option whenever you add/remove a disk into/from your computer.

What is GRUB ?

What is GRUB ?

GRUB (GRand Unified Bootloader) : A boot loader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to an operating system kernel software. The kernel, in turn, initializes the rest of the operating system. GRUB is a very powerful boot loader, which can load a wide variety of free operating systems, as well as proprietary operating systems with chain-loading (chain-load is the mechanism for loading unsupported operating systems by loading another boot loader. It is typically used for loading DOS or Windows). One of the important features in GRUB is flexibility; GRUB understands filesystems and kernel executable formats, so you can load an arbitrary operating system the way you like, without recording the physical position of your kernel on the disk.


1. Support multiple filesystem types like, ext2/3/4, DOS, FAT12/16/32, NTFS, ReiserFS and many more.
2. Suppoerts automatic & transparent decompression of files which were compressed by gzip.
3. Support reading data from any or all floppies or hard disk(s) recognized by the BIOS, independent of the setting of the root device.
4. Detect all installed RAM.
5. Support network booting, like loading OS images from a network by using the TFTP protocol etc.

Devices naming conventions:

"(fd0)" - Floppy Disk - 0 is the device number, it starts with "0 to 1,2,3 etc."

"(hd0,msdos2)" - Hard Disk  - This expression means the second partition of the first hard disk drive. In this case, GRUB uses one partition of the disk, instead of the whole disk.

"(hd0,msdos5)" - This specifies the first extended partition of the first hard disk drive. Note that the partition numbers for extended partitions are counted from ‘5’, regardless of the actual number of primary partitions on your hard disk.

"(hd0,msdos1)/vmlinuz" - This specifies the file named ‘vmlinuz’, found on the first partition of the first hard disk drive.

Grub Errors:

1 : Filename must be either an absolute filename or blocklist
This error is returned if a file name is requested which doesn't fit the syntax/rules.

2 : Bad file or directory type
This error is returned if a file requested is not a regular file, but something like a symbolic link, directory, or FIFO.

3 : Bad or corrupt data while decompressing file
This error is returned if the run-length decompression code gets an internal error. This is usually from a corrupt file.

4 : Bad or incompatible header in compressed file
This error is returned if the file header for a supposedly compressed file is bad.

5 : Partition table invalid or corrupt
This error is returned if the sanity checks on the integrity of the partition table fail. This is a bad sign.

6 : Mismatched or corrupt version of stage1/stage2
This error is returned if the install command is pointed to incompatible or corrupt versions of the stage1 or stage2. It can't detect corruption in general, but this is a sanity check on the version numbers, which should be correct.

7 : Loading below 1MB is not supported
This error is returned if the lowest address in a kernel is below the 1MB boundary. The Linux zImage format is a special case and can be handled since it has a fixed loading address and maximum size.

8 : Kernel must be loaded before booting
This error is returned if GRUB is told to execute the boot sequence without having a kernel to start.

9 : Unknown boot failure
This error is returned if the boot attempt did not succeed for reasons which are unknown.

10 : Unsupported Multiboot features requested
This error is returned when the Multiboot features word in the Multiboot header requires a feature that is not recognized. The point of this is that the kernel requires special handling which GRUB is likely unable to provide.

11 : Unrecognized device string
This error is returned if a device string was expected, and the string encountered didn't fit the syntax/rules listed in the section Filesystem syntax and semantics.

12 : Invalid device requested
This error is returned if a device string is recognizable but does not fall under the other device errors.

13 : Invalid or unsupported executable format
This error is returned if the kernel image being loaded is not recognized as Multiboot or one of the supported native formats (Linux zImage or bzImage, FreeBSD, or NetBSD).

14 : Filesystem compatibility error, cannot read whole file
Some of the filesystem reading code in GRUB has limits on the length of the files it can read. This error is returned when the user runs into such a limit.

15 : File not found
This error is returned if the specified file name cannot be found, but everything else (like the disk/partition info) is OK.

16 : Inconsistent filesystem structure
This error is returned by the filesystem code to denote an internal error caused by the sanity checks of the filesystem structure on disk not matching what it expects. This is usually caused by a corrupt filesystem or bugs in the code handling it in GRUB.

17 : Cannot mount selected partition
This error is returned if the partition requested exists, but the filesystem type cannot be recognized by GRUB.

18 : Selected cylinder exceeds maximum supported by BIOS
This error is returned when a read is attempted at a linear block address beyond the end of the BIOS translated area. This generally happens if your disk is larger than the BIOS can handle (512MB for (E)IDE disks on older machines or larger than 8GB in general).

19 : Linux kernel must be loaded before initrd
This error is returned if the initrd command is used before loading a Linux kernel. Similar to the above error, it only makes sense in that case anyway.

20 : Multiboot kernel must be loaded before modules
This error is returned if the module load command is used before loading a Multiboot kernel. It only makes sense in this case anyway, as GRUB has no idea how to communicate the presence of location of such modules to a non-Multiboot-aware kernel.

21 : Selected disk does not exist
This error is returned if the device part of a device- or full file name refers to a disk or BIOS device that is not present or not recognized by the BIOS in the system.

22 : No such partition
This error is returned if a partition is requested in the device part of a device- or full file name which isn't on the selected disk.

23 : Error while parsing number
This error is returned if GRUB was expecting to read a number and encountered bad data.

24 : Attempt to access block outside partition
This error is returned if a linear block address is outside of the disk partition. This generally happens because of a corrupt filesystem on the disk or a bug in the code handling it in GRUB (it's a great debugging tool).

25 : Disk read error
This error is returned if there is a disk read error when trying to probe or read data from a particular disk.

26 : Too many symbolic links
This error is returned if the link count is beyond the maximum (currently 5), possibly the symbolic links are looped.

27 : Unrecognized command
This error is returned if an unrecognized command is entered into the command-line or in a boot sequence section of a configuration file and that entry is selected.

28 : Selected item cannot fit into memory
This error is returned if a kernel, module, or raw file load command is either trying to load its data such that it won't fit into memory or it is simply too big.

29 : Disk write error
This error is returned if there is a disk write error when trying to write to a particular disk. This would generally only occur during an install of set active partition command.

30 : Invalid argument
This error is returned if an argument specified to a command is invalid.

31 : File is not sector aligned
This error may occur only when you access a ReiserFS partition by block-lists. In this case, you should mount the partition with the `-o notail' option.

32 : Must be authenticated
This error is returned if you try to run a locked entry. You should enter a correct password before running such an entry.

Monday, January 3, 2011

How to recover bad partition or superblock on Ext3 partition ?

How to recover bad partition or superblock on Ext3 partition ?

What if you are getting below two errors ?

1. /dev/sdb2: Input/output error
2. mount: /dev/sdb2: can't read superblock

Steps :

1. If you can go to Emergency Mode in the Linux and it directely asking for password or else Go to rescue mode, by booting with 1st Linux cd or a DVD then on "boot:" prompt "linux rescue" and press enter.

2. Unmount the partition first on which you getting the error.

3. Next find out bad superblock to recover,

#dumpe2fs /dev/sdb2 | grep superblock

Sample Output :

Primary superblock at 0, Group descriptors at 1-6
  Backup superblock at 32768, Group descriptors at 32769-32774
  Backup superblock at 98304, Group descriptors at 98305-98310
  Backup superblock at 163840, Group descriptors at 163841-163846

  Backup superblock at 229376, Group descriptors at 229377-229382
  Backup superblock at 294912, Group descriptors at 294913-294918
  Backup superblock at 819200, Group descriptors at 819201-819206
  Backup superblock at 884736, Group descriptors at 884737-884742

  Backup superblock at 1605632, Group descriptors at 1605633-1605638
  Backup superblock at 2654208, Group descriptors at 2654209-2654214
  Backup superblock at 4096000, Group descriptors at 4096001-4096006
  Backup superblock at 7962624, Group descriptors at 7962625-7962630

  Backup superblock at 11239424, Group descriptors at 11239425-11239430
  Backup superblock at 20480000, Group descriptors at 20480001-20480006
  Backup superblock at 23887872, Group descriptors at 23887873-23887878

4. Check & repair a Linux file system using alternet superblock #32768#,

#fsck -b 32768 /dev/sdb2

Sample Output :

fsck 1.40.2 (12-Jul-2007)
e2fsck 1.40.2 (12-Jul-2007)
/dev/sda2 was not cleanly unmounted, check forced.
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity

Pass 4: Checking reference counts
Pass 5: Checking group summary information
Free blocks count wrong for group #241 (32254, counted=32253).
Fix? yes

Free blocks count wrong for group #362 (32254, counted=32248).

Fix? yes

Free blocks count wrong for group #368 (32254, counted=27774).
Fix? yes
/dev/sda2: ***** FILE SYSTEM WAS MODIFIED *****
/dev/sda2: 59586/30539776 files (0.6% non-contiguous), 3604682/61059048 blocks


5. Next we try to mount /dev/sdb2 file system;

#mount /dev/sda2 /mnt

Note : We can also use superblock stored at #32768# to mount the partition,

#mount sb=32768 /dev/sdb2 /mnt

6. Now check if it worked for you & copy all its recovered file on another safe location.

-Enjoy :)

How to delete file permanentely so that no one can recover ?

How to delete file permanentely so that no one can recover ?

shred: Shred utility overwrites a file to hide its contents, and optionally delete it if needed. The idea is pretty simple as it overwrites the specified FILE(s) repeatedly, in order to make it harder for even very expensive hardware probing to recover the data. By default file is overwritten 25 times. When you move your rented server you should consider running file shredding; otherwise new owner can get data including passwords.

1. Shred a single file;

Securely delete a file called /root/

#shred -u /root/

You can add a final overwrite with zeros to hide shredding:

#shred -u -x /root/

-u : Remove file after overwriting
-x : Add a zero to hide shredding
-n <Number> : Overwrite number of times instead of the default 25

2. To shred on entire partition;

#shread -n 30 -vz /dev/sdb

How to use dd command ?

How to use dd command ?

DD - Disk Dump

1.  Create an empty file of 650MB size.

#dd if=/dev/zero of="empty_file" bs=1024k count=650

2. To Create ISO from CD OR DVD

#dd if=/dev/cdrom of=file.iso

3. Create an exact image of this floppy-disk by issuing the command

#dd if=/dev/fd0 of=floppy.img

4. Create backup of HDD or partition

#dd if=/dev/sdb of=backup.dd

You can check the backup image consistency to check for any problem with backup image

#fsck -y backup.dd

5. Creating backup of one hardisk in to second HDD.

#dd if=/dev/sda of=/dev/sdb conv=noerror,sync bs=4k

Note :  dd with conv=noerror writes nothing in the image in case of a bad block.

    You can check the backup image consistency to check for any problem with backup image

#fsck -y /dev/sdb

6. How to take backup of only MBR and MBR + Partition Table;

#dd if=/dev/sda of=mbr.bak bs=1 count=446 (Backup only MBR)

#dd if=/dev/sda of=mbr_part.bak bs=1 count=512 (Backup MBR + Partition Table)

   To restore,

#dd if=mbr.bak of=/dev/sda bs=1 count=446 (Restore only MBR)

#dd if=mbr_part.bak of=/dev/sda bs=1 count=512 (Backup only MBR)

7. To wipe the hard disk completely,

#dd if=/dev/zero of=/dev/sda

8. How to compress DD image ?

#dd if=/dev/hda conv=sync,noerror bs=64K | gzip -c  > /mnt/sda1/hda.img.gz

        Note that /mnt/sda1 is my backup device.

"dd" is the command to make a bit-by-bit copy of "if=/dev/hda" as the "Input File" to "of=/mnt/sda1/hda.img.gz" as the "Output File". Everything from the partition will go into an "Output File" named "hda.img.gz". "conv=sync,noerror" tells dd that if it can't read a block due to a read error, then it should at least write something to its output of the correct length. Even if your hard disk exhibits no errors, remember that dd will read every single block, including any blocks which the OS avoids using because it has marked them as bad. "bs=64K" is the block size of 64x1024 Bytes. Using this large of block size speeds up the copying process. The output of dd is then piped through gzip to compress it.

To restore your system:

#gunzip -c /mnt/sda1/hda.img.gz | dd of=/dev/hda conv=sync,noerror bs=64K

9. Store extra information about the drive geometry necessary in order to interpret the partition table stored within the image. The most important of which is the cylinder size.

# fdisk -l /dev/hda > /mnt/sda1/


One of the disadvantages of the dd method over software specifically designed for the job such as Ghost or partimage is that dd will store the entire partition, including blocks not currently used to store files, whereas the likes of Ghost understand the filesystem and don't store these unallocated blocks. The overhead isn't too bad as long as you compress the image and the unallocated blocks have low entropy. In general this will not be the case because the emtpy blocks contain random junk from bygone files. To rectify this, it's best to blank all unused blocks before making the image. After doing that, the unallocated blocks will contain mostly zeros and will therefore compress down to almost nothing.

Mount the partition, then create a file of zeros which fills the entire disk, then delete it again.

# dd if=/dev/zero of=/tmp/ bs=8M; rm

And then,

#dd if=/dev/hda conv=sync,noerror bs=64K | gzip -c  > /mnt/sda1/backup.img.gz

10. You can also use the cat command and pipe it through gzip with the "-9" option (for maximum compression) and then redirect the output to your image file:

#cat /dev/sda | gzip -9 > hdbback.img.gz

11. Error Handling : Murphy's Law was postulated long before digital computers, but it seems it was specifically targeted for them. When you need to read a floppy or tape, it is the only copy in the universe and you have a deadline past due, that is when you will have a bad spot on the magnetic media, and your data will be unreadable. To the rescue comes dd, which can read all the good data around the bad spot and continue after the error is encountered. Sometimes this is all that is needed to recover the important data.

#dd bs=265b conv=noerror if=/dev/st0 of=/tmp/bad.tape.image