Raghupathy’s Tech Page

How to take backup of a working system using System rescue cd

In order to take backup of a system we need a destination to save the image files so we need to create a NFS server

How to create NFS server

1. Make a directory like named as backup in the server

2. Make sure you have the necessary NFS utilities installed in your NFS Server.

3. Please Install Portmap in your server.

4. Type vi /etc/exports

5. Include the directory name in the file like

/home/backup *(rw)

6. Start the NFS service

Service nfs start

Service nfslock start

Service portmap start

7. Boot the system with system rescue cd which you want to take backup

8. Type net-setup or net-setup eth0 and hit enter

9. Choose appropriate options based upon your network and assign the ip address

10. Create a directory by using the cmd mkdir image

11. Check whether the NFS services started in the system rescue cd

12 If not please type /etc/init.d/nfsmount start this will help you to start the nfs in the system rescue cd

13. Type mount 192.168.10.20:/home/backup image (ip addr is the nfs server’s ip and image is the directory which we created in the system rescue cd)

14. Check whether it’s mounted with opening the directory named image

15. Type fdisk –l and this will display the harddisk partition info like below

Device Boot Start End Blocks Id System

/dev/sda1 * 1 13 104391 83 Linux

/dev/sda2 14 3200 25599577+ 83 Linux

/dev/sda3 3201 6260 24579450 83 Linux

/dev/sda4 6261 9729 27864742+ 5 Extended

/dev/sda5 6261 6518 2072353+ 82 Linux swap / Solaris

/dev/sda6 6519 9729 25792326 83 Linux

Just make a note of the above table for precaution with id no and starting and ending cylinders

16. If you want to backup the partition /dev/sda1 then just type

partimage save /dev/sda1 image sda1.gz this will save the /dev/sda1 as an image file in the NFS server.

17. Use the same cmd and save all other remaining partitions in the NFS server.

18. If you want to backup of your MBR and Partition Table just type the following cmd

dd if=/dev/sda of=image/root-sda-MBR-PARTTABLE-230408 count=1 bs=512

To Restore the image files to a system follow the steps 7 to 13 again

1. First we going to restore the MBR and Partition table to the new system which have the hardware
2. Just type the following cmd to restore the MBR and partition table

dd if=image/root-sda-MBR-PARTTABLE-230408 of=/dev/sda count=1 bs=512

and this will restore the MBR and the partition table to the new system

1. Just type fdisk –l and make sure the partition is created
2. If there is no partition then just create the partitions with noted cylinder information the step no 15
3. Type the cmd like mkfs -t ntfs /dev/sda1 for ntfs partition or mkfs .vfat /dev/sda2 cmd for ext3 just use the cmd mkfs .ext3 /dev/sda3
4. Type the cmd partimage and hit enter
5. It will display a screen like this

Choose the partition which you want to restore and use the tab key to move the options

8. Type the image file location in the image file to create option

9. Choose Restore partition from an image file and press F5 and follow the steps and that will restore the backed up image to the new system

10. Follow the same to restore all other partitions

11. After restore reboot the system and take off the system rescue cd and that will boot with all applications which you had before

12. If you are using a Dual boot system some time you may have some error like autochk not found and reboot automatically when booting windows (This will happen only when the partition table id is changed)

13. If you have dual boot just boot in to Linux and open the terminal and type fdisk /dev/sda and hit enter

14. Just type t and hit enter and change the id for partition by referring the id no which you noted before in step no 15 and type w to save the partition table

15. If you using only windows and getting the same autochck error then boot with system rescue cd and follow step no 14 to change the id no in the partition table or just follow the steps below

1) Click the link below and save PTEDIT.ZIP to your desktop

ftp://ftp.symantec.com/public/english_us_canada/tools/pq/utilities/ptedit.zip

2) Create a bootable MS-DOS disk for Windows

In Windows XP

• Place a blank floppy disk in Drive A
• Open My Computer
• Right-click on Drive A (floppy drive)
• Click on Format
• Check the box for “Create an MS-DOS Startup Disk”
• Click Start
• Click OK to the warning about formatting the disk will erase all data
• Click Ok to Format Complete
• Close the Format Disk window

For boot disks for other operating systems, you may want to visit bootdisk.com

3) Copy PTEDIT to the floppy disk

• Double-click on the PTEDIT.ZIP file you downloaded to the desktop
• Right-click on PTEDIT.EXE and click on Copy
• Open My Computer
• Double-click on Drive A
• Click on Edit
• Click on Paste

4) Remove the disk from the floppy drive and place it in the floppy drive of the problem computer

5) Turn on the power to the problem computer and allow it to boot to from the floppy drive. Make sure the BIOS in your computer is set to boot from the floppy drive first.

6) At the A:\> prompt, type the following

PTEDIT and press Enter

7) You’ll be presented with “Power Quest Partition Table Editor” screen. The key is to look in the first column of the table under Type. The number here should generally be 07 (hex), meaning the partition is an “Installable File System”, in other words a bootable drive. If its anything else its not bootable.

Using your tab key, tab down to the Type box and hold down ALT + T to open the Set Type menu, then with your keyboard arrow, select 07, tab down to Ok and press Enter

Hold down ALT + S to Save Changes to the partition table and then Press CTRL +C to exit out of the program.

9) Reboot your computer and it should now boot normally into Windows.

Of course, all these steps should be followed correctly, and if you are not comfortable changing this information you should consult a friend or computer tech that can help you with the problem.

Just leave your comments for this article

The Network Time Protocol is defined in RFC1305 and allows the transfer and maintenance of time functions over distributed network systems. One of the most widely used NTP servers is ntpd (ntp.isc.org), which also provides Simple NTP (RFC2030) and is a common package of most Linux distributions. The NTP server figures out how much the system clock drifts and smoothly corrects it with delicate accuracy, as opposed to large adjustments once every few hours.

The following chapter details how to configure the local NTP daemon to access external time servers and to provide the clients on the internal network the ability to synchronise from the server.

Basic Configuration

Just like any time piece, the NTP server maintains a time service where the synchronisation and maintenance of time is paramount. Before any time services are configured, its important that the server should have an initial state which has been synchronised with another time source reference. The following command will synchronise the local system time against another server, ensuring nearest possible time is available before configuring the NTP server.

[bash]# ntpdate -b pool.ntp.org

Before we adjust any configuration files, its always recommended that we make a backup of the original in case things go wrong, then we can edit the file and make changes as required.

[bash]# cp /etc/ntp.conf /etc/ntp.conf.original [bash]# vi /etc/ntp.conf

Finding a Time Source

One of the most difficult issues that people face with NTP is finding a time server that allows home and small office users to publicly synchronise off them. Enter the NTP Pooling Project located at http://www.pool.ntp.org. The NTP Pool is a collection of over 220 publicly accessible NTP servers distributed throughout different regions of the world. The DNS records for the NTP Pool are rotated hourly with different servers being allocated into each pool and region.

The advantages of the NTP Pool are:

• that all the available servers will load balance,
• you don’t need to spend hours hunting for any public servers, and
• you only need to remember one set of records for all the servers.

The default configuration for ntpd servers after version 4.2 uses the NTP Pool for the default server sources.

server 0.pool.ntp.org server 1.pool.ntp.org server 2.pool.ntp.org

If you have access to other NTP servers which are geographically closer and you can synchronise from them, you should substitute the server values above. Alternately the NTP Pools are also broken into geographical Pools which may serve as a quicker time source, see here: http://ntp.isc.org/bin/view/Servers/NTPPoolServers

Access Controls

The NTP server is a network application that provides a resource to other networked systems and clients, as such we need to ensure that some security measures are enforced. The NTP configuration has adjustable access controls that define all the default controls and those for allowable clients and remote servers.

The following restrict statement defines the suggested access controls for all default connections.

restrict default kod nomodify notrap noquery nopeer

The following table lists and defines some of the more commonly used access control parameters.

Parameters	Definitions
ignore	Deny all packets and queries
kod	Send Kiss-Of-Death packet on access violation
nomodify	Deny ntpq / ntpdc queries that attempt to modify the server
notrap	Deny control message trap service
noquery	Deny all ntpq / ntpdc queries
noserve	Deny all queries – except ntpq / ntpdc
notrust	Deny access unless cryptographically authenticated (ver 4.2 onwards)
nopeer	Deny all packets that attempt to establish a peer association

In NTP versions prior to 4.2, the notrust option meant not to trust a server/host for time. In NTP versions 4.2 and later, the notrust option means cryptographic authentication is required before believing the server/host. Unless using cryptography, do not use the notrust option, your client requests will fail.

To allow full control to the localhost, add the following entry to the configuration.

restrict 127.0.0.1

The NTP Pool servers have been listed as a time source already (ver 4.2 onwards), and they too need restrictions applied so the local server can synchronise from them. Ensure the access control parameters are strict enough that the remote servers can only be used for queries.

restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery

To allow all the workstations inside the internal private network to be able to query the time from your server, use the following access control rule (adjust subnet if needed).

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

Finally we need the following declarations in the /etc/ntp.conf file.

server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 driftfile /var/lib/ntp/drift broadcastdelay 0.008 keys /etc/ntp/keys

The above configuration parameters are as follows:

server	Specifies that a server is running on the host (own local clock)
fudge	Passes additional information to the clock driver
stratum 10	Manually sets the Stratum the server should operate at (1-15)
driftfile	Specifies the location of the frequency file
broadcastdelay	Sets the propagation delay from the server when broadcasting
keys	Store a list of keys needed for any cryptographic links

The Strata

The world of NTP is hierarchical with the primary servers at the top keeping the master time, and distributing the time down to the secondary servers and so forth until your little workstation synchronises in the corner office. Each server participating in the hierarchy are allocated a stratum, with stratum 1 being the master servers, stratum 2 the secondary servers, down to the lower end of stratum 15. A stratum 1 server uses an external time source (GPS, etc..) which is introduced into the server and then used to propagate the time signals. Stratum 2 servers draw their time from the higher (1) stratum servers.

When determining the stratum of your server, firstly consider who you are providing time to? If you are only using the system for yourself and passing it on to a few workstations, then your stratum can be safely left at 10. If you are using the system for a large scale network, then plan your time servers and strata effectively.

Starting NTP

The server is now fully configured and ready to start. If you have not already done an initial synchronisation of time (before running the daemon), you should do so now. The initial sync only needs to be done once before the server is started for the first time, not each time it starts.

[bash]# ntpdate -b pool.ntp.org

You should now set the runlevels required for the ntpd service, then restart it.

[bash]# chkconfig –level 2345 ntpd on [bash]# /etc/init.d/ntpd restart

The NTP server uses UDP packets to query time servers on port 123. Depending on your Linux configuration, the initscripts for the ntpd service may have iptables commands to allow ntpd to access the external time servers.

You can check which runlevels the service will be active with the following command.

[bash]# chkconfig –list ntpd

To see if the service started successfully, you should check the system log file.

[bash]# grep ntpd /var/log/messages

galaxy ntpd[1110]: ntpd 4.2.0a@1.1196-r Thu Feb 23 04:42:00 EST 2006 (1) galaxy ntpd[1110]: precision = 2.000 usec galaxy ntpd[1110]: Listening on interface wildcard, 0.0.0.0#123 galaxy ntpd[1110]: Listening on interface wildcard, ::#123 galaxy ntpd[1110]: Listening on interface lo, 127.0.0.1#123 galaxy ntpd[1110]: Listening on interface eth0, 192.168.1.1#123 galaxy ntpd[1110]: kernel time sync status 0040 galaxy ntpd[1110]: frequency initialized 0.000 PPM from /var/lib/ntp/drift

You can now query the NTP server with the ntpq (query) tool. The output display after ntpd has been (re)started will be similar to the first table. As ntpd is allowed to run for a while, the table will start to fill with synchronisation details.

[bash]# ntpq -pn

remote refid st t when poll reach delay offset jitter ============================================================================== 80.26.104.184 .INIT. 16 u – 64 0 0.000 0.000 4000.00 128.95.231.7 .INIT. 16 u – 64 0 0.000 0.000 4000.00 64.112.189.11 .INIT. 16 u – 64 0 0.000 0.000 4000.00 127.127.1.0 LOCAL(0) 10 l – 64 0 0.000 0.000 4000.00

remote refid st t when poll reach delay offset jitter ============================================================================== *80.26.104.184 217.127.32.90 2 u 66 256 377 470.247 32.058 33.497 +128.95.231.7 140.142.2.8 3 u 254 256 377 217.646 -3.832 2.734 +64.112.189.11 128.10.252.6 2 u 2 256 377 258.208 2.395 47.246 127.127.1.0 LOCAL(0) 10 l 56 64 377 0.000 0.000 0.002

The above output shows a properly synchronised time server drawing from NTP Pool allocated sources. You will notice our server is running at a stratum of 10.

Your internal workstation computers will not be able to use the server as a synchronisation source until the LOCAL(0) clock has stable time. This may take up to 15 minutes after starting the NTP daemon.

The server can be tested from another Linux workstation by issuing the following synchronisation command.

[bash]# ntpdate 192.168.1.1

If the client computer does not get the time from the server, check that the server and client have access through any firewall settings.

Client Configuration

Before any client can successfully synchronise with the NTP server, the server’s time must be stable. It may take a server up to 15 minutes before it can be used as a time source, after ntpd has been (re)started.

Linux Client

To configure a Linux client to use the new server as a time source, the configuration file for the client should at least contain the following entries.

[bash]# vi /etc/ntp.conf

server 192.168.1.1 restrict default ignore restrict 127.0.0.1 restrict 192.168.1.1 mask 255.255.255.255 nomodify notrap noquery driftfile /var/lib/ntp/drift

The Linux client will also need to have the ntpd service started.

Microsoft Client

To configure a Microsoft Windows (XP) client, follow the sequence of commands below.

These commands are tested on Windows XP, and may not be specific to every version of Windows.

C:\>net time /setsntp:192.168.1.1 The command completed successfully.

C:\>net time /querysntp The current SNTP value is: 192.168.1.1 The command completed successfully.

C:\>net stop w32time && net start w32time The Windows Time service is stopping. The Windows Time service was stopped successfully. The Windows Time service is starting. The Windows Time service was started successfully.

The standard time query interval for Windows (XP) is one query every 7 days, which for time critical applications and environments is ineffective. To adjust the time interval for Windows (XP), a registry value needs to be adjusted.

Windows (XP) stores the following registry key in a hexadecimal format, which converted to decimal will amount to the time in seconds between time queries. Select the new time (in seconds) that you require the Windows (XP) system to poll the server, then convert it to hexadecimal (86400 seconds is 1 day). This should be the “DWORD” value.

Adjusting the Windows registry may cause your computer system to become unstable, do so at your own risk.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpClient] “SpecialPollInterval”=dword:00093a80

The “Windows Time” service in Windows (XP) should be set to start automatically on each system boot. The event log should be viewed for any errors that may occur. See this article for more information: http://support.microsoft.com/kb/323621

If the service does not appear to be synchronising with the Linux server, ensure that the firewall is allowing any required connections.