Tag: filesystem

Does exist a technology to monitor memory and filesystem vps?

Hello I’m looking for a vps to check my untrusted machine network activity. Because I suspect to have a spyware I want try to redirect all my traffic to the vps so that I can check it. But I want a really safe vps, for example something that monitor the vps filesystem and/or memory (from the point of view of the hypervisor then from outside the vps) and tell me if anything of suspicious is installed or loaded in the memory. A friend told me that many years ago vmware had a tecnology called vsafe. Anyone know if exist anything like that ? (I don’t ask about any provider because I don’t want make spam). Please I’m not looking for a network intrusion detection because the danger come from my own machine.

Host filesystem manipulation from docker vs. virtual machine

When reading about docker, I found a part of the documentation describing the attack surface of the docker daemon. From what I was able to understand, part of the argument is that it is possible to share (basically arbitrary) parts of the host filesystem with the container, which can then be manipulated by a privileged user in the container. This seems to be used as an argument against granting unprivileged users direct access to the docker daemon (see also this Security SE answer).

Would the same be possible from a virtual machine, e.g. in VirtualBox, which on the host is run as an unprivileged user?

A quick test where I was trying to read /etc/sudoers on a Linux Host from a Linux guest running in VirtualBox did produce a permission error, but I would not consider myself an expert in that regard in any way nor was the testing very exhaustive.

Formartting SD Card – Corrupted FAT32 Filesystem

I have a corrupted SD Card whose filesystem is FAT32. I tried the following stuff but i am still able to see the contents in the SD card. I can neither add new files nor can i delete any files from the SD card. The contents seem to be locked within this SD card, similar to being locked in prison.

The things i have tried:

  1. dd if=/dev/zero of=/dev/sdc

It took around 5-6 hours to finish this, but i could still see the contents. dos

  1. sudo dosfsck -w -r -l -a -v -t /dev/sdc

The verbose log said that dirty bit was identified and autocorrection of the corrupted bit has also taken place. But to no avail.

  1. I tried clearing and formatting the partition using parted and gparted as well, but the result was unchanged.

Can someone explain this? Why did dd not work? Is there any other option other than buying a new SD Card?

Does copying files from EXT4 filesystem to NTFS lose permissions?

I recently attempted to back up my /home/user directory while removing ecryptfs from my system. I didn’t have enough space on my Ubuntu EXT4 SSD so, not thinking, I used

sudo cp -rp /home/user /media/user/HDD

to copy it to my NTFS HDD before removing it. Obviously when I copied it back the permissions had been overwritten from what it used to be. My question: is there any way to recover these permissions etc…(i.e. does the -p flag preserve them in some other way on a NTFS system), or were they lost as soon as I copied them over?

Additionally, is it just the UNIX permissions that NTFS systems don’t handle well, or is there anything else I should be worried about?

Raid filesystem check or mount failed (after probable physical shock)

I work on a computer where the operating system is installed on an SSD but data storage is on a RAID system. Recently I have been unable to mount the raid system when booting, while the operating system loads fine. I suspect technicians hit the server while it was running, due to scratches on the case but I am not sure.

When I boot the computer I get the error message The drive for /home is not ready or present (the same message for /Data and /Backup. I entered the recovery shell and ran fsck -A as suggested in the post here, but I get the message that / was busy.

I then booted into recovery mode and ran fsck -A, but I get the message that 

fsck.ext4: Unable to resolve 'UUID=334eef34-16c4-45ec-9cc9-5f40e9f8207d' fsck.ext4: Unable to resolve 'UUID=19bf1002-fa4b-4462-9ea6-807d5b0f312b' fsck.ext4: Unable to resolve 'UUID=0f556fa7-b061-4c22-b84b-97e2e3f1b545'

At ubuntuforums I found the suggestion to edit /etc/fstab but I am out of my depth here as I do not really understand what I am messing with.

running blkid returns

/dev/sda1: UUID="7c05724f-61bd-4d70-b908-f6c83c4365b8" TYPE="ext4" /dev/sda5: UUID="51978b9f-747b-4f41-8b2b-42f3da3347e6" TYPE="swap" /dev/sdb1: UUID="65325870-b912-f8b1-af82-ab0c8bb94dbb" UUID_SUB="13151e15-3890-90d5-d910-8ab781fc713f" LABEL="CBMRubuntu:0" TYPE="linux_raid_member" /dev/sdc1: UUID="65325870-b912-f8b1-af82-ab0c8bb94dbb" UUID_SUB="05322b31-8961-f57d-143b-877123c61d7c" LABEL="CBMRubuntu:0" TYPE="linux_raid_member" /dev/sdd1: UUID="65325870-b912-f8b1-af82-ab0c8bb94dbb" UUID_SUB="85430436-4dfc-96ff-083c-0734a76ff8b6" LABEL="CBMRubuntu:0" TYPE="linux_raid_member" /dev/sde1: UUID="65325870-b912-f8b1-af82-ab0c8bb94dbb" UUID_SUB="05feb9dd-9c4f-bc2f-50e7-c4422419268a" LABEL="CBMRubuntu:0" TYPE="linux_raid_member" /dev/sdf1: UUID="65325870-b912-f8b1-af82-ab0c8bb94dbb" UUID_SUB="3ef48a37-14b5-1fc8-1eed-48eca24f0043" LABEL="CBMRubuntu:0" TYPE="linux_raid_member" /dev/sdg1: UUID="65325870-b912-f8b1-af82-ab0c8bb94dbb" UUID_SUB="5960eff8-d60b-c206-90b9-c448723f9ef3" LABEL="CBMRubuntu:0" TYPE="linux_raid_member"

and running cat /etc/fstab prints

# /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point>   <type>  <options>       <dump>  <pass> # / was on /dev/sda1 during installation UUID=7c05724f-61bd-4d70-b908-f6c83c4365b8 /               ext4    errors=remount-ro 0       1 # /Backup was on /dev/md0p2 during installation UUID=334eef34-16c4-45ec-9cc9-5f40e9f8207d /Backup         ext4    defaults        0       2 # /Data was on /dev/md0p1 during installation UUID=19bf1002-fa4b-4462-9ea6-807d5b0f312b /Data           ext4    defaults        0       2 # /home was on /dev/md0p3 during installation UUID=0f556fa7-b061-4c22-b84b-97e2e3f1b545 /home           ext4    defaults        0       2 # swap was on /dev/sda5 during installation UUID=51978b9f-747b-4f41-8b2b-42f3da3347e6 none            swap    sw              0       0

I noticed that the missing UUIDs are the same as the ones in /etc/fstab/ but does not match the ones in blkid. Is there some way to figure out which UUIDs goes where and restore the file system?

The vast majority is backed up so the damage is not great, but there are a few things that would be nice to restore.

I work on a server with Ubuntu 14.04.5 LTS, if that makes a difference.

X11 Server Won’t Start – Write-Protected Filesystem

I recently installed Ubuntu Mate 19.04 on my MacBook Pro (x86_64 arch). After my system went into hibernation, the root filesystem (ext4 mounted on /) became corrupted. Initially, startup would drop to a BusyBox shell. If I remember correctly, I was able to run fsck from BusyBox on the root filesystem. I was then able to boot up into the system, but the X11 server would not start so I was left in a command line shell. I checked the list of services & focused on the following:

# service --status-all ... [ + ]  lightdm ... [ - ]  x11-common

Restarting the lightdm service (service lightdm restart) did nothing. Trying to start the x11-common service (service x11-common start) reported, if I remember the error correctly, that /lib/systemd/system/x11-common.service was “shadowed” (Edit: I looked up the correct term, it was “masked”). Looking up the error, I found reports that it meant that /lib/systemd/system/x11-common.service was a symbolic link to /dev/null. This turned out to be the case. The resolution that was given was to delete /lib/systemd/system/x11-common.service. Trying to do so, I found that the filesystem still contained errors & couldn’t be mounted read-write. I eventually booted into a live CD/USB, ran fsck/e2fsck on the filesystem then mounted the local disk partition in read-write & deleted the file. After rebooting, I found that it was still dropping me to the command line shell. Now starting the x11-common service didn’t report any error, but still didn’t launch the X11 server. It appears that the x11-common service is now running:

# service --status-all ... [ + ]  lightdm ... [ + ]  x11-common

But I still cannot get into the X11 graphics mode. No matter if I clean the filesystem via fsck in a live CD/USB, I am always dropped to a terminal & the filesystem is marked write-protected. Trying to remount does not work:

# mount -o remount,rw /  mount: /: cannot remount /dev/sda2 read-write, is write-protected

I cannot force unmount either:

# umount -f /  # mount | grep sda  /dev/sda2 on / type ext4 (ro,relatime,errors=remount-ro) /dev/sda1 on /boot/efi type vfat (rw,relatime,fmask=0077,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)

Logging into my user account, I try to run xinit but it fails:

$   sudo xinit  (EE) Fatal server error: (EE) Could not create lock file in /tmp/.tX0-lock (EE) (EE) Please consult the The X.Org Foundation support     at http://wiki.x.org  for help. (EE) xinit: giving up xinit: unable to connect to X server: Connection refused xinit: server error

Obviously because the filesystem is read-only. startx fails with the same error. Re-installing is an option, but if this continues to occur I would like to be able to fix it without doing a fresh re-install.

If anyone has some insight into my problem I would much appreciate it. Once I get this fixed, I will work on what caused the filesystem to be corrupted in the first place when the system went into hibernation.

The model number on my MacBook is A1226. It appears from this site, it is one of three possible systems with either a 2.2GHz, 2.4GHz, or 2.6GHz Core 2 Duo CPU built in 2007. This is an x86_64 system, not a PowerPC.

unknown filesystem error while trying “Insmod Normal”

I tried to uninstal Ubuntu 16.10 from my windows 7 and install 18.4. Deleted the volume but the partition was active. I restarted the system after which it is opening under “Grub rescue”. All commands are working except “Insmod Normal” and “Normal”. So my system is completely stuck. I am neither able to fix Ubuntu nor I am able to fix Ubuntu. Please help!!! Need an urgent fix.