Recovery Options

PCLITEOS™ uses XFCE as default lightweight desktop environment for its independent recovery system on a separate volume with the label custom.

 

Xfce Recovery

 

Xfce Desktop Environment

Xfce is a lightweight desktop environment for UNIX-like operating systems. It aims to be fast and low on system resources, while still being visually appealing and user friendly.

 

Adding launcher items on the desktop and allow them to be executable via terminal as follows:

 

Welcome to system rescue & emergencies
Click related icons on your desktop to execute the following tasks

 

System Update Boot > Repair startup information to fix available issue

# sudo update-grub

 

System Check Root > Scan partition to fix available issues

# sudo fsck /dev/mapper/PLOSG-rootvol

 

System Check Home > Scan partition to fix available issues

# sudo fsck /dev/mapper/PLOSG-homevol

 

System Mount Home > Copy your current private data before restoration

# sudo mount /dev/mapper/PLOSG-homevol /home/pclite/Documents

 

System Reset All > Use this when you need complete restoration

# sudo fsrchiver restfs /home/pclite/.system.fsa id=1,dest=/dev/mapper/PLOSG-rootvol id=2,dest/dev/mapper/PLOSG-homevol

 

System Reset Root > Platform restoration without user partition

# sudo fsarchiver restfs /home/pclite/.system.fsa id=1,dest=/dev/mapper/PLOSG-rootvol

 

Notice: after executing system mount home, locate Documents folder to find your data.

 

Renaming grub advanced options entry to system rescue and emergencies with grub customizer.

 

Storage Check and Recovery

There are two powerful available rescue utilities from cgsecurity:

 

TestDisk: checks the partition and boot sectors of your disks. It is very useful in forensics, recovering lost partitions.

 

PhotoRec: a file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted.

 

Cgsecurity

 

Secure Delete Right Click Menu

This option has ability in three different levels to wipe data to prevent others to recover deleted files after using the secure-delete command.

  1. Downloading Secure Delete Extension for Dolphin File Manager
  2. Installing secure-delete with Administration Privilege
  3. Executing kf5-config --path services via Terminal to Locate ServiceMenus Folder and Usually is Located at:
    • /usr/share/kservices5/ServiceMenus/
    • ~/.local/share/kservices5/ServiceMenus/
  4. cp secure_delete_folder.desktop /usr/share/kservices5/ServiceMenus/
  5. cp secure_delete.desktop /usr/share/kservices5/ServiceMenus/
  6. cp securedeletefolder.sh /usr/local/bin
  7. cp securedelete.sh /usr/local/bin

 

Secure Delete

 

What is zuluCrypt?

zuluCrypt is currently Linux only and it does hard drives encryption and it can manage PLAIN dm-crypt volumes, LUKS encrypted volumes, TrueCrypt encrypted volumes, VeraCrypt encrypted volumes and Microsoft’s BitLocker volumes.

 

zuluCrypt can manage encrypted volumes that are hosted in image files, lvm, mdraid, hard drives, usb sticks or any other block device.

 

zuluCrypt can also encrypt stand alone files (zuluCrypt menu -> zC -> encrypt a file).

 

Zulucrypt

 

What is zuluMount?

zuluMount is bundled with zuluCrypt and its meant to be used as a general purpose tool that mount and unmount zuluCrypt supported encrypted volumes as well as unencrypted volumes and it can be used as a substitute to udisks, pmount and related tools.

 

zuluMount-gui can also be used as a frontend to encfs, gocryptfs, securefs, ecryptfs and cryfs.

 

zuluMount-gui is ideal for use as a desktop environment/file manager independent tool for mounting/unmounting encrypted and unencrypted volumes.

 

Zulumount

 

Chkrootkit Scanner

The chkrootkit security scanner searches the local system for signs that it is infected with a 'rootkit'. Rootkits are set of programs and hacks designed to take control of a target machine by using known security flaws.

  • chkrootkit: a shell script that checks system binaries for rootkit modification.
  • ifpromisc.c: checks if the network interface is in promiscuous mode.
  • chklastlog.c: checks for lastlog deletions.
  • chkwtmp.c: checks for wtmp deletions.
  • check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
  • chkproc.c: checks for signs of LKM trojans.
  • chkdirs.c: checks for signs of LKM trojans.
  • strings.c: quick and dirty strings replacement.
  • chkutmp.c: checks for utmp deletions.

 

chkwtmp and chklastlog *try* to check for deleted entries in the wtmp and lastlog files, but it is *not* guaranteed that any modification will be detected.

 

Aliens tries to find sniffer logs and rootkit config files. It looks for some default file locations -- so it is also not guaranteed it will succeed in all cases.

 

chkproc checks if /proc entries are hidden from ps and the readdir system call. This could be the indication of a LKM trojan. You can also run this command with the -v option (verbose).

 

Rootkits, Worms and LKMs detected

For an updated list of rootkits, worms and LKMs detected by chkrootkit please visit: http://www.chkrootkit.org/

 

Chkrootkit

 

FSArchiver Tools

FSArchiver is a system tool that allows you to save the contents of a file system to a compressed archive file. The file system can be restored on a partition which has a different size and it can be restored on a different file system. Unlike tar/dar, FSArchiver also creates the file system when it extracts the data to partitions. Everything is checksummed in the archive in order to protect the data. If the archive is corrupt, you just lose the current file, not the whole archive.

 

SYNOPSIS

fsarchiver [ options ] savefs archive filesystem ...

 

fsarchiver [ options ] restfs archive id=n,dest=filesystem[,mkfs=fstype,mkfsopt=options] ...

 

fsarchiver [ options ] savedir archive directory ...

 

fsarchiver [ options ] restdir archive destination

 

fsarchiver [ options ] archinfo archive

 

fsarchiver [ options ] probe [detailed]

 

COMMANDS

savefs Save filesystems to archive.

 

restfs Restore filesystems from archive. This overwrites the existing data on filesystems. Zero-based index n indicates the part of the archive to restore. Optionally, a filesystem may be converted to fstype.

 

savedir Save directories to archive (similar to a compressed tarball).

 

restdir Restore data from archive which is not based on a filesystem to destination.

 

archinfo Show information about an existing archive file and its contents.

 

probe Show list of filesystems detected on the disks.

 

OPTIONS

-h, --help Show help and information about how to use fsarchiver with examples.

 

-V, --version Show program version and exit.

 

-v, --verbose Verbose mode (can be used several times to increase the level of details). The details will be printed to the console.

 

-o, --overwrite Overwrite the archive if it already exists instead of failing.

 

-d, --debug Debug mode (can be used several times to increase the level of details). The details will be written in /var/log/fsarchiver.log.

 

-A, --allow-rw-mounted Allow to save a filesystem which is mounted in read-write (live backup). By default fsarchiver fails with an error if the partition if mounted in read-write mode which allows modifications to be done on the filesystem during the backup. Modifications can drive to inconsistencies in the backup. Using lvm snapshots is the recommended way to make backups since it will provide consistency, but it is only available for filesystems which are on LVM logical-volumes.

 

-a, --allow-no-acl-xattr Allow to run savefs when partition is mounted without the acl/xattr options. By default fsarchiver fails with an error if the partition is mounted in such a way that the ACL and Extended-Attributes are not readable. These attributes would not be saved and then such attributes could be lost. If you know what you don't need ACL and Extended-Attributes to be preserved then it's safe to run fsarchiver with that option.

 

-e pattern, --exclude=pattern Exclude files and directories that match that pattern. The pattern can contains shell asterisks such as * and ?, and the pattern may be either a simple file/dir name or an absolute file/dir path. You must use quotes around the pattern each time you use wildcards, else it would be interpreted by the shell. The wildcards must be interpreted by fsarchiver. See examples below for more details about this option.

 

-L label, --label=label Set the label of the archive: it's just a comment about the contents. It can be used to remember a particular thing about the archive or the state of the filesystem for instance.

 

-z level, --compress=level Valid compression levels are between 1 (very fast) and 9 (very good). The memory requirement increases a lot with the best compression levels, and it's multiplied by the number of compression threads (option -j). Level 9 is considered as an extreme compression level and requires an huge amount of memory to run. For more details please read this page: http://www.fsarchiver.org/Compression

 

-s mbsize, --split=mbsize Split the archive into several files of mbsize megabytes each.

 

-j count, --jobs=count Create more than one compression thread. Useful on multi-core CPUs. By default fsarchiver will only use one compression thread (-j 1) and then only one logical processor will be used for compression. You should use that option if you have a multi-core CPU or more than one physical CPU on your computer. The typical way to use this option is to specify the number of logical processors available so that all the processing power is used to compress the archive very quickly. You may also want to use all the logical processors but one for that task so that the system stays responsive for other applications.

 

-c password, --cryptpass=password Encrypt/decrypt data in archive. Password length: 6 to 64 chars. You can either provide a real password or a dash ("-c -") with this option if you do not want to provide the password in the command line and you want to be prompted for a password in the terminal instead.

 

EXAMPLES

save only one filesystem (/dev/sda1) to an archive:

fsarchiver savefs /data/myarchive1.fsa /dev/sda1

 

save two filesystems (/dev/sda1 and /dev/sdb1) to an archive:

fsarchiver savefs /data/myarchive2.fsa /dev/sda1 /dev/sdb1

 

restore the first filesystem from an archive (first = number 0):

fsarchiver restfs /data/myarchive2.fsa id=0,dest=/dev/sda1

 

restore the second filesystem from an archive (second = number 1):

fsarchiver restfs /data/myarchive2.fsa id=1,dest=/dev/sdb1

 

restore two filesystems from an archive (number 0 and 1):

fsarchiver restfs /data/arch2.fsa id=0,dest=/dev/sda1 id=1,dest=/dev/sdb1

 

restore a filesystem from an archive and convert it to reiserfs:

fsarchiver restfs /data/myarchive1.fsa id=0,dest=/dev/sda1,mkfs=reiserfs

 

restore a filesystem from an archive and specify extra mkfs options:

fsarchiver restfs /data/myarchive1.fsa id=0,dest=/dev/sda1,mkfs=ext4,mkfsopt="-I 256"

 

save the contents of /usr/src/linux to an archive (similar to tar):

fsarchiver savedir /data/linux-sources.fsa /usr/src/linux

 

save a /dev/sda1 to an archive split into volumes of 680MB:

fsarchiver savefs -s 680 /data/myarchive1.fsa /dev/sda1

 

save a filesystem and exclude all files/dirs called 'pagefile.*'

fsarchiver savefs /data/myarchive.fsa /dev/sda1 --exclude='pagefile.*'

 

exclude 'share' in both '/usr/share' and '/usr/local/share':

fsarchiver savefs /data/myarchive.fsa --exclude=share

 

absolute exclude valid for '/usr/share' but not '/usr/local/share'

fsarchiver savefs /data/myarchive.fsa --exclude=/usr/share

 

save a filesystem (/dev/sda1) to an encrypted archive:

fsarchiver savefs -c mypassword /data/myarchive1.fsa /dev/sda1

 

extract an archive made of simple files to /tmp/extract:

fsarchiver restdir /data/linux-sources.fsa /tmp/extract

 

show information about an archive and its file systems:

fsarchiver archinfo /data/myarchive2.fsa