3

For out office, we need a fleet of Kali laptops that we can bring to clients. The laptops need to be able to function as if they were running something like "DeepFreeze" by Faronics.

What this means is, we have (for example) a 120GB drive, with at least 4 partitions:

  • sda1 (the bootable partition)
  • sda2 (extended)
  • sda5 (swap)
  • sda3 (some kind of protected clone / image of sda1)

The goal is to be able to boot into sda1, work with a client, and then revert sda1 to a "clean state" by essentially "reimaging" using a compresed clean image of the original sda1, or even just dd-ing the sda3 "clean" partition over the "used" partition in sda1. Also, we need to be able to revert to a clean state, and then update the clean (since we're using kali rolling, and various software that is still actively being updated) for subsequent uses (like how DeepFreeze allows you to boot into the "thawed" drive in order to run updates, change settings, etc).

I've tried using Clonezilla, and it has yet to work in any capacity on my end. I've tried setting up fsprotect, but it would just fail every time.

At this point, I'm not looking for a program or script I can use, I'd rather just set it up myself, as long as there's some level of "follow-able steps" or scripts I can set up so that my mildly linux savvy on-site staff can easily reset the machines without being in the office.

Open to basically any suggestions at this point.

WorseDoughnut
  • 216
  • 1
  • 10
  • Why isn't a virtual machine an option? – Ramhound Mar 22 '16 at 15:10
  • @Ramhound we don't want to take the performance hit for running some of our heavier software inside of a VM. – WorseDoughnut Mar 22 '16 at 15:12
  • You can configure the machine boot to the virtual machine itself. This way to keep your actual operating system separate from the guest OS. – Ramhound Mar 22 '16 at 15:12
  • @Ramhound Wouldn't that still be essentially running a VM on top of the host OS? If so, see my first comment. – WorseDoughnut Mar 22 '16 at 15:16
  • "Wouldn't that still be essentially running a VM on top of the host OS?" Its the difference between a Type 1 and Type 2 hypervisor. – Ramhound Mar 22 '16 at 15:21
  • @Ramhound Aren't Type 1 hypervisors very strict on what hardware they can run on? It's also still a level of emulation I'd rather avoid, in favor of something more "physical" like a disk image or LVM. – WorseDoughnut Mar 22 '16 at 15:28
  • It sounds you have rejected the idea without doing any benchmarks. You can simply set the permissions on the Linux image, and set the group/user, to something other then the actual users of the machines thus preventing the image from being modified. This of course also means not allowing root or su. – Ramhound Mar 22 '16 at 15:39
  • @Ramhound Like I said in the OP, we're running Kali, there are no users other than root – WorseDoughnut Mar 22 '16 at 15:41
  • I don't really get what your real problem is. Haven't you already given yourself the solution? Is it `dd` too slow to be your option (and what about partclone then)? Or you didn't know that you can set up multi-boot with grub (or any bootloader) so that you can boot into the "clean" clone and update accordingly? You need to avoid fstab though (so that no conflict AND no changes required, your bootloader config will be the only switch) – Tom Yan Mar 22 '16 at 16:31
  • @TomYan I have tried to use partclone directly (after clonezilla didn't work out) and ran into some very strange mounting issues ( couldn't stop kali from auto-mounting the "clean" partition on /). But you're correct, that was easily my first thought when I set out to do this, but since it has only manged to fail spectacularly, I was hoping there was some alternative I was not yet aware of. – WorseDoughnut Mar 22 '16 at 16:37
  • @TomYan to more accurately describe my issue here: Yes, I'm aware that Clonezilla, Partclone, or `dd` is almost definitely the way to go about doing this, I don't know specifically *how* to do this and/or what steps to follow to go about doing this. – WorseDoughnut Mar 22 '16 at 16:52
  • I think the main issue is, the UUID of the filesystems (let's call it FSUUID) will become identical, so the system can get confused on mounting and booting if you didn't avoid using FSUUID but use PARTUUID (e.g. unique partition GUID on the GPT) instead (on grub.cfg, for example). And as I said, fstab needs to be avoided too. But I haven't really done something like this before, so I can't say for sure that it's actually feasible even with the precautions. Maybe you init (e.g. systemd) or udev will still get mad. – Tom Yan Mar 22 '16 at 18:05
  • @TomYan Good idea, I'll try using PARTUUID instead, thanks for the heads up. – WorseDoughnut Mar 22 '16 at 18:08
  • Btw, considered btrfs snapshots? – Tom Yan Mar 22 '16 at 18:08
  • @TomYan No idea what btrfs is, and its wiki doesn't do a good job of explaining either. – WorseDoughnut Mar 22 '16 at 18:56

1 Answers1

1

For the sake of closure, I went back to Clonezilla and worked out the issues I was having there for my final solution.

Explanation can be found on my other Unix / Linux SE question:

https://unix.stackexchange.com/questions/271515/linux-mounts-cloned-partition-instead-of-original

WorseDoughnut
  • 216
  • 1
  • 10