Open Source

DIY: Rescue and recover systems with the Knoppix Linux distribution

Jack Wallen explains how you can become a rescue and recovery ninja by using Knoppix, an incredible graphical Live Linux distribution.

Knoppix is one of the best troubleshooting and rescue tools I have ever used. The Linux distribution can be run and used as either a Live rescue distribution or as a full-blown Linux distribution. There is even a special Knoppix build called ADRIANE (Audio Desktop Reference Implementation and Networking Environment) that is a "talking desktop" for the visually impaired. For the IT crowd, Knoppix has quickly become a go-to tool for system rescue and recovery.

Release and purchase information

There are two main releases of Knoppix:

  • Traditional Knoppix (700 MB) will fit on either a CD or a USB. This release offers thousands of tools.
  • Maxi Knoppix (4.7 Gb) requires a DVD and can work as a full-blown Linux distribution (including Office Suite and many other tools associated with desktop Linux).

You can get your copy of Knoppix from one of the Knoppix Mirrors. You can also purchase a pre-burned copy of the CD/DVD or a pre-installed USB version.

What you can do with Knoppix

You can use the Knoppix distribution (run as a Live distribution) to take care of a number of rescue functions. This is a list of some of those functions.

File recovery: If the operating system becomes unbootable, Knoppix can help recover those files. You can use Knoppix to do this by booting the Live CD, locating the target files, and uploading the files to a server or copying the files to an external drive. (The safest and easiest solution is to copy the files to an external drive.) For each partition Knoppix finds, an icon will appear on the desktop. Double-click that icon to open the file manager to poke around the partition. Removing corrupted/infected files: Our bench technician does this very same thing with BartPE. He removes the infected drive from the machine, mounts the infected onto his Bart PE machine, and digs into the drive to remove suspect files. You can do the same thing with Knoppix. If you want to dig around the Windows registry, you need to load another tool called chntpw, which can edit the Windows registry and reset the password of any valid Windows user. The nice thing about Knoppix is that you are mostly doing this using graphical tools, so the job is incredibly easy. Partitioning/reformatting: Knoppix allows the partitioning and the reformatting of connected drives; this can be handy when a Windows installation cannot repartition the drive in question. Partitions can also be resized using Knoppix, though this should only be handled by those who know what they are doing.

Related resource: Linux 101: Use Knoppix to resize partitions for dual-boot installs.

Cloning drives: Knoppix has the ability to clone drives using the dd command, although the target drive must be larger than the source drive. The command structure looks like this: dd if=/dev/hda of=/dev/hdb (/dev/hda and /dev/hdb are the source and target drives, respectively). You need to get these exactly right before issuing the command, or else you might wind up cloning a blank drive onto the drive you wanted to clone. Security audit: Knoppix comes with the Nessus security scanner, which allows you to run thousands of security checks from that Live instance. Although it's not a machine-specific rescue tool, using Knoppix this way circumvents the need to purchase a security tool or do a full-blown Linux installation to take advantage of Nessus. Winetools: Winetools allows you to safely run some of those Windows-only applications without the usual concerns. This is especially helpful if there is a tool on the Windows drive that needs to be run to access configuration data, but the tool will not run when Windows is up and running. You simply need to run Knoppix, fire up Winetools, fire up the application, and get the configuration data. Fix Windows boot.ini file: If the Windows boot.ini file becomes corrupt, the Windows machine will more than likely become unbootable. You can boot up Knoppix, edit that .ini file, and restart Windows. As along as you have a clear understanding of the structure of the boot.ini file, it is a snap to repair using Knoppix. CD vs. USB: Knoppix can be run as a Live distribution from either CD or USB drive. Since there are machines that do not include CD drives, it is always important to have the necessary tools to be able to rescue and recover systems without CDs. If you need to get Knoppix onto a USB flash drive, I recommend using UNetbootin, which is one of my favorite tools.

Conclusion

These are some of the ways the Knoppix distribution can help you out in a pinch. With this incredible graphical Live Linux distribution, you can become a serious rescue and recovery ninja.

If you have used Knoppix for something other than what I outlined in this post, please share your best tips and tricks for using Knoppix.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

9 comments
roy.evison
roy.evison

Many older machines cannot boot from usb sticks so a cd of Knoppix is always handy. Roy.

phregs
phregs

I personally have both Bart and Knoppix in my kit plus UltimateBootDisc4Windows plus a couple of others but I tend to find my first port of call these days is Knoppix. It is just so darned good at identifying hardware no matter what you are having a go at and I have used it to fix many a Windows as well as Linux boxes. Of course it is also perfectly usable as a standby Operating System and App package so you can use LibreOffice, Abiword or whatever to do whatever other office work whilst whatever utility you have operates in another virtual Desktop. Love it and only just fired up version 6.5 2 nights ago. Always have up to date version sitting nearby.. Spot on Jack.

tommydigital
tommydigital

I find UB4W to meet most of my needs. It works well on the Windows machines. Our OS/400 and *nix machines run without issue until the hardware becomes obsolete.

Altotus
Altotus

Many other excellent distros for live use allow access to smacked out boxes for recovery! Bart has always been an odd boy with a need to add windows files from a windows systems due to issues with Microsoft and copyright, No such issue with Linux. These systems are usable for more than just rescue.

pgit
pgit

In my opinion, and it does so much more than bartpe. Like Jack says it's a lot of pointy-clicky in addition to cli tools, your choice. Plus you can go on line and grab other tools to install (or install from my collection on a usb thumb drive) if need be. I've never been able to add anything to a running bartpe system. I've also seen where bartpe couldn't work with a corrupted partition table but with knoppix you can load tools that'll scan the surface of the drive sector by sector and recover critical data. And since that can sometimes can take many hours if not days, I can click over to another desktop and open up solitaire, mines, mahjong or any of several dozen time wasters and still look busy. A notch of the scroll wheel on the desktop will roll me back around to whatever real work is running if the customer comes back by... Something about bartpe eludes me, I don't have the total grasp on what it's up to like I do a Linux distro. knoppix is better. Slax is even better still =D (I use Slax 5.1.8.1 "kill bill" if I need wine)

CharlieSpencer
CharlieSpencer

Funny, so do I, along with most of the other activities Jack listed. Is there an advantage to doing them with Knoppix over Bart?

Neon Samurai
Neon Samurai

Knoppix may include Nessus but if your using the distro for business needs the Vuln scanner is a no no. Nessus is only free for personal use. The business licenses are a little steep for the average small office also. (Why wouldn't Knoppix include OpenVAS instead?)

CharlieSpencer
CharlieSpencer

My needs in this area are pretty simple and Bart has met them, but I can see cases such as you describe where another tool would be better. I don't have a full grasp of what Bart is doing either, but it's more than my fingerhold on Linux. When a scan take a couple of hours, I move on to the next misbehaving piece of hardware :-)

Editor's Picks