The Linux Bootkit
Overview and Introduction
B. Scott Burkett, scottb@intnet.net

FEATURES
--------
The Linux Bootkit is a package designed to simplify the creation, 
maintenance, and modification of emergency boot diskettes.  It's
features include:

- Creates boot diskettes, complete with bootable kernel image
- Creates root filesystem diskettes, with support for the RAMDISK
  feature of newer kernels.
- Creates utility diskettes, for use with root filesystem diskettes
  which use the RAMDISK option.
- Menu driven using the popular "dialog" interface
- Highly configurable

NOTE:  The Linux Bootkit requires v0.5 or better of Savio Lam's "dialog"
       utility.  A binary has been supplied in ./contrib, although if 
       may be incompatible with your runtime library.  I used 4.6.27.
       You can obtain the latest version of "dialog" at any reputable
       Linux archive site (sunsite, tsx-11, or any mirror sites).
       If you are unable to find a working version of dialog 0.5 or better,
       simply remove all references to "--backtitle" in the bk* scripts.   

INTRODUCTION
------------

The Linux Bootkit was originally written to provide a reliable interface for
emergency services to our company's Linux administrators (we have several).
However, it quickly blossomed into something worthy of a general public 
offering.  With a bit of luck, it will continue to grow and flourish.

While Linux is a hacker's dream come true, it has also become rather
appealing to many businesses, small and large.  Its price (or lack thereof)
and its powerful capabilities speak for itself.  However, anytime work is
required involving the kernel (configuration of the kernel, creating
emergency boot diskettes, etc), it can be a test of the human patience level
for novice Linux administrators.

Joerg Hessdoerfer designed the "kcs" system, or Kernel Configuration System.
This package was a dialog-driven script which provided a menued approach to
configuring the Linux kernel for recompilation.  This little package is what
inspired me to provide the Linux Bootkit on a general distribution level.
Joe can be reached at joe@amber.dinoco.de.  Alles Klaar!

The use of Lavio Sam/Marc Ewing's excellent dialog package has proven to be of
considerable worth.  Many utilities use it (Slackware install, for example),
and it seems very reliable and easy to use.  While Savio is unfortunately
no longer supporting dialog, Marc Ewing has been gracious enough to take on
the duties.  Marc can be reached at marc@redhat.com.

The Linux Bootdisk-HOWTO has been provided with the distribution to offer
any information that I may inadvertently omit, or just don't feel like
writing about.  It should be available via the help menu in "bootkit", or
as "./help/Bootdisk-HOWTO".  In fact, Linux Bootkit was originally nothing
more than a menu driven wrapper around the two simple scripts provided with
the HOWTO (mkroot, mkutil).  Thanks to Graham Chapman for making those
available to the general public.  In addition, Graham has been an invaluable
contributor to the Linux Bootkit project.  His expertise and suggestions
are very appreciated. 

OVERVIEW
--------

Developing a contingency plan for emergency services requires a few critical
steps.  First and foremost, reliable system backups should be in place.  
There are a number of utilities available for performing such tasks, all of 
which should be available at your local sunsite mirror.

While backups are considered to be the most important step, being able to
access a backup set after the inevitable happens runs a close second.  What
good is a backup if you can't get to it because your hard disk is toast?
The Linux Bootkit allows you to create the necessary diskettes needed for
emergency system startup and data extraction.

Up to three diskettes may be created, and we will discuss each of these very
briefly.  For additional information, or to see exactly what the Linux
Bootkit does for you, I urge you to consult the Bootdisk HOWTO.

The first diskette you will need to create is the "boot" disk.  The boot
disk simply provides a bootable kernel image.  This is going to prove to be
of paramount importance.  Remember, if your hard disk is toast, you will
need a mechanism of bringing Linux online before any data can be recovered.

The second diskette is the "root" disk.  The root disk simply provides a
somewhat usable file system, with most of the pertinent utilities on it.
Once you use your "boot" disk to manually boot the operating system, this
root diskette can be mounted automatically.  This will at least provide you
with enough tools to begin examining your system's current state.

The third diskette is the "utility" disk.  The utility disk simply provides
any additional tools and programs which won't fit on the "root" diskette.
It would be nice if we lived in the age of 10 megabyte floppy disks, but I
just don't see that happening any time soon. :-)

Now, there are several arguments and approaches to this scheme which I have
outlined for you.  It is possible to put a bootable kernel and a small root 
filesystem on the same floppy.  While this goes a long way toward reducing
the number of diskettes needed for emergency booting, it is, to put it
bluntly, unfeasible at best.  A decent kernel image can take up a
considerable chunk of floppy space.  This doesn't leave you much room for 
storing the programs and tools you will need to recover data.  

Personally, I prefer to keep the bootable kernel image on a single floppy,
and place the tools on separate floppies.   This also makes maintaining your
emergency disks a hell of a lot easier.  If everything resides on a separate
diskette, you can update only the diskettes which need modifying.  For 
instance, you've installed the latest and greatest revision of the Linux 
kernel on your hard disk, and it has proven to be stable enough for you to
use on your emergency disks.  By putting the bootable kernel on a separate 
diskette, it is the only thing which needs to be updated.  The same holds
true for your root and utility diskettes.  This is the approach that the 
Linux Bootkit takes.

That sounds nice, Scott.  Now tell me about this separate "root" and 
"utility" disk thingy.  Not a problem.

After your bootable kernel loads, you will need to provide the system with
a "root" filesystem.  Once again, keep in mind that any filesystems you have 
(or had) on your hard disk may not be available in an emergency situation.
The root diskette provides the system with not only a root filesystem from
which emergency operations can be based, but also with some of the more 
critical tools you will need for recovery.  Things such as mount/umount,
mkfs, cp/rm/ls, etc. will need to be made available somehow.  Once your
kernel is loaded into memory, your floppy can act as a mini-Linux base of
operations.

As mentioned earlier, unfortunately, with only 1.4 megabytes of storage on
the average floppy disk, that doesn't leave a lot of room for bloat.  In
actuality, it would be plenty of room, but keep in mind that a copy of the
runtime standard library must be provided in order for all of your programs
and tools to function properly (they are all linked dynamically at runtime).
The size of the non-debugging version of the standard library (libc) is
currently a little over 600K.  Whew!  That's almost half the floppy, mah
man.  In addition to the standard library, certain startup files and 
programs have to be provided, just to allow you to login.  These programs 
include getty, init, the passwd file, etc.  In other words, you tend to run 
out of real estate on a floppy, in quite a hurried fashion.

The utility diskette allows you to introduce a third diskette to the melee.
This diskette holds additional programs and utilities which may not fit on
your original root diskette.  How can this be?!?  If the root diskette is
sitting in the drive, how can I mount another diskette?  Relax.  As with
everything in the world of Linux, there is damn near always a way to get 
something done, even if you have to go to Tacoma and back to do it.

Newer versions of the kernel support a RAMDISK option.  This option allows
your root filesystem to be loaded entirely into working storage (RAM, for 
you non ex-mainframers out there).  Yes!  A will and a way.  Once the root
filesystem has been loaded into RAM, you can log into the system, remove the
root diskette, and mount your utility diskette.  I would venture to say that
most folks are running a kernel revision which supports this option.  Most
of your vendor distributions of Linux ship with newer kernels anyway.

With that, you should now procede to read the help sections on configuring
the Linux Bootkit to work with your system.  It should be pretty plain Jane,
but give it a go over anyway.

