Mount partition from a raw disk image

In this post, I will share how you can mount a raw disk image such as an image generated with dd. Raw disk image or RAW Image Format is a bit-for-bit copy of disk data, without any metadata information on files. In Linux, dd is a popular tool for data transfer by duplicating entire disk for instance. Let us create a disk image of a mount with an EXT3 file system –

[root@kauai src]# dd if=/dev/sdb of=disk.img 

7233761+0 records in
7233760+0 records out
3703685120 bytes (3.7 GB) copied, 236.166 s, 15.7 MB/s

[root@kauai src]# ls -alh disk.img 
-rw-r--r--. 1 root root 3.5G Jan 15 18:44 disk.img

We have copied a mount with multiple files into a single disk.img file which we can copy to another system. Now let us examine the raw disk layout, that we can use to mount as a file system –

[root@kauai src]# fdisk -lu disk.img 
You must set cylinders.
You can do this from the extra functions menu.

Disk disk.img: 0 MB, 0 bytes
124 heads, 62 sectors/track, 0 cylinders, total 0 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xdebbbd93

   Device Boot      Start         End      Blocks   Id  System
disk.img          630416      945623      157604   83  Linux

As we can see the raw disk has 512 byte size sectors and it starts at offset 630416, given this information we can use mount command to mount the disk image –

[root@kauai src]# mount -o loop,offset=$((630416*512)) disk.img /mnt/hdisk/
[root@kauai src]# ls -al /mnt/hdisk/
total 37
drwxr-xr-x. 3 root root  1024 Jan 15 18:39 .
drwxr-xr-x. 4 root root  4096 Nov 17 20:04 ..
-rw-r--r--. 1 root root    15 Jan 15 18:39 file21
-rw-r--r--. 1 root root    15 Jan 15 18:39 file22
-rw-r--r--. 1 root root    15 Jan 15 18:39 file23
-rw-r--r--. 1 root root    15 Jan 15 18:39 file24
-rw-r--r--. 1 root root    15 Jan 15 18:39 file25
-rw-r--r--. 1 root root    15 Jan 15 18:39 file26
-rw-r--r--. 1 root root    15 Jan 15 18:39 file27
-rw-r--r--. 1 root root    15 Jan 15 18:39 file28
-rw-r--r--. 1 root root    15 Jan 15 18:39 file29
-rw-r--r--. 1 root root    15 Jan 15 18:39 file30
drwx------. 2 root root 12288 Jan 15 18:37 lost+found

[root@kauai src]# cat /mnt/hdisk/file26 
File number 26

Here we were able to mount the disk image and be able to read the content of one of the text files.

References –

https://en.wikipedia.org/wiki/Dd_(Unix)

https://linux.die.net/man/8/mount

How to copy to a clipboard in Linux

Problem – You have a file with hundreds or thousands of lines and you want to copy the contents of this file and paste it to an external application, for instance to a browser.

Solution – The first attempt is to try to cat the file and scroll down with your mouse to select each line. This is time consuming or in some cases might not work if there are too many lines as some of the lines will ‘scroll out of the terminal’. One way of getting around this is to use “xclip” – a command line interface to X selections (clipboard).

In my case I wanted to copy the contents of ‘/tmp/ipaddresses.txt’ file to a browser for blogging. The file had 10000 lines. I used the following commands, first to install xclip and then to copy the file contents to a clipboard –

apt-get -y install xclip
xclip -sel cli < /tmp/ipaddresses.txt

The xclip command basically does a selection (-sel) from the file into the clipboard(-cli), where you can copy paste to any other external application.

Once you have the contents of the file in your clipboard, simply paste it, usually with Ctrl+v or Ctrl+Shift+v, to the intended application or file.

References –
https://linux.die.net/man/1/xclip

https://stackoverflow.com/questions/5130968/how-can-i-copy-the-output-of-a-command-directly-into-my-clipboard

How to fake or spoof x-forwarded-for header

The x-forwarded-for header is a way of identifying the IP address of the original client when a web server is sitting behind a proxy or load-balancer. The load-balancer does get the actual client IP as it directly sets up the TCP session with the load-balancer. But the x-forwarded-for address might contain a list of comma separated IP addresses in addition to the immediate client IP. It is these extra IPs that we can spoof and the procedure is similar to modifying any HTTP header such as user agent.

import requests
headers={'X-Forwarded-For':'1.1.1.1'}
r = requests.get('http://web.home.net/index.html', headers=headers)
if r.ok:
    print('Success.')

How the log likes like on an nginx access log –

1.1.1.1, 192.168.10.206 - - [19/Mar/2017:16:43:55 -0700] "GET /index.html HTTP/1.0" 200 1311 "-" "python-requests/2.2.1 CPython/2.7.6 Linux/3.13.0-121-generic"
1.1.1.1, 192.168.10.206 - - [19/Mar/2017:16:53:55 -0700] "GET /index.html HTTP/1.0" 200 1311 "-" "python-requests/2.2.1 CPython/2.7.6 Linux/3.13.0-121-generic"
1.1.1.1, 192.168.10.206 - - [19/Mar/2017:16:58:55 -0700] "GET /index.html HTTP/1.0" 200 1311 "-" "python-requests/2.2.1 CPython/2.7.6 Linux/3.13.0-121-generic"

The take away is not to trust any IPs in the x-forwarded-for list apart from the load balancer IP and the immediate client IP which made a direct call to the load balancer. If we trust our load balancer, we can also reliably identify the immediate client IP. The rest of the IPs in the x-forwarded-for list can be ignored.

References –

https://en.wikipedia.org/wiki/X-Forwarded-For

List shared or dynamic libraries required by a program

In Linux, the

ldd

is used to find out the shared libraries or dependencies required by a program if it is a dynamic executable. ldd requires the full path to the executable as input.

For instance, the Linux ps command depends on the following shared or dynamic libraries –

[root@kauai rtc0]# ldd $(which ps)
	linux-vdso.so.1 =>  (0x00007ffeb6277000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003ef6200000)
	libproc-3.2.8.so => /lib64/libproc-3.2.8.so (0x0000003ef4e00000)
	libc.so.6 => /lib64/libc.so.6 (0x0000003ef4a00000)
	libdl.so.2 => /lib64/libdl.so.2 (0x0000003ef5600000)
	/lib64/ld-linux-x86-64.so.2 (0x0000003ef4600000)

You can also use the ldd command to find out if an executable has an expected dependencies. In this case, we expect that the htpasswd, login and sshd commands depend on the crypt library as they prompt a user for a password for authentication purposes –

[root@kauai rtc0]# ldd $(which htpasswd) |grep crypt
	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f010c8ab000)

[root@kauai rtc0]# ldd $(which login) | grep crypt
	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003efd200000)

[root@kauai rtc0]# ldd $(which sshd) | grep crypt
	libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007ffb0b1f2000)
	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007ffb0a988000)
	libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007ffb0a015000)

References –

http://man7.org/linux/man-pages/man1/ldd.1.html

Update – Eritrean Ethiopian Internet radio

The server hosting the Internet radio for Eritrean and Ethiopian mostly Tigrigna music has been migrated to a new infrastructure and thus the public Internet IP address of the streaming radio has changed. Please use this URL to get the latest streaming address or save the below updated streaming playlist file –

.
NumberOfEntries=1
File1=http://162.247.78.0:8000/test.mp3
Title1=Eritrean Ethiopian - Tigrigna
Length1=-1
Version=2

Download the stream playlist in Linux –
wget -O tigrigna-music.pls http://linuxfreelancer.com:8000/listen.pls

Tag – Eritrean music.
        

Nginx / Apache – log real client IP or x-forwarded-for address.

Web servers such as Nginx or Apache when configured as reverse proxy behind a load balancer, they log the IP address of the load balancer in the access logs as the source IP. For practical use cases, you will usually want to log the actual client IP addresses.

In this setup, Nginx is setup to mimic a load balancer (reverse proxy) with multiple Apache web servers as backend.

1. Nginx snippet configuration to set x_forwarded_for proxy header –

server {
  listen 80;
  listen 443 default ssl;
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   .....
   }

2. Apache snippet Configuration to capture x_forwarded_for header in the access logs –

<VirtualHost *:443>
    ServerAdmin webmaster@home.net
    DocumentRoot /var/www/homenet
    ServerName todo.home.net
...
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
    SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
    CustomLog "logs/todo.home.net-ssl_access_log" combined env=!forwarded
    CustomLog "logs/todo.home.net-ssl_access_log" proxy env=forwarded
 </Virtual>

Before making the above custom changes , the logs showed the load balancer IP 192.168.10.162 only –

192.168.10.162 - - [19/Mar/2015:16:21:10 -0700] "GET /signup.php HTTP/1.0" 200 1237
192.168.10.162 - - [19/Mar/2015:16:21:11 -0700] "GET /login.php HTTP/1.0" 200 1715

After the change the client IP (192.168.10.105) was logged –

192.168.10.105 - - [19/Mar/2015:16:26:43 -0700] "GET / HTTP/1.0" 200 1311 "https://todo.home.net/login.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:35.0) Gecko/20100101 Firefox/35.0"
192.168.10.105 - - [19/Mar/2015:16:26:44 -0700] "GET /signup.php HTTP/1.0" 200 1237 "https://todo.home.net/" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:35.0) Gecko/20100101 Firefox/35.0"

References –

https://www.nginx.com/resources/wiki/start/topics/examples/likeapache/