We're aiming for an off-line scan; I'll look into sysresccd as an option.
As for mounting the LVs, I get this sort of result: root@cowsvplav01:~# pvs PV VG Fmt Attr PSize PFree /dev/sdb5 ubuntu-vg lvm2 a-- 14.76g 268.00m root@cowsvplav01:~# vgs VG #PV #LV #SN Attr VSize VFree ubuntu-vg 1 2 0 wz--n- 14.76g 268.00m root@cowsvplav01:~# lvs LV VG Attr LSize Pool Origin Data% Move Log Copy% Convert root ubuntu-vg -wi------ 13.50g swap_1 ubuntu-vg -wi------ 1020.00m root@cowsvplav01:~# ls /dev/mapper control root@cowsvplav01:~#
So I don't know how I'm going to mount any of it. Yes, I've hot-added it. FWIW, I'm using VMware ESXi 5.1.
On Tue, Nov 3, 2015 at 12:46 PM, Adam Thompson athompso@athompso.net wrote:
Note that if looking for Linux rootkits, NFS export will/can hide them. Otherwise, yeah...
On November 3, 2015 12:37:28 PM CST, John Lange john@johnlange.ca wrote:
You could just mount the remote disk over the "network" and then scan it.
On Tue, Nov 3, 2015 at 11:48 AM, Adam Thompson athompso@athompso.net wrote:
On 15-11-03 10:55 AM, Kevin McGregor wrote:
I would like to be able to temporarily move a disk from one Linux system to another. The disk has a complete LVM2 volume group on it which I would like to mount on the second system. However, I may or may not be able to mark the volume group as "exported".
Is there any way to import a volume group which isn't marked as "exported"? Or to use the destination system to mark it as such?
Background: I've been tasked with creating a Linux VM (Virtual Machine) with ClamAV on it which can scan other Linux VM disks. To do that I assumed I'd shut down the target system and mount its disks on the scanning VM, do the scan, then remove the target disks from the scanning VM.
Is there a better way?
Kevin
Boot a LiveCD on the to-be-scanned VM?
Actually, I would boot a LiveCD in the dedicated VM anyway. Sysresccd works well, and usually has a reasonably-up-to-date version of ClamAV. Also, it doesn't require 3D video, so it works well in a VM (unlike, say, Ubuntu, CentOS 7, etc.).
If you want a regular HDD (vdd?) installed linux system anyway, simply running "pvs", "vgs", "lvs" and then mounting the FS out of /dev/mapper should work. You might have to do a "{pv,vg,lv}change -ay" if it's not marked as active. Do NOT flag it as exported once you're done scanning it, or the origin system may refuse to automount it.
If you're running in VMware, I would recommend hot-adding the volume to the scanning VM so that it never accidentally tries to boot off it.
-Adam _______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
-- John Lange www.johnlange.ca
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable