Posts Tagged ‘root privileges’

How to mount MDF images in Debian GNU / Linux – What is the MDF and MDS file

Monday, February 27th, 2012

I’ve recently had to mount an MDF (.mdf) image file on my Debian Linux . I never used .MDF file extension before and therefore I had no clue what is this file extension, so I did a quick research in Google to educate myself what is the MDF file format?

What I found was one article on titled What is MDF & MDS and one article in Wikipedia MDF and MDS file pair
In short MDF is a CD9660 like ISO format produced by some CD burning and image creation software like Alcohol 120%
An MDS file accompanies the .MDF file. The .MDS is an optional metadata descriptor file which explains what is contained in the .MDF (iso like file).
MDF is not so standartized format like the usual ISO‘s we use to snapshot optical CD or DVDs but still is produced by some programs.

The MDF and MDS file pairs are typically created by two famous MS Windows programs:

  • Alcohol 120%
  • Daemon Tools

Both of the softwares are non-free programs, with the little exception – Daemon Tools is at least a freeware.
This is the reason why MDF format is far from popular across GNU / Linux and BSD* users and mostly used across Microsoft Windows platforms.

On Windows there are plenty of program capable of reading and opening .MDF extension files; The two aforementioned programs + MagicISO is few of the many programs which support mounting / (Create virtual drive) for MDF files.

On Free Opearting Systems, (Linux / BSD) there are two GUI programs, that are capable of mounting MDF files;:

  • Furiusisomount
  • AcetoneISO

I’ve tried both of them, for the sake of testing. With FuriosIsoMount however mounting the MDF failed. I tried to mount with FuriousIsoMount by launching the program with both non-root and root privileges. The program was capable of detect the .MDF file, I can browse the file and even it appeared like it is mounting the MDF fine when pressing on Mount button, however the mount point directory stays empty.

With AcetoneISO program mounting the MDF directly was possible, but only when the program was run with root privileges. With non-root privileges I got the error:

Error, could not mount image.

AcetoneISO can't open MDF error message Debian GNU / Linux

There is also alternative way command way to mount an MDF image by;

1. Using mdf2iso to convert the MDF image file to ISO
2. Use the regular Linux mount command to mount the converted ISO9660 file

On Debian there mdf2iso is avaialable as a deb package.
To install it:

linux:~# apt-get install --yes mdf2iso

1. Convert MDF to ISO with mdf2iso

To convert the MDF image to ISO with mdf2iso cmd I used:

hipo@linux:~/mdf-iso$ mdf2iso my-mdf-iso-file.mdf
mdf2iso v0.3.1 by Salvatore Santagati
Licensed under GPL v2 or later
47% [: >=========:]

2. Mount the newly converted ISO file with mount cmd

linux:~# mkdir /mnt/ISO
hipo@linux:~/mdf-iso$ mount -t iso9660 -o loop my-mdf-iso-file.iso /mnt/ISO

Now your MDF will be mounted in /mnt/ISO 🙂

How to improve Linux kernel security with GrSecurity / Maximum Linux kernel security with GrSecurity

Tuesday, May 3rd, 2011

In short I’ll explain here what is Grsecurity for all those who have not used it yet and what kind of capabilities concerning enhanced kernel security it has.

Grsecurity is a combination of patches for the Linux kernel accenting at the improving kernel security.

The typical application of GrSecurity is in the field of Linux systems which are administered through SSH/Shell, e.g. (remote hosts), though you can also configure grsecurity on a normal Linux desktop system if you want a super secured Linux desktop ;).

GrSecurity is used heavily to protect server system which require a multiple users to have access to the shell.

On systems where multiple user access is required it’s a well known fact that (malicious users, crackers or dumb script kiddies) get administrator (root) privileges with a some just poped in 0 day root kernel exploit.
If you’re an administrator of a system (let’s say a web hosting) server with multiple users having access to the shell it’s also common that exploits aiming at hanging in certain daemon service is executed by some of the users.
In other occasions you have users which are trying to DoS the server with some 0 day Denial of Service exploit.
In all this cases GrSecurity having a kernel with grsecurity is priceless.

Installing grsecurity patched kernel is an easy task for Debian and Ubuntu and is explained in one of my previous articles.
This article aims to explain in short some configuration options for a GrSecurity tightened kernel, when one have to compile a new kernel from source.

I would skip the details on how to compile the kernel and simply show you some picture screens with GrSecurity configuration options which are working well and needs to be set-up before a make command is issued to compile the new kernel.

After preparing the kernel source for compilation and issuing:

linux:/usr/src/kernel-source$ make menuconfig

You will have to select options like the ones you see in the pictures below:

[nggallery id=”8″]

After completing and saving your kernel config file, continue as usual with an ordinary kernel compilation, e.g.:

linux:/usr/src/kernel-source$ make
linux:/usr/src/kernel-source$ make modules
linux:/usr/src/kernel-source$ su root
linux:/usr/src/kernel-source# make modules_install
linux:/usr/src/kernel-source# make install
linux:/usr/src/kernel-source# mkinitrd -o initrd.img-2.6.xx 2.6.xx

Also make sure the grub is properly configured to load the newly compiled and installed kernel.

After a system reboot, if all is fine you should be able to boot up the grsecurity tightened newly compiled kernel, but be careful and make sure you have a backup solution before you reboot, don’t blame me if your new grsecurity patched kernel fails to boot! You’re on your own boy 😉
This article is written thanks to based originally on his article in Bulgarian. If you’re a Bulgarian you might also checkout static’s blog