counter=`cat /tmp/counter` ; echo "$counter+1" | bc > /tmp/counter
note that loading the /tmp/counter into the variable is a necessary indirection, the following:
echo "`cat /tmp/counter`+1" | bc > /tmp/counter
would not work as the output redirection gets triggered before the cat gets a chance to happen, so the file is emptied too early.
I decided to publish this hack as I could not find an iota of information about getting an Endace card working With Symantec’s DLP (previously Vontu) on RedHat.
After you’ve installed the module for your Endace card, you recycle your sensor and are confronted with the following error message:
Endace DAG driver is not available Packet Capture was unable to activate Endace device support. Please see PacketCapture.log for more information.
A look at /var/log/Vontu/debug/PacketCapture.log yields:
ERROR PacketDriverFactory - Driver Dag is unavailable: libdag.so.3: cannot open shared object file: No such file or directory [PacketDriverFactory.cpp(423)]
do an
updatedb locate libdag.so
You will notice you just compiled a version more recent than libdag.so.3. As it turns out, Symantec DLP v11.0 does NOT know how to use the generic libdag.so nor the latest libdag.so.4.0.2 you just compiled. I’ve tried many tricks mostly with symlinks and I just couldn’t get it to use libdag.so.4.
Hold on to your pants as I explain the unholy hack that made it work:
edit /opt/Vontu/Protect/lib/native/libPacketDriverDag.so.11.0.0 , this is a binary file so using a hex editor is a good idea although vi works fine. Also, do respect placement very carefully, you will be changing 1 character and 1 character only.
search for libdag.so.3 and replace its 3 by a 4.
Recycle your server again and it should be happy about life 🙂
So you’ve dded a disk and you would like to mount its partitions from the resulting image file. Easy enough, first:
fdisk -l -u /path/to/disk.img
Which will yield a variation of the following output:
You must set cylinders.
You can do this from the extra functions menu.
Disk disk.img: 0 MB, 0 bytes
255 heads, 63 sectors/track, 0 cylinders, total 0 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000080
Device Boot Start End Blocks Id System
disk.img1 63 15631244 7815591 82 Linux swap / Solaris
disk.img2 * 15631245 113290379 48829567+ 83 Linux
Partition 2 has different physical/logical endings:
phys=(1023, 254, 63) logical=(7051, 254, 63)
disk.img3 113290380 210949514 48829567+ 83 Linux
Partition 3 has different physical/logical beginnings (non-Linux?):
phys=(1023, 254, 63) logical=(7052, 0, 1)
Partition 3 has different physical/logical endings:
phys=(1023, 254, 63) logical=(13130, 254, 63)
Partitions available on the disk image are listed as disk.img1, disk.img2 & disk.img3. Great, pick which one you want to mount and look at where it starts.
disk.img2 starts at 15631245, multiply that by 512. 15631245 * 512 = 8003197440.
Finally, mount the disk image at the offset you calculated as such:
mount -o loop,offset=8003197440 -t auto /path/to/disk.img /mnt/disk_img_partition2
And done!