Exocomm Linux Operating System (EOS)
The OS Exocomm OS is a complete Linux-based operating system that has been purpose-built to meet the needs of Exocomm clients. The Exocomm Operating System is a fusion of both open-source and proprietary software, designed to provide a secure, high-performance common platform suitable for mission-critical requirements.
We're pretty unique in that we can offer a "full stack" solution (rather than being stuck with specific platform vendors like Apple or Microsoft), enabling our customers to build any application they can dream of -- you pick the device, we'll handle the entire software stack. From tiny "Internet of Things" sensor nodes to enterprise storage and information security applications, we've got the whole stack for it, right here. We're big fans of open-source software. The Exocomm OS powers firewalls, compute nodes, routers, video displays, infrastructure servers and many other applications.Exocomm's ongoing role in maintaining the Operating System includes:
Download the Exocomm OS ISO (exocomm-os.x86-generic.iso) and burn it to a DVD or USB storage device.
When the Exocomm OS boots up, you can select one of several modes from the menu.
For cloud-based installations, the entire installation and configuration process will occur automatically. This requires a licensed copy of the Exocomm OS. When this mode is used, all of your basic configuration options are burned in to your installation image no user input is required.
After booting your Exocomm OS media, select the interactive installation menu option to install the Exocomm Linux Operating System. This allows you to enter basic setup information from the console. Interactive installation mode is always available on licensed or generic media. If you have a licensed image, the automatic installation mode can be used to install your device without entering any configuration information.
We've designed the installation process to be fast and easy. Most machines should take no more than a few minutes to install.
During installation, the primary storage device (generally the SDA SCSI device, or primary flash chip) will be securely erased. Nothing from the previous operating system will remain. This ensures no artifacts from a previous operating system remain on the storage medium (for example, sensitive data from a previous installation). The process also ensures the storage device is working correctly (that there are no bad blocks on the device). This pre-allocation of storage blocks also tends to improve performance in some virtualization environments, because the machine is more likely to allocate a contiguous set of blocks, rather than scattering them around different discs or regions of the disc).
This operation can take some time, since every block on the storage device is written but by doing this, the installer ensures that the node is clean no sensitive data remains from previous installations, and that the storage device is in perfect working condition. Its far better to discover a faulty hard drive or flash chip at installation time than to find out weeks later when the machine is in service.
WARNING : Please be careful! Make sure you are installing the right image on the right machine! All existing data on the computer will be erased. It is not possible to recover any data from the computer after this operation! Back up all data before booting the Exocomm OS installer!
Enter the host name for your machine.
Enter your desired root password.
Select the type of link (ethernet or wifi) you wish to use for your default gateway.
Select the address allocation mode for your default network gateway.
If using a static address, enter the IP address, netmask, gateway and DNS server information.
Now that you've entered basic configuration information, the installation begins.
You're done! Remove your installation media and press ENTER to boot up your device.
Select the "text" option to start the Exocomm OS.
The hardware diagnostic mode will test the machines RAM and storage devices. This operation is destructive!
forensics / recovery mode
The forensic boot mode is designed for the extraction or recovery of data from a running machine. Its useful for forensic work, for data recovery for debugging of kernel crashes. This mode will permit the capture of raw memory (for example, to recover a key or other evidence from a running machine). The kernel will use only 64 MB of memory; thus there is a risk that some data will be overwritten by the running kernel, but in most cases this is sufficient to recover most or all of the desired data from a running machines memory or hard discs.
When booted in this mode, no storage will be touched, no network devices are available, and only a small amount of RAM will be tainted. However, you can attach USB-based storage devices on which to store recovered data. You must mount the storage and perform the recovery procedure manually.
accessing the memory of a warm-booted machine
Module: insmod fmem.ko a1=0xc104d530 : OK Device: /dev/fmem ----Memory areas: ----- reg00: base=0x07d000000 ( 2000MB), size= 16MB, count=1: uncachable reg01: base=0x07e000000 ( 2016MB), size= 32MB, count=1: uncachable reg02: base=0x000000000 ( 0MB), size= 2048MB, count=1: write-back reg03: base=0x079e00000 ( 1950MB), size= 2MB, count=1: uncachable reg04: base=0x0d0000000 ( 3328MB), size= 256MB, count=1: write-combining
recovering data from a failed storage device
The Exocomm OS provides a number of tools for data recovery. The diagnostic boot mode can be used to identify problem devices, and the recovery mode can be used to fix things. Here are some general suggestions for using the Exocomm OS in a data recovery situation.
First, examine a SMART report for the failed device. This information can be useful, but is not absolutely definitive the device may still die even if SMART reports that everything is okay! SMART can tell us how long the storage device has been in service, how many power on/off cycles it has endured, the highest operating temperature it has sustained, and so on. Based on MTBF and other parameters, SMART can give you some indication as to when the device can be expected to fail in the future. If the device cannot be seen at this point, you probably have a hardware failure.
Next conduct a read-only, block-level test of the device (preferably a copy, to a rescue storage device such as a portable USB hard disc). If this succeeds, your storage device is healthy. You can then optionally conduct a write test as well. If this also succeeds, your device is fully functional at the block level. If this test/copy fails, youve got problems such as a worn-out flash disc or damaged media. Use the ddrescue tool to run a block-level copy which will tolerate these read errors, making a copy to a rescue media. You then have a block-for-block copy of the failing device, minus any blocks which could not be read (these blocks will be forever lost).
Once you have rescued the block-level filesystem image, try and mount the image. If the image does not contain the data you expect (it has been reformatted or otherwise damaged), use the testdisk tool to search for partitions. If appropriate, recover the partition table on the device, then extract files of interest from those partitions (by mounting the appropriate partitions).
If no partition tables / filesystems are found, your filesystem is very seriously damaged. Your last resort is to run a signiture-based restoration using the photorec tool. This will recover the undamaged files from the damaged filesystem, but you will lose all filesystem metadata in the process this includes the file names, directory structure, timestamps and so on!
You can then perform specific recovery tasks on the restored files. It is unrealistic to rebuild an entire filesystem from these recovered files in most cases at this point you will probably need to target specific critical data for recovery; for example if you have a MySQL database, you may be able to extract table data from recovered MYI files.
Once your filesystem has been restored, use the fsck tool on an ongoing basis to monitor its integrity.