Question

Using any of the freely available imaging solutions like Clonezilla is an efficient way to create a fully configured and patched system image for distribution on your network. Clonezilla can be implemented from a server or a bootable device and permits users a variety of options based on their needs. One of the more flexible options of this solution can be deployed using a portable drive. This drive can contain prestaged images for on‐site deployment. Sometimes you will have a situation where a machine will not boot to the network or it is against regulations to move an ailing asset and using a portable drive is ideal.

If you have an on‐site technician lab, you can create an effective cloning system using a server machine, one or more technician machines, and a network switch to facilitate deployment to multiple systems at once. Many environments have this equipment sitting unused on a shelf. In practice, this simple setup has been shown to be able to image and deploy more than 100 systems in a single week.

Some best practices to consider when deciding to clone systems versus original media installations include the following:

• Use an established checklist for pre‐ and post‐imaging actions to ensure proper system deployment.
• Update your technician machine(s) to the most current updates according to your security policy.
• Update your images on a manageable schedule. This ensures that system images require less post‐deployment patching.
• Have important drivers readily available for the variety of systems that your image will support.
• Use a sysprep tool to remove system identifiers prior to taking your image.
• Use a secure repository to hold your system images; often having a stand‐alone cloning system works well.
• Have a method to positively assure the integrity of your stored images. Hashing is a cheap but effective method for this purpose.

In Lab 12.5 , you'll be creating a Clonezilla Live USB.

---

LAB 12.5 : CREATING A CLONEZILLA LIVE USB

1. Go to www.clonezilla.org . Two types of Clonezilla are available: Clonezilla Live and Clonezilla SE. Click the link for Clonezilla Live. (Clonezilla SE is for an enterprise, where Clonezilla Live is for a single backup and restore. I personally have had multiple USBs in action at the same time.)
2. For a USB flash drive or USB hard drive install, find the document link for this type of boot media.
3. There are several methods to format a USB drive so that it is bootable. I have used Rufus USB creator and found it to be very lightweight, fast, and user friendly. Follow the directions to download and install Rufus. Run the Rufus.exe and download the Clonezilla Live .iso file for the architecture you are running.
4. Plug in your USB flash drive or USB hard drive. Rufus will auto‐detect the device. Under boot selection, make sure that .iso is selected and then choose Select.
5. Navigate to the location where you downloaded the Clonezilla .iso and choose that file and double‐click to open it.
6. Review the options, volume label, and cluster size. As you see in Figure 12.16 , I usually leave the defaults.

   

   Figure 12.16 : Configuring Rufus with the Clonezilla .iso

7. Click Start. You will get a warning that all data on the drive will be erased. Click OK, and the status bar will let you know what is currently happening on that drive. You may think nothing is happening, but as long as the timer in the lower‐right corner is running, the USB is being formatted, partitioned, and .iso loaded. The status bar will turn green and display “Ready” when it has completed.

---

Once you have built your Clonezilla Live USB, you can boot your target machine with it. You may have to edit the BIOS of the machine to be able to boot to USB. Set USB as the first priority when you edit the BIOS. With Clonezilla Live, you are able to save an image and restore that image. In Clonezilla Live, two accounts are available. The first account is “user” with sudo privilege, and the password is “live.” A sudo account will allow users to run programs with the security privileges of a superuser. Sudo means “superuser do.” The second account is an administration account “root” with no password. You cannot log in as root. If you need root privilege, you can log in as user and run sudo ‐i to become root.

In Lab 12.6 , you'll be creating a Clonezilla Live image.

---

LAB 12.6 : CREATING A CLONEZILLA LIVE IMAGE

1. Boot the machine via USB Clonezilla Live.
2. The USB is the software host. You will see the boot menu of Clonezilla Live. Figure 12.17 shows the options you can select from. The default of Clonezilla Live with the default settings of VGA 800×600 is the best option. Press Enter, you will see Debian Linux booting process.

   

   Figure 12.17 : Clonezilla Live boot menu

3. The next configuration page has you choose language and keyboard by using the up and down arrows to select the correct option. (As you can see in Figure 12.18 , I chose “Don't touch keymap” to keep the layout of a QWERTY keyboard.) For the purposes of this lab, leave the defaults as they are and press Enter and then Start Clonezilla.

   

   Figure 12.18 : Preparing the Clonezilla Live environment

4. Choose the device‐image option from the next step. This will allow you to work with disks or partitions by creating an image.
5. Choose the local_dev option to assign sdb1 as the image home, as shown in Figure 12.19 . Wait for the instructions to insert the USB into the machine and then wait 5 seconds before pressing Enter.

   

   Figure 12.19 : Assigning where the Clonezilla image will be saved or read from

6. Select sdb1 as the image repository, keep the Beginner mode, and then choose the savedisk option to save the local disk as an image, as shown in Figure 12.20 .

   

   Figure 12.20 : Saving the current disk to an image

7. Clonezilla will name this image automatically based on day and time. If you want, you can edit this image name with more information, such as the operating system, and press Enter. Select the source disk, which is the disk on the asset you are cloning. Press Enter.
8. You have two more options before the clone takes place. You can select the option to check the cloned file for errors, and you can opt to encrypt this cloned disk. The default will check the disk for error but not encrypt. There is no backdoor if you forget the passphrase. Now Clonezilla is ready to save the disk image after you have made those choices. Press Enter.

---

When in doubt, keep the defaults except at the end of the cloning configuration. When everything is finished, choose ‐p poweroff as your final selection because this will shut off the machine. If you are not paying very close attention at the end of this cloning process, it could restart the entire process since you are booting with a USB, and you'll end up right back at step 1 of configuring the clone. (Yes, that has happened to me many times.) You won't forget to properly eject the USB and accidentally corrupt it.

To restore the image, follow steps 1 through 5 in Lab 12.6 . At that point in the process, you should choose restoredisk instead of savedisk . Choose the image name you just cloned and then the destination disk where you want to deploy the image.

With Clonezilla SE, I've been on a team that imaged over 100 new machines a week. When I was teaching at Fort Carson, we had two classrooms with 18 computers each and 36 laptops that we recycled the image on every month. I would harden the OS and then load all the files that students would need for the CompTIA, ISC2, Microsoft, and Cisco classes. The certification boot camps we taught were either 5 days or 10 days, or for CISSP, 15‐day classes. Class ended Friday at 5 p.m., and the next class started Monday at 8 a.m. We needed to be fast and as efficient as possible. Remember, my job is to make your life easier, and these are tools that will help.