Entrails Linux came out of the need for a distribution that:

In many of these cases, existing so-called rescue distributions and Live CDs do a reasonable job at fulfilling many of these requirements. After a few remote diagnostic sessions at 3am, it becomes clear that there's a market for something a little more specialised. Entrails Linux, or Entrails for short, aims to one day fulfill all of these requirements.

Entrails makes it easier to sift through the entrails of fallen systems. Entrails is easy to send to someone remotely or to boot remotely. With minimal console interaction, Entrails may be brought up on a system to a state where the real work can begin.

Getting Entrails

Currently available images are available at:


Entrails comes in a 32bit Intel flavour and a 64bit Intel flavour and each is shipped as an individual bootable image. It will need about 384MB of RAM too boot as a minimum.

Simply write the image to a USB stick, hard disk, CD or DVD and boot it. You can even PXE boot the image directly or pull the kernel and initrd off the image and PXE boot those using something like PXELinux.

The default root password is entrails.

By default, no state is kept at all. See the state command for more info.

Entrails Linux


The i586 and x86_64 images are Hybrid ISOs. This means that they can be booted as bootable CDs when burned to a CD or DVD, but also that they can be booted from normal x86 MBR based systems. There's no direct UEFI support yet.

It is possible to add a state partition to the image by appending some more blocks to the image and then creating a partition and filesystem that uses those blocks:

$ dd if=/dev/zero bs=1024k count=20 >> entrails-0.6.8-i586.img
$ parted entrails-0.6.8-i586.img
(parted) mkpartfs ....

This is unlikely to work when the image is written to CD media however.

See the state entrails subcommand further down for ideas about automatically mounting this partition under /state. If mounted, ssh host keys are stored on this persistent storage, as well as optional configuration.


Entrails Linux is built using the Buildroot system ( It contains most of the packages in the following areas:

At some point, an exhaustive list, including version numbers, should be included in this document. The generation of that list has yet to be automated.

By default, sshd is the only service started by default.


Entrails comes with a crude tool for being able to do common things quickly. The primary focus has been on functionality that might be required to be dictated over the phone or email to a guy in a data centre that may not understand the intricacies of the ifconfig command.

The entrails command has a builtin help quick-reference:

hardware command:
    detect=<pci|usb|virt|all> class=<XX>

httpd command:
    <start|stop> root=<directory>

mdns command:

mount command:

nbd command:
    port=<port> file=<file>

net command:
    if=<interface> addr=<addr|dhcp> vc=<vendorclass>

ntp command:
    <start|stop> server=<server>

password command:
    user=<user> pass=<pass>

uts command:

state command:
    fslabel=<fslabel> fstype=<fstype> configfile=<filename>

With each of these commands being documented below.

The hardware command

The hardware command triggers a crude form of hardware detection. This currently consists of trying to match PCI and USB device/vendor IDs against a precompiled list of kernel module aliases and trying to load each module in turn. Paravirtual drivers (KVM VirtIO and Hyper-V) are also able to be loaded.

It is possible to specify a particular (hexadecimal) PCI class of devices to match against for those that want specific control.


entrails hardware detect=pci class=02

The httpd command

This command simply starts or stops the lighttpd daemon and sets the document root. Useful for retrieving things like session logs or recovered data.


entrails httpd root=/mnt start

The mdns command

The mdns command simply starts or stops the avahi-daemon service, which is configured by default to answer queries on the entrails domain. This is useful in conjunction with the uts and net command when using DHCP in an unfamiliar network.

entrails mdns start

The mount command

This command simply attempts to mount a set of block devices under /mnt.

entrails mount vol=all

The nbd command

This starts a network block device (NBD) service on the named port using the named file. The named file could be an existing block device. This is most useful for cases where custom diagnostics or forensics tools need to be executed over a hard disk in a remote machine. The remote machine can simply be booted into Entrails Linux and the disk of concern exported as a network block device. A client machine would run the custom tool against the exported block device.

entrails nbd port=5000 file=/dev/sda

The net command

This command allows basic control over a network interface.

entrails net if=eth0 addr=dhcp

The ntp command

This starts and stops the NTP service with the specified server.

entrails ntp start

The password command

This can be used to change the password of an existing user. Two existing interactive users currently exist - root and default. The latter is locked by default.

entrails password user=default pass=entrails

The uts command

This command allows the setting of the host's hostname. This is generally a cosmetic thing, given that no dynamic DNS is done, but can be useful in conjunction with the mdns command above.

entrails uts hostname=entrails

The state command

The state command allows you to specify a partition to mount under /state - the default location where some tools/services will attempt to store state across reboots. Because of the nature of device detection, block device names are likely to be quite unpredictable. To allow for this, the state filesystem is referred to by its filesystem label (the fslabel option). The filesystem type defaults to exFAT, but can be anything supported.

The configfile option is the path (from the root of the volume) to a text file containing entrails commands (for example, uts hostname=entrails.

entrails state fslabel=el-state fstype=exfat configfile=el.cfg

Entrails CLI at boot time

Entrails can be passed in at boot time on the kernel command line. Simply specify entrails="..." where the ... is a comma-separated list of entrails commands. For example, appending this to the kernel command line:

entrails="uts hostname=entrails,net if=eth0 addr=dhcp,nbd disk=/dev/sda port=5000,mdns start"


  1. Set the hostname to 'entrails'
  2. Bring up eth0 using DHCP
  3. Export /dev/sda as a network block device on TCP port 5000
  4. Start the Avahi service, which will answer to entrails.entrails


Some potential features that may appear in later versions include:

  1. Enhancements to the net entrails command
  2. Add a CGI front end to the entrails command
  3. Add complete package list to this document
  4. Add services to advertise using MDNS/avahi 2014