ISO Creation, Burning & Bootable USB Guide 2025: Complete Linux Media Management
Creating ISO images, burning optical media, and crafting bootable USB drives are essential skills for system administrators, developers, and IT professionals. This comprehensive guide covers modern media creation techniques, enterprise deployment strategies, and advanced disk imaging workflows for Linux systems.
ISO and Media Management Overview
Why Master Media Creation
Modern Use Cases
- Operating System Deployment: Installing Linux distributions, Windows, or custom OS images
- System Recovery: Creating rescue media and backup images
- Software Distribution: Packaging applications and updates for offline installation
- Data Archival: Long-term storage of important data on optical media
- Virtual Machine Images: Creating and distributing VM templates
Media Types and Applications
- ISO Images: Universal disk image format for OS and software distribution
- Bootable USB: Modern replacement for optical media with faster speeds
- DVD/Blu-ray: Archival storage and legacy system support
- Hybrid Images: Support both optical and USB boot methods
- Network Boot Images: PXE and network installation media
Creating ISO Images from Physical Media
Basic ISO Creation with dd
Simple DVD/CD to ISO Conversion
# Create ISO from CD/DVD drive
sudo dd if=/dev/sr0 of=./disk_image.iso bs=2048 status=progress
# With compression
sudo dd if=/dev/sr0 bs=2048 status=progress | gzip -c > disk_image.iso.gz
# Verify integrity
sudo dd if=/dev/sr0 bs=2048 count=$(isosize -d 2048 /dev/sr0) | md5sum
md5sum disk_image.iso
Advanced dd Options and Optimization
#!/bin/bash
# Advanced ISO creation script with error handling
create_iso_from_disc() {
local device="${1:-/dev/sr0}"
local output="${2:-disc_backup_$(date +%Y%m%d_%H%M%S).iso}"
local block_size="${3:-2048}"
echo "Creating ISO from $device"
echo "Output file: $output"
# Check if device exists and is readable
if [[ ! -r "$device" ]]; then
echo "Error: Cannot read from $device"
return 1
fi
# Get disc size for progress tracking
local disc_size=$(blockdev --getsize64 "$device" 2>/dev/null || echo "0")
local disc_size_mb=$((disc_size / 1048576))
echo "Disc size: ${disc_size_mb}MB"
# Create ISO with optimal settings
sudo dd if="$device" \
of="$output" \
bs="$block_size" \
conv=noerror,sync \
status=progress \
iflag=direct 2>&1 | while read line; do
echo -ne "\r$line"
done
echo -e "\nISO creation complete"
# Verify ISO
if [[ -f "$output" ]]; then
local iso_size=$(stat -c%s "$output")
local iso_size_mb=$((iso_size / 1048576))
echo "ISO size: ${iso_size_mb}MB"
# Generate checksums
echo "Generating checksums..."
md5sum "$output" > "${output}.md5"
sha256sum "$output" > "${output}.sha256"
echo "Checksums saved to ${output}.md5 and ${output}.sha256"
fi
}
# Batch ISO creation from multiple discs
batch_create_isos() {
local device="/dev/sr0"
local output_dir="./iso_backups"
local count=1
mkdir -p "$output_dir"
while true; do
echo "Insert disc $count and press Enter (or 'q' to quit):"
read -r response
if [[ "$response" == "q" ]]; then
break
fi
# Wait for disc to be ready
sleep 2
# Create ISO
create_iso_from_disc "$device" "$output_dir/disc_${count}.iso"
# Eject disc
eject "$device"
((count++))
done
echo "Batch ISO creation complete. Created $((count-1)) ISOs."
}
Creating ISO Images from Directories
Using mkisofs/genisoimage
#!/bin/bash
# Create ISO from directory structure
create_iso_from_directory() {
local source_dir="$1"
local output_iso="$2"
local volume_label="${3:-DATA}"
# Basic ISO creation
genisoimage -o "$output_iso" \
-V "$volume_label" \
-J -R -l \
"$source_dir"
echo "ISO created: $output_iso"
}
# Create bootable ISO
create_bootable_iso() {
local source_dir="$1"
local output_iso="$2"
local boot_image="${3:-isolinux/isolinux.bin}"
# Create bootable ISO with ISOLINUX
genisoimage -o "$output_iso" \
-b "$boot_image" \
-c boot.cat \
-no-emul-boot \
-boot-load-size 4 \
-boot-info-table \
-J -R -V "BOOTABLE" \
"$source_dir"
# Make ISO hybrid (bootable from USB)
isohybrid "$output_iso"
echo "Bootable ISO created: $output_iso"
}
# Create UEFI bootable ISO
create_uefi_iso() {
local source_dir="$1"
local output_iso="$2"
# Create UEFI bootable ISO with xorriso
xorriso -as mkisofs \
-o "$output_iso" \
-isohybrid-mbr /usr/lib/ISOLINUX/isohdpfx.bin \
-c isolinux/boot.cat \
-b isolinux/isolinux.bin \
-no-emul-boot \
-boot-load-size 4 \
-boot-info-table \
-eltorito-alt-boot \
-e boot/grub/efi.img \
-no-emul-boot \
-isohybrid-gpt-basdat \
-V "UEFI_BOOT" \
"$source_dir"
echo "UEFI bootable ISO created: $output_iso"
}
Burning ISO Images to Optical Media
Using growisofs for DVD Burning
Basic DVD Burning
# Burn ISO to DVD
growisofs -dvd-compat -Z /dev/sr0=image.iso
# Burn with specific speed
growisofs -speed=4 -dvd-compat -Z /dev/sr0=image.iso
# Multi-session DVD
growisofs -M /dev/sr0 -R -J /path/to/additional/files/
# Blank rewritable DVD first
dvd+rw-format -force /dev/sr0
Advanced growisofs Script
#!/bin/bash
# Advanced DVD burning with verification
burn_dvd_with_verify() {
local iso_file="$1"
local device="${2:-/dev/sr0}"
local speed="${3:-4}"
if [[ ! -f "$iso_file" ]]; then
echo "Error: ISO file not found: $iso_file"
return 1
fi
echo "Burning $iso_file to $device at ${speed}x speed"
# Get ISO size
local iso_size=$(stat -c%s "$iso_file")
local iso_size_mb=$((iso_size / 1048576))
echo "ISO size: ${iso_size_mb}MB"
# Check media capacity
local media_info=$(dvd+rw-mediainfo "$device" 2>/dev/null)
# Burn ISO
if growisofs -speed="$speed" -dvd-compat -Z "$device=$iso_file"; then
echo "Burn complete. Verifying..."
# Verify burned disc
if verify_burned_disc "$device" "$iso_file"; then
echo "✓ Verification successful"
return 0
else
echo "✗ Verification failed"
return 1
fi
else
echo "✗ Burn failed"
return 1
fi
}
verify_burned_disc() {
local device="$1"
local original_iso="$2"
echo "Creating checksum of original ISO..."
local original_md5=$(md5sum "$original_iso" | cut -d' ' -f1)
echo "Reading back from disc..."
local disc_md5=$(sudo dd if="$device" bs=2048 count=$(isosize -d 2048 "$device") 2>/dev/null | md5sum | cut -d' ' -f1)
if [[ "$original_md5" == "$disc_md5" ]]; then
echo "Checksums match!"
return 0
else
echo "Checksum mismatch!"
echo "Original: $original_md5"
echo "Disc: $disc_md5"
return 1
fi
}
Using wodim for CD/DVD Burning
wodim Configuration and Usage
#!/bin/bash
# wodim burning script with device detection
# Auto-detect CD/DVD writer
detect_optical_drive() {
local devices=$(wodim --devices 2>&1 | grep 'dev=' | cut -d"'" -f2)
if [[ -z "$devices" ]]; then
echo "No optical drives detected"
return 1
fi
echo "Detected optical drives:"
echo "$devices"
# Return first device
echo "$devices" | head -1
}
# Burn with wodim
burn_with_wodim() {
local iso_file="$1"
local device="${2:-auto}"
local speed="${3:-16}"
# Auto-detect device if needed
if [[ "$device" == "auto" ]]; then
device=$(detect_optical_drive)
if [[ -z "$device" ]]; then
echo "Error: No optical drive found"
return 1
fi
fi
echo "Burning to device: $device"
# Get media info
wodim -v dev="$device" -checkdrive
# Burn ISO
wodim -v -eject \
speed="$speed" \
dev="$device" \
-data \
"$iso_file"
return $?
}
# Blank rewritable media
blank_rewritable_disc() {
local device="${1:-auto}"
local blank_type="${2:-fast}" # fast or all
if [[ "$device" == "auto" ]]; then
device=$(detect_optical_drive)
fi
echo "Blanking disc in $device (mode: $blank_type)"
wodim -v blank="$blank_type" dev="$device"
}
# Multi-session burning
multisession_burn() {
local device="$1"
local session_data="$2"
# Get next writable address
local next_session=$(wodim -msinfo dev="$device")
# Create new session
mkisofs -R -J -C "$next_session" -M "$device" \
-o session.iso "$session_data"
# Burn new session
wodim -v -multi dev="$device" session.iso
rm -f session.iso
}
Creating Bootable USB Drives
Basic USB Creation with dd
Simple Bootable USB
# Create bootable USB (BE CAREFUL with device selection!)
sudo dd if=debian-11.0-amd64-netinst.iso of=/dev/sdc bs=4M status=progress conv=fsync
# With automatic sync
sudo dd if=ubuntu-22.04-desktop-amd64.iso of=/dev/sdc bs=4M status=progress oflag=sync
# Verify write
sync
sudo hdparm -z /dev/sdc
Advanced USB Creation Script
#!/bin/bash
# Safe USB creation script with confirmations
create_bootable_usb() {
local iso_file="$1"
local usb_device="$2"
# Safety checks
if [[ ! -f "$iso_file" ]]; then
echo "Error: ISO file not found: $iso_file"
return 1
fi
if [[ ! -b "$usb_device" ]]; then
echo "Error: Invalid block device: $usb_device"
return 1
fi
# Check if device is mounted
if mount | grep -q "$usb_device"; then
echo "Error: Device $usb_device is mounted. Please unmount first."
return 1
fi
# Get device info
local device_size=$(blockdev --getsize64 "$usb_device" 2>/dev/null)
local device_size_gb=$((device_size / 1073741824))
local device_model=$(udevadm info --query=all --name="$usb_device" | grep -E "ID_MODEL=" | cut -d= -f2)
echo "USB Device Information:"
echo "Device: $usb_device"
echo "Model: $device_model"
echo "Size: ${device_size_gb}GB"
echo ""
echo "ISO File: $iso_file"
echo "Size: $(du -h "$iso_file" | cut -f1)"
# Confirmation
echo ""
echo "WARNING: This will ERASE ALL DATA on $usb_device"
read -p "Are you sure you want to continue? (type 'yes' to confirm): " confirm
if [[ "$confirm" != "yes" ]]; then
echo "Aborted."
return 1
fi
# Create USB
echo "Creating bootable USB..."
if sudo dd if="$iso_file" \
of="$usb_device" \
bs=4M \
status=progress \
conv=fsync; then
echo "✓ USB creation complete"
# Sync and eject
sync
sudo eject "$usb_device"
echo "USB drive can be safely removed"
return 0
else
echo "✗ USB creation failed"
return 1
fi
}
# List available USB devices
list_usb_devices() {
echo "Available USB devices:"
echo "====================="
lsblk -d -o NAME,SIZE,MODEL,VENDOR | grep -E "(sd[b-z]|nvme[0-9])"
echo ""
echo "Detailed information:"
for device in /dev/sd[b-z]; do
if [[ -b "$device" ]]; then
local size=$(blockdev --getsize64 "$device" 2>/dev/null)
local size_gb=$((size / 1073741824))
local model=$(udevadm info --query=all --name="$device" | grep -E "ID_MODEL=" | cut -d= -f2)
local vendor=$(udevadm info --query=all --name="$device" | grep -E "ID_VENDOR=" | cut -d= -f2)
echo "$device: $vendor $model (${size_gb}GB)"
fi
done
}
Creating Multi-Boot USB Drives
Ventoy Multi-Boot Solution
#!/bin/bash
# Install and configure Ventoy for multi-boot USB
install_ventoy() {
local version="1.0.95"
local arch="linux"
# Download Ventoy
wget "https://github.com/ventoy/Ventoy/releases/download/v${version}/ventoy-${version}-${arch}.tar.gz"
# Extract
tar -xzf "ventoy-${version}-${arch}.tar.gz"
cd "ventoy-${version}"
# List devices
echo "Available devices:"
sudo ./VentoyWeb.sh
}
# Manual multi-boot USB with GRUB
create_multiboot_usb() {
local usb_device="$1"
local partition="${usb_device}1"
# Partition USB
sudo parted "$usb_device" mklabel msdos
sudo parted "$usb_device" mkpart primary fat32 1MiB 100%
sudo mkfs.vfat -F32 "$partition"
# Mount partition
local mount_point="/mnt/multiboot"
sudo mkdir -p "$mount_point"
sudo mount "$partition" "$mount_point"
# Install GRUB
sudo grub-install --target=i386-pc \
--boot-directory="$mount_point/boot" \
"$usb_device"
# Create directory structure
sudo mkdir -p "$mount_point"/{boot/grub,iso}
# Create GRUB configuration
cat << 'EOF' | sudo tee "$mount_point/boot/grub/grub.cfg"
set timeout=30
set default=0
menuentry "Ubuntu 22.04 Desktop" {
set isofile="/iso/ubuntu-22.04-desktop-amd64.iso"
loopback loop $isofile
linux (loop)/casper/vmlinuz boot=casper iso-scan/filename=$isofile quiet splash
initrd (loop)/casper/initrd
}
menuentry "Debian 11 Netinst" {
set isofile="/iso/debian-11.0-amd64-netinst.iso"
loopback loop $isofile
linux (loop)/install.amd/vmlinuz iso-scan/filename=$isofile
initrd (loop)/install.amd/initrd.gz
}
menuentry "SystemRescue" {
set isofile="/iso/systemrescue.iso"
loopback loop $isofile
linux (loop)/sysresccd/boot/x86_64/vmlinuz archisobasedir=sysresccd iso-scan/filename=$isofile
initrd (loop)/sysresccd/boot/x86_64/sysresccd.img
}
menuentry "Memtest86+" {
linux16 /boot/memtest86+.bin
}
EOF
echo "Multi-boot USB created. Copy ISO files to $mount_point/iso/"
# Unmount
sudo umount "$mount_point"
}
Creating Persistent Live USB
Ubuntu Persistent USB
#!/bin/bash
# Create Ubuntu persistent live USB
create_persistent_ubuntu_usb() {
local iso_file="$1"
local usb_device="$2"
local persistence_size="${3:-4096}" # MB
# Create partitions
echo "Creating partitions..."
# Partition 1: Ubuntu Live (FAT32)
# Partition 2: Persistence (ext4)
sudo parted "$usb_device" --script mklabel msdos
sudo parted "$usb_device" --script mkpart primary fat32 1MiB 4GiB
sudo parted "$usb_device" --script mkpart primary ext4 4GiB 100%
sudo parted "$usb_device" --script set 1 boot on
# Format partitions
sudo mkfs.vfat -F32 "${usb_device}1"
sudo mkfs.ext4 -L casper-rw "${usb_device}2"
# Mount and extract ISO
local mount_iso="/mnt/iso"
local mount_usb="/mnt/usb"
sudo mkdir -p "$mount_iso" "$mount_usb"
sudo mount -o loop "$iso_file" "$mount_iso"
sudo mount "${usb_device}1" "$mount_usb"
# Copy files
echo "Copying files..."
sudo rsync -av "$mount_iso/" "$mount_usb/"
# Configure persistence
echo "/ union" | sudo tee "$mount_usb/persistence.conf"
# Install bootloader
sudo grub-install --target=i386-pc \
--boot-directory="$mount_usb/boot" \
"$usb_device"
# Update GRUB config for persistence
sudo sed -i 's/quiet splash/quiet splash persistent/g' \
"$mount_usb/boot/grub/grub.cfg"
# Cleanup
sudo umount "$mount_iso" "$mount_usb"
echo "Persistent Ubuntu USB created successfully"
}
Enterprise Deployment Solutions
Automated OS Deployment System
#!/bin/bash
# Enterprise OS deployment automation
# Configuration
DEPLOYMENT_SERVER="deployment.company.local"
ISO_REPOSITORY="/srv/iso-repository"
USB_CREATION_LOG="/var/log/usb-deployment.log"
# Deployment preparation function
prepare_deployment_media() {
local os_type="$1"
local version="$2"
local target_device="$3"
local customization_script="$4"
echo "[$(date)] Starting deployment media creation" >> "$USB_CREATION_LOG"
# Select ISO based on OS type
local iso_path
case "$os_type" in
"ubuntu-server")
iso_path="$ISO_REPOSITORY/ubuntu-${version}-server-amd64.iso"
;;
"debian")
iso_path="$ISO_REPOSITORY/debian-${version}-amd64-netinst.iso"
;;
"centos")
iso_path="$ISO_REPOSITORY/CentOS-${version}-x86_64-dvd.iso"
;;
*)
echo "Unknown OS type: $os_type" >> "$USB_CREATION_LOG"
return 1
;;
esac
# Create base USB
create_bootable_usb "$iso_path" "$target_device"
# Apply customizations
if [[ -n "$customization_script" ]]; then
apply_customizations "$target_device" "$customization_script"
fi
# Add deployment tools
add_deployment_tools "$target_device"
echo "[$(date)] Deployment media creation complete" >> "$USB_CREATION_LOG"
}
# Add deployment tools to USB
add_deployment_tools() {
local usb_device="$1"
local tools_partition="${usb_device}2"
# Create tools partition
sudo parted "$usb_device" --script mkpart primary ext4 90% 100%
sudo mkfs.ext4 -L "DEPLOY_TOOLS" "$tools_partition"
# Mount and copy tools
local mount_point="/mnt/deploy_tools"
sudo mkdir -p "$mount_point"
sudo mount "$tools_partition" "$mount_point"
# Copy deployment scripts
sudo cp -r /opt/deployment-tools/* "$mount_point/"
# Add configuration files
cat << 'EOF' | sudo tee "$mount_point/deploy-config.yaml"
deployment:
server: deployment.company.local
method: automated
post_install:
- configure_network
- join_domain
- install_agents
- apply_security_policies
EOF
sudo umount "$mount_point"
}
# Batch USB creation for multiple systems
batch_create_deployment_usb() {
local deployment_list="$1"
local usb_devices=()
# Get list of USB devices
echo "Detecting USB devices..."
for device in /dev/sd[b-z]; do
if [[ -b "$device" ]] && is_usb_device "$device"; then
usb_devices+=("$device")
fi
done
echo "Found ${#usb_devices[@]} USB devices"
# Process deployment list
local count=0
while IFS=',' read -r hostname os_type version; do
if [[ $count -lt ${#usb_devices[@]} ]]; then
echo "Creating deployment USB for $hostname..."
prepare_deployment_media "$os_type" "$version" "${usb_devices[$count]}" \
"/opt/customizations/${hostname}.sh"
# Label USB
sudo e2label "${usb_devices[$count]}1" "DEPLOY_$hostname"
((count++))
else
echo "Warning: Not enough USB devices for $hostname"
fi
done < "$deployment_list"
echo "Created $count deployment USB drives"
}
# Check if device is USB
is_usb_device() {
local device="$1"
local device_path=$(readlink -f "/sys/block/$(basename "$device")")
[[ "$device_path" =~ usb ]]
}
Network Boot Image Creation
#!/bin/bash
# PXE boot image preparation
create_pxe_boot_environment() {
local tftp_root="/srv/tftp"
local http_root="/srv/http/pxe"
# Create directory structure
sudo mkdir -p "$tftp_root"/{pxelinux.cfg,ubuntu,debian,centos}
sudo mkdir -p "$http_root"/{ubuntu,debian,centos,kickstart,preseed}
# Install PXE boot files
sudo apt-get install -y pxelinux syslinux-common
# Copy PXE boot files
sudo cp /usr/lib/PXELINUX/pxelinux.0 "$tftp_root/"
sudo cp /usr/lib/syslinux/modules/bios/* "$tftp_root/"
# Create PXE menu
cat << 'EOF' | sudo tee "$tftp_root/pxelinux.cfg/default"
DEFAULT menu.c32
PROMPT 0
TIMEOUT 300
MENU TITLE Enterprise PXE Boot Menu
LABEL ubuntu-22.04
MENU LABEL Ubuntu 22.04 LTS Server
KERNEL ubuntu/22.04/vmlinuz
INITRD ubuntu/22.04/initrd
APPEND url=http://deployment.local/preseed/ubuntu-22.04.cfg
LABEL debian-11
MENU LABEL Debian 11 (Bullseye)
KERNEL debian/11/vmlinuz
INITRD debian/11/initrd.gz
APPEND url=http://deployment.local/preseed/debian-11.cfg
LABEL centos-8
MENU LABEL CentOS 8 Stream
KERNEL centos/8/vmlinuz
INITRD centos/8/initrd.img
APPEND inst.ks=http://deployment.local/kickstart/centos-8.cfg
LABEL utilities
MENU LABEL System Utilities
MENU DEFAULT
KERNEL menu.c32
APPEND utilities.cfg
EOF
# Extract netboot files from ISOs
extract_netboot_files() {
local iso_file="$1"
local target_dir="$2"
local mount_point="/mnt/iso_extract"
sudo mkdir -p "$mount_point"
sudo mount -o loop "$iso_file" "$mount_point"
# Copy kernel and initrd
sudo cp "$mount_point"/install/netboot/ubuntu-installer/amd64/{linux,initrd.gz} \
"$target_dir/" 2>/dev/null || \
sudo cp "$mount_point"/install.amd/{vmlinuz,initrd.gz} \
"$target_dir/" 2>/dev/null || \
sudo cp "$mount_point"/images/pxeboot/{vmlinuz,initrd.img} \
"$target_dir/" 2>/dev/null
sudo umount "$mount_point"
}
echo "PXE boot environment created"
}
Troubleshooting and Best Practices
Common Issues and Solutions
USB Device Detection Issues
#!/bin/bash
# USB troubleshooting utilities
diagnose_usb_issues() {
local device="$1"
echo "USB Device Diagnostics"
echo "====================="
# Check if device exists
if [[ ! -b "$device" ]]; then
echo "✗ Device $device does not exist"
return 1
fi
# Check device information
echo "Device Information:"
sudo fdisk -l "$device"
# Check for mounted partitions
echo -e "\nMounted Partitions:"
mount | grep "$device"
# Check USB bus information
echo -e "\nUSB Bus Information:"
lsusb -v 2>/dev/null | grep -A 10 "$(basename "$device")"
# Check for errors in dmesg
echo -e "\nRecent USB Errors:"
dmesg | grep -i "usb\|$device" | tail -20
# Test device speed
echo -e "\nDevice Speed Test:"
sudo hdparm -t "$device"
}
# Fix corrupted USB drive
repair_usb_drive() {
local device="$1"
echo "Attempting to repair USB drive: $device"
# Unmount all partitions
for partition in "$device"*; do
if mount | grep -q "$partition"; then
sudo umount "$partition"
fi
done
# Clear partition table
echo "Clearing partition table..."
sudo dd if=/dev/zero of="$device" bs=512 count=1
# Create new partition table
echo "Creating new partition table..."
sudo parted "$device" --script mklabel msdos
sudo parted "$device" --script mkpart primary fat32 1MiB 100%
# Format partition
echo "Formatting partition..."
sudo mkfs.vfat -F32 "${device}1"
echo "USB drive repair complete"
}
Optical Media Issues
#!/bin/bash
# Optical media troubleshooting
diagnose_optical_drive() {
local device="${1:-/dev/sr0}"
echo "Optical Drive Diagnostics"
echo "========================"
# Check drive capabilities
echo "Drive Capabilities:"
wodim -prcap dev="$device" 2>/dev/null || echo "Cannot query capabilities"
# Check media information
echo -e "\nMedia Information:"
dvd+rw-mediainfo "$device" 2>/dev/null || echo "No media or cannot read"
# Check for errors
echo -e "\nRecent Errors:"
dmesg | grep -i "sr0\|cdrom\|dvd" | tail -10
# Test read speed
echo -e "\nTesting read speed..."
sudo hdparm -t "$device" 2>/dev/null || echo "Cannot test speed"
}
# Clean optical drive lens
clean_drive_reminder() {
echo "Optical Drive Maintenance Reminder"
echo "================================="
echo "If experiencing read/write errors:"
echo "1. Use a lens cleaning disc"
echo "2. Check media for scratches or damage"
echo "3. Try different brand of media"
echo "4. Reduce burn speed"
echo "5. Update drive firmware"
}
Performance Optimization
Optimized ISO Creation
#!/bin/bash
# Performance-optimized ISO operations
# Parallel compression for ISO creation
create_compressed_iso() {
local source_dir="$1"
local output_base="$2"
# Create ISO
mkisofs -R -J -o "${output_base}.iso" "$source_dir"
# Parallel compression options
echo "Compressing ISO with multiple algorithms..."
# XZ compression (best ratio)
pixz -9 < "${output_base}.iso" > "${output_base}.iso.xz" &
# ZSTD compression (balanced)
zstd -19 -T0 "${output_base}.iso" -o "${output_base}.iso.zst" &
# LZ4 compression (fastest)
lz4 -9 "${output_base}.iso" "${output_base}.iso.lz4" &
# Wait for all compressions to complete
wait
# Display results
echo "Compression Results:"
ls -lh "${output_base}.iso"*
}
# Optimized USB write with progress
fast_usb_write() {
local iso_file="$1"
local usb_device="$2"
local block_size="${3:-4M}"
# Calculate optimal block size based on device
local device_info=$(udevadm info --query=all --name="$usb_device" | grep -E "ID_BUS=")
if echo "$device_info" | grep -q "usb"; then
# USB 3.0 can handle larger blocks
if dmesg | grep -q "SuperSpeed"; then
block_size="32M"
else
block_size="4M"
fi
fi
echo "Using block size: $block_size"
# Write with optimal settings
sudo dd if="$iso_file" \
of="$usb_device" \
bs="$block_size" \
conv=fdatasync \
status=progress \
iflag=direct \
oflag=direct
}
Security Considerations
Secure ISO Verification
#!/bin/bash
# ISO security verification
verify_iso_security() {
local iso_file="$1"
local signature_url="$2"
echo "Security Verification for: $iso_file"
echo "===================================="
# Download signature
local signature_file="${iso_file}.sig"
if [[ -n "$signature_url" ]]; then
wget -O "$signature_file" "$signature_url"
fi
# Verify GPG signature if available
if [[ -f "$signature_file" ]]; then
echo "Verifying GPG signature..."
if gpg --verify "$signature_file" "$iso_file"; then
echo "✓ GPG signature valid"
else
echo "✗ GPG signature verification failed"
return 1
fi
fi
# Calculate checksums
echo -e "\nCalculating checksums..."
local md5_hash=$(md5sum "$iso_file" | cut -d' ' -f1)
local sha256_hash=$(sha256sum "$iso_file" | cut -d' ' -f1)
echo "MD5: $md5_hash"
echo "SHA256: $sha256_hash"
# Check against known checksums
if [[ -f "${iso_file}.md5" ]]; then
local expected_md5=$(cat "${iso_file}.md5" | cut -d' ' -f1)
if [[ "$md5_hash" == "$expected_md5" ]]; then
echo "✓ MD5 checksum matches"
else
echo "✗ MD5 checksum mismatch"
fi
fi
# Scan for malware (if clamav installed)
if command -v clamscan >/dev/null 2>&1; then
echo -e "\nScanning for malware..."
clamscan --no-summary "$iso_file"
fi
}
# Secure wipe USB before use
secure_wipe_usb() {
local device="$1"
local passes="${2:-1}"
echo "Securely wiping USB device: $device"
echo "Number of passes: $passes"
# Unmount device
for partition in "$device"*; do
if mount | grep -q "$partition"; then
sudo umount "$partition"
fi
done
# Secure wipe
for ((i=1; i<=passes; i++)); do
echo "Pass $i of $passes..."
sudo dd if=/dev/urandom of="$device" bs=4M status=progress
done
# Final zero pass
echo "Final zero pass..."
sudo dd if=/dev/zero of="$device" bs=4M status=progress
echo "Secure wipe complete"
}
This comprehensive guide provides enterprise-grade knowledge for ISO creation, media burning, and bootable USB management, covering everything from basic operations to advanced deployment strategies and security considerations.