diff --git a/README.md b/README.md
index 2e4528b..2fba362 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
|-|-|-|-|-|
|Hard Drive (SATA)|SATA|5.25" 4x Bay 3.5" Enclosure > 4x SATA SAS Card > PCIe Slot A|Yes||
|Solid State Drive (SATA)|SATA|5.25" 4x Bay 2.5" Enclosure > 4x SATA SAS Card > PCIe Slot A|Yes||
-|Solid State Drive (NVMe)|PCIe/M.2|5.25" 4x Bay NVMe Enclosure > MiniSAS to M.2 > M.2 Slot A|No| Not showing up in BIOS|
+|Solid State Drive (NVMe)|PCIe/M.2|5.25" 4x Bay NVMe Enclosure > MiniSAS to M.2 > M.2 Slot A|yes||
## Erasing
|Storage Type|Erase Type|Method|Implementation|Implemented?|
@@ -17,16 +17,16 @@
## Logging
|Info|Location|Log To:|Implemented?|Data|Notes|
|-|-|-|-|-|-|
-|User|- Script Input|- Ticket
- Logfile|No|- Username|Probably can implement as part of the kerb auth|
-|Wipe Details|- Script Input|- Ticket
- Logfile|No|- Erase Level
- Device Type
- Device||
-|Script Output|- Terminal Output|- Logfile|No|- All script output|Via transcribing or output redirection|
-|Machine Data|- Registry|- Ticket
- Logfile|No|- Machine Name
- Domain|HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ComputerName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters|
-|Local Users|- Registry
- Filesystem|- Logfile|No|- Local User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
c:/Users|
-|Domain Users|- Registry
- Filesystem|- Ticket
- Logfile|No|- Domain User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
c:/Users|
-|Last Logged On User|- Registry|- Ticket
- Logfile|No|- Username|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI|
-|Storage Info|- Other|- Ticket
- Logfile|No|- Serial Number
- SMART Data|smartctl|
-|System Info|- Registry|- Logfile|No|- Manufacturer
- Model|HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS
Can't actually be done offline|
-|Misc|- Misc|- Ticket
- Logfile|No|- Current Time
- Date||
+|User|- Script Input|- Ticket
- Logfile|Testing|- Username|Probably can implement as part of the kerb auth|
+|Wipe Details|- Script Input|- Ticket
- Logfile|Testing|- Erase Level
- Device Type
- Device||
+|Script Output|- Terminal Output|- Logfile|Testing|- All script output|Via transcribing or output redirection|
+|Machine Data|- Registry|- Ticket
- Logfile|Testing|- Machine Name
- Domain|HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ComputerName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters|
+|Local Users|- Registry
- Filesystem|- Logfile|Testing|- Local User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
c:/Users|
+|Domain Users|- Registry
- Filesystem|- Ticket
- Logfile|Testing|- Domain User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
c:/Users|
+|Last Logged On User|- Registry|- Ticket
- Logfile|Testing|- Username|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI|
+|Storage Info|- Other|- Ticket
- Logfile|Testing|- Serial Number
- SMART Data|smartctl|
+|System Info|- Registry|- Logfile|Testing|- Manufacturer
- Model|HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS
Can't actually be done offline|
+|Misc|- Misc|- Ticket
- Logfile|Testing|- Current Time
- Date||
@@ -35,6 +35,6 @@
|-|-|-|-|-|
Erasure Environment|Setup Alpine Linux Environment with SquashFS/No Persistence|Lightweight Linux Distro that can be loaded into RAM and be edited.
Avoids wiping USB but also can be used on any machine and customized.|Yes||
|Scripted Erase Tool|Write a script to guide the erase process|Allows for ease of use, and ensures consistent workflow
Can also tie in user auth, logging, etc|Yes|Done via bash scripting in erase_drive.sh|
-|User Authentication|Implement user authentication|For Auditing, Logging, connection to network shares, etc.|No|Probably kerb auth via krb5
-|Logging|Implement logging|For auditing purposes|No|Record user, drive serial, grab user list (if windows/unix drive), grab hostname, record script inputs|
+|User Authentication|Implement user authentication|For Auditing, Logging, connection to network shares, etc.|Testing|Probably kerb auth via krb5
+|Logging|Implement logging|For auditing purposes|Testing|Record user, drive serial, grab user list (if windows/unix drive), grab hostname, record script inputs|
|Ticket Notes|Add ticket note through script|To keep keyword searchable records associated with a ticket|No|Send email to Otobo with small details such as level, hostname, serial, etc
Might involve policy changes for when a ticket should be created.|
diff --git a/erase_drive.sh b/erase_drive.sh
index 419dcd8..8cd1395 100644
--- a/erase_drive.sh
+++ b/erase_drive.sh
@@ -1,64 +1,104 @@
#!/bin/bash
#!/usr/bin/env bash
-## Get NetID
-## Mount \\reinstallbackups
## Start logging
+## Get NetID
+### Auth
+## Mount \\reinstallbackup
## Get Ticket Number (optional)
### Check if Directory with Ticket Number exists
#### Warn User if it doesn't
##
-exec 3>&1 1>"$LOGFILE" 2>&1
+start_time="$(date '+%Y-%m-%d_%H:%M:%S')"
+log="/tmp/log_$start_time"
+log_x="/tmp/log_x_$start_time"
+exec 3>&1 1>"$log_x" 2>&1
+set -x
-cleanup () {
- echo "SPECIAL EXIT"
- pcie_disable
- trap - INT
- kill -INT "$$"
+loginput() {
+ echo "$*" >&3;
+ echo "[INPUT] $(date '+%H:%M:%S') $*" >> "$log";
}
-trap cleanup SIGINT
+loginfo() {
+ echo "$*" >&3;
+ echo "[INFO] $(date '+%H:%M:%S') $*" >> "$log";
+}
+
+logwarn() {
+ echo "$*" >&3;
+ echo "[WARNING] $(date '+%H:%M:%S') $*" >> "$log";
+}
+
+logerror() {
+ echo "$*" >&3;
+ echo "[ERROR] $(date '+%H:%M:%S') $*" >> "$log";
+}
confirm_message () {
local typed=
while [[ ! $typed = "$2" ]];
do
- echo "$1"
+ loginput "$1"
read -r typed
done
}
+catch_sigint () {
+ logwarn "Signal Interrupt initiated. Stopping script."
+ cleanup
+ trap - INT
+ kill -INT "$$"
+}
+
+cleanup () {
+ loginfo "Cleaning up."
+ pcie_disable
+ if [[ ! $dirname =~ ^\s*$ ]];
+ then
+ loginfo "Unmounting drives."
+ umount "/mnt/reinstallbackups"
+ #rmdir "/mnt/reinstallbackups"
+ umount "/mnt/decs"
+ #rmdir "/mnt/decs"
+ fi
+}
+
+trap catch_sigint SIGINT
+
get_netid () {
netid=
while [[ $netid =~ ^\s*$ ]];
do
- echo "Enter netid: "
+ loginfo "Enter netid: "
read -r netid
if [[ $netid =~ ^\s*$ ]];
then
- echo "Your netid cannot be blank. Enter netid: "
+ logwarn "Your netid cannot be blank."
+ loginfo "Enter netid: "
else
- authenticate_egr
+ authenticate_egr "$netid"
fi
done
clear
}
authenticate_egr (){
- kinit "$netid"
- local ret_value="$?"
+ kinit "$1"
+ local ret_value=$(kinit "$1" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]]
then
netid=
case $ret_value in
"1")
- echo "Error when authenticating. Please see above issue, and try again."
+ logwarn "Error when authenticating. Please see above issue, and try again."
;;
*)
- echo "Unspecified error."
+ logerror "Unspecified error."
+ cleanup
;;
esac
fi
@@ -66,38 +106,67 @@ authenticate_egr (){
get_ticket () {
ticket_number=
- echo "Enter ticket number: "
+ loginfo "Enter ticket number: "
read -r ticket_number
if [[ ! $ticket_number =~ ^\s*$ ]];
then
- local ret_value=$(ls | grep -q -E "^$ticket_number"; echo $?)
+ mkdir /mnt/reinstallbackups
+ mount -t cifs -o user="$netid",sec=krb5i "//reinstallbackups/reinstallbackups" /mnt/reinstallbackups
+ local ret_value=$(ls /mnt/reinstallbackups | grep -q -E "^$ticket_number" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]];
then
- printf "WARNING: Backup does not exist in \\\\reinstallbackups\reinstallbackups\\$ticket_number!\n"
+ logwarn "WARNING: Backup does not exist in //reinstallbackups/reinstallbackups/$ticket_number!"
fi
+ umount "/mnt/reinstallbackups"
+ #rmdir "/mnt/reinstallbackups"
else
- sleep 1
+ ticket_number="UNKNWN"
+ logwarn "Starting with no ticket number specified."
+ logwarn "Cannot check for backup in //reinstallbackups/reinstallbackups."
fi
}
-mount_drive () {
- sleep 1
+mount_remote () {
+ mkdir /mnt/decs
+ {
+ mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs
+ dirname=
+ if [[ ! $ticket_number =~ ^\s*$ ]];
+ then
+ dirname="UNKNWN-$start_time"
+ else
+ dirname="$ticket_number"
+ fi
+ if [ ! -e "/mnt/decs/$dirname" ];
+ then
+ mkdir "/mnt/decs/$dirname"
+ fi
+ mv "$log" "/mnt/decs/$dirname/log_$ticket_number\_$start_time"
+ mv "$log_x" "/mnt/decs/$dirname/log_$ticket_number\_$start_time"
+ log="/mnt/decs/$dirname/log_$ticket_number\_$start_time"
+ log_x="/mnt/decs/$dirname/log_$ticket_number\_$start_time"
+ rm "/tmp/log_$start_time"
+ rm "/tmp/log_x_$start_time"
+ } || {
+ logerror "Failed to mount remote DECS drive. Stopping"
+ cleanup
+ }
}
get_eraselevel () {
eraselevel=
- echo "What level of erase are you performing on the drive? (0 = baseline, 1 = secure erase, 2 = decommission):"
- echo "Type 'help' for an explanation of each level."
+ loginfo "What level of erase are you performing on the drive? (0 = baseline, 1 = secure erase, 2 = decommission):"
+ loginfo "Type 'help' for an explanation of each level."
read -r eraselevel
while [[ ! $eraselevel = "0" ]] && [[ ! $eraselevel = "1" ]] && [[ ! $eraselevel = "2" ]];
do
if [[ $eraselevel = "help" ]];
then
- echo "Level 0 / Baseline: clears the partitions of the drive. Data can still be recovered but this is the optimal level for simple reuse."
- echo "Level 1 / Secure Erase: HDD: Scrambles the data on the drive over 3 passes. SSD: Sends a signal to the drive to forget the encryption key, making it unread -rable."
- echo "Level 2 / decommission: Scrambles the data on the drive over 7 passes. Afterward, put the drive in the bin near the Hardware office to have it destroyed."
+ loginfo "Level 0 / Baseline: clears the partitions of the drive. Data can still be recovered but this is the optimal level for simple reuse."
+ loginfo "Level 1 / Secure Erase: HDD: Scrambles the data on the drive over 3 passes. SSD: Sends a signal to the drive to forget the encryption key, making it unreadrable."
+ loginfo "Level 2 / decommission: Scrambles the data on the drive over 7 passes. Afterward, put the drive in the bin near the Hardware office to have it destroyed."
else
- echo "Invalid level, correct values can be 0, 1, or 2"
+ logwarn "Invalid level, correct values can be 0, 1, or 2"
fi
read -r eraselevel
done
@@ -105,18 +174,18 @@ get_eraselevel () {
get_devicetype () {
devicetype=
- echo "What is the device type? (0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA):"
- echo "Type 'help' for an explanation of each type."
+ loginfo "What is the device type? (0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA):"
+ loginfo "Type 'help' for an explanation of each type."
read -r devicetype
while [[ ! $devicetype = "0" ]] && [[ ! $devicetype = "1" ]] && [[ ! $devicetype = "2" ]];
do
if [[ $devicetype = "help" ]];
then
- echo "HDD_SATA: Spinning disk platters on a SATA connection. Typically 3.5 in or 2.5 in."
- echo "SSD_SATA: Solid State drive on a SATA connection. Typically 2.5 in."
- echo "SSD_NVME: Solid State drive on a M.2 connection. Looks like a small PCB."
+ loginfo "HDD_SATA: Spinning disk platters on a SATA connection. Typically 3.5 in or 2.5 in."
+ loginfo "SSD_SATA: Solid State drive on a SATA connection. Typically 2.5 in."
+ loginfo "SSD_NVME: Solid State drive on a M.2 connection. Looks like a small PCB."
else
- echo "Invalid type, correct values can be 0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA."
+ logwarn "Invalid type, correct values can be 0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA."
fi
read -r devicetype
done
@@ -134,7 +203,8 @@ get_devicetype () {
;;
*)
- echo "Unspecified error."
+ logerror "Unspecified error when getting device."
+ cleanup
;;
esac
}
@@ -142,17 +212,17 @@ get_devicetype () {
get_device () {
device=
pcie_enable
- echo "Printing current attached devices..."
- echo ""
+ loginfo "loginfoing current attached devices..."
+ loginfo ""
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
- lsblk | grep -E '^NAME|^sd'
+ loginfo "$(lsblk | grep -E '^NAME|^sd')"
elif [[ $devicetype = "SSD_NVME" ]];
then
- lsblk | grep -E '^NAME|^nvme'
+ loginfo "$(lsblk | grep -E '^NAME|^nvme')"
fi
- echo ""
- echo "Which is the device from this list? (Type 'help' for help.)"
+ loginfo ""
+ loginfo "Which is the device from this list? (Type 'help' for help.)"
while [[ $device =~ ^\s*$ ]];
do
@@ -166,11 +236,11 @@ verify_device (){
do
if [[ $device = "help" ]];
then
- echo "The UNIX filesystem thinks of storage devices as directories, which are under /dev/"
- echo "If you have a SATA connection, you will be looking for sd{a-z}."
- echo "If you have a NVME connection, you will be looking for nvme0n{0-9}."
+ loginfo "The UNIX filesystem thinks of storage devices as directories, which are under /dev/"
+ loginfo "If you have a SATA connection, you will be looking for sd{a-z}."
+ loginfo "If you have a NVME connection, you will be looking for nvme0n{0-9}."
else
- echo "Invalid format, device should follow naming conventions. (i.e. sd{a-z}, nvme0n{0-9})"
+ logwarn "Invalid format, device should follow naming conventions. (i.e. sd{a-z}, nvme0n{0-9})"
fi
read -r device
done
@@ -178,64 +248,122 @@ verify_device (){
then
if [[ $device =~ ^nvme0n[0-9]$ ]];
then
- echo "Device was specified to be a SATA HDD or SSD, but a NVME device was chosen."
+ logwarn "Device was specified to be a SATA HDD or SSD, but a NVME device was chosen."
device=
fi
elif [[ $devicetype = "SSD_NVME" ]];
then
if [[ $device =~ ^sd[a-z]$ ]];
then
- echo "Device was specified to be a NVME SSD, but a SATA device was chosen. Please ensure the device is plugged into the motherboard via PCIe slot and not SATA."
+ logwarn "Device was specified to be a NVME SSD, but a SATA device was chosen. Please ensure the device is plugged into the motherboard via PCIe slot and not SATA."
device=
fi
fi
- if [ -e "/dev/${device}" ]; then
- echo "Picking device /dev/${device}."
+ if [ -e "/dev/$device" ]; then
+ loginfo "Picking device /dev/$device."
else
- echo "/dev/${device} does not exist, please ensure you are typing the device name correctly."
+ logwarn "/dev/$device does not exist, please ensure you are typing the device name correctly."
device=
fi
}
+make_infolog () {
+ infolog="/mnt/decs/$dirname/info_$ticket_number\_$start_time"
+ {
+ echo "DETAILS"
+ echo "Start Time: $start_time"
+ echo "NetID: $netid"
+ echo "Ticket number: $ticket_number"
+ echo ""
+ echo "ERASE DETAILS"
+ echo "Type/Device: $devicetype : $device"
+ echo "Erase Level: $eraselevel"
+ echo ""
+ echo "DEVICE DETAILS"
+ lsblk -O | grep "NAME\|$device"
+ echo ""
+ sudo smartctl -i /dev/nvme0n1
+ echo ""
+ } >> "$infolog"
+
+ while [ -e "/mnt/wintmnt" ];
+ do
+ Sleep 5
+ done
+
+ mkdir "/mnt/winmnt"
+ local ret_value=$(mount -t ntfs "/dev/$device" /mnt/winmt &> /dev/null; echo $?)
+ if [[ $ret_value = "0" ]]
+ then
+ mount -t ntfs "/dev/$device" /mnt/winmt
+ local ret_value2=$(find /mnt/winmnt/ -ipath "*System32/config" -not -ipath "*Windows.old*" &> /dev/null; echo $?)
+ if [[ $ret_value2 = "0" ]]
+ then
+ winpath=$(find /mnt/winmnt/ -ipath "*System32/config" -not -ipath "*Windows.old*")
+ {
+ echo "WINDOWS DETAILS"
+ echo ""
+ echo "HOSTNAME"
+ hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SYSTEM" '\Microsoft\Windows\ControlSet001\Control\ComputerName\ComputerName'
+ echo ""
+ echo "DOMAIN"
+ hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SYSTEM" '\Microsoft\Windows\ControlSet001\Services\Tcpip\Parameters'
+ echo ""
+ echo "LOGON DETAILS"
+ hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SOFTWARE" '\Microsoft\Windows\CurrentVersion\Authentication\LogonUI'
+ echo ""
+ hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SOFTWARE" '\Microsoft\Windows NT\CurrentVersion\ProfileList'
+ echo ""
+ ls "$(find /mnt/winmnt/ -type d -ipath "*Windows/Users")"
+ echo ""
+ } >> "$infolog"
+ fi
+ else
+ logerror "Failed to mount local Windows directory."
+ cleanup
+ fi
+ echo "END OF LOG" >> "$infolog"
+}
+
erase_device_lv0 () {
- echo "Wiping partition tables of ${devicetype} : ${device}."
+ loginfo "Wiping partition tables of $devicetype : $device."
local ret_value=$(sgdisk -g -Z /dev/"$device" &> /dev/null; echo $?)
-
if [[ ! $ret_value = "0" ]]
then
case $ret_value in
"1")
- echo "There was an issue with the argument. Ensure you typed the drive name correctly."
+ logerror "There was an issue with the argument. Ensure you typed the drive name correctly."
;;
"2")
- echo "An error occurred while read -ring the partition table."
+ logerror "An error occurred while reading the partition table."
;;
"3")
- echo "Non-GPT disk detected and no -g option, but operation requires a write action."
+ logerror "Non-GPT disk detected and no -g option, but operation requires a write action."
;;
"4")
- echo "An error prevented saving changes."
+ logerror "An error prevented saving changes."
;;
"5")
- echo "An error occurred while read -ring standard input."
+ logerror "An error occurred while readring standard input."
;;
"8")
- echo "Disk replication operation (-R) failed."
+ logerror "Disk replication operation (-R) failed."
;;
*)
- echo "Unspecified error."
+ logerror "Unspecified error."
;;
esac
+ cleanup
else
- echo "Partition tables wiped. Device is read -ry for reuse."
+ loginfo "Partition tables wiped. Device is readry for reuse."
fi
}
@@ -245,91 +373,94 @@ erase_device_lv1 () {
#SSD NVMe = nvme secure erase
if [[ $devicetype = "HDD_SATA" ]] && [[ ! $eraselevel = "2" ]];
then
- echo "Running 3-Pass DOD Short on ${devicetype} : ${device}."
- echo "This may take a while!"
+ loginfo "Running 3-Pass DOD Short on ${devicetype} : ${device}."
+ loginfo "This may take a while!"
local ret_value=$(nwipe -m dodshort --autonuke --nogui /dev/"$device" &> /dev/null; echo $?)
-
if [[ ! $ret_value = "0" ]]
then
case $ret_value in
"-1")
- echo "Unspecified error while nwiping disk."
+ logerror "Unspecified error while nwiping disk."
;;
*)
- echo "Unspecified error while nwiping disk."
+ logerror "Unspecified error while nwiping disk."
;;
esac
+ cleanup
else
- echo "Finished wiping data with nwipe."
+ loginfo "Finished wiping data with nwipe."
fi
elif [[ $devicetype = "SSD_SATA" ]];
then
- echo "Running hdparm format on ${devicetype} : ${device}."
- echo "Setting security pass to NULL."
+ loginfo "Running hdparm format on $devicetype : $device."
+ loginfo "Setting security pass to NULL."
#Set the password of the drive to NULL
local ret_value=$(hdparm --user-master m --security-set-pass NULL /dev/"$device" &> /dev/null; echo $?)
-
if [[ ! $ret_value = "0" ]];
then
- hdparm_check_error "${ret_value}"
- echo "Failed to set password of drive. Attempting to continue."
+ hdparm_check_error "$ret_value"
+ logwarn "Failed to set password of drive. Attempting to continue."
else
- echo "Set password of drive to NULL."
+ loginfo "Set password of drive to NULL."
fi
#Attempt a secure erase.
local ret_value=$(hdparm --user-master m --security-erase-enhanced NULL /dev/"$device" &> /dev/null; echo $?)
-
if [[ ! $ret_value = "0" ]];
then
- hdparm_check_error "${ret_value}"
- else
- echo "Enhanced secure erase failed. This is not unexpected depending on the drive type."
- echo "Attempting normal erase instead."
+ hdparm_check_error "$ret_value"
+ logwarn "Enhanced Secure Erase failed. This is not unexpected depending on the drive type."
+ loginfo "Attempting Secure Erase instead."
#Attempt a secure erase, less enhanced.
- local ret_value=$(hdparm --user-master m --security-erase NULL /dev/"$device" &> /dev/null; echo $?)
-
- if [[ ! $ret_value = "0" ]];
+ local ret_value2=$(hdparm --user-master m --security-erase NULL /dev/"$device" &> /dev/null; echo $?)
+ if [[ ! $ret_value2 = "0" ]];
then
- hdparm_check_error "${ret_value}"
+ hdparm_check_error "$ret_value2"
+ logerror "Failed to Secure Erase. Please contact your supervisor."
+ cleanup
else
- echo "Failed to secure erase. Please contact your supervisor."
+ loginfo "Secure Erase success."
fi
+
+ else
+ loginfo "Enhanced Secure Erase success."
fi
elif [[ $devicetype = "SSD_NVME" ]];
then
- echo "Running nvme_cli format on ${devicetype} : ${device}."
+ loginfo "Running nvme_cli format on $devicetype : $device."
#Erase using nvme cli to send secure erase command to drop the crypto stuff.
local ret_value=$(nvme format --force -r -s 2 /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]]
then
- echo "Failed to cryptographically erase drive, blanket erasing instead."
+ logwarn "Failed to cryptographically erase drive, blanket erasing instead."
#Sad, can't do it. Blank out drive instead using the drive controller.
local ret_value=$(nvme format --force -r -s 1 /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]]
then
- echo "Failed to cryptographically erase or blanket erase. Please contact your supervisor."
+ logerror "Failed to cryptographically erase or blanket erase. Please contact your supervisor."
+ cleanup
else
- echo "Blanket erased drive."
+ loginfo "Blanket erased drive."
fi
else
- echo "Cryptographically erased drive."
+ loginfo "Cryptographically erased drive."
fi
else
- echo "There was an issue with the device type: ${devicetype}. Ensure you typed the drive name correctly."
+ logerror "There was an issue with the device type: $devicetype. Ensure you typed the drive name correctly."
+ cleanup
fi
}
erase_device_lv2 () {
#7-Pass DOD Wipe through nwipe.
- echo "Running 7-Pass DOD on ${devicetype} : ${device}."
- echo "This may take a while!"
+ loginfo "Running 7-Pass DOD on $devicetype : $device."
+ loginfo "This may take a while!"
local ret_value=$(nwipe -m dod --autonuke --nogui /dev/"$device" &> /dev/null; echo $?)
@@ -337,43 +468,44 @@ erase_device_lv2 () {
then
case $ret_value in
"-1")
- echo "Unspecified error while nwiping disk."
+ logerror "Unspecified error while nwiping disk."
;;
*)
- echo "Unspecified error while nwiping disk."
+ logerror "Unspecified error while nwiping disk."
;;
esac
+ cleanup
else
- echo "Finished wiping data with nwipe."
- echo "Please put device in decommission bin in the hardware room."
+ loginfo "Finished wiping data with nwipe."
+ loginfo "Please put device in decommission bin in the hardware room."
fi
}
hdparm_check_error () {
case $1 in
"1")
- echo "Operation not permitted."
+ logerror "Operation not permitted."
;;
"2")
- echo "No such file or directory."
+ logerror "No such file or directory."
;;
"5")
- echo "I/O error."
+ logerror "I/O error."
;;
"16")
- echo "Device or resource busy."
+ logerror "Device or resource busy."
;;
"22")
- echo "Invalid argument."
+ logerror "Invalid argument."
;;
*)
- echo "Unspecified error."
+ logerror "Unspecified error."
;;
esac
}
@@ -381,37 +513,37 @@ hdparm_check_error () {
#Rescan for PCIe devices
pcie_enable (){
echo 1 > /sys/bus/pci/rescan
- echo "Enabled PCIe card, sleeping for 5 seconds."
+ loginfo "Enabled PCIe card, sleeping for 5 seconds."
sleep 5
}
-#Remove the PCIe NVMe read -rer
+#Remove the PCIe NVMe readrer
pcie_disable (){
echo 1 > /sys/bus/pci/devices/0000:02:00.0/remove
- echo "Disabled PCIe card."
+ loginfo "Disabled PCIe card."
}
main (){
get_netid
- get_ticket_number
- check_backup
+ get_ticket
+ mount_remote
- echo "By running this script, you are confirming that it has been two weeks past the date written on the slip attached to the storage device. DO NOT erase the device before two weeks have passed."
+ loginfo "By running this script, you are confirming that it has been two weeks past the date written on the slip attached to the storage device. DO NOT erase the device before two weeks have passed."
- confirm_message "Please type 'confirm' to acknowledge you have read -r this and that it has been two weeks." "confirm"
+ confirm_message "Please type 'confirm' to acknowledge you have read this and that it has been two weeks." "confirm"
get_eraselevel #sets $eraselevel to 0-2 based on how to erase. Higher levels include lower levels.
get_devicetype #sets $devicetype to HDD_SATA/SSD_SATA/SSD_NVME
get_device #sets $device to one of the /dev/xyz devices.
- clear
+ make_infolog #Logs a bunch of details to a info log file from the system.
- echo "Starting process for erasing ${devicetype} : ${device} with erase level ${eraselevel}."
+ loginfo "Starting process for erasing $devicetype : $device with erase level $eraselevel."
if [[ $eraselevel = "1" ]] || [[ $eraselevel = "2" ]];
then
local randomconf=$(shuf -i 10000-99999 -n 1)
- confirm_message "This level is destructive and irreversible. Please type ${randomconf} to continue" "${randomconf}"
+ confirm_message "This level is destructive and irreversible. Please type $randomconf to continue" "$randomconf"
else
confirm_message "Please type 'confirm' to begin." "confirm"
fi
@@ -419,30 +551,31 @@ main (){
case $eraselevel in
"0")
- erase_device_lv0 #Wipe partition
+ erase_device_lv0 #Wipe partition
;;
"1")
- erase_device_lv1 #Secure Erase
- erase_device_lv0 #Wipe partition
+ erase_device_lv1 #Secure Erase
+ erase_device_lv0 #Wipe partition
;;
"2")
- erase_device_lv1 #Secure Erase (skips nwipe)
- erase_device_lv2 #7-Pass nwipe
- erase_device_lv0 #Wipe partition
+ erase_device_lv1 #Secure Erase (skips nwipe for HDDs)
+ erase_device_lv2 #7-Pass nwipe
+ erase_device_lv0 #Wipe partition
;;
*)
- echo "Invalid Erase Level"
+ logerror "Invalid Erase Level"
+ cleanup
;;
esac
sleep 3
- echo "Finished erasing ${devicetype} : ${device} with erase level ${eraselevel}."
+ loginfo "Finished erasing $devicetype : $device with erase level $eraselevel."
- pcie_disable
+ cleanup
}
main
\ No newline at end of file
diff --git a/test_network_drive.sh b/test_network_drive.sh
new file mode 100644
index 0000000..7e96d3a
--- /dev/null
+++ b/test_network_drive.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+#!/usr/bin/env bash
+
+netid=
+loginfo "Enter netid: "
+read -r netid
+while [[ $netid =~ ^\s*$ ]];
+do
+ logwarn "Your netid cannot be blank."
+ loginfo "Enter netid: "
+
+done
+ret_value=$(kinit "$1" &> /dev/null; echo $?)
+while [[ ! ${kinit "$1" &> /dev/null; echo $?} = "0" ]]
+do
+ logwarn "Error when authenticating. Please see above issue, and try again."
+ ret_value=$(kinit "$1" &> /dev/null; echo $?)
+done
+
+mkdir /mnt/decs
+mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs
+echo "test" > "/mnt/decs/test.txt"
\ No newline at end of file