meyerast/DECSEraser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added logging of drive contents

Browse Source
This commit is contained in:
meyerast
2026-04-07 17:52:39 -04:00
parent 050ef4fbe8
commit cbb822c646
4 changed files with 644 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files
erase_drive.sh
+251 -158
View File
@@ -1,19 +1,10 @@
#!/bin/bash
#!/usr/bin/env bash
## Start logging
## Get NetID
### Auth
## Mount \\reinstallbackup
## Get Ticket Number (optional)
### Check if Directory with Ticket Number exists
#### Warn User if it doesn't
##
start_time="$(date '+%Y-%m-%d_%H:%M:%S')"
log="/tmp/log_$start_time"
log_x="/tmp/log_x_$start_time"
exec 3>&1 1>"$log_x" 2>&1
start_time="$(date '+%Y-%m-%d_%H.%M.%S')"
log=/tmp/log_"$start_time".log
log_x=/tmp/log_x_"$start_time".log
exec 3>&1 1>>"$log_x" 2>&1
set -x
loginput() {
@@ -21,6 +12,10 @@ loginput() {
echo "[INPUT] $(date '+%H:%M:%S') $*" >> "$log";
}
logresponse() {
echo "[RESPONSE] $(date '+%H:%M:%S') $*" >> "$log";
}
loginfo() {
echo "$*" >&3;
echo "[INFO] $(date '+%H:%M:%S') $*" >> "$log";
@@ -42,9 +37,11 @@ confirm_message () {
do
loginput "$1"
read -r typed
logresponse "$typed"
done
}
# shellcheck disable=SC2329
catch_sigint () {
logwarn "Signal Interrupt initiated. Stopping script."
cleanup
@@ -52,73 +49,71 @@ catch_sigint () {
kill -INT "$$"
}
# shellcheck disable=SC2329
catch_exit () {
cleanup
trap - EXIT
trap - INT
kill -INT "$$"
}
# shellcheck disable=SC2329
cleanup () {
loginfo "Cleaning up."
pcie_disable
if [[ ! $dirname =~ ^\s*$ ]];
then
loginfo "Unmounting drives."
umount "/mnt/reinstallbackups"
#rmdir "/mnt/reinstallbackups"
umount "/mnt/decs"
#rmdir "/mnt/decs"
fi
loginfo "Unmounting drives."
exec 1>/dev/null 2>&1
umount "/mnt/reinstallbackups"
umount "/mnt/decs"
}
trap catch_sigint SIGINT
trap catch_exit EXIT
get_netid () {
netid=
while [[ $netid =~ ^\s*$ ]];
do
loginfo "Enter netid: "
loginput "Enter netid: "
read -r netid
logresponse "$netid"
if [[ $netid =~ ^\s*$ ]];
then
logwarn "Your netid cannot be blank."
loginfo "Enter netid: "
else
authenticate_egr "$netid"
local ret_value=$(kinit "$netid"@EGR.MSU.EDU >&3; echo $?)
if [[ ! $ret_value = "0" ]]
then
kdestroy
netid=
logwarn "Error when authenticating netid $netid."
else
clear
loginfo "Authenticated as user $netid."
fi
fi
done
clear
}
authenticate_egr (){
kinit "$1"
local ret_value=$(kinit "$1" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]]
then
netid=
case $ret_value in
"1")
logwarn "Error when authenticating. Please see above issue, and try again."
;;
*)
logerror "Unspecified error."
cleanup
;;
esac
fi
}
}
get_ticket () {
ticket_number=
loginfo "Enter ticket number: "
loginput "Enter ticket number: "
read -r ticket_number
logresponse "$ticket_number"
if [[ ! $ticket_number =~ ^\s*$ ]];
then
mkdir /mnt/reinstallbackups
mount -t cifs -o user="$netid",sec=krb5i "//reinstallbackups/reinstallbackups" /mnt/reinstallbackups
local ret_value=$(ls /mnt/reinstallbackups | grep -q -E "^$ticket_number" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]];
mkdir -p /mnt/reinstallbackups
if ! mount -t cifs -o user="$netid",sec=krb5i "//reinstallbackups/reinstallbackups" /mnt/reinstallbackups
then
logwarn "WARNING: Backup does not exist in //reinstallbackups/reinstallbackups/$ticket_number!"
logwarn "Failed to mount reinstallbackups, cannot check ticket status."
else
if ! ls /mnt/reinstallbackups | grep -q -E "^$ticket_number"
then
logwarn "Backup does not exist in //reinstallbackups/reinstallbackups/$ticket_number!"
fi
umount /mnt/reinstallbackups
fi
umount "/mnt/reinstallbackups"
#rmdir "/mnt/reinstallbackups"
else
ticket_number="UNKNWN"
logwarn "Starting with no ticket number specified."
@@ -127,9 +122,9 @@ get_ticket () {
}
mount_remote () {
mkdir /mnt/decs
{
mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs
mkdir -p /mnt/decs
if mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs
then
dirname=
if [[ ! $ticket_number =~ ^\s*$ ]];
then
@@ -137,29 +132,28 @@ mount_remote () {
else
dirname="$ticket_number"
fi
if [ ! -e "/mnt/decs/$dirname" ];
then
mkdir "/mnt/decs/$dirname"
fi
mv "$log" "/mnt/decs/$dirname/log_$ticket_number\_$start_time"
mv "$log_x" "/mnt/decs/$dirname/log_$ticket_number\_$start_time"
log="/mnt/decs/$dirname/log_$ticket_number\_$start_time"
log_x="/mnt/decs/$dirname/log_$ticket_number\_$start_time"
rm "/tmp/log_$start_time"
rm "/tmp/log_x_$start_time"
} || {
mkdir -p /mnt/decs/"$dirname"
cp "$log" /mnt/decs/"$dirname"/log_"$ticket_number"_"$start_time".log
cp "$log_x" /mnt/decs/"$dirname"/log_x_"$ticket_number"_"$start_time".log
log=/mnt/decs/"$dirname"/log_"$ticket_number"_"$start_time".log
log_x=/mnt/decs/"$dirname"/log_x_"$ticket_number"_"$start_time".log
exec 1>>"$log_x" 2>&1
set -x
else
logerror "Failed to mount remote DECS drive. Stopping"
cleanup
}
exit
fi
}
get_eraselevel () {
eraselevel=
loginfo "What level of erase are you performing on the drive? (0 = baseline, 1 = secure erase, 2 = decommission):"
loginput "What level of erase are you performing on the drive? (0 = baseline, 1 = secure erase, 2 = decommission):"
loginfo "Type 'help' for an explanation of each level."
read -r eraselevel
logresponse "$eraselevel"
while [[ ! $eraselevel = "0" ]] && [[ ! $eraselevel = "1" ]] && [[ ! $eraselevel = "2" ]];
do
echo "$eraselevel"
if [[ $eraselevel = "help" ]];
then
loginfo "Level 0 / Baseline: clears the partitions of the drive. Data can still be recovered but this is the optimal level for simple reuse."
@@ -169,6 +163,7 @@ get_eraselevel () {
logwarn "Invalid level, correct values can be 0, 1, or 2"
fi
read -r eraselevel
logresponse "$eraselevel"
done
}
@@ -177,6 +172,7 @@ get_devicetype () {
loginfo "What is the device type? (0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA):"
loginfo "Type 'help' for an explanation of each type."
read -r devicetype
logresponse "$devicetype"
while [[ ! $devicetype = "0" ]] && [[ ! $devicetype = "1" ]] && [[ ! $devicetype = "2" ]];
do
if [[ $devicetype = "help" ]];
@@ -188,6 +184,7 @@ get_devicetype () {
logwarn "Invalid type, correct values can be 0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA."
fi
read -r devicetype
logresponse "$devicetype"
done
case $devicetype in
"0")
@@ -204,72 +201,71 @@ get_devicetype () {
*)
logerror "Unspecified error when getting device."
cleanup
exit
;;
esac
}
get_device () {
device=
pcie_enable
loginfo "loginfoing current attached devices..."
loginfo "Listing current attached devices..."
loginfo ""
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
loginfo "$(lsblk | grep -E '^NAME|^sd')"
elif [[ $devicetype = "SSD_NVME" ]];
then
pcie_enable
loginfo "$(lsblk | grep -E '^NAME|^nvme')"
fi
loginfo ""
loginfo "Which is the device from this list? (Type 'help' for help.)"
loginput "Which is the device from this list? (Type 'help' for help.)"
while [[ $device =~ ^\s*$ ]];
do
verify_device
done
}
verify_device (){
read -r device
while [[ ! $device =~ ^sd[a-z]$ ]] && [[ ! $device =~ ^nvme0n[0-9]$ ]];
do
if [[ $device = "help" ]];
read -r device
logresponse "$device"
while [[ ! $device =~ ^sd[a-z]$ ]] && [[ ! $device =~ ^nvme0n[0-9]$ ]];
do
if [[ $device = "help" ]];
then
loginfo "The UNIX filesystem thinks of storage devices as directories, which are under /dev/"
loginfo "If you have a SATA connection, you will be looking for sd{a-z}."
loginfo "If you have a NVME connection, you will be looking for nvme0n{0-9}."
else
logwarn "Invalid format, device should follow naming conventions. (i.e. sd{a-z}, nvme0n{0-9})"
fi
read -r device
logresponse "$device"
done
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
loginfo "The UNIX filesystem thinks of storage devices as directories, which are under /dev/"
loginfo "If you have a SATA connection, you will be looking for sd{a-z}."
loginfo "If you have a NVME connection, you will be looking for nvme0n{0-9}."
if [[ $device =~ ^nvme0n[0-9]$ ]];
then
logwarn "Device was specified to be a SATA HDD or SSD, but a NVME device was chosen."
device=
fi
elif [[ $devicetype = "SSD_NVME" ]];
then
if [[ $device =~ ^sd[a-z]$ ]];
then
logwarn "Device was specified to be a NVME SSD, but a SATA device was chosen. Please ensure the device is plugged into the motherboard via PCIe slot and not SATA."
device=
fi
fi
if [ -e "/dev/$device" ]; then
loginfo "Picking device /dev/$device."
else
logwarn "Invalid format, device should follow naming conventions. (i.e. sd{a-z}, nvme0n{0-9})"
logwarn "/dev/$device does not exist, please ensure you are typing the device name correctly."
device=
fi
read -r device
done
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
if [[ $device =~ ^nvme0n[0-9]$ ]];
then
logwarn "Device was specified to be a SATA HDD or SSD, but a NVME device was chosen."
device=
fi
elif [[ $devicetype = "SSD_NVME" ]];
then
if [[ $device =~ ^sd[a-z]$ ]];
then
logwarn "Device was specified to be a NVME SSD, but a SATA device was chosen. Please ensure the device is plugged into the motherboard via PCIe slot and not SATA."
device=
fi
fi
if [ -e "/dev/$device" ]; then
loginfo "Picking device /dev/$device."
else
logwarn "/dev/$device does not exist, please ensure you are typing the device name correctly."
device=
fi
}
make_infolog () {
infolog="/mnt/decs/$dirname/info_$ticket_number\_$start_time"
loginfo "Reading drive to create a log."
infolog=/mnt/decs/"$dirname"/info_"$ticket_number"_"$start_time".log
{
echo "DETAILS"
echo "Start Time: $start_time"
@@ -281,47 +277,145 @@ make_infolog () {
echo "Erase Level: $eraselevel"
echo ""
echo "DEVICE DETAILS"
lsblk -O | grep "NAME\|$device"
lsblk -o NAME,LABEL,PARTLABEL,FSTYPE,SIZE,MODEL,VENDOR,UUID,SERIAL | grep "NAME\|$device"
echo ""
sudo smartctl -i /dev/nvme0n1
smartctl -i /dev/"$device"
echo ""
echo "PARTITION DETAILS"
echo "Count: $(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")"
} >> "$infolog"
while [ -e "/mnt/wintmnt" ];
do
Sleep 5
done
mkdir "/mnt/winmnt"
local ret_value=$(mount -t ntfs "/dev/$device" /mnt/winmt &> /dev/null; echo $?)
if [[ $ret_value = "0" ]]
if [[ ! "$(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")" = 0 ]];
then
mount -t ntfs "/dev/$device" /mnt/winmt
local ret_value2=$(find /mnt/winmnt/ -ipath "*System32/config" -not -ipath "*Windows.old*" &> /dev/null; echo $?)
if [[ $ret_value2 = "0" ]]
then
winpath=$(find /mnt/winmnt/ -ipath "*System32/config" -not -ipath "*Windows.old*")
{
echo "WINDOWS DETAILS"
echo ""
echo "HOSTNAME"
hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SYSTEM" '\Microsoft\Windows\ControlSet001\Control\ComputerName\ComputerName'
echo ""
echo "DOMAIN"
hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SYSTEM" '\Microsoft\Windows\ControlSet001\Services\Tcpip\Parameters'
echo ""
echo "LOGON DETAILS"
hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SOFTWARE" '\Microsoft\Windows\CurrentVersion\Authentication\LogonUI'
echo ""
hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SOFTWARE" '\Microsoft\Windows NT\CurrentVersion\ProfileList'
echo ""
ls "$(find /mnt/winmnt/ -type d -ipath "*Windows/Users")"
echo ""
} >> "$infolog"
fi
local fstype=
for i in $(seq 1 "$(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")");
do
fstype=$(lsblk -n -o FSTYPE /dev/"$device""$i")
loginfo "Reading $device$i : $fstype."
echo "" >> "$infolog"
echo "$device$i : $fstype" >> "$infolog"
case $fstype in
"ext4"|"ext3"|"ext2"|"xfs"|"btrfs")
mkdir -p /mnt/"$ticket_number"
if mount -t "$fstype" /dev/"$device""$i" /mnt/"$ticket_number"
then
if find /mnt/"$ticket_number" -maxdepth 3 -ipath "*/etc/os-release" | grep "."
then
loginfo "Linux install detected on $device$i."
echo "Linux install detected on $device$i." >> "$infolog"
echo "" >> "$infolog"
{
echo "LINUX DETAILS"
cat "$(find /mnt/"$ticket_number" -maxdepth 3 -ipath "*/etc/os-release")"
echo ""
echo "HOSTNAME"
cat "$(find /mnt/"$ticket_number" -maxdepth 3 -ipath "*/etc/hostname")"
echo ""
echo "LOGON DETAILS"
w
echo ""
cat "$(find /mnt/"$ticket_number" -maxdepth 3 -ipath "*/etc/passwd")"
echo ""
tree -a -L 1 -D "$(find /mnt/"$ticket_number" -maxdepth 3 -type d -ipath "*/home")"
echo ""
} >> "$infolog"
else
echo "Non Linux OS device detected on $device$i." >> "$infolog"
loginfo "Non Linux OS device detected on $device$i."
tree -a -L 3 -D /mnt/"$ticket_number" >> "$infolog"
fi
umount /mnt/"$ticket_number"
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
"zfs")
echo "zfs filesystem detected, this cannot be mounted." >> "$infolog"
logwarn "zfs filesystem detected on $device$i, this cannot be mounted."
;;
"ntfs")
mkdir -p /tmp/"$ticket_number"
mkdir -p /mnt/"$ticket_number"
if mount -t "$fstype" /dev/"$device""$i" /mnt/"$ticket_number"
then
if find /tmp/"$ticket_number"-maxdepth 4 -ipath "*System32/config" -not -ipath "*Windows.old*" | grep "."
then
loginfo "Windows install detected on $device$i."
echo "Windows install detected on $device$i." >> "$infolog"
echo "" >> "$infolog"
winpath=$(find /mnt/"$ticket_number" -maxdepth 4 -ipath "*System32/config" -not -ipath "*Windows.old*")
cp "$winpath/SOFTWARE" /tmp/"$ticket_number"/SOFTWARE
cp "$winpath/SYSTEM" /tmp/"$ticket_number"/SYSTEM
{
echo "WINDOWS DETAILS"
hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/"$ticket_number"/SOFTWARE '\Microsoft\Windows NT\CurrentVersion'
echo ""
echo "HOSTNAME"
hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/"$ticket_number"/SYSTEM '\ControlSet001\Control\ComputerName\ComputerName'
echo ""
echo "DOMAIN"
hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/"$ticket_number"/SYSTEM '\ControlSet001\Services\Tcpip\Parameters'
echo ""
echo "USER DETAILS"
hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/"$ticket_number"/SOFTWARE '\Microsoft\Windows\CurrentVersion\Authentication\LogonUI'
echo ""
hivexregedit --export --unsafe-printable-strings --max-depth 2 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/"$ticket_number"/SOFTWARE '\Microsoft\Windows NT\CurrentVersion\ProfileList'
echo ""
tree -a -L 1 -D "$(find /mnt/"$ticket_number" -maxdepth 2 -type d -ipath "*/Users" -not -ipath "*Windows.old*")"
echo ""
} >> "$infolog"
else
loginfo "Non Windows NTFS device detected on $device$i."
echo "Non Windows NTFS device detected on $device$i." >> "$infolog"
tree -a -L 3 -D /mnt/"$ticket_number" >> "$infolog"
fi
umount /mnt/"$ticket_number"
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
"apfs")
mkdir -p /mnt/"$ticket_number"
loginfo "Apple install detected on $device$i."
echo "Apple install detected on $device$i." >> "$infolog"
if mount -t "$fstype" /dev/"$device""$i" /mnt/"$ticket_number"
then
echo "¯\_(ツ)_/¯" >> "$infolog"
tree -a -L 1 -D /mnt/"$ticket_number"/Users >> "$infolog"
umount /mnt/"$ticket_number"
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
"vfat"|"fat32")
loginfo "Boot/Recovery partition detected."
echo "Boot/Recovery partition detected." >> "$infolog"
mkdir -p /mnt/"$ticket_number"
if mount -t "$fstype" /dev/"$device""$i" /mnt/"$ticket_number"
then
tree -a -R -D /mnt/"$ticket_number" >> "$infolog"
umount /mnt/"$ticket_number"
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
*)
logwarn "Unknown partition type '$fstype'."
echo "Unknown partition type '$fstype'." >> "$infolog"
;;
esac
done
else
logerror "Failed to mount local Windows directory."
cleanup
logwarn "No partitions detected, device is likely empty."
fi
echo "END OF LOG" >> "$infolog"
}
@@ -361,9 +455,9 @@ erase_device_lv0 () {
logerror "Unspecified error."
;;
esac
cleanup
exit
else
loginfo "Partition tables wiped. Device is readry for reuse."
loginfo "Partition tables wiped. Device is ready for reuse."
fi
}
@@ -388,7 +482,7 @@ erase_device_lv1 () {
logerror "Unspecified error while nwiping disk."
;;
esac
cleanup
exit
else
loginfo "Finished wiping data with nwipe."
fi
@@ -421,7 +515,7 @@ erase_device_lv1 () {
then
hdparm_check_error "$ret_value2"
logerror "Failed to Secure Erase. Please contact your supervisor."
cleanup
exit
else
loginfo "Secure Erase success."
fi
@@ -434,7 +528,6 @@ erase_device_lv1 () {
loginfo "Running nvme_cli format on $devicetype : $device."
#Erase using nvme cli to send secure erase command to drop the crypto stuff.
local ret_value=$(nvme format --force -r -s 2 /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]]
then
logwarn "Failed to cryptographically erase drive, blanket erasing instead."
@@ -444,7 +537,7 @@ erase_device_lv1 () {
if [[ ! $ret_value = "0" ]]
then
logerror "Failed to cryptographically erase or blanket erase. Please contact your supervisor."
cleanup
exit
else
loginfo "Blanket erased drive."
fi
@@ -453,7 +546,7 @@ erase_device_lv1 () {
fi
else
logerror "There was an issue with the device type: $devicetype. Ensure you typed the drive name correctly."
cleanup
exit
fi
}
@@ -463,7 +556,6 @@ erase_device_lv2 () {
loginfo "This may take a while!"
local ret_value=$(nwipe -m dod --autonuke --nogui /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]]
then
case $ret_value in
@@ -475,7 +567,7 @@ erase_device_lv2 () {
logerror "Unspecified error while nwiping disk."
;;
esac
cleanup
exit
else
loginfo "Finished wiping data with nwipe."
loginfo "Please put device in decommission bin in the hardware room."
@@ -518,8 +610,10 @@ pcie_enable (){
}
#Remove the PCIe NVMe readrer
# shellcheck disable=SC2329
pcie_disable (){
echo 1 > /sys/bus/pci/devices/0000:02:00.0/remove
echo 1 > /sys/bus/pci/devices/0000:03:00.0/remove
loginfo "Disabled PCIe card."
}
@@ -548,7 +642,6 @@ main (){
confirm_message "Please type 'confirm' to begin." "confirm"
fi
case $eraselevel in
"0")
erase_device_lv0 #Wipe partition
@@ -567,7 +660,7 @@ main (){
*)
logerror "Invalid Erase Level"
cleanup
exit
;;
esac
@@ -575,7 +668,7 @@ main (){
loginfo "Finished erasing $devicetype : $device with erase level $eraselevel."
cleanup
exit
}
main