meyerast/DECSEraser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added logging of drive contents

Browse Source
This commit is contained in:
meyerast
2026-04-07 17:52:39 -04:00
parent 050ef4fbe8
commit cbb822c646
4 changed files with 644 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files
dbanplusplus.egr.msu.edu.apkovl.tar.gz
BIN
View File
Binary file not shown.
erase_drive.sh
+203 -110
View File
@@ -1,19 +1,10 @@
#!/bin/bash #!/bin/bash
#!/usr/bin/env bash #!/usr/bin/env bash
## Start logging start_time="$(date '+%Y-%m-%d_%H.%M.%S')"
## Get NetID log=/tmp/log_"$start_time".log
### Auth log_x=/tmp/log_x_"$start_time".log
## Mount \\reinstallbackup exec 3>&1 1>>"$log_x" 2>&1
## Get Ticket Number (optional)
### Check if Directory with Ticket Number exists
#### Warn User if it doesn't
##
start_time="$(date '+%Y-%m-%d_%H:%M:%S')"
log="/tmp/log_$start_time"
log_x="/tmp/log_x_$start_time"
exec 3>&1 1>"$log_x" 2>&1
set -x set -x
loginput() { loginput() {
@@ -21,6 +12,10 @@ loginput() {
echo "[INPUT] $(date '+%H:%M:%S') $*" >> "$log"; echo "[INPUT] $(date '+%H:%M:%S') $*" >> "$log";
} }
logresponse() {
echo "[RESPONSE] $(date '+%H:%M:%S') $*" >> "$log";
}
loginfo() { loginfo() {
echo "$*" >&3; echo "$*" >&3;
echo "[INFO] $(date '+%H:%M:%S') $*" >> "$log"; echo "[INFO] $(date '+%H:%M:%S') $*" >> "$log";
@@ -42,9 +37,11 @@ confirm_message () {
do do
loginput "$1" loginput "$1"
read -r typed read -r typed
logresponse "$typed"
done done
} }
# shellcheck disable=SC2329
catch_sigint () { catch_sigint () {
logwarn "Signal Interrupt initiated. Stopping script." logwarn "Signal Interrupt initiated. Stopping script."
cleanup cleanup
@@ -52,73 +49,71 @@ catch_sigint () {
kill -INT "$$" kill -INT "$$"
} }
# shellcheck disable=SC2329
catch_exit () {
cleanup
trap - EXIT
trap - INT
kill -INT "$$"
}
# shellcheck disable=SC2329
cleanup () { cleanup () {
loginfo "Cleaning up." loginfo "Cleaning up."
pcie_disable pcie_disable
if [[ ! $dirname =~ ^\s*$ ]];
then
loginfo "Unmounting drives." loginfo "Unmounting drives."
exec 1>/dev/null 2>&1
umount "/mnt/reinstallbackups" umount "/mnt/reinstallbackups"
#rmdir "/mnt/reinstallbackups"
umount "/mnt/decs" umount "/mnt/decs"
#rmdir "/mnt/decs"
fi
} }
trap catch_sigint SIGINT trap catch_sigint SIGINT
trap catch_exit EXIT
get_netid () { get_netid () {
netid= netid=
while [[ $netid =~ ^\s*$ ]]; while [[ $netid =~ ^\s*$ ]];
do do
loginfo "Enter netid: " loginput "Enter netid: "
read -r netid read -r netid
logresponse "$netid"
if [[ $netid =~ ^\s*$ ]]; if [[ $netid =~ ^\s*$ ]];
then then
logwarn "Your netid cannot be blank." logwarn "Your netid cannot be blank."
loginfo "Enter netid: " loginfo "Enter netid: "
else else
authenticate_egr "$netid" local ret_value=$(kinit "$netid"@EGR.MSU.EDU >&3; echo $?)
fi
done
clear
}
authenticate_egr (){
kinit "$1"
local ret_value=$(kinit "$1" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]] if [[ ! $ret_value = "0" ]]
then then
kdestroy
netid= netid=
case $ret_value in logwarn "Error when authenticating netid $netid."
"1") else
logwarn "Error when authenticating. Please see above issue, and try again." clear
;; loginfo "Authenticated as user $netid."
*)
logerror "Unspecified error."
cleanup
;;
esac
fi fi
fi
done
} }
get_ticket () { get_ticket () {
ticket_number= ticket_number=
loginfo "Enter ticket number: " loginput "Enter ticket number: "
read -r ticket_number read -r ticket_number
logresponse "$ticket_number"
if [[ ! $ticket_number =~ ^\s*$ ]]; if [[ ! $ticket_number =~ ^\s*$ ]];
then then
mkdir /mnt/reinstallbackups mkdir -p /mnt/reinstallbackups
mount -t cifs -o user="$netid",sec=krb5i "//reinstallbackups/reinstallbackups" /mnt/reinstallbackups if ! mount -t cifs -o user="$netid",sec=krb5i "//reinstallbackups/reinstallbackups" /mnt/reinstallbackups
local ret_value=$(ls /mnt/reinstallbackups | grep -q -E "^$ticket_number" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]];
then then
logwarn "WARNING: Backup does not exist in //reinstallbackups/reinstallbackups/$ticket_number!" logwarn "Failed to mount reinstallbackups, cannot check ticket status."
else
if ! ls /mnt/reinstallbackups | grep -q -E "^$ticket_number"
then
logwarn "Backup does not exist in //reinstallbackups/reinstallbackups/$ticket_number!"
fi
umount /mnt/reinstallbackups
fi fi
umount "/mnt/reinstallbackups"
#rmdir "/mnt/reinstallbackups"
else else
ticket_number="UNKNWN" ticket_number="UNKNWN"
logwarn "Starting with no ticket number specified." logwarn "Starting with no ticket number specified."
@@ -127,9 +122,9 @@ get_ticket () {
} }
mount_remote () { mount_remote () {
mkdir /mnt/decs mkdir -p /mnt/decs
{ if mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs
mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs then
dirname= dirname=
if [[ ! $ticket_number =~ ^\s*$ ]]; if [[ ! $ticket_number =~ ^\s*$ ]];
then then
@@ -137,29 +132,28 @@ mount_remote () {
else else
dirname="$ticket_number" dirname="$ticket_number"
fi fi
if [ ! -e "/mnt/decs/$dirname" ]; mkdir -p /mnt/decs/"$dirname"
then cp "$log" /mnt/decs/"$dirname"/log_"$ticket_number"_"$start_time".log
mkdir "/mnt/decs/$dirname" cp "$log_x" /mnt/decs/"$dirname"/log_x_"$ticket_number"_"$start_time".log
fi log=/mnt/decs/"$dirname"/log_"$ticket_number"_"$start_time".log
mv "$log" "/mnt/decs/$dirname/log_$ticket_number\_$start_time" log_x=/mnt/decs/"$dirname"/log_x_"$ticket_number"_"$start_time".log
mv "$log_x" "/mnt/decs/$dirname/log_$ticket_number\_$start_time" exec 1>>"$log_x" 2>&1
log="/mnt/decs/$dirname/log_$ticket_number\_$start_time" set -x
log_x="/mnt/decs/$dirname/log_$ticket_number\_$start_time" else
rm "/tmp/log_$start_time"
rm "/tmp/log_x_$start_time"
} || {
logerror "Failed to mount remote DECS drive. Stopping" logerror "Failed to mount remote DECS drive. Stopping"
cleanup exit
} fi
} }
get_eraselevel () { get_eraselevel () {
eraselevel= eraselevel=
loginfo "What level of erase are you performing on the drive? (0 = baseline, 1 = secure erase, 2 = decommission):" loginput "What level of erase are you performing on the drive? (0 = baseline, 1 = secure erase, 2 = decommission):"
loginfo "Type 'help' for an explanation of each level." loginfo "Type 'help' for an explanation of each level."
read -r eraselevel read -r eraselevel
logresponse "$eraselevel"
while [[ ! $eraselevel = "0" ]] && [[ ! $eraselevel = "1" ]] && [[ ! $eraselevel = "2" ]]; while [[ ! $eraselevel = "0" ]] && [[ ! $eraselevel = "1" ]] && [[ ! $eraselevel = "2" ]];
do do
echo "$eraselevel"
if [[ $eraselevel = "help" ]]; if [[ $eraselevel = "help" ]];
then then
loginfo "Level 0 / Baseline: clears the partitions of the drive. Data can still be recovered but this is the optimal level for simple reuse." loginfo "Level 0 / Baseline: clears the partitions of the drive. Data can still be recovered but this is the optimal level for simple reuse."
@@ -169,6 +163,7 @@ get_eraselevel () {
logwarn "Invalid level, correct values can be 0, 1, or 2" logwarn "Invalid level, correct values can be 0, 1, or 2"
fi fi
read -r eraselevel read -r eraselevel
logresponse "$eraselevel"
done done
} }
@@ -177,6 +172,7 @@ get_devicetype () {
loginfo "What is the device type? (0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA):" loginfo "What is the device type? (0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA):"
loginfo "Type 'help' for an explanation of each type." loginfo "Type 'help' for an explanation of each type."
read -r devicetype read -r devicetype
logresponse "$devicetype"
while [[ ! $devicetype = "0" ]] && [[ ! $devicetype = "1" ]] && [[ ! $devicetype = "2" ]]; while [[ ! $devicetype = "0" ]] && [[ ! $devicetype = "1" ]] && [[ ! $devicetype = "2" ]];
do do
if [[ $devicetype = "help" ]]; if [[ $devicetype = "help" ]];
@@ -188,6 +184,7 @@ get_devicetype () {
logwarn "Invalid type, correct values can be 0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA." logwarn "Invalid type, correct values can be 0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA."
fi fi
read -r devicetype read -r devicetype
logresponse "$devicetype"
done done
case $devicetype in case $devicetype in
"0") "0")
@@ -204,34 +201,30 @@ get_devicetype () {
*) *)
logerror "Unspecified error when getting device." logerror "Unspecified error when getting device."
cleanup exit
;; ;;
esac esac
} }
get_device () { get_device () {
device= device=
pcie_enable loginfo "Listing current attached devices..."
loginfo "loginfoing current attached devices..."
loginfo "" loginfo ""
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]]; if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then then
loginfo "$(lsblk | grep -E '^NAME|^sd')" loginfo "$(lsblk | grep -E '^NAME|^sd')"
elif [[ $devicetype = "SSD_NVME" ]]; elif [[ $devicetype = "SSD_NVME" ]];
then then
pcie_enable
loginfo "$(lsblk | grep -E '^NAME|^nvme')" loginfo "$(lsblk | grep -E '^NAME|^nvme')"
fi fi
loginfo "" loginfo ""
loginfo "Which is the device from this list? (Type 'help' for help.)" loginput "Which is the device from this list? (Type 'help' for help.)"
while [[ $device =~ ^\s*$ ]]; while [[ $device =~ ^\s*$ ]];
do do
verify_device
done
}
verify_device (){
read -r device read -r device
logresponse "$device"
while [[ ! $device =~ ^sd[a-z]$ ]] && [[ ! $device =~ ^nvme0n[0-9]$ ]]; while [[ ! $device =~ ^sd[a-z]$ ]] && [[ ! $device =~ ^nvme0n[0-9]$ ]];
do do
if [[ $device = "help" ]]; if [[ $device = "help" ]];
@@ -243,6 +236,7 @@ verify_device (){
logwarn "Invalid format, device should follow naming conventions. (i.e. sd{a-z}, nvme0n{0-9})" logwarn "Invalid format, device should follow naming conventions. (i.e. sd{a-z}, nvme0n{0-9})"
fi fi
read -r device read -r device
logresponse "$device"
done done
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]]; if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then then
@@ -266,10 +260,12 @@ verify_device (){
logwarn "/dev/$device does not exist, please ensure you are typing the device name correctly." logwarn "/dev/$device does not exist, please ensure you are typing the device name correctly."
device= device=
fi fi
done
} }
make_infolog () { make_infolog () {
infolog="/mnt/decs/$dirname/info_$ticket_number\_$start_time" loginfo "Reading drive to create a log."
infolog=/mnt/decs/"$dirname"/info_"$ticket_number"_"$start_time".log
{ {
echo "DETAILS" echo "DETAILS"
echo "Start Time: $start_time" echo "Start Time: $start_time"
@@ -281,47 +277,145 @@ make_infolog () {
echo "Erase Level: $eraselevel" echo "Erase Level: $eraselevel"
echo "" echo ""
echo "DEVICE DETAILS" echo "DEVICE DETAILS"
lsblk -O | grep "NAME\|$device" lsblk -o NAME,LABEL,PARTLABEL,FSTYPE,SIZE,MODEL,VENDOR,UUID,SERIAL | grep "NAME\|$device"
echo "" echo ""
sudo smartctl -i /dev/nvme0n1 smartctl -i /dev/"$device"
echo "" echo ""
echo "PARTITION DETAILS"
echo "Count: $(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")"
} >> "$infolog" } >> "$infolog"
while [ -e "/mnt/wintmnt" ]; if [[ ! "$(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")" = 0 ]];
then
local fstype=
for i in $(seq 1 "$(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")");
do do
Sleep 5 fstype=$(lsblk -n -o FSTYPE /dev/"$device""$i")
done loginfo "Reading $device$i : $fstype."
echo "" >> "$infolog"
mkdir "/mnt/winmnt" echo "$device$i : $fstype" >> "$infolog"
local ret_value=$(mount -t ntfs "/dev/$device" /mnt/winmt &> /dev/null; echo $?) case $fstype in
if [[ $ret_value = "0" ]] "ext4"|"ext3"|"ext2"|"xfs"|"btrfs")
mkdir -p /mnt/"$ticket_number"
if mount -t "$fstype" /dev/"$device""$i" /mnt/"$ticket_number"
then then
mount -t ntfs "/dev/$device" /mnt/winmt if find /mnt/"$ticket_number" -maxdepth 3 -ipath "*/etc/os-release" | grep "."
local ret_value2=$(find /mnt/winmnt/ -ipath "*System32/config" -not -ipath "*Windows.old*" &> /dev/null; echo $?)
if [[ $ret_value2 = "0" ]]
then then
winpath=$(find /mnt/winmnt/ -ipath "*System32/config" -not -ipath "*Windows.old*") loginfo "Linux install detected on $device$i."
echo "Linux install detected on $device$i." >> "$infolog"
echo "" >> "$infolog"
{ {
echo "WINDOWS DETAILS" echo "LINUX DETAILS"
cat "$(find /mnt/"$ticket_number" -maxdepth 3 -ipath "*/etc/os-release")"
echo "" echo ""
echo "HOSTNAME" echo "HOSTNAME"
hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SYSTEM" '\Microsoft\Windows\ControlSet001\Control\ComputerName\ComputerName' cat "$(find /mnt/"$ticket_number" -maxdepth 3 -ipath "*/etc/hostname")"
echo ""
echo "DOMAIN"
hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SYSTEM" '\Microsoft\Windows\ControlSet001\Services\Tcpip\Parameters'
echo "" echo ""
echo "LOGON DETAILS" echo "LOGON DETAILS"
hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SOFTWARE" '\Microsoft\Windows\CurrentVersion\Authentication\LogonUI' w
echo "" echo ""
hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SOFTWARE" '\Microsoft\Windows NT\CurrentVersion\ProfileList' cat "$(find /mnt/"$ticket_number" -maxdepth 3 -ipath "*/etc/passwd")"
echo "" echo ""
ls "$(find /mnt/winmnt/ -type d -ipath "*Windows/Users")" tree -a -L 1 -D "$(find /mnt/"$ticket_number" -maxdepth 3 -type d -ipath "*/home")"
echo "" echo ""
} >> "$infolog" } >> "$infolog"
fi
else else
logerror "Failed to mount local Windows directory." echo "Non Linux OS device detected on $device$i." >> "$infolog"
cleanup loginfo "Non Linux OS device detected on $device$i."
tree -a -L 3 -D /mnt/"$ticket_number" >> "$infolog"
fi
umount /mnt/"$ticket_number"
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
"zfs")
echo "zfs filesystem detected, this cannot be mounted." >> "$infolog"
logwarn "zfs filesystem detected on $device$i, this cannot be mounted."
;;
"ntfs")
mkdir -p /tmp/"$ticket_number"
mkdir -p /mnt/"$ticket_number"
if mount -t "$fstype" /dev/"$device""$i" /mnt/"$ticket_number"
then
if find /tmp/"$ticket_number"-maxdepth 4 -ipath "*System32/config" -not -ipath "*Windows.old*" | grep "."
then
loginfo "Windows install detected on $device$i."
echo "Windows install detected on $device$i." >> "$infolog"
echo "" >> "$infolog"
winpath=$(find /mnt/"$ticket_number" -maxdepth 4 -ipath "*System32/config" -not -ipath "*Windows.old*")
cp "$winpath/SOFTWARE" /tmp/"$ticket_number"/SOFTWARE
cp "$winpath/SYSTEM" /tmp/"$ticket_number"/SYSTEM
{
echo "WINDOWS DETAILS"
hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/"$ticket_number"/SOFTWARE '\Microsoft\Windows NT\CurrentVersion'
echo ""
echo "HOSTNAME"
hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/"$ticket_number"/SYSTEM '\ControlSet001\Control\ComputerName\ComputerName'
echo ""
echo "DOMAIN"
hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/"$ticket_number"/SYSTEM '\ControlSet001\Services\Tcpip\Parameters'
echo ""
echo "USER DETAILS"
hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/"$ticket_number"/SOFTWARE '\Microsoft\Windows\CurrentVersion\Authentication\LogonUI'
echo ""
hivexregedit --export --unsafe-printable-strings --max-depth 2 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/"$ticket_number"/SOFTWARE '\Microsoft\Windows NT\CurrentVersion\ProfileList'
echo ""
tree -a -L 1 -D "$(find /mnt/"$ticket_number" -maxdepth 2 -type d -ipath "*/Users" -not -ipath "*Windows.old*")"
echo ""
} >> "$infolog"
else
loginfo "Non Windows NTFS device detected on $device$i."
echo "Non Windows NTFS device detected on $device$i." >> "$infolog"
tree -a -L 3 -D /mnt/"$ticket_number" >> "$infolog"
fi
umount /mnt/"$ticket_number"
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
"apfs")
mkdir -p /mnt/"$ticket_number"
loginfo "Apple install detected on $device$i."
echo "Apple install detected on $device$i." >> "$infolog"
if mount -t "$fstype" /dev/"$device""$i" /mnt/"$ticket_number"
then
echo "¯\_(ツ)_/¯" >> "$infolog"
tree -a -L 1 -D /mnt/"$ticket_number"/Users >> "$infolog"
umount /mnt/"$ticket_number"
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
"vfat"|"fat32")
loginfo "Boot/Recovery partition detected."
echo "Boot/Recovery partition detected." >> "$infolog"
mkdir -p /mnt/"$ticket_number"
if mount -t "$fstype" /dev/"$device""$i" /mnt/"$ticket_number"
then
tree -a -R -D /mnt/"$ticket_number" >> "$infolog"
umount /mnt/"$ticket_number"
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
*)
logwarn "Unknown partition type '$fstype'."
echo "Unknown partition type '$fstype'." >> "$infolog"
;;
esac
done
else
logwarn "No partitions detected, device is likely empty."
fi fi
echo "END OF LOG" >> "$infolog" echo "END OF LOG" >> "$infolog"
} }
@@ -361,9 +455,9 @@ erase_device_lv0 () {
logerror "Unspecified error." logerror "Unspecified error."
;; ;;
esac esac
cleanup exit
else else
loginfo "Partition tables wiped. Device is readry for reuse." loginfo "Partition tables wiped. Device is ready for reuse."
fi fi
} }
@@ -388,7 +482,7 @@ erase_device_lv1 () {
logerror "Unspecified error while nwiping disk." logerror "Unspecified error while nwiping disk."
;; ;;
esac esac
cleanup exit
else else
loginfo "Finished wiping data with nwipe." loginfo "Finished wiping data with nwipe."
fi fi
@@ -421,7 +515,7 @@ erase_device_lv1 () {
then then
hdparm_check_error "$ret_value2" hdparm_check_error "$ret_value2"
logerror "Failed to Secure Erase. Please contact your supervisor." logerror "Failed to Secure Erase. Please contact your supervisor."
cleanup exit
else else
loginfo "Secure Erase success." loginfo "Secure Erase success."
fi fi
@@ -434,7 +528,6 @@ erase_device_lv1 () {
loginfo "Running nvme_cli format on $devicetype : $device." loginfo "Running nvme_cli format on $devicetype : $device."
#Erase using nvme cli to send secure erase command to drop the crypto stuff. #Erase using nvme cli to send secure erase command to drop the crypto stuff.
local ret_value=$(nvme format --force -r -s 2 /dev/"$device" &> /dev/null; echo $?) local ret_value=$(nvme format --force -r -s 2 /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]] if [[ ! $ret_value = "0" ]]
then then
logwarn "Failed to cryptographically erase drive, blanket erasing instead." logwarn "Failed to cryptographically erase drive, blanket erasing instead."
@@ -444,7 +537,7 @@ erase_device_lv1 () {
if [[ ! $ret_value = "0" ]] if [[ ! $ret_value = "0" ]]
then then
logerror "Failed to cryptographically erase or blanket erase. Please contact your supervisor." logerror "Failed to cryptographically erase or blanket erase. Please contact your supervisor."
cleanup exit
else else
loginfo "Blanket erased drive." loginfo "Blanket erased drive."
fi fi
@@ -453,7 +546,7 @@ erase_device_lv1 () {
fi fi
else else
logerror "There was an issue with the device type: $devicetype. Ensure you typed the drive name correctly." logerror "There was an issue with the device type: $devicetype. Ensure you typed the drive name correctly."
cleanup exit
fi fi
} }
@@ -463,7 +556,6 @@ erase_device_lv2 () {
loginfo "This may take a while!" loginfo "This may take a while!"
local ret_value=$(nwipe -m dod --autonuke --nogui /dev/"$device" &> /dev/null; echo $?) local ret_value=$(nwipe -m dod --autonuke --nogui /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]] if [[ ! $ret_value = "0" ]]
then then
case $ret_value in case $ret_value in
@@ -475,7 +567,7 @@ erase_device_lv2 () {
logerror "Unspecified error while nwiping disk." logerror "Unspecified error while nwiping disk."
;; ;;
esac esac
cleanup exit
else else
loginfo "Finished wiping data with nwipe." loginfo "Finished wiping data with nwipe."
loginfo "Please put device in decommission bin in the hardware room." loginfo "Please put device in decommission bin in the hardware room."
@@ -518,8 +610,10 @@ pcie_enable (){
} }
#Remove the PCIe NVMe readrer #Remove the PCIe NVMe readrer
# shellcheck disable=SC2329
pcie_disable (){ pcie_disable (){
echo 1 > /sys/bus/pci/devices/0000:02:00.0/remove echo 1 > /sys/bus/pci/devices/0000:02:00.0/remove
echo 1 > /sys/bus/pci/devices/0000:03:00.0/remove
loginfo "Disabled PCIe card." loginfo "Disabled PCIe card."
} }
@@ -548,7 +642,6 @@ main (){
confirm_message "Please type 'confirm' to begin." "confirm" confirm_message "Please type 'confirm' to begin." "confirm"
fi fi
case $eraselevel in case $eraselevel in
"0") "0")
erase_device_lv0 #Wipe partition erase_device_lv0 #Wipe partition
@@ -567,7 +660,7 @@ main (){
*) *)
logerror "Invalid Erase Level" logerror "Invalid Erase Level"
cleanup exit
;; ;;
esac esac
@@ -575,7 +668,7 @@ main (){
loginfo "Finished erasing $devicetype : $device with erase level $eraselevel." loginfo "Finished erasing $devicetype : $device with erase level $eraselevel."
cleanup exit
} }
main main
log_drive_info.sh
+386
View File
@@ -0,0 +1,386 @@
#!/bin/bash
#!/usr/bin/env bash
start_time="$(date '+%Y-%m-%d_%H.%M.%S')"
log=/tmp/log_"$start_time".log
log_x=/tmp/log_x_"$start_time".log
exec 3>&1 1>>"$log_x" 2>&1
set -x
loginput() {
echo "$*" >&3;
echo "[INPUT] $(date '+%H:%M:%S') $*" >> "$log";
}
logresponse() {
echo "[RESPONSE] $(date '+%H:%M:%S') $*" >> "$log";
}
loginfo() {
echo "$*" >&3;
echo "[INFO] $(date '+%H:%M:%S') $*" >> "$log";
}
logwarn() {
echo "$*" >&3;
echo "[WARNING] $(date '+%H:%M:%S') $*" >> "$log";
}
logerror() {
echo "$*" >&3;
echo "[ERROR] $(date '+%H:%M:%S') $*" >> "$log";
}
# shellcheck disable=SC2329
catch_sigint () {
logwarn "Signal Interrupt initiated. Stopping script."
cleanup
trap - INT
kill -INT "$$"
}
# shellcheck disable=SC2329
catch_exit () {
cleanup
trap - EXIT
trap - INT
kill -INT "$$"
}
# shellcheck disable=SC2329
cleanup () {
loginfo "Cleaning up."
pcie_disable
loginfo "Unmounting drives."
exec 1>/dev/null 2>&1
umount "/mnt/decs"
}
trap catch_sigint SIGINT
trap catch_exit EXIT
get_netid () {
netid=
while [[ $netid =~ ^\s*$ ]];
do
loginput "Enter netid: "
read -r netid
logresponse "$netid"
if [[ $netid =~ ^\s*$ ]];
then
logwarn "Your netid cannot be blank."
loginfo "Enter netid: "
else
local ret_value=$(kinit "$netid"@EGR.MSU.EDU >&3; echo $?)
if [[ ! $ret_value = "0" ]]
then
kdestroy
netid=
logwarn "Error when authenticating netid $netid."
else
clear
loginfo "Authenticated as user $netid."
fi
fi
done
}
mount_remote () {
mkdir -p /mnt/decs
if mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs
then
dirname="UNKNWN-$start_time"
mkdir -p /mnt/decs/"$dirname"
cp "$log" /mnt/decs/"$dirname"/log_UNKNWN_"$start_time".log
cp "$log_x" /mnt/decs/"$dirname"/log_x_UNKNWN_"$start_time".log
log=/mnt/decs/"$dirname"/log_UNKNWN_"$start_time".log
log_x=/mnt/decs/"$dirname"/log_x_UNKNWN_"$start_time".log
exec 1>>"$log_x" 2>&1
set -x
else
logerror "Failed to mount remote DECS drive. Stopping"
exit
fi
}
get_devicetype () {
devicetype=
loginput "What is the device type? (0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA):"
loginfo "Type 'help' for an explanation of each type."
read -r devicetype
logresponse "$devicetype"
while [[ ! $devicetype = "0" ]] && [[ ! $devicetype = "1" ]] && [[ ! $devicetype = "2" ]];
do
if [[ $devicetype = "help" ]];
then
loginfo "HDD_SATA: Spinning disk platters on a SATA connection. Typically 3.5 in or 2.5 in."
loginfo "SSD_SATA: Solid State drive on a SATA connection. Typically 2.5 in."
loginfo "SSD_NVME: Solid State drive on a M.2 connection. Looks like a small PCB."
else
logwarn "Invalid type, correct values can be 0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA."
fi
read -r devicetype
logresponse "$devicetype"
done
case $devicetype in
"0")
devicetype="HDD_SATA"
;;
"1")
devicetype="SSD_NVME"
;;
"2")
devicetype="SSD_SATA"
;;
*)
logerror "Unspecified error when getting device."
exit
;;
esac
}
get_device () {
device=
loginfo "Listing current attached devices..."
loginfo ""
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
loginfo "$(lsblk | grep -E '^NAME|^sd')"
elif [[ $devicetype = "SSD_NVME" ]];
then
pcie_enable
loginfo "$(lsblk | grep -E '^NAME|^nvme')"
fi
loginfo ""
loginput "Which is the device from this list? (Type 'help' for help.)"
while [[ $device =~ ^\s*$ ]];
do
read -r device
logresponse "$device"
while [[ ! $device =~ ^sd[a-z]$ ]] && [[ ! $device =~ ^nvme0n[0-9]$ ]];
do
if [[ $device = "help" ]];
then
loginfo "The UNIX filesystem thinks of storage devices as directories, which are under /dev/"
loginfo "If you have a SATA connection, you will be looking for sd{a-z}."
loginfo "If you have a NVME connection, you will be looking for nvme0n{0-9}."
else
logwarn "Invalid format, device should follow naming conventions. (i.e. sd{a-z}, nvme0n{0-9})"
fi
read -r device
logresponse "$device"
done
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
if [[ $device =~ ^nvme0n[0-9]$ ]];
then
logwarn "Device was specified to be a SATA HDD or SSD, but a NVME device was chosen."
device=
fi
elif [[ $devicetype = "SSD_NVME" ]];
then
if [[ $device =~ ^sd[a-z]$ ]];
then
logwarn "Device was specified to be a NVME SSD, but a SATA device was chosen. Please ensure the device is plugged into the motherboard via PCIe slot and not SATA."
device=
fi
fi
if [ -e "/dev/$device" ]; then
loginfo "Picking device /dev/$device."
else
logwarn "/dev/$device does not exist, please ensure you are typing the device name correctly."
device=
fi
done
}
make_infolog () {
loginfo "Reading drive to create a log."
infolog=/mnt/decs/"$dirname"/info_UNKNWN_"$start_time".log
{
echo "DETAILS"
echo "Start Time: $start_time"
echo "NetID: $netid"
echo "Type/Device: $devicetype : $device"
echo ""
echo "DEVICE DETAILS"
lsblk -o NAME,LABEL,PARTLABEL,FSTYPE,SIZE,MODEL,VENDOR,UUID,SERIAL | grep "NAME\|$device"
echo ""
smartctl -i /dev/"$device"
echo ""
echo "PARTITION DETAILS"
echo "Count: $(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")"
} >> "$infolog"
if [[ ! "$(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")" = 0 ]];
then
local fstype=
for i in $(seq 1 "$(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")");
do
fstype=$(lsblk -n -o FSTYPE /dev/"$device""$i")
loginfo "Reading $device$i : $fstype."
echo "" >> "$infolog"
echo "$device$i : $fstype" >> "$infolog"
case $fstype in
"ext4"|"ext3"|"ext2"|"xfs"|"btrfs")
mkdir -p /mnt/UNKNWN
if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN
then
if find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/os-release" | grep "."
then
loginfo "Linux install detected on $device$i."
echo "Linux install detected on $device$i." >> "$infolog"
echo "" >> "$infolog"
{
echo "LINUX DETAILS"
cat "$(find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/os-release")"
echo ""
echo "HOSTNAME"
cat "$(find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/hostname")"
echo ""
echo "LOGON DETAILS"
w
echo ""
cat "$(find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/passwd")"
echo ""
tree -a -L 1 -D "$(find /mnt/UNKNWN -maxdepth 3 -type d -ipath "*/home")"
echo ""
} >> "$infolog"
else
echo "Non Linux OS device detected on $device$i." >> "$infolog"
loginfo "Non Linux OS device detected on $device$i."
tree -a -L 3 -D /mnt/UNKNWN/ >> "$infolog"
fi
umount /mnt/UNKNWN
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
"zfs")
echo "zfs filesystem detected, this cannot be mounted." >> "$infolog"
logwarn "zfs filesystem detected on $device$i, this cannot be mounted."
;;
"ntfs")
mkdir -p /tmp/UNKNWN
mkdir -p /mnt/UNKNWN
if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN
then
if find /mnt/UNKNWN -maxdepth 4 -ipath "*System32/config" -not -ipath "*Windows.old*" | grep "."
then
loginfo "Windows install detected on $device$i."
echo "Windows install detected on $device$i." >> "$infolog"
echo "" >> "$infolog"
winpath=$(find /mnt/UNKNWN -maxdepth 4 -ipath "*System32/config" -not -ipath "*Windows.old*")
cp "$winpath/SOFTWARE" /tmp/UNKNWN/SOFTWARE
cp "$winpath/SYSTEM" /tmp/UNKNWN/SYSTEM
{
echo "WINDOWS DETAILS"
hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows NT\CurrentVersion'
echo ""
echo "HOSTNAME"
hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/UNKNWN/SYSTEM '\ControlSet001\Control\ComputerName\ComputerName'
echo ""
echo "DOMAIN"
hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/UNKNWN/SYSTEM '\ControlSet001\Services\Tcpip\Parameters'
echo ""
echo "USER DETAILS"
hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows\CurrentVersion\Authentication\LogonUI'
echo ""
hivexregedit --export --unsafe-printable-strings --max-depth 2 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows NT\CurrentVersion\ProfileList'
echo ""
tree -a -L 1 -D "$(find /mnt/UNKNWN/ -maxdepth 2 -type d -ipath "*/Users" -not -ipath "*Windows.old*")"
echo ""
} >> "$infolog"
else
loginfo "Non Windows NTFS device detected on $device$i."
echo "Non Windows NTFS device detected on $device$i." >> "$infolog"
tree -a -L 3 -D /mnt/UNKNWN/ >> "$infolog"
fi
umount /mnt/UNKNWN
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
"apfs")
mkdir -p /mnt/UNKNWN
loginfo "Apple install detected on $device$i."
echo "Apple install detected on $device$i." >> "$infolog"
if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN
then
echo "¯\_(ツ)_/¯" >> "$infolog"
tree -a -L 1 -D /mnt/UNKNWN/Users >> "$infolog"
umount /mnt/UNKNWN
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
"vfat"|"fat32")
loginfo "Boot/Recovery partition detected."
echo "Boot/Recovery partition detected." >> "$infolog"
mkdir -p /mnt/UNKNWN
if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN
then
tree -a -R -D /mnt/UNKNWN >> "$infolog"
umount /mnt/UNKNWN
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
*)
logwarn "Unknown partition type '$fstype'."
echo "Unknown partition type '$fstype'." >> "$infolog"
;;
esac
done
else
logwarn "No partitions detected, device is likely empty."
fi
echo "END OF LOG" >> "$infolog"
}
#Rescan for PCIe devices
pcie_enable (){
echo 1 > /sys/bus/pci/rescan
loginfo "Enabled PCIe card, sleeping for 5 seconds."
sleep 5
}
#Remove the PCIe NVMe readrer
# shellcheck disable=SC2329
pcie_disable (){
echo 1 > /sys/bus/pci/devices/0000:02:00.0/remove
echo 1 > /sys/bus/pci/devices/0000:03:00.0/remove
loginfo "Disabled PCIe card."
}
main (){
get_netid
mount_remote
get_devicetype #sets $devicetype to HDD_SATA/SSD_SATA/SSD_NVME
get_device #sets $device to one of the /dev/xyz devices.
make_infolog #Logs a bunch of details to a info log file from the system.
sleep 3
loginfo "Finished gathering logs of $devicetype : $device."
exit
}
main
test_network_drive.sh
+7 -10
View File
@@ -2,21 +2,18 @@
#!/usr/bin/env bash #!/usr/bin/env bash
netid= netid=
loginfo "Enter netid: " echo "Enter netid: "
read -r netid read -r netid
while [[ $netid =~ ^\s*$ ]]; while [[ $netid =~ ^\s*$ ]];
do do
logwarn "Your netid cannot be blank." echo "Your netid cannot be blank."
loginfo "Enter netid: " echo "Enter netid: "
done done
ret_value=$(kinit "$1" &> /dev/null; echo $?) if ! kinit "$netid"@EGR.MSU.MSU
while [[ ! ${kinit "$1" &> /dev/null; echo $?} = "0" ]] then
do exit
logwarn "Error when authenticating. Please see above issue, and try again." fi
ret_value=$(kinit "$1" &> /dev/null; echo $?)
done
mkdir /mnt/decs mkdir /mnt/decs
mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs
echo "test" > "/mnt/decs/test.txt" echo "test" > "/mnt/decs/test.txt"