diff --git a/README.md b/README.md
index f399fac..2e4528b 100644
--- a/README.md
+++ b/README.md
@@ -17,16 +17,16 @@
## Logging
|Info|Location|Log To:|Implemented?|Data|Notes|
|-|-|-|-|-|-|
-|User|Script Input|Ticket
Logfile|No|Username
|Probably can implement as part of the kerb auth|
-|Wipe Details|Script Input|Ticket
Logfile|No|Erase Level
Device Type
Device||
-|Script Output|Terminal Output|Logfile|No|All script output|Via transcribing or output redirection|
-|Machine Data|Registry|Ticket
Logfile|No|Machine Name
Domain|HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ComputerName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters|
-|Local Users|Registry
Filesystem|Logfile|No|Local User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
c:/Users|
-|Domain Users|Registry
Filesystem|Ticket
Logfile|No|Domain User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
c:/Users|
-|Last Logged On User|Registry|Ticket
Logfile|No|Username|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI|
-|Storage Info|Other|Ticket
Logfile|No|Serial Number
SMART Data|smartctl|
-|System Info|Registry|Logfile|No|Manufacturer
Model|HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS
Can't actually be done offline|
-|Misc|Misc|Ticket
Logfile|No|Current Time/Date||
+|User|- Script Input|- Ticket
- Logfile|No|- Username|Probably can implement as part of the kerb auth|
+|Wipe Details|- Script Input|- Ticket
- Logfile|No|- Erase Level
- Device Type
- Device||
+|Script Output|- Terminal Output|- Logfile|No|- All script output|Via transcribing or output redirection|
+|Machine Data|- Registry|- Ticket
- Logfile|No|- Machine Name
- Domain|HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ComputerName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters|
+|Local Users|- Registry
- Filesystem|- Logfile|No|- Local User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
c:/Users|
+|Domain Users|- Registry
- Filesystem|- Ticket
- Logfile|No|- Domain User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
c:/Users|
+|Last Logged On User|- Registry|- Ticket
- Logfile|No|- Username|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI|
+|Storage Info|- Other|- Ticket
- Logfile|No|- Serial Number
- SMART Data|smartctl|
+|System Info|- Registry|- Logfile|No|- Manufacturer
- Model|HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS
Can't actually be done offline|
+|Misc|- Misc|- Ticket
- Logfile|No|- Current Time
- Date||
diff --git a/erase_drive.sh b/erase_drive.sh
index 661e67f..419dcd8 100644
--- a/erase_drive.sh
+++ b/erase_drive.sh
@@ -1,60 +1,114 @@
#!/bin/bash
#!/usr/bin/env bash
-get_netid () {
- netid=
- echo "Enter netid: "
- read netid
- while [[ $netid =~ ^\s*$ ]];
- do
- echo "Your netid cannot be blank. Enter netid: "
- read netid
- done
- clear
- }
+## Get NetID
+## Mount \\reinstallbackups
+## Start logging
+## Get Ticket Number (optional)
+### Check if Directory with Ticket Number exists
+#### Warn User if it doesn't
+##
-get_ticket_number () {
- ticket_number=
- echo "Enter ticket number: "
- read ticket_number
- echo $ticket_number
- clear
+exec 3>&1 1>"$LOGFILE" 2>&1
+
+cleanup () {
+ echo "SPECIAL EXIT"
+ pcie_disable
+ trap - INT
+ kill -INT "$$"
}
+trap cleanup SIGINT
+
confirm_message () {
local typed=
while [[ ! $typed = "$2" ]];
do
- echo $1
- read typed
+ echo "$1"
+ read -r typed
done
}
+get_netid () {
+ netid=
+ while [[ $netid =~ ^\s*$ ]];
+ do
+ echo "Enter netid: "
+ read -r netid
+ if [[ $netid =~ ^\s*$ ]];
+ then
+ echo "Your netid cannot be blank. Enter netid: "
+ else
+ authenticate_egr
+ fi
+ done
+ clear
+}
+
+authenticate_egr (){
+ kinit "$netid"
+ local ret_value="$?"
+
+ if [[ ! $ret_value = "0" ]]
+ then
+ netid=
+ case $ret_value in
+ "1")
+ echo "Error when authenticating. Please see above issue, and try again."
+ ;;
+
+ *)
+ echo "Unspecified error."
+ ;;
+ esac
+ fi
+}
+
+get_ticket () {
+ ticket_number=
+ echo "Enter ticket number: "
+ read -r ticket_number
+ if [[ ! $ticket_number =~ ^\s*$ ]];
+ then
+ local ret_value=$(ls | grep -q -E "^$ticket_number"; echo $?)
+ if [[ ! $ret_value = "0" ]];
+ then
+ printf "WARNING: Backup does not exist in \\\\reinstallbackups\reinstallbackups\\$ticket_number!\n"
+ fi
+ else
+ sleep 1
+ fi
+}
+
+mount_drive () {
+ sleep 1
+}
+
get_eraselevel () {
eraselevel=
echo "What level of erase are you performing on the drive? (0 = baseline, 1 = secure erase, 2 = decommission):"
echo "Type 'help' for an explanation of each level."
- read eraselevel
+ read -r eraselevel
while [[ ! $eraselevel = "0" ]] && [[ ! $eraselevel = "1" ]] && [[ ! $eraselevel = "2" ]];
do
if [[ $eraselevel = "help" ]];
then
echo "Level 0 / Baseline: clears the partitions of the drive. Data can still be recovered but this is the optimal level for simple reuse."
- echo "Level 1 / Secure Erase: HDD: Scrambles the data on the drive over 3 passes. SSD: Sends a signal to the drive to forget the encryption key, making it unreadable."
+ echo "Level 1 / Secure Erase: HDD: Scrambles the data on the drive over 3 passes. SSD: Sends a signal to the drive to forget the encryption key, making it unread -rable."
echo "Level 2 / decommission: Scrambles the data on the drive over 7 passes. Afterward, put the drive in the bin near the Hardware office to have it destroyed."
else
echo "Invalid level, correct values can be 0, 1, or 2"
fi
- read eraselevel
+ read -r eraselevel
done
}
get_devicetype () {
devicetype=
- echo "What is the device type? (HDD_SATA, SSD_NVME, SSD_SATA):"
+ echo "What is the device type? (0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA):"
echo "Type 'help' for an explanation of each type."
- read devicetype
- while [[ ! $devicetype = "HDD_SATA" ]] && [[ ! $devicetype = "SSD_NVME" ]] && [[ ! $devicetype = "SSD_SATA" ]];
+ read -r devicetype
+ while [[ ! $devicetype = "0" ]] && [[ ! $devicetype = "1" ]] && [[ ! $devicetype = "2" ]];
do
if [[ $devicetype = "help" ]];
then
@@ -62,10 +116,27 @@ get_devicetype () {
echo "SSD_SATA: Solid State drive on a SATA connection. Typically 2.5 in."
echo "SSD_NVME: Solid State drive on a M.2 connection. Looks like a small PCB."
else
- echo "Invalid type, correct values can be HDD_SATA, SSD_NVME, SSD_SATA"
+ echo "Invalid type, correct values can be 0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA."
fi
- read devicetype
+ read -r devicetype
done
+ case $devicetype in
+ "0")
+ devicetype="HDD_SATA"
+ ;;
+
+ "1")
+ devicetype="SSD_NVME"
+ ;;
+
+ "2")
+ devicetype="SSD_SATA"
+ ;;
+
+ *)
+ echo "Unspecified error."
+ ;;
+ esac
}
get_device () {
@@ -90,7 +161,7 @@ get_device () {
}
verify_device (){
- read device
+ read -r device
while [[ ! $device =~ ^sd[a-z]$ ]] && [[ ! $device =~ ^nvme0n[0-9]$ ]];
do
if [[ $device = "help" ]];
@@ -101,7 +172,7 @@ verify_device (){
else
echo "Invalid format, device should follow naming conventions. (i.e. sd{a-z}, nvme0n{0-9})"
fi
- read device
+ read -r device
done
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
@@ -122,7 +193,7 @@ verify_device (){
if [ -e "/dev/${device}" ]; then
echo "Picking device /dev/${device}."
else
- echo "/dev/${device} does not exist, please ensure you are typing the device name correctly."
+ echo "/dev/${device} does not exist, please ensure you are typing the device name correctly."
device=
fi
}
@@ -130,7 +201,7 @@ verify_device (){
erase_device_lv0 () {
echo "Wiping partition tables of ${devicetype} : ${device}."
- ret_value=$(sgdisk -g -Z /dev/$device &> /dev/null; echo $?)
+ local ret_value=$(sgdisk -g -Z /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]]
then
@@ -140,7 +211,7 @@ erase_device_lv0 () {
;;
"2")
- echo "An error occurred while reading the partition table."
+ echo "An error occurred while read -ring the partition table."
;;
"3")
@@ -152,7 +223,7 @@ erase_device_lv0 () {
;;
"5")
- echo "An error occurred while reading standard input."
+ echo "An error occurred while read -ring standard input."
;;
"8")
@@ -164,7 +235,7 @@ erase_device_lv0 () {
;;
esac
else
- echo "Partition tables wiped. Device is ready for reuse."
+ echo "Partition tables wiped. Device is read -ry for reuse."
fi
}
@@ -177,7 +248,7 @@ erase_device_lv1 () {
echo "Running 3-Pass DOD Short on ${devicetype} : ${device}."
echo "This may take a while!"
- ret_value=$(nwipe -m dodshort --autonuke --nogui /dev/$device &> /dev/null; echo $?)
+ local ret_value=$(nwipe -m dodshort --autonuke --nogui /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]]
then
@@ -199,7 +270,7 @@ erase_device_lv1 () {
echo "Setting security pass to NULL."
#Set the password of the drive to NULL
- ret_value=$(hdparm --user-master m --security-set-pass NULL /dev/$device &> /dev/null; echo $?)
+ local ret_value=$(hdparm --user-master m --security-set-pass NULL /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]];
then
@@ -210,7 +281,7 @@ erase_device_lv1 () {
fi
#Attempt a secure erase.
- ret_value=$(hdparm --user-master m --security-erase-enhanced NULL /dev/$device &> /dev/null; echo $?)
+ local ret_value=$(hdparm --user-master m --security-erase-enhanced NULL /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]];
then
@@ -220,7 +291,7 @@ erase_device_lv1 () {
echo "Attempting normal erase instead."
#Attempt a secure erase, less enhanced.
- ret_value=$(hdparm --user-master m --security-erase NULL /dev/$device &> /dev/null; echo $?)
+ local ret_value=$(hdparm --user-master m --security-erase NULL /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]];
then
@@ -233,13 +304,13 @@ erase_device_lv1 () {
then
echo "Running nvme_cli format on ${devicetype} : ${device}."
#Erase using nvme cli to send secure erase command to drop the crypto stuff.
- ret_value=$(nvme format --force -r -s 2 /dev/$device &> /dev/null; echo $?)
+ local ret_value=$(nvme format --force -r -s 2 /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]]
then
echo "Failed to cryptographically erase drive, blanket erasing instead."
#Sad, can't do it. Blank out drive instead using the drive controller.
- ret_value=$(nvme format --force -r -s 1 /dev/$device &> /dev/null; echo $?)
+ local ret_value=$(nvme format --force -r -s 1 /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]]
then
@@ -260,7 +331,7 @@ erase_device_lv2 () {
echo "Running 7-Pass DOD on ${devicetype} : ${device}."
echo "This may take a while!"
- ret_value=$(nwipe -m dod --autonuke --nogui /dev/$device &> /dev/null; echo $?)
+ local ret_value=$(nwipe -m dod --autonuke --nogui /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]]
then
@@ -314,19 +385,20 @@ pcie_enable (){
sleep 5
}
-#Remove the PCIe NVMe reader
+#Remove the PCIe NVMe read -rer
pcie_disable (){
echo 1 > /sys/bus/pci/devices/0000:02:00.0/remove
echo "Disabled PCIe card."
}
main (){
- # get_netid
- # get_ticket_number
-
+ get_netid
+ get_ticket_number
+ check_backup
+
echo "By running this script, you are confirming that it has been two weeks past the date written on the slip attached to the storage device. DO NOT erase the device before two weeks have passed."
- confirm_message "Please type 'confirm' to acknowledge you have read this and that it has been two weeks." "confirm"
+ confirm_message "Please type 'confirm' to acknowledge you have read -r this and that it has been two weeks." "confirm"
get_eraselevel #sets $eraselevel to 0-2 based on how to erase. Higher levels include lower levels.
get_devicetype #sets $devicetype to HDD_SATA/SSD_SATA/SSD_NVME
@@ -338,8 +410,7 @@ main (){
if [[ $eraselevel = "1" ]] || [[ $eraselevel = "2" ]];
then
- local randomconf
- randomconf=$(shuf -i 10000-99999 -n 1)
+ local randomconf=$(shuf -i 10000-99999 -n 1)
confirm_message "This level is destructive and irreversible. Please type ${randomconf} to continue" "${randomconf}"
else
confirm_message "Please type 'confirm' to begin." "confirm"