meyerast/DECSEraser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: meyerast/DECSEraser:050ef4fbe83cc0fb3e7387e0f421b1610b5fa514
Branches Tags
meyerast/DECSEraser:main
..
compare: meyerast/DECSEraser:main
Branches Tags
meyerast/DECSEraser:main

6 Commits
050ef4fbe8 .. main

Author SHA1 Message Date
meyerast 18011e8865 Fix for writing to DECS, beautifying output 2026-04-27 12:27:46 -04:00
meyerast ec5f9be8ee Minor Fixes 2026-04-16 09:34:49 -04:00
meyerast a890de17a7 Redid Linux infogathering, changed exit behavior 2026-04-13 11:37:28 -04:00
meyerast dc69953226 Minor Fixes 2026-04-10 10:29:54 -04:00
meyerast 8eafb32564 Improved logging, added offline mode, redid registry export 2026-04-09 16:06:56 -04:00
meyerast cbb822c646 Added logging of drive contents 2026-04-07 17:52:39 -04:00
5 changed files with 797 additions and 198 deletions
Expand all files Collapse all files
README.md
+13 -13
View File
@@ -5,7 +5,7 @@
|-|-|-|-|-|
|Hard Drive (SATA)|SATA|5.25" 4x Bay 3.5" Enclosure > 4x SATA SAS Card > PCIe Slot A|Yes||
|Solid State Drive (SATA)|SATA|5.25" 4x Bay 2.5" Enclosure > 4x SATA SAS Card > PCIe Slot A|Yes||
|Solid State Drive (NVMe)|PCIe/M.2|5.25" 4x Bay NVMe Enclosure > MiniSAS to M.2 > M.2 Slot A|yes||
|Solid State Drive (NVMe)|PCIe/M.2|5.25" 4x Bay NVMe Enclosure > MiniSAS to M.2 > M.2 Slot A|Yes||
## Erasing
|Storage Type|Erase Type|Method|Implementation|Implemented?|
@@ -17,16 +17,16 @@
## Logging
|Info|Location|Log To:|Implemented?|Data|Notes|
|-|-|-|-|-|-|
|User|- Script Input|- Ticket<br>- Logfile|Testing|- Username|Probably can implement as part of the kerb auth|
|Wipe Details|- Script Input|- Ticket<br>- Logfile|Testing|- Erase Level<br>- Device Type<br>- Device||
|Script Output|- Terminal Output|- Logfile|Testing|- All script output|Via transcribing or output redirection|
|Machine Data|- Registry|- Ticket<br>- Logfile|Testing|- Machine Name<br>- Domain|HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ComputerName<br><br>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters|
|Local Users|- Registry<br>- Filesystem|- Logfile|Testing|- Local User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList<br><br>c:/Users|
|Domain Users|- Registry<br>- Filesystem|- Ticket<br>- Logfile|Testing|- Domain User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList<br><br>c:/Users|
|Last Logged On User|- Registry|- Ticket<br>- Logfile|Testing|- Username|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI|
|Storage Info|- Other|- Ticket<br>- Logfile|Testing|- Serial Number<br>- SMART Data|smartctl|
|System Info|- Registry|- Logfile|Testing|- Manufacturer<br>- Model|HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS<br>Can't actually be done offline|
|Misc|- Misc|- Ticket<br>- Logfile|Testing|- Current Time<br>- Date||
|User|- Script Input|- Ticket<br>- Logfile|Yes|- Username|Probably can implement as part of the kerb auth|
|Wipe Details|- Script Input|- Ticket<br>- Logfile|Yes|- Erase Level<br>- Device Type<br>- Device||
|Script Output|- Terminal Output|- Logfile|Yes|- All script output|Via transcribing or output redirection|
|Machine Data|- Registry|- Ticket<br>- Logfile|Yes|- Machine Name<br>- Domain|HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ComputerName<br><br>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters|
|Local Users|- Registry<br>- Filesystem|- Logfile|Yes|- Local User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList<br><br>c:/Users|
|Domain Users|- Registry<br>- Filesystem|- Ticket<br>- Logfile|Yes|- Domain User List|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList<br><br>c:/Users|
|Last Logged On User|- Registry|- Ticket<br>- Logfile|Yes|- Username|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI|
|Storage Info|- Other|- Ticket<br>- Logfile|Yes|- Serial Number<br>- SMART Data|smartctl|
|System Info|- Registry|- Logfile|Yes|- Manufacturer<br>- Model|HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS<br>Can't actually be done offline|
|Misc|- Misc|- Ticket<br>- Logfile|Yes|- Current Time<br>- Date||
@@ -35,6 +35,6 @@
|-|-|-|-|-|
Erasure Environment|Setup Alpine Linux Environment with SquashFS/No Persistence|Lightweight Linux Distro that can be loaded into RAM and be edited.<br>Avoids wiping USB but also can be used on any machine and customized.|Yes||
|Scripted Erase Tool|Write a script to guide the erase process|Allows for ease of use, and ensures consistent workflow<br>Can also tie in user auth, logging, etc|Yes|Done via bash scripting in erase_drive.sh|
|User Authentication|Implement user authentication|For Auditing, Logging, connection to network shares, etc.|Testing|Probably kerb auth via krb5
|Logging|Implement logging|For auditing purposes|Testing|Record user, drive serial, grab user list (if windows/unix drive), grab hostname, record script inputs|
|User Authentication|Implement user authentication|For Auditing, Logging, connection to network shares, etc.|Yes|Probably kerb auth via krb5
|Logging|Implement logging|For auditing purposes|Yes|Record user, drive serial, grab user list (if windows/unix drive), grab hostname, record script inputs|
|Ticket Notes|Add ticket note through script|To keep keyword searchable records associated with a ticket|No|Send email to Otobo with small details such as level, hostname, serial, etc<br>Might involve policy changes for when a ticket should be created.|
dbanplusplus.egr.msu.edu.apkovl.tar.gz
BIN
View File
Binary file not shown.
erase_drive.sh
+334 -175
View File
@@ -1,29 +1,36 @@
#!/bin/bash
#!/usr/bin/env bash
## Start logging
## Get NetID
### Auth
## Mount \\reinstallbackup
## Get Ticket Number (optional)
### Check if Directory with Ticket Number exists
#### Warn User if it doesn't
##
start_time="$(date '+%Y-%m-%d_%H:%M:%S')"
log="/tmp/log_$start_time"
log_x="/tmp/log_x_$start_time"
exec 3>&1 1>"$log_x" 2>&1
start_time="$(date '+%Y-%m-%d_%H.%M.%S')"
logdir=/tmp
log="$logdir"/log_"$start_time".log
log_x="$logdir"/log_x_"$start_time".log
exec 3>&1 1>>"$log_x" 2>&1
set -x
print="false"
offline="false"
while getopts ":p:o" opt; do
case ${opt} in
p ) print="true" ;;
o ) offline="true" ;;
\? ) echo "Invalid option: -$OPTARG" ;;
: ) echo "Option -$OPTARG requires an argument." ;;
esac
done
loginput() {
echo "$*" >&3;
echo "[INPUT] $(date '+%H:%M:%S') $*" >> "$log";
echo "[INPUT] $(date '+%H:%M:%S') $*" >> "$log";
}
logresponse() {
echo "[RESPONSE] $(date '+%H:%M:%S') $*" >> "$log";
}
loginfo() {
echo "$*" >&3;
echo "[INFO] $(date '+%H:%M:%S') $*" >> "$log";
echo "[INFO] $(date '+%H:%M:%S') $*" >> "$log";
}
logwarn() {
@@ -33,7 +40,7 @@ logwarn() {
logerror() {
echo "$*" >&3;
echo "[ERROR] $(date '+%H:%M:%S') $*" >> "$log";
echo "[ERROR] $(date '+%H:%M:%S') $*" >> "$log";
}
confirm_message () {
@@ -42,83 +49,90 @@ confirm_message () {
do
loginput "$1"
read -r typed
logresponse "$typed"
done
}
# shellcheck disable=SC2329
catch_sigint () {
logwarn "Signal Interrupt initiated. Stopping script."
cleanup
trap - INT
kill -INT "$$"
}
# shellcheck disable=SC2329
catch_exit () {
cleanup
kill -INT "$$"
}
# shellcheck disable=SC2329
cleanup () {
loginfo "Cleaning up."
pcie_disable
if [[ ! $dirname =~ ^\s*$ ]];
loginfo "Unmounting drives."
exec 1>/dev/null 2>&1
if [[ ! $offline = "true" ]];
then
loginfo "Unmounting drives."
umount "/mnt/reinstallbackups"
#rmdir "/mnt/reinstallbackups"
umount "/mnt/decs"
#rmdir "/mnt/decs"
fi
umount /mnt/"$ticket_number"
rm /tmp/"$ticket_number"/SOFTWARE
rm /tmp/"$ticket_number"/SYSTEM
trap - EXIT
trap - INT
}
trap catch_sigint SIGINT
trap catch_exit EXIT
get_netid () {
netid=
while [[ $netid =~ ^\s*$ ]];
do
loginfo "Enter netid: "
loginput "Enter account netid: "
read -r netid
logresponse "$netid"
if [[ $netid =~ ^\s*$ ]];
then
logwarn "Your netid cannot be blank."
loginfo "Enter netid: "
else
authenticate_egr "$netid"
local ret_value=$(kinit "$netid"@EGR.MSU.EDU >&3; echo $?)
if [[ ! $ret_value = "0" ]]
then
kdestroy
netid=
logwarn "Error when authenticating netid $netid."
else
clear
loginfo "Authenticated as user $netid."
fi
fi
done
clear
}
authenticate_egr (){
kinit "$1"
local ret_value=$(kinit "$1" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]]
then
netid=
case $ret_value in
"1")
logwarn "Error when authenticating. Please see above issue, and try again."
;;
*)
logerror "Unspecified error."
cleanup
;;
esac
fi
}
}
get_ticket () {
ticket_number=
loginfo "Enter ticket number: "
loginput "Enter ticket number: "
read -r ticket_number
logresponse "$ticket_number"
if [[ ! $ticket_number =~ ^\s*$ ]];
then
mkdir /mnt/reinstallbackups
mount -t cifs -o user="$netid",sec=krb5i "//reinstallbackups/reinstallbackups" /mnt/reinstallbackups
local ret_value=$(ls /mnt/reinstallbackups | grep -q -E "^$ticket_number" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]];
if [[ ! $offline = "true" ]];
then
logwarn "WARNING: Backup does not exist in //reinstallbackups/reinstallbackups/$ticket_number!"
mkdir -p /mnt/reinstallbackups
if ! mount -t cifs -o user="$netid",sec=krb5i "//reinstallbackups/reinstallbackups" /mnt/reinstallbackups
then
logwarn "Failed to mount reinstallbackups, cannot check ticket status."
else
if ! ls /mnt/reinstallbackups | grep -q -E "^$ticket_number"
then
logwarn "Backup does not exist in //reinstallbackups/reinstallbackups/$ticket_number!"
fi
umount /mnt/reinstallbackups
fi
fi
umount "/mnt/reinstallbackups"
#rmdir "/mnt/reinstallbackups"
else
ticket_number="UNKNWN"
logwarn "Starting with no ticket number specified."
@@ -127,39 +141,36 @@ get_ticket () {
}
mount_remote () {
mkdir /mnt/decs
{
mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs
dirname=
if [[ ! $ticket_number =~ ^\s*$ ]];
then
dirname="UNKNWN-$start_time"
mkdir -p /mnt/decs
if mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs
then
if ! mkdir -p /mnt/decs/"$ticket_number"; then
logerror "Insufficient permissions to write in //decs/decs/support/dban_logs"
exit
else
dirname="$ticket_number"
logdir=/mnt/decs/"$ticket_number"
cp "$log" "$logdir"/log_"$ticket_number"_"$start_time".log
cp "$log_x" "$logdir"/log_x_"$ticket_number"_"$start_time".log
log="$logdir"/log_"$ticket_number"_"$start_time".log
log_x="$logdir"/log_x_"$ticket_number"_"$start_time".log
exec 1>>"$log_x" 2>&1
set -x
fi
if [ ! -e "/mnt/decs/$dirname" ];
then
mkdir "/mnt/decs/$dirname"
fi
mv "$log" "/mnt/decs/$dirname/log_$ticket_number\_$start_time"
mv "$log_x" "/mnt/decs/$dirname/log_$ticket_number\_$start_time"
log="/mnt/decs/$dirname/log_$ticket_number\_$start_time"
log_x="/mnt/decs/$dirname/log_$ticket_number\_$start_time"
rm "/tmp/log_$start_time"
rm "/tmp/log_x_$start_time"
} || {
else
logerror "Failed to mount remote DECS drive. Stopping"
cleanup
}
exit
fi
}
get_eraselevel () {
eraselevel=
loginfo "What level of erase are you performing on the drive? (0 = baseline, 1 = secure erase, 2 = decommission):"
loginput "What level of erase are you performing on the drive? (0 = baseline, 1 = secure erase, 2 = decommission):"
loginfo "Type 'help' for an explanation of each level."
read -r eraselevel
logresponse "$eraselevel"
while [[ ! $eraselevel = "0" ]] && [[ ! $eraselevel = "1" ]] && [[ ! $eraselevel = "2" ]];
do
echo "$eraselevel"
if [[ $eraselevel = "help" ]];
then
loginfo "Level 0 / Baseline: clears the partitions of the drive. Data can still be recovered but this is the optimal level for simple reuse."
@@ -169,14 +180,16 @@ get_eraselevel () {
logwarn "Invalid level, correct values can be 0, 1, or 2"
fi
read -r eraselevel
logresponse "$eraselevel"
done
}
get_devicetype () {
devicetype=
loginfo "What is the device type? (0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA):"
loginput "What is the device type? (0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA):"
loginfo "Type 'help' for an explanation of each type."
read -r devicetype
logresponse "$devicetype"
while [[ ! $devicetype = "0" ]] && [[ ! $devicetype = "1" ]] && [[ ! $devicetype = "2" ]];
do
if [[ $devicetype = "help" ]];
@@ -188,6 +201,7 @@ get_devicetype () {
logwarn "Invalid type, correct values can be 0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA."
fi
read -r devicetype
logresponse "$devicetype"
done
case $devicetype in
"0")
@@ -204,72 +218,89 @@ get_devicetype () {
*)
logerror "Unspecified error when getting device."
cleanup
exit
;;
esac
}
get_device () {
device=
pcie_enable
loginfo "loginfoing current attached devices..."
echo "- - -" | sudo tee /sys/class/scsi_host/host*/scan >/dev/null
loginfo "Listing current attached devices..."
loginfo ""
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
loginfo "$(lsblk | grep -E '^NAME|^sd')"
echo 1 | sudo tee /sys/class/block/sd?/device/rescan >/dev/null
loginfo "$(lsblk -o NAME,SIZE,MODEL,VENDOR,ROTA | grep -E '^NAME|sd[a-z]')"
elif [[ $devicetype = "SSD_NVME" ]];
then
loginfo "$(lsblk | grep -E '^NAME|^nvme')"
pcie_enable
echo 1 | sudo tee /sys/class/block/nvme?/device/rescan >/dev/null
loginfo "$(lsblk -o NAME,SIZE,MODEL,VENDOR,ROTA | grep -E '^NAME|nvme[0-9]')"
fi
loginfo ""
loginfo "Which is the device from this list? (Type 'help' for help.)"
loginput "Which is the device from this list? (Type 'help' for help.)"
while [[ $device =~ ^\s*$ ]];
do
verify_device
done
}
verify_device (){
read -r device
while [[ ! $device =~ ^sd[a-z]$ ]] && [[ ! $device =~ ^nvme0n[0-9]$ ]];
do
if [[ $device = "help" ]];
read -r device
logresponse "$device"
while [[ ! $device =~ ^sd[a-z]$ ]] && [[ ! $device =~ ^nvme0n[0-9]$ ]];
do
if [[ $device = "help" ]];
then
loginfo "The UNIX filesystem thinks of storage devices as directories, which are under /dev/"
loginfo "If you have a SATA connection, you will be looking for sd{a-z}."
loginfo "If you have a NVME connection, you will be looking for nvme0n{0-9}."
else
logwarn "Invalid format, device should follow naming conventions. (i.e. sd{a-z}, nvme0n{0-9})"
fi
read -r device
logresponse "$device"
done
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
loginfo "The UNIX filesystem thinks of storage devices as directories, which are under /dev/"
loginfo "If you have a SATA connection, you will be looking for sd{a-z}."
loginfo "If you have a NVME connection, you will be looking for nvme0n{0-9}."
if [[ $device =~ ^nvme0n[0-9]$ ]];
then
logwarn "Device was specified to be a SATA HDD or SSD, but a NVME device was chosen."
device=
fi
elif [[ $devicetype = "SSD_NVME" ]];
then
if [[ $device =~ ^sd[a-z]$ ]];
then
logwarn "Device was specified to be a NVME SSD, but a SATA device was chosen. Please ensure the device is plugged into the motherboard via PCIe slot and not SATA."
device=
fi
fi
if [ -e /dev/"$device" ];
then
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
if [[ $devicetype = "HDD_SATA" ]] && [[ $(cat /sys/block/"$device"/queue/rotational) = "0" ]];
then
logwarn "Device was specified to be a SATA HDD, but a SATA SSD device was chosen."
device=
elif [[ $devicetype = "SSD_SATA" ]] && [[ $(cat /sys/block/"$device"/queue/rotational) = "1" ]];
then
logwarn "Device was specified to be a SATA SSD, but a SATA HDD device was chosen."
device=
else
loginfo "Picking device /dev/$device."
fi
fi
else
logwarn "Invalid format, device should follow naming conventions. (i.e. sd{a-z}, nvme0n{0-9})"
logwarn "/dev/$device does not exist, please ensure you are typing the device name correctly."
device=
fi
read -r device
done
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
if [[ $device =~ ^nvme0n[0-9]$ ]];
then
logwarn "Device was specified to be a SATA HDD or SSD, but a NVME device was chosen."
device=
fi
elif [[ $devicetype = "SSD_NVME" ]];
then
if [[ $device =~ ^sd[a-z]$ ]];
then
logwarn "Device was specified to be a NVME SSD, but a SATA device was chosen. Please ensure the device is plugged into the motherboard via PCIe slot and not SATA."
device=
fi
fi
if [ -e "/dev/$device" ]; then
loginfo "Picking device /dev/$device."
else
logwarn "/dev/$device does not exist, please ensure you are typing the device name correctly."
device=
fi
}
make_infolog () {
infolog="/mnt/decs/$dirname/info_$ticket_number\_$start_time"
loginfo "Reading drive to create a log."
infolog="$logdir"/info_"$ticket_number"_"$start_time".log
{
echo "DETAILS"
echo "Start Time: $start_time"
@@ -281,49 +312,165 @@ make_infolog () {
echo "Erase Level: $eraselevel"
echo ""
echo "DEVICE DETAILS"
lsblk -O | grep "NAME\|$device"
lsblk -o NAME,LABEL,PARTLABEL,FSTYPE,SIZE,MODEL,VENDOR,UUID,SERIAL | grep "NAME\|$device"
echo ""
sudo smartctl -i /dev/nvme0n1
smartctl -i -A /dev/"$device"
echo ""
echo "PARTITION DETAILS"
echo "Count: $(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")"
} >> "$infolog"
while [ -e "/mnt/wintmnt" ];
do
Sleep 5
done
mkdir "/mnt/winmnt"
local ret_value=$(mount -t ntfs "/dev/$device" /mnt/winmt &> /dev/null; echo $?)
if [[ $ret_value = "0" ]]
if [[ ! "$(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")" = 0 ]];
then
mount -t ntfs "/dev/$device" /mnt/winmt
local ret_value2=$(find /mnt/winmnt/ -ipath "*System32/config" -not -ipath "*Windows.old*" &> /dev/null; echo $?)
if [[ $ret_value2 = "0" ]]
then
winpath=$(find /mnt/winmnt/ -ipath "*System32/config" -not -ipath "*Windows.old*")
{
echo "WINDOWS DETAILS"
echo ""
echo "HOSTNAME"
hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SYSTEM" '\Microsoft\Windows\ControlSet001\Control\ComputerName\ComputerName'
echo ""
echo "DOMAIN"
hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SYSTEM" '\Microsoft\Windows\ControlSet001\Services\Tcpip\Parameters'
echo ""
echo "LOGON DETAILS"
hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SOFTWARE" '\Microsoft\Windows\CurrentVersion\Authentication\LogonUI'
echo ""
hivexregedit --export --unsafe-printable-strings --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE "$winpath/SOFTWARE" '\Microsoft\Windows NT\CurrentVersion\ProfileList'
echo ""
ls "$(find /mnt/winmnt/ -type d -ipath "*Windows/Users")"
echo ""
} >> "$infolog"
fi
local fstype=
for i in $(seq 1 "$(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")");
do
fstype=$(lsblk -n -o FSTYPE /dev/"$device""$i")
loginfo "Reading $device$i : $fstype."
echo "" >> "$infolog"
echo "$device$i : $fstype" >> "$infolog"
case $fstype in
"ext4"|"ext3"|"ext2"|"xfs"|"btrfs")
mkdir -p /mnt/"$ticket_number"
if mount -t "$fstype" /dev/"$device""$i" /mnt/"$ticket_number"
then
if find /mnt/"$ticket_number" -maxdepth 3 -ipath "*/etc/os-release" | grep "."
then
loginfo "Linux install detected on $device$i."
echo "Linux install detected on $device$i." >> "$infolog"
echo "" >> "$infolog"
{
echo "LINUX DETAILS"
cat "$(find /mnt/"$ticket_number" -maxdepth 3 -ipath "*/etc/os-release")"
echo "Hostname: $(cat "$(find /mnt/"$ticket_number" -maxdepth 3 -ipath "*/etc/hostname")")"
cat "$(find /mnt/"$ticket_number" -maxdepth 3 -ipath "*/etc/passwd")" | grep -E '.+:x:[0-9]{4,}:[0-9]{4,}:.+,,,.*' | sed -E 's/.+:x:[0-9]{4,}:[0-9]{4,}:(.+),,,.*/User: \1/'
echo ""
tree -r -a -t -L 1 -D "$(find /mnt/"$ticket_number" -maxdepth 3 -type d -ipath "*/home")"
echo ""
} >> "$infolog"
else
echo "Non Linux Unix partition detected on $device$i." >> "$infolog"
loginfo "Non Linux Unix partition detected on $device$i."
tree -a -L 2 -D /mnt/"$ticket_number" >> "$infolog"
fi
umount /mnt/"$ticket_number"
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
"zfs")
echo "zfs filesystem detected, this cannot be mounted." >> "$infolog"
logwarn "zfs filesystem detected on $device$i, this cannot be mounted."
;;
"ntfs")
mkdir -p /tmp/"$ticket_number"
mkdir -p /mnt/"$ticket_number"
if mount -t "$fstype" /dev/"$device""$i" /mnt/"$ticket_number"
then
if find /mnt/"$ticket_number" -maxdepth 3 -ipath "*System32/config" -not -ipath "*Windows.old*" | grep "."
then
winpath=$(find /mnt/"$ticket_number" -maxdepth 3 -ipath "*System32/config" -not -ipath "*Windows.old*")
loginfo "Windows install detected on $device$i."
echo "Windows install detected on $device$i." >> "$infolog"
echo "" >> "$infolog"
winsoftwarepath=$(find "$winpath" -maxdepth 2 -ipath "*System32/config/SOFTWARE" -not -ipath "*Windows.old*")
winsystempath=$(find "$winpath" -maxdepth 2 -ipath "*System32/config/SYSTEM" -not -ipath "*Windows.old*")
cp "$winsoftwarepath" /tmp/"$ticket_number"/SOFTWARE
cp "$winsystempath" /tmp/"$ticket_number"/SYSTEM
CurrentVersion=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/"$ticket_number"/SOFTWARE '\Microsoft\Windows NT\CurrentVersion')
ComputerName=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/"$ticket_number"/SYSTEM '\ControlSet001\Control\ComputerName\ComputerName')
Parameters=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/"$ticket_number"/SYSTEM '\ControlSet001\Services\Tcpip\Parameters')
LogonUI=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/"$ticket_number"/SOFTWARE '\Microsoft\Windows\CurrentVersion\Authentication\LogonUI')
ProfileList=$(hivexregedit --export --unsafe-printable-strings --max-depth 2 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/"$ticket_number"/SOFTWARE '\Microsoft\Windows NT\CurrentVersion\ProfileList')
{
echo "WINDOWS DETAILS"
echo ""
echo "$ComputerName" | grep -E '"ComputerName"=str\(1\):".+"' | sed -E 's/"ComputerName"=str\(1\):"(.+)"/Host Name: \1/'
echo "$CurrentVersion" | grep -E '"DisplayVersion"=str\(1\):".+"' | sed -E 's/"DisplayVersion"=str\(1\):"(.+)"/Windows Version: \1/'
echo "$CurrentVersion" | grep -E '"CurrentBuild"=str\(1\):".+"' | sed -E 's/"CurrentBuild"=str\(1\):"(.+)"/Current Build: \1/'
echo "$CurrentVersion" | grep -E '"EditionID"=str\(1\):".+"' | sed -E 's/"EditionID"=str\(1\):"(.+)"/Windows Edition: \1/'
echo "$CurrentVersion" | grep -E '"ProductName"=str\(1\):".+"' | sed -E 's/"ProductName"=str\(1\):"(.+)"/Product Name: \1/'
echo "$CurrentVersion" | grep -E '"RegisteredOrganization"=str\(1\):".+"' | sed -E 's/"RegisteredOrganization"=str\(1\):"(.+)"/Registered Organization: \1/'
echo "$CurrentVersion" | grep -E '"RegisteredOwner"=str\(1\):".+"' | sed -E 's/"RegisteredOwner"=str\(1\):"(.+)"/Registered Owner: \1/'
echo "$Parameters" | grep -E '"Domain"=str\(1\):".+"' | sed -E 's/"Domain"=str\(1\):"(.+)"/Domain: \1/'
echo "$LogonUI" | grep -E '"LastLoggedOnUser"=str\(1\):".+"' | sed -E 's/"LastLoggedOnUser"=str\(1\):"(.+)"/Last Logged On User: \1/'
echo "$LogonUI" | grep -E '"LastLoggedOnDisplayName"=str\(1\):".+"' | sed -E 's/"LastLoggedOnDisplayName"=str\(1\):"(.+)"/Last Logged On User: \1/'
echo "$ProfileList" | grep -E '"ProfileImagePath"=str\(2\):".+"' | sed -E 's/"ProfileImagePath"=str\(2\):"(.+)"/User: \1/'
echo ""
if find /mnt/UNKNWN -maxdepth 2 -type d -ipath "*/Users" -not -ipath "*Windows.old*" | grep "."
then
tree -r -a -t -L 1 -D "$(find /mnt/UNKNWN/ -maxdepth 2 -type d -ipath "*/Users" -not -ipath "*Windows.old*" | head -1)"
fi
if find /mnt/UNKNWN -maxdepth 2 -type d -ipath "*/Documents and Settings" -not -ipath "*Windows.old*" | grep "."
then
tree -r -a -t -L 1 -D "$(find /mnt/UNKNWN/ -maxdepth 2 -type d -ipath "*/Documents and Settings" -not -ipath "*Windows.old*" | head -1)"
fi
echo ""
} >> "$infolog"
rm /tmp/"$ticket_number"/SOFTWARE
rm /tmp/"$ticket_number"/SYSTEM
else
loginfo "Non Windows NTFS partition detected on $device$i."
echo "Non Windows NTFS partition detected on $device$i." >> "$infolog"
tree -a -L 2 -D /mnt/"$ticket_number" >> "$infolog"
fi
umount /mnt/"$ticket_number"
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
"apfs")
mkdir -p /mnt/"$ticket_number"
loginfo "Apple install detected on $device$i."
echo "Apple install detected on $device$i." >> "$infolog"
if mount -t "$fstype" /dev/"$device""$i" /mnt/"$ticket_number"
then
echo "¯\_(ツ)_/¯" >> "$infolog"
tree -a -L 1 -D /mnt/"$ticket_number"/Users >> "$infolog"
umount /mnt/"$ticket_number"
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
"vfat"|"fat32")
loginfo "Boot/Recovery partition detected."
echo "Boot/Recovery partition detected." >> "$infolog"
mkdir -p /mnt/"$ticket_number"
if mount -t "$fstype" /dev/"$device""$i" /mnt/"$ticket_number"
then
tree -a -R -D /mnt/"$ticket_number" >> "$infolog"
umount /mnt/"$ticket_number"
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
*)
logwarn "Unknown partition type '$fstype'."
echo "Unknown partition type '$fstype'." >> "$infolog"
;;
esac
done
else
logerror "Failed to mount local Windows directory."
cleanup
logwarn "No partitions detected, device is likely empty."
fi
echo "END OF LOG" >> "$infolog"
if [[ $print = "true" ]];
then
echo "" >&3
cat "$infolog" >&3
echo "" >&3
fi
}
erase_device_lv0 () {
@@ -361,9 +508,9 @@ erase_device_lv0 () {
logerror "Unspecified error."
;;
esac
cleanup
exit
else
loginfo "Partition tables wiped. Device is readry for reuse."
loginfo "Partition tables wiped. Device is ready for reuse."
fi
}
@@ -388,7 +535,7 @@ erase_device_lv1 () {
logerror "Unspecified error while nwiping disk."
;;
esac
cleanup
exit
else
loginfo "Finished wiping data with nwipe."
fi
@@ -421,7 +568,7 @@ erase_device_lv1 () {
then
hdparm_check_error "$ret_value2"
logerror "Failed to Secure Erase. Please contact your supervisor."
cleanup
exit
else
loginfo "Secure Erase success."
fi
@@ -434,7 +581,6 @@ erase_device_lv1 () {
loginfo "Running nvme_cli format on $devicetype : $device."
#Erase using nvme cli to send secure erase command to drop the crypto stuff.
local ret_value=$(nvme format --force -r -s 2 /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]]
then
logwarn "Failed to cryptographically erase drive, blanket erasing instead."
@@ -444,7 +590,7 @@ erase_device_lv1 () {
if [[ ! $ret_value = "0" ]]
then
logerror "Failed to cryptographically erase or blanket erase. Please contact your supervisor."
cleanup
exit
else
loginfo "Blanket erased drive."
fi
@@ -453,7 +599,7 @@ erase_device_lv1 () {
fi
else
logerror "There was an issue with the device type: $devicetype. Ensure you typed the drive name correctly."
cleanup
exit
fi
}
@@ -463,7 +609,6 @@ erase_device_lv2 () {
loginfo "This may take a while!"
local ret_value=$(nwipe -m dod --autonuke --nogui /dev/"$device" &> /dev/null; echo $?)
if [[ ! $ret_value = "0" ]]
then
case $ret_value in
@@ -475,7 +620,7 @@ erase_device_lv2 () {
logerror "Unspecified error while nwiping disk."
;;
esac
cleanup
exit
else
loginfo "Finished wiping data with nwipe."
loginfo "Please put device in decommission bin in the hardware room."
@@ -518,25 +663,38 @@ pcie_enable (){
}
#Remove the PCIe NVMe readrer
# shellcheck disable=SC2329
pcie_disable (){
echo 1 > /sys/bus/pci/devices/0000:02:00.0/remove
echo 1 > /sys/bus/pci/devices/0000:03:00.0/remove
loginfo "Disabled PCIe card."
}
main (){
get_netid
get_ticket
mount_remote
if [[ ! $offline = "true" ]];
then
get_netid
loginfo ""
fi
loginfo "By running this script, you are confirming that it has been two weeks past the date written on the slip attached to the storage device. DO NOT erase the device before two weeks have passed."
confirm_message "Please type 'confirm' to acknowledge you have read this and that it has been two weeks." "confirm"
get_ticket
loginfo ""
if [[ ! $offline = "true" ]];
then
mount_remote
loginfo ""
fi
get_eraselevel #sets $eraselevel to 0-2 based on how to erase. Higher levels include lower levels.
loginfo ""
get_devicetype #sets $devicetype to HDD_SATA/SSD_SATA/SSD_NVME
loginfo ""
get_device #sets $device to one of the /dev/xyz devices.
loginfo ""
make_infolog #Logs a bunch of details to a info log file from the system.
loginfo ""
loginfo "Starting process for erasing $devicetype : $device with erase level $eraselevel."
@@ -547,8 +705,9 @@ main (){
else
confirm_message "Please type 'confirm' to begin." "confirm"
fi
loginfo ""
case $eraselevel in
"0")
erase_device_lv0 #Wipe partition
@@ -567,13 +726,13 @@ main (){
*)
logerror "Invalid Erase Level"
cleanup
exit
;;
esac
sleep 3
loginfo ""
loginfo "Finished erasing $devicetype : $device with erase level $eraselevel."
loginfo ""
cleanup
}
log_drive_info.sh
+443
View File
@@ -0,0 +1,443 @@
#!/bin/bash
#!/usr/bin/env bash
start_time="$(date '+%Y-%m-%d_%H.%M.%S')"
logdir=/tmp
log="$logdir"/log_"$start_time".log
log_x="$logdir"/log_x_"$start_time".log
exec 3>&1 1>>"$log_x" 2>&1
set -x
logtofile="false"
while getopts ":l" opt; do
case ${opt} in
l ) logtofile="true" ;;
\? ) echo "Invalid option: -$OPTARG" ;;
: ) echo "Option -$OPTARG requires an argument." ;;
esac
done
loginput() {
echo "$*" >&3;
echo "[INPUT] $(date '+%H:%M:%S') $*" >> "$log";
}
logresponse() {
echo "[RESPONSE] $(date '+%H:%M:%S') $*" >> "$log";
}
loginfo() {
echo "$*" >&3;
echo "[INFO] $(date '+%H:%M:%S') $*" >> "$log";
}
logwarn() {
echo "$*" >&3;
echo "[WARNING] $(date '+%H:%M:%S') $*" >> "$log";
}
logerror() {
echo "$*" >&3;
echo "[ERROR] $(date '+%H:%M:%S') $*" >> "$log";
}
# shellcheck disable=SC2329
catch_sigint () {
logwarn "Signal Interrupt initiated. Stopping script."
cleanup
kill -INT "$$"
}
# shellcheck disable=SC2329
catch_exit () {
cleanup
kill -INT "$$"
}
# shellcheck disable=SC2329
cleanup () {
loginfo "Cleaning up."
pcie_disable
loginfo "Unmounting drives."
exec 1>/dev/null 2>&1
if [[ $logtofile = "true" ]];
then
umount "/mnt/decs"
fi
umount "/mnt/UNKNWN"
rm /tmp/UNKNWN/SOFTWARE
rm /tmp/UNKNWN/SYSTEM
trap - EXIT
trap - INT
}
trap catch_sigint SIGINT
trap catch_exit EXIT
get_netid () {
netid=
while [[ $netid =~ ^\s*$ ]];
do
loginput "Enter netid: "
read -r netid
logresponse "$netid"
if [[ $netid =~ ^\s*$ ]];
then
logwarn "Your netid cannot be blank."
else
local ret_value=$(kinit "$netid"@EGR.MSU.EDU >&3; echo $?)
if [[ ! $ret_value = "0" ]]
then
kdestroy
netid=
logwarn "Error when authenticating netid $netid."
else
clear
loginfo "Authenticated as user $netid."
fi
fi
done
}
mount_remote () {
mkdir -p /mnt/decs
if mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs
then
if ! mkdir -p /mnt/decs/UNKNWN; then
logerror "Insufficient permissions to write in //decs/decs/support/dban_logs"
exit
else
logdir=/mnt/decs/UNKNWN
cp "$log" "$logdir"/log_UNKNWN_"$start_time".log
cp "$log_x" "$logdir"/log_x_UNKNWN_"$start_time".log
log="$logdir"/log_UNKNWN_"$start_time".log
log_x="$logdir"/log_x_UNKNWN_"$start_time".log
exec 1>>"$log_x" 2>&1
set -x
fi
else
logerror "Failed to mount remote DECS drive. Stopping"
exit
fi
}
get_devicetype () {
devicetype=
loginput "What is the device type? (0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA):"
loginfo "Type 'help' for an explanation of each type."
read -r devicetype
logresponse "$devicetype"
while [[ ! $devicetype = "0" ]] && [[ ! $devicetype = "1" ]] && [[ ! $devicetype = "2" ]];
do
if [[ $devicetype = "help" ]];
then
loginfo "HDD_SATA: Spinning disk platters on a SATA connection. Typically 3.5 in or 2.5 in."
loginfo "SSD_SATA: Solid State drive on a SATA connection. Typically 2.5 in."
loginfo "SSD_NVME: Solid State drive on a M.2 connection. Looks like a small PCB."
else
logwarn "Invalid type, correct values can be 0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA."
fi
read -r devicetype
logresponse "$devicetype"
done
case $devicetype in
"0")
devicetype="HDD_SATA"
;;
"1")
devicetype="SSD_NVME"
;;
"2")
devicetype="SSD_SATA"
;;
*)
logerror "Unspecified error when getting device."
exit
;;
esac
}
get_device () {
device=
echo "- - -" | sudo tee /sys/class/scsi_host/host*/scan >/dev/null
loginfo "Listing current attached devices..."
loginfo ""
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
echo 1 | sudo tee /sys/class/block/sd?/device/rescan >/dev/null
loginfo "$(lsblk -o NAME,SIZE,MODEL,VENDOR,ROTA | grep -E '^NAME|sd[a-z]')"
elif [[ $devicetype = "SSD_NVME" ]];
then
pcie_enable
echo 1 | sudo tee /sys/class/block/nvme?/device/rescan >/dev/null
loginfo "$(lsblk -o NAME,SIZE,MODEL,VENDOR,ROTA | grep -E '^NAME|nvme[0-9]')"
fi
loginfo ""
loginput "Which is the device from this list? (Type 'help' for help.)"
while [[ $device =~ ^\s*$ ]];
do
read -r device
logresponse "$device"
while [[ ! $device =~ ^sd[a-z]$ ]] && [[ ! $device =~ ^nvme0n[0-9]$ ]];
do
if [[ $device = "help" ]];
then
loginfo "The UNIX filesystem thinks of storage devices as directories, which are under /dev/"
loginfo "If you have a SATA connection, you will be looking for sd{a-z}."
loginfo "If you have a NVME connection, you will be looking for nvme0n{0-9}."
else
logwarn "Invalid format, device should follow naming conventions. (i.e. sd{a-z}, nvme0n{0-9})"
fi
read -r device
logresponse "$device"
done
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
if [[ $device =~ ^nvme0n[0-9]$ ]];
then
logwarn "Device was specified to be a SATA HDD or SSD, but a NVME device was chosen."
device=
fi
elif [[ $devicetype = "SSD_NVME" ]];
then
if [[ $device =~ ^sd[a-z]$ ]];
then
logwarn "Device was specified to be a NVME SSD, but a SATA device was chosen. Please ensure the device is plugged into the motherboard via PCIe slot and not SATA."
device=
fi
fi
if [ -e /dev/"$device" ];
then
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
then
if [[ $devicetype = "HDD_SATA" ]] && [[ $(cat /sys/block/"$device"/queue/rotational) = "0" ]];
then
logwarn "Device was specified to be a SATA HDD, but a SATA SSD device was chosen."
device=
elif [[ $devicetype = "SSD_SATA" ]] && [[ $(cat /sys/block/"$device"/queue/rotational) = "1" ]];
then
logwarn "Device was specified to be a SATA SSD, but a SATA HDD device was chosen."
device=
else
loginfo "Picking device /dev/$device."
fi
fi
else
logwarn "/dev/$device does not exist, please ensure you are typing the device name correctly."
device=
fi
done
}
make_infolog () {
loginfo "Reading drive to create a log."
infolog="$logdir"/info_UNKNWN_"$start_time".log
{
echo "DETAILS"
echo "Start Time: $start_time"
echo "NetID: $netid"
echo "Type/Device: $devicetype : $device"
echo ""
echo "DEVICE DETAILS"
lsblk -o NAME,LABEL,PARTLABEL,FSTYPE,SIZE,MODEL,VENDOR,UUID,SERIAL | grep "NAME\|$device"
echo ""
smartctl -i -A /dev/"$device"
echo ""
echo "PARTITION DETAILS"
echo "Count: $(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")"
} >> "$infolog"
if [[ ! "$(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")" = 0 ]];
then
local fstype=
for i in $(seq 1 "$(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")");
do
fstype=$(lsblk -n -o FSTYPE /dev/"$device""$i")
loginfo "Reading $device$i : $fstype."
echo "" >> "$infolog"
echo "$device$i : $fstype" >> "$infolog"
case $fstype in
"ext4"|"ext3"|"ext2"|"xfs"|"btrfs")
mkdir -p /mnt/UNKNWN
if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN
then
if find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/os-release" | grep "."
then
loginfo "Linux install detected on $device$i."
echo "Linux install detected on $device$i." >> "$infolog"
echo "" >> "$infolog"
{
echo "LINUX DETAILS"
cat "$(find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/os-release")"
echo "Hostname: $(cat "$(find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/hostname")")"
cat "$(find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/passwd")" | grep -E '.+:x:[0-9]{4,}:[0-9]{4,}:.+,,,.*' | sed -E 's/.+:x:[0-9]{4,}:[0-9]{4,}:(.+),,,.*/User: \1/'
echo ""
tree -r -a -t -L 1 -D "$(find /mnt/UNKNWN -maxdepth 3 -type d -ipath "*/home")"
echo ""
} >> "$infolog"
else
echo "Non Linux Unix partition detected on $device$i." >> "$infolog"
loginfo "Non Linux Unix partition detected on $device$i."
tree -a -L 2 -D /mnt/UNKNWN/ >> "$infolog"
fi
umount /mnt/UNKNWN
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
"zfs")
echo "zfs filesystem detected, this cannot be mounted." >> "$infolog"
logwarn "zfs filesystem detected on $device$i, this cannot be mounted."
;;
"ntfs")
mkdir -p /tmp/UNKNWN
mkdir -p /mnt/UNKNWN
if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN
then
if find /mnt/UNKNWN -maxdepth 3 -ipath "*System32/config" -not -ipath "*Windows.old*" | grep "."
then
winpath=$(find /mnt/UNKNWN -maxdepth 3 -ipath "*System32/config" -not -ipath "*Windows.old*")
loginfo "Windows install detected on $device$i."
echo "Windows install detected on $device$i." >> "$infolog"
echo "" >> "$infolog"
winsoftwarepath=$(find "$winpath" -maxdepth 2 -ipath "*System32/config/SOFTWARE" -not -ipath "*Windows.old*")
winsystempath=$(find "$winpath" -maxdepth 2 -ipath "*System32/config/SYSTEM" -not -ipath "*Windows.old*")
cp "$winsoftwarepath" /tmp/UNKNWN/SOFTWARE
cp "$winsystempath" /tmp/UNKNWN/SYSTEM
CurrentVersion=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows NT\CurrentVersion')
ComputerName=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/UNKNWN/SYSTEM '\ControlSet001\Control\ComputerName\ComputerName')
Parameters=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/UNKNWN/SYSTEM '\ControlSet001\Services\Tcpip\Parameters')
LogonUI=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows\CurrentVersion\Authentication\LogonUI')
ProfileList=$(hivexregedit --export --unsafe-printable-strings --max-depth 2 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows NT\CurrentVersion\ProfileList')
{
echo "WINDOWS DETAILS"
echo ""
echo "$ComputerName" | grep -E '"ComputerName"=str\(1\):".+"' | sed -E 's/"ComputerName"=str\(1\):"(.+)"/Host Name: \1/'
echo "$CurrentVersion" | grep -E '"DisplayVersion"=str\(1\):".+"' | sed -E 's/"DisplayVersion"=str\(1\):"(.+)"/Windows Version: \1/'
echo "$CurrentVersion" | grep -E '"CurrentBuild"=str\(1\):".+"' | sed -E 's/"CurrentBuild"=str\(1\):"(.+)"/Current Build: \1/'
echo "$CurrentVersion" | grep -E '"EditionID"=str\(1\):".+"' | sed -E 's/"EditionID"=str\(1\):"(.+)"/Windows Edition: \1/'
echo "$CurrentVersion" | grep -E '"ProductName"=str\(1\):".+"' | sed -E 's/"ProductName"=str\(1\):"(.+)"/Product Name: \1/'
echo "$CurrentVersion" | grep -E '"RegisteredOrganization"=str\(1\):".+"' | sed -E 's/"RegisteredOrganization"=str\(1\):"(.+)"/Registered Organization: \1/'
echo "$CurrentVersion" | grep -E '"RegisteredOwner"=str\(1\):".+"' | sed -E 's/"RegisteredOwner"=str\(1\):"(.+)"/Registered Owner: \1/'
echo "$Parameters" | grep -E '"Domain"=str\(1\):".+"' | sed -E 's/"Domain"=str\(1\):"(.+)"/Domain: \1/'
echo "$LogonUI" | grep -E '"LastLoggedOnUser"=str\(1\):".+"' | sed -E 's/"LastLoggedOnUser"=str\(1\):"(.+)"/Last Logged On User: \1/'
echo "$LogonUI" | grep -E '"LastLoggedOnDisplayName"=str\(1\):".+"' | sed -E 's/"LastLoggedOnDisplayName"=str\(1\):"(.+)"/Last Logged On User: \1/'
echo "$ProfileList" | grep -E '"ProfileImagePath"=str\(2\):".+"' | sed -E 's/"ProfileImagePath"=str\(2\):"(.+)"/User: \1/'
echo ""
if find /mnt/UNKNWN -maxdepth 2 -type d -ipath "*/Users" -not -ipath "*Windows.old*" | grep "."
then
tree -r -a -t -L 1 -D "$(find /mnt/UNKNWN/ -maxdepth 2 -type d -ipath "*/Users" -not -ipath "*Windows.old*" | head -1)"
fi
if find /mnt/UNKNWN -maxdepth 2 -type d -ipath "*/Documents and Settings" -not -ipath "*Windows.old*" | grep "."
then
tree -r -a -t -L 1 -D "$(find /mnt/UNKNWN/ -maxdepth 2 -type d -ipath "*/Documents and Settings" -not -ipath "*Windows.old*" | head -1)"
fi
echo ""
} >> "$infolog"
rm /tmp/UNKNWN/SOFTWARE
rm /tmp/UNKNWN/SYSTEM
else
loginfo "Non Windows NTFS partition detected on $device$i."
echo "Non Windows NTFS partition detected on $device$i." >> "$infolog"
tree -a -L 2 -D /mnt/UNKNWN/ >> "$infolog"
fi
umount /mnt/UNKNWN
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
"apfs")
mkdir -p /mnt/UNKNWN
loginfo "Apple install detected on $device$i."
echo "Apple install detected on $device$i." >> "$infolog"
if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN
then
echo "¯\_(ツ)_/¯" >> "$infolog"
tree -a -L 1 -D /mnt/UNKNWN/Users >> "$infolog"
umount /mnt/UNKNWN
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
"vfat"|"fat32")
loginfo "Boot/Recovery partition detected."
echo "Boot/Recovery partition detected." >> "$infolog"
mkdir -p /mnt/UNKNWN
if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN
then
tree -a -R -D /mnt/UNKNWN >> "$infolog"
umount /mnt/UNKNWN
else
echo "Failed to mount $device$i." >> "$infolog"
logwarn "There was an issue mounting $device$i."
fi
;;
*)
logwarn "Unknown partition type '$fstype'."
echo "Unknown partition type '$fstype'." >> "$infolog"
;;
esac
done
else
logwarn "No partitions detected, device is likely empty."
fi
echo "END OF LOG" >> "$infolog"
if [[ ! $logtofile = "true" ]]
then
echo "" >&3
cat "$infolog" >&3
echo "" >&3
fi
}
#Rescan for PCIe devices
pcie_enable (){
echo 1 > /sys/bus/pci/rescan
loginfo "Enabled PCIe card, sleeping for 5 seconds."
sleep 5
}
#Remove the PCIe NVMe readrer
# shellcheck disable=SC2329
pcie_disable (){
echo 1 > /sys/bus/pci/devices/0000:02:00.0/remove
echo 1 > /sys/bus/pci/devices/0000:03:00.0/remove
loginfo "Disabled PCIe card."
}
main (){
if [[ $logtofile = "true" ]];
then
get_netid
mount_remote
loginfo ""
fi
get_devicetype #sets $devicetype to HDD_SATA/SSD_SATA/SSD_NVME
loginfo ""
get_device #sets $device to one of the /dev/xyz devices.
loginfo ""
make_infolog #Logs a bunch of details to a info log file from the system.
loginfo ""
loginfo "Finished gathering logs of $devicetype : $device."
cleanup
}
main
test_network_drive.sh
+7 -10
View File
@@ -2,21 +2,18 @@
#!/usr/bin/env bash
netid=
loginfo "Enter netid: "
echo "Enter netid: "
read -r netid
while [[ $netid =~ ^\s*$ ]];
do
logwarn "Your netid cannot be blank."
loginfo "Enter netid: "
echo "Your netid cannot be blank."
echo "Enter netid: "
done
ret_value=$(kinit "$1" &> /dev/null; echo $?)
while [[ ! ${kinit "$1" &> /dev/null; echo $?} = "0" ]]
do
logwarn "Error when authenticating. Please see above issue, and try again."
ret_value=$(kinit "$1" &> /dev/null; echo $?)
done
if ! kinit "$netid"@EGR.MSU.MSU
then
exit
fi
mkdir /mnt/decs
mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs
echo "test" > "/mnt/decs/test.txt"