#!/bin/bash #!/usr/bin/env bash start_time="$(date '+%Y-%m-%d_%H.%M.%S')" logdir=/tmp log="$logdir"/log_"$start_time".log log_x="$logdir"/log_x_"$start_time".log exec 3>&1 1>>"$log_x" 2>&1 set -x logtofile="false" while getopts ":l" opt; do case ${opt} in l ) logtofile="true" ;; \? ) echo "Invalid option: -$OPTARG" ;; : ) echo "Option -$OPTARG requires an argument." ;; esac done loginput() { echo "$*" >&3; echo "[INPUT] $(date '+%H:%M:%S') $*" >> "$log"; } logresponse() { echo "[RESPONSE] $(date '+%H:%M:%S') $*" >> "$log"; } loginfo() { echo "$*" >&3; echo "[INFO] $(date '+%H:%M:%S') $*" >> "$log"; } logwarn() { echo "$*" >&3; echo "[WARNING] $(date '+%H:%M:%S') $*" >> "$log"; } logerror() { echo "$*" >&3; echo "[ERROR] $(date '+%H:%M:%S') $*" >> "$log"; } # shellcheck disable=SC2329 catch_sigint () { logwarn "Signal Interrupt initiated. Stopping script." cleanup trap - INT kill -INT "$$" } # shellcheck disable=SC2329 catch_exit () { cleanup trap - EXIT trap - INT kill -INT "$$" } # shellcheck disable=SC2329 cleanup () { loginfo "Cleaning up." pcie_disable loginfo "Unmounting drives." exec 1>/dev/null 2>&1 if [[ $logtofile = "true" ]]; then umount "/mnt/decs" fi umount "/mnt/UNKNWN" } trap catch_sigint SIGINT trap catch_exit EXIT get_netid () { netid= while [[ $netid =~ ^\s*$ ]]; do loginput "Enter netid: " read -r netid logresponse "$netid" if [[ $netid =~ ^\s*$ ]]; then logwarn "Your netid cannot be blank." loginfo "Enter netid: " else local ret_value=$(kinit "$netid"@EGR.MSU.EDU >&3; echo $?) if [[ ! $ret_value = "0" ]] then kdestroy netid= logwarn "Error when authenticating netid $netid." else clear loginfo "Authenticated as user $netid." fi fi done } mount_remote () { mkdir -p /mnt/decs if mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs then logdir=/mnt/decs/UNKNWN-"$start_time" mkdir -p "$logdir" cp "$log" "$logdir"/log_UNKNWN_"$start_time".log cp "$log_x" "$logdir"/log_x_UNKNWN_"$start_time".log log="$logdir"/log_UNKNWN_"$start_time".log log_x="$logdir"/log_x_UNKNWN_"$start_time".log exec 1>>"$log_x" 2>&1 set -x else logerror "Failed to mount remote DECS drive. Stopping" exit fi } get_devicetype () { devicetype= loginput "What is the device type? (0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA):" loginfo "Type 'help' for an explanation of each type." read -r devicetype logresponse "$devicetype" while [[ ! $devicetype = "0" ]] && [[ ! $devicetype = "1" ]] && [[ ! $devicetype = "2" ]]; do if [[ $devicetype = "help" ]]; then loginfo "HDD_SATA: Spinning disk platters on a SATA connection. Typically 3.5 in or 2.5 in." loginfo "SSD_SATA: Solid State drive on a SATA connection. Typically 2.5 in." loginfo "SSD_NVME: Solid State drive on a M.2 connection. Looks like a small PCB." else logwarn "Invalid type, correct values can be 0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA." fi read -r devicetype logresponse "$devicetype" done case $devicetype in "0") devicetype="HDD_SATA" ;; "1") devicetype="SSD_NVME" ;; "2") devicetype="SSD_SATA" ;; *) logerror "Unspecified error when getting device." exit ;; esac } get_device () { device= loginfo "Listing current attached devices..." loginfo "" if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]]; then loginfo "$(lsblk -o NAME,SIZE,MODEL,VENDOR,ROTA | grep -E '^NAME|sd[a-z]')" elif [[ $devicetype = "SSD_NVME" ]]; then pcie_enable loginfo "$(lsblk -o NAME,SIZE,MODEL,VENDOR,ROTA | grep -E '^NAME|nvme[0-9]')" fi loginfo "" loginput "Which is the device from this list? (Type 'help' for help.)" while [[ $device =~ ^\s*$ ]]; do read -r device logresponse "$device" while [[ ! $device =~ ^sd[a-z]$ ]] && [[ ! $device =~ ^nvme0n[0-9]$ ]]; do if [[ $device = "help" ]]; then loginfo "The UNIX filesystem thinks of storage devices as directories, which are under /dev/" loginfo "If you have a SATA connection, you will be looking for sd{a-z}." loginfo "If you have a NVME connection, you will be looking for nvme0n{0-9}." else logwarn "Invalid format, device should follow naming conventions. (i.e. sd{a-z}, nvme0n{0-9})" fi read -r device logresponse "$device" done if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]]; then if [[ $device =~ ^nvme0n[0-9]$ ]]; then logwarn "Device was specified to be a SATA HDD or SSD, but a NVME device was chosen." device= fi elif [[ $devicetype = "SSD_NVME" ]]; then if [[ $device =~ ^sd[a-z]$ ]]; then logwarn "Device was specified to be a NVME SSD, but a SATA device was chosen. Please ensure the device is plugged into the motherboard via PCIe slot and not SATA." device= fi fi if [ -e /dev/"$device" ]; then if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]]; then if [[ $devicetype = "HDD_SATA" ]] && [[ $(cat /sys/block/"$device"/queue/rotational) = "0" ]]; then logwarn "Device was specified to be a SATA HDD, but a SATA SSD device was chosen." device= elif [[ $devicetype = "SSD_SATA" ]] && [[ $(cat /sys/block/"$device"/queue/rotational) = "1" ]]; then logwarn "Device was specified to be a SATA SSD, but a SATA HDD device was chosen." device= else loginfo "Picking device /dev/$device." fi fi else logwarn "/dev/$device does not exist, please ensure you are typing the device name correctly." device= fi done } make_infolog () { loginfo "Reading drive to create a log." infolog="$logdir"/info_UNKNWN_"$start_time".log { echo "DETAILS" echo "Start Time: $start_time" echo "NetID: $netid" echo "Type/Device: $devicetype : $device" echo "" echo "DEVICE DETAILS" lsblk -o NAME,LABEL,PARTLABEL,FSTYPE,SIZE,MODEL,VENDOR,UUID,SERIAL | grep "NAME\|$device" echo "" smartctl -i /dev/"$device" echo "" echo "PARTITION DETAILS" echo "Count: $(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")" } >> "$infolog" if [[ ! "$(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")" = 0 ]]; then local fstype= for i in $(seq 1 "$(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")"); do fstype=$(lsblk -n -o FSTYPE /dev/"$device""$i") loginfo "Reading $device$i : $fstype." echo "" >> "$infolog" echo "$device$i : $fstype" >> "$infolog" case $fstype in "ext4"|"ext3"|"ext2"|"xfs"|"btrfs") mkdir -p /mnt/UNKNWN if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN then if find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/os-release" | grep "." then loginfo "Linux install detected on $device$i." echo "Linux install detected on $device$i." >> "$infolog" echo "" >> "$infolog" { echo "LINUX DETAILS" cat "$(find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/os-release")" echo "" echo "HOSTNAME" cat "$(find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/hostname")" echo "" echo "LOGON DETAILS" w echo "" cat "$(find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/passwd")" echo "" tree -a -L 1 -D "$(find /mnt/UNKNWN -maxdepth 3 -type d -ipath "*/home")" echo "" } >> "$infolog" else echo "Non Linux OS device detected on $device$i." >> "$infolog" loginfo "Non Linux OS device detected on $device$i." tree -a -L 3 -D /mnt/UNKNWN/ >> "$infolog" fi umount /mnt/UNKNWN else echo "Failed to mount $device$i." >> "$infolog" logwarn "There was an issue mounting $device$i." fi ;; "zfs") echo "zfs filesystem detected, this cannot be mounted." >> "$infolog" logwarn "zfs filesystem detected on $device$i, this cannot be mounted." ;; "ntfs") mkdir -p /tmp/UNKNWN mkdir -p /mnt/UNKNWN if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN then if find /mnt/UNKNWN -maxdepth 4 -ipath "*System32/config" -not -ipath "*Windows.old*" | grep "." then loginfo "Windows install detected on $device$i." echo "Windows install detected on $device$i." >> "$infolog" echo "" >> "$infolog" winsoftwarepath=$(find /mnt/UNKNWN -maxdepth 4 -ipath "*System32/config/SOFTWARE" -not -ipath "*Windows.old*") winsystempath=$(find /mnt/UNKNWN -maxdepth 4 -ipath "*System32/config/SYSTEM" -not -ipath "*Windows.old*") cp "$winsoftwarepath" /tmp/UNKNWN/SOFTWARE cp "$winsystempath" /tmp/UNKNWN/SYSTEM CurrentVersion=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows NT\CurrentVersion') ComputerName=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/UNKNWN/SYSTEM '\ControlSet001\Control\ComputerName\ComputerName') Parameters=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/UNKNWN/SYSTEM '\ControlSet001\Services\Tcpip\Parameters') LogonUI=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows\CurrentVersion\Authentication\LogonUI') ProfileList=$(hivexregedit --export --unsafe-printable-strings --max-depth 2 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows NT\CurrentVersion\ProfileList') { echo "WINDOWS DETAILS" echo "" echo "$ComputerName" | grep -E '"ComputerName"=str\(1\):".+"' | sed -E 's/"ComputerName"=str\(1\):"(.+)"/Host Name: \1/' echo "$CurrentVersion" | grep -E '"DisplayVersion"=str\(1\):".+"' | sed -E 's/"DisplayVersion"=str\(1\):"(.+)"/Windows Version: \1/' echo "$CurrentVersion" | grep -E '"CurrentBuild"=str\(1\):".+"' | sed -E 's/"CurrentBuild"=str\(1\):"(.+)"/Current Build: \1/' echo "$CurrentVersion" | grep -E '"EditionID"=str\(1\):".+"' | sed -E 's/"EditionID"=str\(1\):"(.+)"/Windows Edition: \1/' echo "$CurrentVersion" | grep -E '"ProductName"=str\(1\):".+"' | sed -E 's/"ProductName"=str\(1\):"(.+)"/Product Name: \1/' echo "$CurrentVersion" | grep -E '"RegisteredOrganization"=str\(1\):".+"' | sed -E 's/"RegisteredOrganization"=str\(1\):"(.+)"/Registered Organization: \1/' echo "$CurrentVersion" | grep -E '"RegisteredOwner"=str\(1\):".+"' | sed -E 's/"RegisteredOwner"=str\(1\):"(.+)"/Registered Owner: \1/' echo "$Parameters" | grep -E '"Domain"=str\(1\):".+"' | sed -E 's/"Domain"=str\(1\):"(.+)"/Domain: \1/' echo "$LogonUI" | grep -E '"LastLoggedOnUser"=str\(1\):".+"' | sed -E 's/"LastLoggedOnUser"=str\(1\):"(.+)"/Last Logged On User: \1/' echo "$LogonUI" | grep -E '"LastLoggedOnDisplayName"=str\(1\):".+"' | sed -E 's/"LastLoggedOnDisplayName"=str\(1\):"(.+)"/Last Logged On User: \1/' echo "$ProfileList" | grep -E '"ProfileImagePath"=str\(2\):".+"' | sed -E 's/"ProfileImagePath"=str\(2\):"(.+)"/User: \1/' echo "" tree -a -L 1 -D "$(find /mnt/UNKNWN/ -maxdepth 2 -type d -ipath "*/Users" -o -ipath "*/Documents and Settings" -not -ipath "*Windows.old*" | head -1)" echo "" } >> "$infolog" else loginfo "Non Windows NTFS device detected on $device$i." echo "Non Windows NTFS device detected on $device$i." >> "$infolog" tree -a -L 3 -D /mnt/UNKNWN/ >> "$infolog" fi umount /mnt/UNKNWN else echo "Failed to mount $device$i." >> "$infolog" logwarn "There was an issue mounting $device$i." fi ;; "apfs") mkdir -p /mnt/UNKNWN loginfo "Apple install detected on $device$i." echo "Apple install detected on $device$i." >> "$infolog" if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN then echo "¯\_(ツ)_/¯" >> "$infolog" tree -a -L 1 -D /mnt/UNKNWN/Users >> "$infolog" umount /mnt/UNKNWN else echo "Failed to mount $device$i." >> "$infolog" logwarn "There was an issue mounting $device$i." fi ;; "vfat"|"fat32") loginfo "Boot/Recovery partition detected." echo "Boot/Recovery partition detected." >> "$infolog" mkdir -p /mnt/UNKNWN if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN then tree -a -R -D /mnt/UNKNWN >> "$infolog" umount /mnt/UNKNWN else echo "Failed to mount $device$i." >> "$infolog" logwarn "There was an issue mounting $device$i." fi ;; *) logwarn "Unknown partition type '$fstype'." echo "Unknown partition type '$fstype'." >> "$infolog" ;; esac done else logwarn "No partitions detected, device is likely empty." fi echo "END OF LOG" >> "$infolog" if [[ ! $logtofile = "true" ]] then echo "" >&3 cat "$infolog" >&3 echo "" >&3 fi } #Rescan for PCIe devices pcie_enable (){ echo 1 > /sys/bus/pci/rescan loginfo "Enabled PCIe card, sleeping for 5 seconds." sleep 5 } #Remove the PCIe NVMe readrer # shellcheck disable=SC2329 pcie_disable (){ echo 1 > /sys/bus/pci/devices/0000:02:00.0/remove echo 1 > /sys/bus/pci/devices/0000:03:00.0/remove loginfo "Disabled PCIe card." } main (){ if [[ $logtofile = "true" ]]; then get_netid mount_remote fi get_devicetype #sets $devicetype to HDD_SATA/SSD_SATA/SSD_NVME get_device #sets $device to one of the /dev/xyz devices. make_infolog #Logs a bunch of details to a info log file from the system. sleep 3 loginfo "Finished gathering logs of $devicetype : $device." exit } main