429 lines
17 KiB
Bash
429 lines
17 KiB
Bash
#!/bin/bash
|
|
#!/usr/bin/env bash
|
|
|
|
start_time="$(date '+%Y-%m-%d_%H.%M.%S')"
|
|
logdir=/tmp
|
|
log="$logdir"/log_"$start_time".log
|
|
log_x="$logdir"/log_x_"$start_time".log
|
|
exec 3>&1 1>>"$log_x" 2>&1
|
|
set -x
|
|
|
|
logtofile="false"
|
|
while getopts ":l" opt; do
|
|
case ${opt} in
|
|
l ) logtofile="true" ;;
|
|
\? ) echo "Invalid option: -$OPTARG" ;;
|
|
: ) echo "Option -$OPTARG requires an argument." ;;
|
|
esac
|
|
done
|
|
|
|
loginput() {
|
|
echo "$*" >&3;
|
|
echo "[INPUT] $(date '+%H:%M:%S') $*" >> "$log";
|
|
}
|
|
|
|
logresponse() {
|
|
echo "[RESPONSE] $(date '+%H:%M:%S') $*" >> "$log";
|
|
}
|
|
|
|
loginfo() {
|
|
echo "$*" >&3;
|
|
echo "[INFO] $(date '+%H:%M:%S') $*" >> "$log";
|
|
}
|
|
|
|
logwarn() {
|
|
echo "$*" >&3;
|
|
echo "[WARNING] $(date '+%H:%M:%S') $*" >> "$log";
|
|
}
|
|
|
|
logerror() {
|
|
echo "$*" >&3;
|
|
echo "[ERROR] $(date '+%H:%M:%S') $*" >> "$log";
|
|
}
|
|
|
|
# shellcheck disable=SC2329
|
|
catch_sigint () {
|
|
logwarn "Signal Interrupt initiated. Stopping script."
|
|
cleanup
|
|
trap - INT
|
|
kill -INT "$$"
|
|
}
|
|
|
|
# shellcheck disable=SC2329
|
|
catch_exit () {
|
|
cleanup
|
|
trap - EXIT
|
|
trap - INT
|
|
kill -INT "$$"
|
|
}
|
|
|
|
# shellcheck disable=SC2329
|
|
cleanup () {
|
|
loginfo "Cleaning up."
|
|
pcie_disable
|
|
loginfo "Unmounting drives."
|
|
exec 1>/dev/null 2>&1
|
|
if [[ $logtofile = "true" ]];
|
|
then
|
|
umount "/mnt/decs"
|
|
fi
|
|
umount "/mnt/UNKNWN"
|
|
}
|
|
|
|
trap catch_sigint SIGINT
|
|
trap catch_exit EXIT
|
|
|
|
get_netid () {
|
|
netid=
|
|
while [[ $netid =~ ^\s*$ ]];
|
|
do
|
|
loginput "Enter netid: "
|
|
read -r netid
|
|
logresponse "$netid"
|
|
if [[ $netid =~ ^\s*$ ]];
|
|
then
|
|
logwarn "Your netid cannot be blank."
|
|
loginfo "Enter netid: "
|
|
else
|
|
local ret_value=$(kinit "$netid"@EGR.MSU.EDU >&3; echo $?)
|
|
if [[ ! $ret_value = "0" ]]
|
|
then
|
|
kdestroy
|
|
netid=
|
|
logwarn "Error when authenticating netid $netid."
|
|
else
|
|
clear
|
|
loginfo "Authenticated as user $netid."
|
|
fi
|
|
fi
|
|
done
|
|
}
|
|
|
|
mount_remote () {
|
|
mkdir -p /mnt/decs
|
|
if mount -t cifs -o user="$netid",sec=krb5i "//decs/decs/support/dban_logs" /mnt/decs
|
|
then
|
|
logdir=/mnt/decs/UNKNWN-"$start_time"
|
|
mkdir -p "$logdir"
|
|
cp "$log" "$logdir"/log_UNKNWN_"$start_time".log
|
|
cp "$log_x" "$logdir"/log_x_UNKNWN_"$start_time".log
|
|
log="$logdir"/log_UNKNWN_"$start_time".log
|
|
log_x="$logdir"/log_x_UNKNWN_"$start_time".log
|
|
exec 1>>"$log_x" 2>&1
|
|
set -x
|
|
else
|
|
logerror "Failed to mount remote DECS drive. Stopping"
|
|
exit
|
|
fi
|
|
}
|
|
|
|
get_devicetype () {
|
|
devicetype=
|
|
loginput "What is the device type? (0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA):"
|
|
loginfo "Type 'help' for an explanation of each type."
|
|
read -r devicetype
|
|
logresponse "$devicetype"
|
|
while [[ ! $devicetype = "0" ]] && [[ ! $devicetype = "1" ]] && [[ ! $devicetype = "2" ]];
|
|
do
|
|
if [[ $devicetype = "help" ]];
|
|
then
|
|
loginfo "HDD_SATA: Spinning disk platters on a SATA connection. Typically 3.5 in or 2.5 in."
|
|
loginfo "SSD_SATA: Solid State drive on a SATA connection. Typically 2.5 in."
|
|
loginfo "SSD_NVME: Solid State drive on a M.2 connection. Looks like a small PCB."
|
|
else
|
|
logwarn "Invalid type, correct values can be 0 = HDD_SATA, 1 = SSD_NVME, 2 = SSD_SATA."
|
|
fi
|
|
read -r devicetype
|
|
logresponse "$devicetype"
|
|
done
|
|
case $devicetype in
|
|
"0")
|
|
devicetype="HDD_SATA"
|
|
;;
|
|
|
|
"1")
|
|
devicetype="SSD_NVME"
|
|
;;
|
|
|
|
"2")
|
|
devicetype="SSD_SATA"
|
|
;;
|
|
|
|
*)
|
|
logerror "Unspecified error when getting device."
|
|
exit
|
|
;;
|
|
esac
|
|
}
|
|
|
|
get_device () {
|
|
device=
|
|
loginfo "Listing current attached devices..."
|
|
loginfo ""
|
|
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
|
|
then
|
|
loginfo "$(lsblk -o NAME,SIZE,MODEL,VENDOR,ROTA | grep -E '^NAME|sd[a-z]')"
|
|
elif [[ $devicetype = "SSD_NVME" ]];
|
|
then
|
|
pcie_enable
|
|
loginfo "$(lsblk -o NAME,SIZE,MODEL,VENDOR,ROTA | grep -E '^NAME|nvme[0-9]')"
|
|
fi
|
|
loginfo ""
|
|
loginput "Which is the device from this list? (Type 'help' for help.)"
|
|
|
|
while [[ $device =~ ^\s*$ ]];
|
|
do
|
|
read -r device
|
|
logresponse "$device"
|
|
while [[ ! $device =~ ^sd[a-z]$ ]] && [[ ! $device =~ ^nvme0n[0-9]$ ]];
|
|
do
|
|
if [[ $device = "help" ]];
|
|
then
|
|
loginfo "The UNIX filesystem thinks of storage devices as directories, which are under /dev/"
|
|
loginfo "If you have a SATA connection, you will be looking for sd{a-z}."
|
|
loginfo "If you have a NVME connection, you will be looking for nvme0n{0-9}."
|
|
else
|
|
logwarn "Invalid format, device should follow naming conventions. (i.e. sd{a-z}, nvme0n{0-9})"
|
|
fi
|
|
read -r device
|
|
logresponse "$device"
|
|
done
|
|
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
|
|
then
|
|
if [[ $device =~ ^nvme0n[0-9]$ ]];
|
|
then
|
|
logwarn "Device was specified to be a SATA HDD or SSD, but a NVME device was chosen."
|
|
device=
|
|
fi
|
|
elif [[ $devicetype = "SSD_NVME" ]];
|
|
then
|
|
if [[ $device =~ ^sd[a-z]$ ]];
|
|
then
|
|
logwarn "Device was specified to be a NVME SSD, but a SATA device was chosen. Please ensure the device is plugged into the motherboard via PCIe slot and not SATA."
|
|
device=
|
|
fi
|
|
fi
|
|
|
|
if [ -e /dev/"$device" ];
|
|
then
|
|
if [[ $devicetype = "HDD_SATA" ]] || [[ $devicetype = "SSD_SATA" ]];
|
|
then
|
|
if [[ $devicetype = "HDD_SATA" ]] && [[ $(cat /sys/block/"$device"/queue/rotational) = "0" ]];
|
|
then
|
|
logwarn "Device was specified to be a SATA HDD, but a SATA SSD device was chosen."
|
|
device=
|
|
elif [[ $devicetype = "SSD_SATA" ]] && [[ $(cat /sys/block/"$device"/queue/rotational) = "1" ]];
|
|
then
|
|
logwarn "Device was specified to be a SATA SSD, but a SATA HDD device was chosen."
|
|
device=
|
|
else
|
|
loginfo "Picking device /dev/$device."
|
|
fi
|
|
fi
|
|
else
|
|
logwarn "/dev/$device does not exist, please ensure you are typing the device name correctly."
|
|
device=
|
|
fi
|
|
done
|
|
}
|
|
|
|
make_infolog () {
|
|
loginfo "Reading drive to create a log."
|
|
infolog="$logdir"/info_UNKNWN_"$start_time".log
|
|
{
|
|
echo "DETAILS"
|
|
echo "Start Time: $start_time"
|
|
echo "NetID: $netid"
|
|
echo "Type/Device: $devicetype : $device"
|
|
echo ""
|
|
echo "DEVICE DETAILS"
|
|
lsblk -o NAME,LABEL,PARTLABEL,FSTYPE,SIZE,MODEL,VENDOR,UUID,SERIAL | grep "NAME\|$device"
|
|
echo ""
|
|
smartctl -i /dev/"$device"
|
|
echo ""
|
|
echo "PARTITION DETAILS"
|
|
echo "Count: $(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")"
|
|
} >> "$infolog"
|
|
|
|
if [[ ! "$(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")" = 0 ]];
|
|
then
|
|
local fstype=
|
|
for i in $(seq 1 "$(lsblk -n -l -o TYPE /dev/"$device" | grep -c "part")");
|
|
do
|
|
fstype=$(lsblk -n -o FSTYPE /dev/"$device""$i")
|
|
loginfo "Reading $device$i : $fstype."
|
|
echo "" >> "$infolog"
|
|
echo "$device$i : $fstype" >> "$infolog"
|
|
case $fstype in
|
|
"ext4"|"ext3"|"ext2"|"xfs"|"btrfs")
|
|
mkdir -p /mnt/UNKNWN
|
|
if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN
|
|
then
|
|
if find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/os-release" | grep "."
|
|
then
|
|
loginfo "Linux install detected on $device$i."
|
|
echo "Linux install detected on $device$i." >> "$infolog"
|
|
echo "" >> "$infolog"
|
|
{
|
|
echo "LINUX DETAILS"
|
|
cat "$(find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/os-release")"
|
|
echo ""
|
|
echo "HOSTNAME"
|
|
cat "$(find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/hostname")"
|
|
echo ""
|
|
echo "LOGON DETAILS"
|
|
w
|
|
echo ""
|
|
cat "$(find /mnt/UNKNWN -maxdepth 3 -ipath "*/etc/passwd")"
|
|
echo ""
|
|
tree -a -L 1 -D "$(find /mnt/UNKNWN -maxdepth 3 -type d -ipath "*/home")"
|
|
echo ""
|
|
} >> "$infolog"
|
|
else
|
|
echo "Non Linux OS device detected on $device$i." >> "$infolog"
|
|
loginfo "Non Linux OS device detected on $device$i."
|
|
tree -a -L 3 -D /mnt/UNKNWN/ >> "$infolog"
|
|
fi
|
|
umount /mnt/UNKNWN
|
|
else
|
|
echo "Failed to mount $device$i." >> "$infolog"
|
|
logwarn "There was an issue mounting $device$i."
|
|
fi
|
|
;;
|
|
|
|
"zfs")
|
|
echo "zfs filesystem detected, this cannot be mounted." >> "$infolog"
|
|
logwarn "zfs filesystem detected on $device$i, this cannot be mounted."
|
|
;;
|
|
|
|
"ntfs")
|
|
mkdir -p /tmp/UNKNWN
|
|
mkdir -p /mnt/UNKNWN
|
|
if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN
|
|
then
|
|
if find /mnt/UNKNWN -maxdepth 4 -ipath "*System32/config" -not -ipath "*Windows.old*" | grep "."
|
|
then
|
|
loginfo "Windows install detected on $device$i."
|
|
echo "Windows install detected on $device$i." >> "$infolog"
|
|
echo "" >> "$infolog"
|
|
winsoftwarepath=$(find /mnt/UNKNWN -maxdepth 4 -ipath "*System32/config/SOFTWARE" -not -ipath "*Windows.old*")
|
|
winsystempath=$(find /mnt/UNKNWN -maxdepth 4 -ipath "*System32/config/SYSTEM" -not -ipath "*Windows.old*")
|
|
cp "$winsoftwarepath" /tmp/UNKNWN/SOFTWARE
|
|
cp "$winsystempath" /tmp/UNKNWN/SYSTEM
|
|
CurrentVersion=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows NT\CurrentVersion')
|
|
ComputerName=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/UNKNWN/SYSTEM '\ControlSet001\Control\ComputerName\ComputerName')
|
|
Parameters=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SYSTEM /tmp/UNKNWN/SYSTEM '\ControlSet001\Services\Tcpip\Parameters')
|
|
LogonUI=$(hivexregedit --export --unsafe-printable-strings --max-depth 1 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows\CurrentVersion\Authentication\LogonUI')
|
|
ProfileList=$(hivexregedit --export --unsafe-printable-strings --max-depth 2 --prefix \\HKEY_LOCAL_MACHINE\\SOFTWARE /tmp/UNKNWN/SOFTWARE '\Microsoft\Windows NT\CurrentVersion\ProfileList')
|
|
{
|
|
echo "WINDOWS DETAILS"
|
|
echo ""
|
|
echo "$ComputerName" | grep -E '"ComputerName"=str\(1\):".+"' | sed -E 's/"ComputerName"=str\(1\):"(.+)"/Host Name: \1/'
|
|
echo "$CurrentVersion" | grep -E '"DisplayVersion"=str\(1\):".+"' | sed -E 's/"DisplayVersion"=str\(1\):"(.+)"/Windows Version: \1/'
|
|
echo "$CurrentVersion" | grep -E '"CurrentBuild"=str\(1\):".+"' | sed -E 's/"CurrentBuild"=str\(1\):"(.+)"/Current Build: \1/'
|
|
echo "$CurrentVersion" | grep -E '"EditionID"=str\(1\):".+"' | sed -E 's/"EditionID"=str\(1\):"(.+)"/Windows Edition: \1/'
|
|
echo "$CurrentVersion" | grep -E '"ProductName"=str\(1\):".+"' | sed -E 's/"ProductName"=str\(1\):"(.+)"/Product Name: \1/'
|
|
echo "$CurrentVersion" | grep -E '"RegisteredOrganization"=str\(1\):".+"' | sed -E 's/"RegisteredOrganization"=str\(1\):"(.+)"/Registered Organization: \1/'
|
|
echo "$CurrentVersion" | grep -E '"RegisteredOwner"=str\(1\):".+"' | sed -E 's/"RegisteredOwner"=str\(1\):"(.+)"/Registered Owner: \1/'
|
|
echo "$Parameters" | grep -E '"Domain"=str\(1\):".+"' | sed -E 's/"Domain"=str\(1\):"(.+)"/Domain: \1/'
|
|
echo "$LogonUI" | grep -E '"LastLoggedOnUser"=str\(1\):".+"' | sed -E 's/"LastLoggedOnUser"=str\(1\):"(.+)"/Last Logged On User: \1/'
|
|
echo "$LogonUI" | grep -E '"LastLoggedOnDisplayName"=str\(1\):".+"' | sed -E 's/"LastLoggedOnDisplayName"=str\(1\):"(.+)"/Last Logged On User: \1/'
|
|
echo "$ProfileList" | grep -E '"ProfileImagePath"=str\(2\):".+"' | sed -E 's/"ProfileImagePath"=str\(2\):"(.+)"/User: \1/'
|
|
echo ""
|
|
tree -a -L 1 -D "$(find /mnt/UNKNWN/ -maxdepth 2 -type d -ipath "*/Users" -o -ipath "*/Documents and Settings" -not -ipath "*Windows.old*" | head -1)"
|
|
echo ""
|
|
} >> "$infolog"
|
|
else
|
|
loginfo "Non Windows NTFS device detected on $device$i."
|
|
echo "Non Windows NTFS device detected on $device$i." >> "$infolog"
|
|
tree -a -L 3 -D /mnt/UNKNWN/ >> "$infolog"
|
|
fi
|
|
umount /mnt/UNKNWN
|
|
else
|
|
echo "Failed to mount $device$i." >> "$infolog"
|
|
logwarn "There was an issue mounting $device$i."
|
|
fi
|
|
;;
|
|
|
|
"apfs")
|
|
mkdir -p /mnt/UNKNWN
|
|
loginfo "Apple install detected on $device$i."
|
|
echo "Apple install detected on $device$i." >> "$infolog"
|
|
if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN
|
|
then
|
|
echo "¯\_(ツ)_/¯" >> "$infolog"
|
|
tree -a -L 1 -D /mnt/UNKNWN/Users >> "$infolog"
|
|
umount /mnt/UNKNWN
|
|
else
|
|
echo "Failed to mount $device$i." >> "$infolog"
|
|
logwarn "There was an issue mounting $device$i."
|
|
fi
|
|
;;
|
|
|
|
"vfat"|"fat32")
|
|
loginfo "Boot/Recovery partition detected."
|
|
echo "Boot/Recovery partition detected." >> "$infolog"
|
|
mkdir -p /mnt/UNKNWN
|
|
if mount -t "$fstype" /dev/"$device""$i" /mnt/UNKNWN
|
|
then
|
|
tree -a -R -D /mnt/UNKNWN >> "$infolog"
|
|
umount /mnt/UNKNWN
|
|
else
|
|
echo "Failed to mount $device$i." >> "$infolog"
|
|
logwarn "There was an issue mounting $device$i."
|
|
fi
|
|
;;
|
|
|
|
*)
|
|
logwarn "Unknown partition type '$fstype'."
|
|
echo "Unknown partition type '$fstype'." >> "$infolog"
|
|
;;
|
|
esac
|
|
done
|
|
else
|
|
logwarn "No partitions detected, device is likely empty."
|
|
fi
|
|
echo "END OF LOG" >> "$infolog"
|
|
if [[ ! $logtofile = "true" ]]
|
|
then
|
|
echo "" >&3
|
|
cat "$infolog" >&3
|
|
echo "" >&3
|
|
fi
|
|
}
|
|
|
|
#Rescan for PCIe devices
|
|
pcie_enable (){
|
|
echo 1 > /sys/bus/pci/rescan
|
|
loginfo "Enabled PCIe card, sleeping for 5 seconds."
|
|
sleep 5
|
|
}
|
|
|
|
#Remove the PCIe NVMe readrer
|
|
# shellcheck disable=SC2329
|
|
pcie_disable (){
|
|
echo 1 > /sys/bus/pci/devices/0000:02:00.0/remove
|
|
echo 1 > /sys/bus/pci/devices/0000:03:00.0/remove
|
|
loginfo "Disabled PCIe card."
|
|
}
|
|
|
|
main (){
|
|
if [[ $logtofile = "true" ]];
|
|
then
|
|
get_netid
|
|
mount_remote
|
|
fi
|
|
|
|
get_devicetype #sets $devicetype to HDD_SATA/SSD_SATA/SSD_NVME
|
|
get_device #sets $device to one of the /dev/xyz devices.
|
|
|
|
make_infolog #Logs a bunch of details to a info log file from the system.
|
|
|
|
sleep 3
|
|
|
|
loginfo "Finished gathering logs of $devicetype : $device."
|
|
|
|
exit
|
|
}
|
|
|
|
main |