#!/usr/bin/env bash #variables: random_pass=2 zeroing_pass=1 prereq_list="pv smartmontools" #check that a disk has been provided: if [ -z "$1" ] then echo "Usage: \"./wiper.sh diskname\", for example: \"./wiper.sh sdb\"" exit fi #check the disk exists: if [ ! -e "/dev/$1" ]; then echo "/dev/$1 does not exists. exiting." exit fi #prerequisites: for prereq in $prereq_list; do REQUIRED_PKG="$prereq" PKG_OK=$(dpkg-query -W --showformat='${Status}\n' $REQUIRED_PKG|grep "install ok installed") #echo Checking for $REQUIRED_PKG: $PKG_OK if [ "" = "$PKG_OK" ]; then echo "$REQUIRED_PKG is not present. Setting up $REQUIRED_PKG." sudo apt-get --yes install $REQUIRED_PKG fi done #collect data about disk type: disk_type=$(smartctl -a /dev/$1 | grep -i "Rotation Rate:" | cut -d':' -f2 | tr -d " ") #store if the disk is an ssd: if [[ $disk_type == *"SolidStateDevice"* ]]; then disk_ssd=1 # echo "disk is ssd" elif [[ $disk_type == *"rpm"* ]]; then disk_ssd=0 # echo "disk is not ssd" else echo "disk type unknown, exiting" exit fi #check for disk errors, differntiating by device type since smart output is different between sata and sas drives: if smartctl -a /dev/$1 | grep -q "SATA"; then #echo "Type of disk: SATA" if smartctl -a /dev/$1 | grep -q "No Errors Logged"; then echo "SATA no errors, conitnuing" else sata_model=$(smartctl -a /dev/$1 | grep -i "Device Model:" | cut -d':' -f2 | tr -d " ") sata_serial=$(smartctl -a /dev/$1 | grep -i "Serial number:" | cut -d':' -f2 | tr -d " ") echo "!!! ERRORS !!!" echo "SATA errors, aborting!!!" echo "NO WIPING NEEDED, JUST DESTROY THE DISK MECHANICALLY" echo "!!! EXITING !!!" echo "" echo "Model: $sata_model" echo "Serial: $sata_serial" exit fi elif smartctl -a /dev/$1 | grep -q "SAS"; then #echo "Type of disk: SAS" sas_errors=$(smartctl -a /dev/$1 | grep "Elements in grown defect list" | cut -d':' -f2 | tr -d " ") if [ "$sas_errors" -gt 0 ]; then sas_vendor=$(smartctl -a /dev/$1 | grep -i "Vendor:" | cut -d':' -f2 | tr -d " ") sas_model=$(smartctl -a /dev/$1 | grep -i "Product:" | cut -d':' -f2 | tr -d " ") sas_serial=$(smartctl -a /dev/$1 | grep -i "Serial number:" | cut -d':' -f2 | tr -d " ") echo "!!! ERRORS !!!" echo "Elements in grown defect list: " $sas_errors echo "NO WIPING NEEDED, JUST DESTROY THE DISK MECHANICALLY" echo "!!! EXITING !!!" echo "" echo "Vendor: $sas_vendor" echo "Model: $sas_model" echo "Serial: $sas_serial" exit else echo "SAS no errors, continuing" fi else echo "the disk type is none of the expected ones, exiting" exit fi #warning if is an ssd if [ "$disk_ssd" -eq 1 ]; then echo "WARNING, DISK IS AN SSD, Remember that sectors are reallocated thus unwanted data might remain on the sectors" #TODO: ATA Secure erase? https://grok.lsu.edu/article.aspx?articleid=16716 fi #calculate disk bytes: disk_blocks=$(cat /proc/partitions | grep -w $1 | tr -s ' ' | cut -d " " -f4); disk_bytes=$(( 1024*disk_blocks )) #wipe: #see: https://serverfault.com/questions/6440/is-there-an-alternative-to-dev-urandom echo "wiping $1" for r_pass in $(seq 1 $random_pass); do echo "random pass $r_pass of $random_pass :" openssl enc -pbkdf2 -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt