#!/usr/bin/env bash #variables: random_pass=2 zeroing_pass=1 prereq_list="pv smartmontools hdparm" YUM_CMD=$(which yum) APT_CMD=$(which apt-get) #check that a disk has been provided: if [ -z "$1" ] then echo "USAGE: \"./wiper.sh diskname\", for example: \"./wiper.sh sdb\"" exit fi #check the disk exists: if [ ! -e "/dev/$1" ]; then echo "ERROR: /dev/$1 does not exists. exiting." exit fi #check that a disk has been provided: if [ "$2" == "--override" ] then override=1 fi #prerequisites: if [[ ! -z $APT_CMD ]]; then for prereq in $prereq_list; do PKG_OK=$(dpkg-query -W --showformat='${Status}\n' $prereq|grep "install ok installed") #echo Checking for $prereq: $PKG_OK if [ "" = "$PKG_OK" ]; then echo "INFO: $prereq is not present. Setting up $prereq." sudo apt-get --yes install $prereq fi done elif [[ ! -z $YUM_CMD ]]; then for prereq in $prereq_list; do if ! rpm -qa | grep -qw $prereq; then yum install $prereq fi done else echo "ERROR: error can't find the correct installer for the prerequisites" exit 1; fi echo "---" #collect data about disk type: disk_type=$(smartctl -a /dev/$1 | grep -i "Rotation Rate:" | cut -d':' -f2 | tr -d " ") #store if the disk is an ssd: if [[ $disk_type == *"SolidStateDevice"* ]]; then disk_ssd=1 # echo "disk is ssd" elif [[ $disk_type == *"rpm"* ]]; then disk_ssd=0 # echo "disk is not ssd" else echo "disk type unknown, exiting" exit fi # if [[ "$override" -eq 1 ]]; then echo "INFO: continuing to wipe since override has been issued" else #check for disk errors, differentiating by device type since smart output is different between sata and sas drives: if smartctl -a /dev/$1 | grep -q "SATA"; then #echo "Type of disk: SATA" if smartctl -a /dev/$1 | grep -q "No Errors Logged"; then echo "INFO: This is a SATA disk, detecting no errors, going on:" else sata_model=$(smartctl -a /dev/$1 | grep -i "Device Model:" | cut -d':' -f2 | tr -d " ") sata_serial=$(smartctl -a /dev/$1 | grep -i "Serial number:" | cut -d':' -f2 | tr -d " ") echo "!!! ERRORS !!!" echo "SATA errors, aborting!!!" echo "NO WIPING NEEDED, JUST DESTROY THE DISK MECHANICALLY" echo "!!! EXITING !!!" echo "" echo "Model: $sata_model" echo "Serial: $sata_serial" exit fi elif smartctl -a /dev/$1 | grep -q "SAS"; then #echo "Type of disk: SAS" sas_errors=$(smartctl -a /dev/$1 | grep "Elements in grown defect list" | cut -d':' -f2 | tr -d " ") if [ "$sas_errors" -gt 0 ]; then sas_vendor=$(smartctl -a /dev/$1 | grep -i "Vendor:" | cut -d':' -f2 | tr -d " ") sas_model=$(smartctl -a /dev/$1 | grep -i "Product:" | cut -d':' -f2 | tr -d " ") sas_serial=$(smartctl -a /dev/$1 | grep -i "Serial number:" | cut -d':' -f2 | tr -d " ") echo "!!! ERRORS !!!" echo "Elements in grown defect list: " $sas_errors echo "NO WIPING NEEDED, JUST DESTROY THE DISK MECHANICALLY" echo "!!! EXITING !!!" echo "" echo "Vendor: $sas_vendor" echo "Model: $sas_model" echo "Serial: $sas_serial" exit else echo "INFO: This is a SAS disk, detecting no errors, going on:" fi else echo "ERROR: the disk type is none of the expected ones, exiting" exit fi fi #warning if is an ssd if [ "$disk_ssd" -eq 1 ]; then echo "WARNING: DISK IS AN SSD, Remember that sectors are reallocated thus unwanted data might remain on the flash." #TODO: ATA Secure erase? https://grok.lsu.edu/article.aspx?articleid=16716 fi #calculate disk bytes: disk_blocks=$(cat /proc/partitions | grep -w $1 | tr -s ' ' | cut -d " " -f4); disk_bytes=$(( 1024*disk_blocks )) #wipe: #see: https://wiki.archlinux.org/title/Securely_wipe_disk/Tips_and_tricks#dd_-_advanced_example for r_pass in $(seq 1 $random_pass); do echo "INFO: Random pass $r_pass of $random_pass :" openssl enc -pbkdf2 -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt