panda
/
disk_wiper


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114
							#!/usr/bin/env bash

#variables:
random_pass=7
zeroing_pass=1
prereq_list="pv smartmontools"

#check that a disk has been provided:
if [ -z "$1" ]
then
	echo "Usage: \"./wiper.sh diskname\", for example: \"./wiper.sh sdb\""
	exit
fi

#check the disk exists:
if [ ! -e "/dev/$1" ]; then
	echo "/dev/$1 does not exists. exiting."
	exit
fi

#prerequisites:
for prereq in $prereq_list; do
	REQUIRED_PKG="$prereq"
	PKG_OK=$(dpkg-query -W --showformat='${Status}\n' $REQUIRED_PKG|grep "install ok installed")
	#echo Checking for $REQUIRED_PKG: $PKG_OK
	if [ "" = "$PKG_OK" ]; then
	  echo "$REQUIRED_PKG is not present. Setting up $REQUIRED_PKG."
	  sudo apt-get --yes install $REQUIRED_PKG
	fi
done

#collect data about disk type:
disk_type=$(smartctl -a /dev/$1 | grep -i "Rotation Rate:" | cut -d':' -f2 | tr -d " ")

#store if the disk is an ssd:
if [[ $disk_type == *"SolidStateDevice"* ]]; then
	disk_ssd=1
#	echo "disk is ssd"
elif [[ $disk_type == *"rpm"* ]]; then
	disk_ssd=0
#	echo "disk is not ssd"
else
	echo "disk type unknown, exiting"
	exit
fi

#check for disk errors, differntiating by device type since smart output is different between sata and sas drives:
if smartctl -a /dev/$1 | grep -q "SATA"; then
	#echo "Type of disk: SATA"
	if smartctl -a /dev/$1 | grep -q "No Errors Logged"; then
		echo "SATA no errors, conitnuing"
	else
		sata_model=$(smartctl -a /dev/$1 | grep -i "Device Model:" | cut -d':' -f2 | tr -d " ")
		sata_serial=$(smartctl -a /dev/$1 | grep -i "Serial number:" | cut -d':' -f2 | tr -d " ")
		echo "!!! ERRORS !!!"
		echo "SATA errors, aborting!!!"
		echo "NO WIPING NEEDED, JUST DESTROY THE DISK MECHANICALLY"
		echo "!!! EXITING !!!"
		echo ""
		echo "Model:  $sata_model"
		echo "Serial: $sata_serial"
		exit
	fi
elif smartctl -a /dev/$1 | grep -q "SAS"; then
	#echo "Type of disk: SAS"
	sas_errors=$(smartctl -a /dev/$1 | grep "Elements in grown defect list" | cut -d':' -f2 | tr -d " ")
	if [ "$sas_errors" -gt 0 ]; then
		sas_vendor=$(smartctl -a /dev/$1 | grep -i "Vendor:" | cut -d':' -f2 | tr -d " ")
		sas_model=$(smartctl -a /dev/$1 | grep -i "Product:" | cut -d':' -f2 | tr -d " ")
		sas_serial=$(smartctl -a /dev/$1 | grep -i "Serial number:" | cut -d':' -f2 | tr -d " ")
		echo "!!! ERRORS !!!"
		echo "Elements in grown defect list: " $sas_errors
		echo "NO WIPING NEEDED, JUST DESTROY THE DISK MECHANICALLY"
		echo "!!! EXITING !!!"
		echo ""
		echo "Vendor: $sas_vendor"
		echo "Model:  $sas_model"
		echo "Serial: $sas_serial"
		exit
	else
		echo "SAS no errors, continuing"
	fi
else
	echo "the disk type is none of the expected ones, exiting"
	exit
fi


#warning if is an ssd
if [ "$disk_ssd" -eq 1 ]; then
	echo "WARNING, DISK IS AN SSD, Remember that sectors are reallocated thus unwanted data might remain on the sectors"
	#TODO: ATA Secure erase? https://grok.lsu.edu/article.aspx?articleid=16716
fi

#calculate disk bytes:
disk_blocks=$(cat /proc/partitions | grep -w $1 | tr -s ' ' | cut -d " " -f4);
disk_bytes=$(( 1024*disk_blocks ))


#wipe:
#see: https://serverfault.com/questions/6440/is-there-an-alternative-to-dev-urandom
echo "wiping $1"

for r_pass in $(seq 1 $random_pass); do
	echo "random pass $r_pass of $random_pass :"
	openssl enc -pbkdf2 -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt </dev/zero | pv --progress --eta --rate --bytes --size $disk_bytes | dd of=/dev/$1 bs=2M oflag=direct iflag=fullblock
done

for z_pass in $(seq 1 $zeroing_pass); do
	echo "zeroing pass $z_pass of $zeroing_pass :"
	dd if=/dev/zero | pv --progress --eta --rate --bytes --size $disk_bytes | dd of=/dev/$1 bs=2M oflag=direct iflag=fullblock
done

echo "!!! FINISHED wiping $1 !!!"