156 lines
No EOL
4.7 KiB
Bash
156 lines
No EOL
4.7 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
#variables:
|
|
random_pass=2
|
|
zeroing_pass=1
|
|
prereq_list="pv smartmontools hdparm"
|
|
YUM_CMD=$(which yum)
|
|
APT_CMD=$(which apt-get)
|
|
|
|
#check that a disk has been provided:
|
|
if [ -z "$1" ]
|
|
then
|
|
echo "USAGE: \"./wiper.sh diskname\", for example: \"./wiper.sh sdb\""
|
|
exit
|
|
fi
|
|
|
|
#check the disk exists:
|
|
if [ ! -e "/dev/$1" ]; then
|
|
echo "ERROR: /dev/$1 does not exists. exiting."
|
|
exit
|
|
fi
|
|
|
|
#check that a disk has been provided:
|
|
if [ "$2" == "--override" ]
|
|
then
|
|
override=1
|
|
fi
|
|
|
|
#prerequisites:
|
|
|
|
if [[ ! -z $APT_CMD ]]; then
|
|
for prereq in $prereq_list; do
|
|
PKG_OK=$(dpkg-query -W --showformat='${Status}\n' $prereq|grep "install ok installed")
|
|
#echo Checking for $prereq: $PKG_OK
|
|
if [ "" = "$PKG_OK" ]; then
|
|
echo "INFO: $prereq is not present. Setting up $prereq."
|
|
sudo apt-get --yes install $prereq
|
|
fi
|
|
done
|
|
elif [[ ! -z $YUM_CMD ]]; then
|
|
for prereq in $prereq_list; do
|
|
if ! rpm -qa | grep -qw $prereq; then
|
|
yum install $prereq
|
|
fi
|
|
done
|
|
else
|
|
echo "ERROR: error can't find the correct installer for the prerequisites"
|
|
exit 1;
|
|
fi
|
|
|
|
echo "---"
|
|
|
|
|
|
|
|
|
|
#collect data about disk type:
|
|
disk_type=$(smartctl -a /dev/$1 | grep -i "Rotation Rate:" | cut -d':' -f2 | tr -d " ")
|
|
|
|
#store if the disk is an ssd:
|
|
if [[ $disk_type == *"SolidStateDevice"* ]]; then
|
|
disk_ssd=1
|
|
# echo "disk is ssd"
|
|
elif [[ $disk_type == *"rpm"* ]]; then
|
|
disk_ssd=0
|
|
# echo "disk is not ssd"
|
|
else
|
|
echo "disk type unknown"
|
|
read -p "Continue anyway?" choice
|
|
case "$choice" in
|
|
y|Y ) echo "continuing";;
|
|
n|N ) echo "exiting" && exit;;
|
|
* ) echo "invalid" && exit;;
|
|
esac
|
|
# exit
|
|
fi
|
|
|
|
#
|
|
if [[ "$override" -eq 1 ]]; then
|
|
echo "INFO: continuing to wipe since override has been issued"
|
|
else
|
|
#check for disk errors, differentiating by device type since smart output is different between sata and sas drives:
|
|
if smartctl -a /dev/$1 | grep -q "SATA"; then
|
|
#echo "Type of disk: SATA"
|
|
if smartctl -a /dev/$1 | grep -q "No Errors Logged"; then
|
|
echo "INFO: This is a SATA disk, detecting no errors, going on:"
|
|
else
|
|
sata_model=$(smartctl -a /dev/$1 | grep -i "Device Model:" | cut -d':' -f2 | tr -d " ")
|
|
sata_serial=$(smartctl -a /dev/$1 | grep -i "Serial number:" | cut -d':' -f2 | tr -d " ")
|
|
echo "!!! ERRORS !!!"
|
|
echo "SATA errors, aborting!!!"
|
|
echo "NO WIPING NEEDED, JUST DESTROY THE DISK MECHANICALLY"
|
|
echo "!!! EXITING !!!"
|
|
echo ""
|
|
echo "Model: $sata_model"
|
|
echo "Serial: $sata_serial"
|
|
exit
|
|
fi
|
|
elif smartctl -a /dev/$1 | grep -q "SAS"; then
|
|
#echo "Type of disk: SAS"
|
|
sas_errors=$(smartctl -a /dev/$1 | grep "Elements in grown defect list" | cut -d':' -f2 | tr -d " ")
|
|
if [ "$sas_errors" -gt 0 ]; then
|
|
sas_vendor=$(smartctl -a /dev/$1 | grep -i "Vendor:" | cut -d':' -f2 | tr -d " ")
|
|
sas_model=$(smartctl -a /dev/$1 | grep -i "Product:" | cut -d':' -f2 | tr -d " ")
|
|
sas_serial=$(smartctl -a /dev/$1 | grep -i "Serial number:" | cut -d':' -f2 | tr -d " ")
|
|
echo "!!! ERRORS !!!"
|
|
echo "Elements in grown defect list: " $sas_errors
|
|
echo "NO WIPING NEEDED, JUST DESTROY THE DISK MECHANICALLY"
|
|
echo "!!! EXITING !!!"
|
|
echo ""
|
|
echo "Vendor: $sas_vendor"
|
|
echo "Model: $sas_model"
|
|
echo "Serial: $sas_serial"
|
|
exit
|
|
else
|
|
echo "INFO: This is a SAS disk, detecting no errors, going on:"
|
|
fi
|
|
else
|
|
echo "ERROR: the disk type is none of the expected ones, exiting"
|
|
exit
|
|
fi
|
|
fi
|
|
|
|
#warning if is an ssd
|
|
if [ "$disk_ssd" -eq 1 ]; then
|
|
echo "WARNING: DISK IS AN SSD, Remember that sectors are reallocated thus unwanted data might remain on the flash."
|
|
#TODO: ATA Secure erase? https://grok.lsu.edu/article.aspx?articleid=16716
|
|
fi
|
|
|
|
#calculate disk bytes:
|
|
disk_blocks=$(cat /proc/partitions | grep -w $1 | tr -s ' ' | cut -d " " -f4);
|
|
disk_bytes=$(( 1024*disk_blocks ))
|
|
|
|
|
|
#wipe:
|
|
#see: https://wiki.archlinux.org/title/Securely_wipe_disk/Tips_and_tricks#dd_-_advanced_example
|
|
|
|
for r_pass in $(seq 1 $random_pass); do
|
|
echo "INFO: Random pass $r_pass of $random_pass :"
|
|
openssl enc -pbkdf2 -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt </dev/zero | pv --progress --eta --rate --bytes --size $disk_bytes | dd of=/dev/$1 bs=2M oflag=direct iflag=fullblock
|
|
done
|
|
|
|
for z_pass in $(seq 1 $zeroing_pass); do
|
|
echo "INFO: Zeroing pass $z_pass of $zeroing_pass :"
|
|
dd if=/dev/zero | pv --progress --eta --rate --bytes --size $disk_bytes | dd of=/dev/$1 bs=2M oflag=direct iflag=fullblock
|
|
done
|
|
|
|
echo "!!! FINISHED wiping $1 !!!"
|
|
|
|
|
|
|
|
#some of the sources used:
|
|
#https://stackoverflow.com/questions/12806176/checking-for-installed-packages-and-if-not-found-install
|
|
#https://stackoverflow.com/questions/19477682/bash-script-determine-vendor-and-install-system-apt-get-yum-etc
|
|
#https://jschumacher.info/2016/03/erasing-with-openssl/
|
|
#https://wiki.archlinux.org/title/Securely_wipe_disk/Tips_and_tricks#dd_-_advanced_example
|
|
#https://serverfault.com/questions/6440/is-there-an-alternative-to-dev-urandom |