123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156 |
- #!/usr/bin/env bash
- #variables:
- random_pass=2
- zeroing_pass=1
- prereq_list="pv smartmontools hdparm"
- YUM_CMD=$(which yum)
- APT_CMD=$(which apt-get)
- #check that a disk has been provided:
- if [ -z "$1" ]
- then
- echo "USAGE: \"./wiper.sh diskname\", for example: \"./wiper.sh sdb\""
- exit
- fi
- #check the disk exists:
- if [ ! -e "/dev/$1" ]; then
- echo "ERROR: /dev/$1 does not exists. exiting."
- exit
- fi
- #check that a disk has been provided:
- if [ "$2" == "--override" ]
- then
- override=1
- fi
- #prerequisites:
- if [[ ! -z $APT_CMD ]]; then
- for prereq in $prereq_list; do
- PKG_OK=$(dpkg-query -W --showformat='${Status}\n' $prereq|grep "install ok installed")
- #echo Checking for $prereq: $PKG_OK
- if [ "" = "$PKG_OK" ]; then
- echo "INFO: $prereq is not present. Setting up $prereq."
- sudo apt-get --yes install $prereq
- fi
- done
- elif [[ ! -z $YUM_CMD ]]; then
- for prereq in $prereq_list; do
- if ! rpm -qa | grep -qw $prereq; then
- yum install $prereq
- fi
- done
- else
- echo "ERROR: error can't find the correct installer for the prerequisites"
- exit 1;
- fi
- echo "---"
- #collect data about disk type:
- disk_type=$(smartctl -a /dev/$1 | grep -i "Rotation Rate:" | cut -d':' -f2 | tr -d " ")
- #store if the disk is an ssd:
- if [[ $disk_type == *"SolidStateDevice"* ]]; then
- disk_ssd=1
- # echo "disk is ssd"
- elif [[ $disk_type == *"rpm"* ]]; then
- disk_ssd=0
- # echo "disk is not ssd"
- else
- echo "disk type unknown"
- read -p "Continue anyway?" choice
- case "$choice" in
- y|Y ) echo "continuing";;
- n|N ) echo "exiting" && exit;;
- * ) echo "invalid" && exit;;
- esac
- # exit
- fi
- #
- if [[ "$override" -eq 1 ]]; then
- echo "INFO: continuing to wipe since override has been issued"
- else
- #check for disk errors, differentiating by device type since smart output is different between sata and sas drives:
- if smartctl -a /dev/$1 | grep -q "SATA"; then
- #echo "Type of disk: SATA"
- if smartctl -a /dev/$1 | grep -q "No Errors Logged"; then
- echo "INFO: This is a SATA disk, detecting no errors, going on:"
- else
- sata_model=$(smartctl -a /dev/$1 | grep -i "Device Model:" | cut -d':' -f2 | tr -d " ")
- sata_serial=$(smartctl -a /dev/$1 | grep -i "Serial number:" | cut -d':' -f2 | tr -d " ")
- echo "!!! ERRORS !!!"
- echo "SATA errors, aborting!!!"
- echo "NO WIPING NEEDED, JUST DESTROY THE DISK MECHANICALLY"
- echo "!!! EXITING !!!"
- echo ""
- echo "Model: $sata_model"
- echo "Serial: $sata_serial"
- exit
- fi
- elif smartctl -a /dev/$1 | grep -q "SAS"; then
- #echo "Type of disk: SAS"
- sas_errors=$(smartctl -a /dev/$1 | grep "Elements in grown defect list" | cut -d':' -f2 | tr -d " ")
- if [ "$sas_errors" -gt 0 ]; then
- sas_vendor=$(smartctl -a /dev/$1 | grep -i "Vendor:" | cut -d':' -f2 | tr -d " ")
- sas_model=$(smartctl -a /dev/$1 | grep -i "Product:" | cut -d':' -f2 | tr -d " ")
- sas_serial=$(smartctl -a /dev/$1 | grep -i "Serial number:" | cut -d':' -f2 | tr -d " ")
- echo "!!! ERRORS !!!"
- echo "Elements in grown defect list: " $sas_errors
- echo "NO WIPING NEEDED, JUST DESTROY THE DISK MECHANICALLY"
- echo "!!! EXITING !!!"
- echo ""
- echo "Vendor: $sas_vendor"
- echo "Model: $sas_model"
- echo "Serial: $sas_serial"
- exit
- else
- echo "INFO: This is a SAS disk, detecting no errors, going on:"
- fi
- else
- echo "ERROR: the disk type is none of the expected ones, exiting"
- exit
- fi
- fi
- #warning if is an ssd
- if [ "$disk_ssd" -eq 1 ]; then
- echo "WARNING: DISK IS AN SSD, Remember that sectors are reallocated thus unwanted data might remain on the flash."
- #TODO: ATA Secure erase? https://grok.lsu.edu/article.aspx?articleid=16716
- fi
- #calculate disk bytes:
- disk_blocks=$(cat /proc/partitions | grep -w $1 | tr -s ' ' | cut -d " " -f4);
- disk_bytes=$(( 1024*disk_blocks ))
- #wipe:
- #see: https://wiki.archlinux.org/title/Securely_wipe_disk/Tips_and_tricks#dd_-_advanced_example
- for r_pass in $(seq 1 $random_pass); do
- echo "INFO: Random pass $r_pass of $random_pass :"
- openssl enc -pbkdf2 -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt </dev/zero | pv --progress --eta --rate --bytes --size $disk_bytes | dd of=/dev/$1 bs=2M oflag=direct iflag=fullblock
- done
- for z_pass in $(seq 1 $zeroing_pass); do
- echo "INFO: Zeroing pass $z_pass of $zeroing_pass :"
- dd if=/dev/zero | pv --progress --eta --rate --bytes --size $disk_bytes | dd of=/dev/$1 bs=2M oflag=direct iflag=fullblock
- done
- echo "!!! FINISHED wiping $1 !!!"
- #some of the sources used:
- #https://stackoverflow.com/questions/12806176/checking-for-installed-packages-and-if-not-found-install
- #https://stackoverflow.com/questions/19477682/bash-script-determine-vendor-and-install-system-apt-get-yum-etc
- #https://jschumacher.info/2016/03/erasing-with-openssl/
- #https://wiki.archlinux.org/title/Securely_wipe_disk/Tips_and_tricks#dd_-_advanced_example
- #https://serverfault.com/questions/6440/is-there-an-alternative-to-dev-urandom
|