Home Explore Help
Register Sign In
panda
/
disk_wiper
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
disk_wiper
/
_OLD
/
wiper.sh

wiper.sh 4.7 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156 
  1. #!/usr/bin/env bash
    2. 

  2. 

  3. #variables:
    4. 

  4. random_pass=2
    5. 

  5. zeroing_pass=1
    6. 

  6. prereq_list="pv smartmontools hdparm"
    7. 

  7. YUM_CMD=$(which yum)
    8. 

  8. APT_CMD=$(which apt-get)
    9. 

  9. 

  10. #check that a disk has been provided:
    11. 

  11. if [ -z "$1" ]
    12. 

  12. then
    13. 

  13. 	echo "USAGE: \"./wiper.sh diskname\", for example: \"./wiper.sh sdb\""
    14. 

  14. 	exit
    15. 

  15. fi
    16. 

  16. 

  17. #check the disk exists:
    18. 

  18. if [ ! -e "/dev/$1" ]; then
    19. 

  19. 	echo "ERROR: /dev/$1 does not exists. exiting."
    20. 

  20. 	exit
    21. 

  21. fi
    22. 

  22. 

  23. #check that a disk has been provided:
    24. 

  24. if [ "$2" == "--override" ]
    25. 

  25. then
    26. 

  26. 	override=1
    27. 

  27. fi
    28. 

  28. 

  29. #prerequisites:
    30. 

  30. 

  31. if [[ ! -z $APT_CMD ]]; then
    32. 

  32.   for prereq in $prereq_list; do
    33. 

  33. 	PKG_OK=$(dpkg-query -W --showformat='${Status}\n' $prereq|grep "install ok installed")
    34. 

  34. 	#echo Checking for $prereq: $PKG_OK
    35. 

  35. 	if [ "" = "$PKG_OK" ]; then
    36. 

  36. 	  echo "INFO: $prereq is not present. Setting up $prereq."
    37. 

  37. 	  sudo apt-get --yes install $prereq
    38. 

  38. 	fi
    39. 

  39.   done
    40. 

  40. elif [[ ! -z $YUM_CMD ]]; then
    41. 

  41.   for prereq in $prereq_list; do
    42. 

  42. 	if ! rpm -qa | grep -qw $prereq; then
    43. 

  43. 		yum install $prereq
    44. 

  44. 	fi
    45. 

  45.   done
    46. 

  46. else
    47. 

  47. 	echo "ERROR: error can't find the correct installer for the prerequisites"
    48. 

  48. 	exit 1;
    49. 

  49. fi
    50. 

  50. 

  51. echo "---"
    52. 

  52. 

  53. 

  54. 

  55. 

  56. #collect data about disk type:
    57. 

  57. disk_type=$(smartctl -a /dev/$1 | grep -i "Rotation Rate:" | cut -d':' -f2 | tr -d " ")
    58. 

  58. 

  59. #store if the disk is an ssd:
    60. 

  60. if [[ $disk_type == *"SolidStateDevice"* ]]; then
    61. 

  61. 	disk_ssd=1
    62. 

  62. #	echo "disk is ssd"
    63. 

  63. elif [[ $disk_type == *"rpm"* ]]; then
    64. 

  64. 	disk_ssd=0
    65. 

  65. #	echo "disk is not ssd"
    66. 

  66. else
    67. 

  67. 	echo "disk type unknown"
    68. 

  68. 	read -p "Continue anyway?" choice
    69. 

  69. 	case "$choice" in
    70. 

  70. 	  y|Y ) echo "continuing";;
    71. 

  71. 	  n|N ) echo "exiting" && exit;;
    72. 

  72. 	  * ) echo "invalid" && exit;;
    73. 

  73. 	esac
    74. 

  74. #	exit
    75. 

  75. fi
    76. 

  76. 

  77. #
    78. 

  78. if [[ "$override" -eq 1 ]]; then
    79. 

  79. 	echo "INFO: continuing to wipe since override has been issued"
    80. 

  80. else
    81. 

  81.   #check for disk errors, differentiating by device type since smart output is different between sata and sas drives:
    82. 

  82.   if smartctl -a /dev/$1 | grep -q "SATA"; then
    83. 

  83. 	#echo "Type of disk: SATA"
    84. 

  84. 	if smartctl -a /dev/$1 | grep -q "No Errors Logged"; then
    85. 

  85. 		echo "INFO: This is a SATA disk, detecting no errors, going on:"
    86. 

  86. 	else
    87. 

  87. 		sata_model=$(smartctl -a /dev/$1 | grep -i "Device Model:" | cut -d':' -f2 | tr -d " ")
    88. 

  88. 		sata_serial=$(smartctl -a /dev/$1 | grep -i "Serial number:" | cut -d':' -f2 | tr -d " ")
    89. 

  89. 		echo "!!! ERRORS !!!"
    90. 

  90. 		echo "SATA errors, aborting!!!"
    91. 

  91. 		echo "NO WIPING NEEDED, JUST DESTROY THE DISK MECHANICALLY"
    92. 

  92. 		echo "!!! EXITING !!!"
    93. 

  93. 		echo ""
    94. 

  94. 		echo "Model:  $sata_model"
    95. 

  95. 		echo "Serial: $sata_serial"
    96. 

  96. 		exit
    97. 

  97. 	fi
    98. 

  98.   elif smartctl -a /dev/$1 | grep -q "SAS"; then
    99. 

  99. 	#echo "Type of disk: SAS"
    100. 

  100. 	sas_errors=$(smartctl -a /dev/$1 | grep "Elements in grown defect list" | cut -d':' -f2 | tr -d " ")
    101. 

  101. 	if [ "$sas_errors" -gt 0 ]; then
    102. 

  102. 		sas_vendor=$(smartctl -a /dev/$1 | grep -i "Vendor:" | cut -d':' -f2 | tr -d " ")
    103. 

  103. 		sas_model=$(smartctl -a /dev/$1 | grep -i "Product:" | cut -d':' -f2 | tr -d " ")
    104. 

  104. 		sas_serial=$(smartctl -a /dev/$1 | grep -i "Serial number:" | cut -d':' -f2 | tr -d " ")
    105. 

  105. 		echo "!!! ERRORS !!!"
    106. 

  106. 		echo "Elements in grown defect list: " $sas_errors
    107. 

  107. 		echo "NO WIPING NEEDED, JUST DESTROY THE DISK MECHANICALLY"
    108. 

  108. 		echo "!!! EXITING !!!"
    109. 

  109. 		echo ""
    110. 

  110. 		echo "Vendor: $sas_vendor"
    111. 

  111. 		echo "Model:  $sas_model"
    112. 

  112. 		echo "Serial: $sas_serial"
    113. 

  113. 		exit
    114. 

  114. 	else
    115. 

  115. 		echo "INFO: This is a SAS disk, detecting no errors, going on:"
    116. 

  116. 	fi
    117. 

  117.   else
    118. 

  118. 	echo "ERROR: the disk type is none of the expected ones, exiting"
    119. 

  119. 	exit
    120. 

  120.   fi
    121. 

  121. fi
    122. 

  122. 

  123. #warning if is an ssd
    124. 

  124. if [ "$disk_ssd" -eq 1 ]; then
    125. 

  125. 	echo "WARNING: DISK IS AN SSD, Remember that sectors are reallocated thus unwanted data might remain on the flash."
    126. 

  126. 	#TODO: ATA Secure erase? https://grok.lsu.edu/article.aspx?articleid=16716
    127. 

  127. fi
    128. 

  128. 

  129. #calculate disk bytes:
    130. 

  130. disk_blocks=$(cat /proc/partitions | grep -w $1 | tr -s ' ' | cut -d " " -f4);
    131. 

  131. disk_bytes=$(( 1024*disk_blocks ))
    132. 

  132. 

  133. 

  134. #wipe:
    135. 

  135. #see: https://wiki.archlinux.org/title/Securely_wipe_disk/Tips_and_tricks#dd_-_advanced_example
    136. 

  136. 

  137. for r_pass in $(seq 1 $random_pass); do
    138. 

  138. 	echo "INFO: Random pass $r_pass of $random_pass :"
    139. 

  139. 	openssl enc -pbkdf2 -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt </dev/zero | pv --progress --eta --rate --bytes --size $disk_bytes | dd of=/dev/$1 bs=2M oflag=direct iflag=fullblock
    140. 

  140. done
    141. 

  141. 

  142. for z_pass in $(seq 1 $zeroing_pass); do
    143. 

  143. 	echo "INFO: Zeroing pass $z_pass of $zeroing_pass :"
    144. 

  144. 	dd if=/dev/zero | pv --progress --eta --rate --bytes --size $disk_bytes | dd of=/dev/$1 bs=2M oflag=direct iflag=fullblock
    145. 

  145. done
    146. 

  146. 

  147. echo "!!! FINISHED wiping $1 !!!"
    148. 

  148. 

  149. 

  150. 

  151. #some of the sources used:
    152. 

  152. #https://stackoverflow.com/questions/12806176/checking-for-installed-packages-and-if-not-found-install
    153. 

  153. #https://stackoverflow.com/questions/19477682/bash-script-determine-vendor-and-install-system-apt-get-yum-etc
    154. 

  154. #https://jschumacher.info/2016/03/erasing-with-openssl/
    155. 

  155. #https://wiki.archlinux.org/title/Securely_wipe_disk/Tips_and_tricks#dd_-_advanced_example
    156. 

  156. #https://serverfault.com/questions/6440/is-there-an-alternative-to-dev-urandom
    157.