-
Notifications
You must be signed in to change notification settings - Fork 9
/
autoshred.sh
executable file
·254 lines (220 loc) · 9 KB
/
autoshred.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
#!/bin/bash
# AUTHOR: Phil Porada - [email protected]
# WHAT: Automatically runs shred on any block device plugged into the computer aside from devices in the exclusion list
# NOTES: I do not own any rights to Shredder or shred.
BLD=$(tput bold)
RST=$(tput sgr0)
RED=$(tput setaf 1)
GRN=$(tput setaf 2)
YEL=$(tput setaf 3)
BLU=$(tput setaf 4)
DIR=$(dirname "$(readlink -f "$0")")
KEYPRESS=""
function check_config() {
cd "${DIR}"
if [ -f autoshred.conf ]; then
source autoshred.conf
echo "${BLD}${GRN}[+]${RST} Config loaded from "${DIR}"/autoshred.conf"
else
echo "${BLD}${RED}[!]${RST} "${DIR}"/autoshred.conf was not located"
echo "${BLD}${YEL}[-]${RST} Creating a template => "${DIR}"/autoshred.example.conf"
echo "${BLD}${YEL}[-]${RST} Please configure autoshred.example.conf, rename it to autoshred.conf, and run this script again"
cat <<- "EOL" > autoshred.example.conf
####
#### WARNING: USE autoshred.sh AT YOUR OWN RISK.
####
#### This block devices will be spared from data destruction.
#EXCLUSION=("sda" "sdb" "sdc" "sr0")
EXCLUSION=("sda" "sdb" "sr0" "mmcblk0")
#### Rounds of wiping method
ROUNDS=1
#### Use a script that notifies the user of the destruction status
# Set to 0 for off, 1 for on
NOTIFICATION=0
NOTIFYSCRIPT="led-notifier.py"
#### Update override. If set to 1, will continue without updating.
OVERRIDE=0
EOL
kill -9 $$
fi
}
function usage() {
echo "${BLD}${RED}#####################################################################################${RST}"
echo "${BLD}${RED}# WARNING: THIS SCRIPT WILL NUKE DATA IN ANY BLOCK DEVICE NOT IN THE EXCLUSION LIST #${RST}"
echo "${BLD}${RED}#####################################################################################${RST}"
echo
echo "${BLD}Current exclusion list. Run \`lsblk\` to check mounted devices.${RST}"
echo "${BLD}+--------------------+${RST}"
for i in ${EXCLUSION[@]}; do
echo "/dev/$i"
done
echo
echo "${BLD}Script Usage${RST}"
echo "${BLD}+--------------------+${RST}"
echo "${BLD}[-f]${RST} | Run the script. By default this will be 3 passes of the DoD wipe. Configure autoshred.conf to change this value."
echo "ex: sudo ./$(basename $0) -f"
echo
echo "${BLD}[-h]${RST} | Show this help message."
echo "ex: ./$(basename $0) -h"
echo
echo "${BLD}[-s]${RST} | Display Shredder and exit"
echo "ex: ./$(basename $0) -s"
echo
echo "${BLD}Important Read for Data Sanitization${RST}"
echo "${BLD}+---------------------+${RST}"
echo "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf"
echo
}
function shredder_ascii() {
# Thanks to http://www.retrojunkie.com/asciiart/cartchar/turtles.htm
cat <<- 'EOF'
.;iiiiii;;.
;i!!!!!!!!!!!!!!!i.
.i!!!!!!!!!'`.......`''=
i!!!!!!!!' .:::::::::::::..
i!!!!!!!!' :::::::::::::::::::.
' i!!!!!!!!' :::::::::::::::::::::::.
: !!!!!!!!! ::::::::::::::::::::::::::.
:: !!!!!!!! ::::::::::::::::::::::::::::::
::: <!!!!!!!! ::::::::::::::::::::::::::::::: i!!!!>
.::: <!!!!!!!> ::::::::::::::::::::::::::::'` i!!!!!'
:::: <!!!!!!!> ::::::::::::::::::::::::'` ,i!!!!!!'
:::: `!!!!!!!> :::::::::::::::::::''` ,i!!!!!!!!'..
`:::: !!!!!!!!.`::::::::::::::'` .,;i!!!!!!!!!!' ::::.
:::: !!!!!!!!!, `''''``` .,;ii!!!!!!!!!!!'' .::::::::
i!; `::' .!!!!!!!!!!!i;,;i!!!!!!!!!!!!!!!!!!' .::::::::::::::
i!!!!i;,;i!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!''` ::::::::::::::::::
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'`..euJB$. ::::::::::::::::' ::.
!!!!!!!!!!!!!!!!!!!!!!!!!!!''`, $$$$$$$$$Fc :::::::::::::: .:::::
`''''''''''''''''` ..z e$$$F d$P"`""??<<3c :::::::::::' ::::::::.
:::: ?Fx$b. "?$ $$$b($$" dF 'ud$$$$$$c `:::::::' .:::::::::::
`::: $$$$$r-. P9$$$?$bedE' .,d$$$$$$$P" `::::' .:::::::::::::
:::: `? = """" ""?????????"" .~~~. :'.:::::::::::::::' ;
::::: $$$eeed" .~~~~~~~~~~~~~~~~~~~~~~~~~~~ ::::::::::::::::' i!
::::: $$$PF" .~~.$.~~~~~~~~~~~~~~~~~~~~~~~~. :::::::::::::' ,!!!
:: .~~~~~~ ?$ ~~~~~~~~~~~~~~~~~~~~~~~~. ::::::::::' ;!!!!
:: ~~~~~~~~~~~.`$b ~~~~~~~~~~~~~~~~~~~~~~~~. `:::::::' ;!!!!!'
`::: ~~~~~~~~~~~ `$L ~~~~~~~~~~~~~~~~~~~~~~~ . `''` ;!!!!!!
:::: ~~~~~~~~~~~ `$c'~~~~~~~~~~~~~~~~~~~~~ ~~ ,iiii! i!!!!!! !
::::: ~~~~~~~~~~~ "$c`~~~~~~~~~~~~~~~~~~~ ~~ ;!!!!' i!!!!!! i!
`::::: ~~~~~~~~~~~ `$.`~~~~~~~~~~~~~~~~ ~ <!!!!' ;!!!!!!' !!
:::'` `~~~~~~~~~~ "$.`~~~~~~~~~~~~~~ .~ .!!!!!' ;!!!!!!! i!!
,i! ~~~~~~~~~~ "$r'~~~~~~~~~~~~ ' ;!!!!! ;!!!!!!!! !!!
!!!!i !i. `~~~~~~~~ `$c ~~~~~~~~~~~~ <!!!!' i!!!!!!!!! !!!
:!!!!> !!!; ~~~~~~~. "$. ~~~~~~~~ .;!!!!' ;!!!!!!!';!! `!!
`!!!!! `!!!!;. ~~~~~~~~~~~~~~ .;i!!!!' .i!!!!!!' ,!!!!i !!
!!!!!!; `!!!!!i;. ~~~~~~~ .;i!!!!''`.;i!!!!!!!'.;!!!!!!!> !
:! !!!!!!!i `'!!!!!!!!!!!!!!!'''`.;ii!!!!!'`.'` ;!!!!!!!!!! '
EOF
}
function display_header() {
echo " ${BLD}${BLU}###########################################${RST}"
echo " ${BLD}${BLU}#${RST} ${YEL}Block Device Data Destroyer ${BLD}${BLU}#${RST}"
echo " ${BLD}${BLU}#${RST} ${YEL}==> Data today, /dev/null tomorrow <== ${BLD}${BLU}#${RST}"
echo " ${BLD}${BLU}###########################################${RST}"
}
function cleanup() {
echo "${BLD}${YEL}[-]${RST} Any prior jobs running will continue running even after this script has exited."
echo "${BLD}${YEL}[-]${RST} Exiting..."
}
function root_check() {
# Run only with root privs due to the forceful unmounting we need to do.
# You can't sudo echo. You can technically... but whatever
if [ $EUID -ne 0 ]; then
echo "${BLD}${RED}[!]${RST} You must run as root or use sudo"
echo
usage
kill -9 $$
fi
}
function script_update() {
cd "${DIR}"
git fetch
if [ $(git rev-parse HEAD) != $(git rev-parse @{u}) ]; then
echo "${BLD}${YEL}[-]${RST} Autoshred has an update."
if [ $OVERRIDE -ne 1 ]; then
echo "${BLD}${YEL}[-]${RST} Run ${BLD}git pull${RST} to update Autoshred."
exit
fi
else
echo "${BLD}${GRN}[+]${RST} Autoshred is up to date"
fi
}
function check_args() {
if [ $# -ne 1 ]; then
usage
kill -9 $$
fi
while getopts "fhs" opt; do
case $opt in
f) root_check;;
h) usage;
kill -9 $$;
;;
s) shredder_ascii;
kill -9 $$;
;;
\?) echo "Invalid option: -$OPTARG" >&2;
usage;
kill -9 $$;
;;
esac
done
}
function run_bddd() {
# This allows you to capture keyboard entries on stdin in a nonblocking fashion
if [ -t 0 ]; then
stty -echo -icanon -icrnl time 0 min 0
fi
# Loops through our display while checking if the user wants to exit the prog
while [ "x${KEYPRESS}" = "x" ]; do
clear
display_header
echo " ${BLD}${GRN}Press any key to exit${RST}"
echo
echo
DETECTED=( $(lsblk -dnlo KNAME -e 11,1 | grep -v --color=auto ${EXCLUSION[@]/#/-e}) )
echo "${BLD}+ Current list of detected devices +${RST}"
echo "${BLD}+----------------------------------+${RST}"
for i in ${DETECTED[@]}; do
echo "/dev/$i"
if [ -b "/dev/$i" ]; then
if [ -z $(ps aux | grep " shred" | grep $i | egrep -v '(grep|defunct)' | awk '{print $16}' | sed 's|/dev/||g' | head -n1) ]; then
bash -c "shred --force --zero --iterations=$ROUNDS /dev/$i 2>/dev/null; if [ $? -eq 0 ]; then echo 1 > /sys/block/$i/device/delete; fi;" & &>/dev/null
elif [ ! -z $(ps aux | grep " shred" | egrep -v "($i|grep|defunct)" | awk '{print $16}' | sed 's|/dev/||g' | head -n1) ]; then
continue
fi
fi
done
echo
echo
echo "${BLD}+ Current running jobs +${RST}"
echo "${BLD}+----------------------+${RST}"
ps aux | grep " shred" | egrep -v '(grep|delete)'
if [ $NOTIFICATION -eq 1 ]; then
if [ ${#DETECTED[@]} -ne 0 ]; then
./${NOTIFYSCRIPT}
fi
fi
KEYPRESS="$(cat -v)"
unset DETECTED
sleep 1
done
# Resets the tty
if [ -t 0 ]; then
stty sane
fi
}
### Order of operations
check_config
check_args "${@}"
if [ $OVERRIDE -eq 0 ]; then
script_update
fi
trap cleanup SIGINT SIGTERM SIGKILL SIGTSTP
clear
export -f shredder_ascii
shredder_ascii
display_header
sleep 5
run_bddd