-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdisk_sanitizer.sh
266 lines (235 loc) · 5.93 KB
/
disk_sanitizer.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
#!/bin/bash
## Joe Nyilas
## 11/01/09
## Solaris Mass LUN/Disk ERASER
## Suitable for placement into Jumpstart or WANBOOT miniroot
# $Id: disk_sanitizer,v 1.4 2020/05/11 19:09:59 jnyilas Exp $
# $Log: disk_sanitizer,v $
# Revision 1.4 2020/05/11 19:09:59 jnyilas
# Fixed reporting of selected devices so that it is clear which devices will be scrubbed.
# Added power off option.
#
# Revision 1.3 2020/05/11 14:55:46 jnyilas
# Added EFI support.
#
# Revision 1.2 2020/05/11 14:22:17 jnyilas
# Added Fast Method
# Changed scrub routines to functions
#
# *** EFI FAQ ***
#The EFI disk label differs from the VTOC disk label in the following ways:
# Provides support for disks greater than 2 terabytes in size.
# Provides usable slices 0-6, where slice 2 is just another slice.
# Partitions (or slices) cannot overlap with the primary or backup label,
# nor with any other partitions. The size of the EFI label is usually 34
# sectors, so partitions usually start at sector 34. This feature means
# that no partition can start at sector zero (0).
# No cylinder, head, or sector information is stored in the EFI label.
# Sizes are reported in blocks.
# Information that was stored in the alternate cylinders area, the last
# two cylinders of the disk, is now stored in slice 8.
# The EFI specification prohibits overlapping slices.
# !! The entire disk is represented by cxtydz. !!
PATH=/bin:/sbin:/usr/sbin
pid_list=""
trap 'echo ""
echo "=======> `basename $0` aborted <======="
echo ""
if [[ -n "${pid_list}" ]]; then
kill ${pid_list}
fi
exit 1' 1 2 3 15
usage()
{
echo "Usage `basename $0` [-x none|disks] [-i disks] [-p]" 1>&2
echo "Usage `basename $0` [-f ] enables fast mode" 1>&2
echo "Usage `basename $0` [-p ] Power Off server after completion" 1>&2
echo "" 1>&2
}
efi_check()
{
# Is this EFI?
# If yes, the whole disk is just the LUN.
# If not (SMI), the whole disk is s2.
chk=`prtvtoc -h /dev/dsk/${disk}s2 | grep "^ *8 "`
if [[ -n "${chk}" ]]; then
#EFI
echo " --> EFI Partition ${disk}"
slice=""
else
#SMI
echo " --> SMI Partition ${disk}"
slice="s2"
fi
}
fast_method()
{
efi_check
echo "The above disk(s) will be sanitized with the
3x random data rewrite method for overwriting data.
This is much faster than the NIST standard, but does not meet
Department of Defense guidelines for media sanitization.
"
# rewrite zero pass 1
dd if=/dev/zero of=/dev/rdsk/${disk}${slice} bs=1024k > /dev/null 2>&1
#rewrite the label
format /dev/rdsk/${disk}${slice}<<EOF > /dev/null
label
y
q
EOF
echo "Disk ${disk} pass 1/3 completed."
# rewrite random pass 2
#rescan device because it has a new label
efi_check
dd if=/dev/urandom of=/dev/rdsk/${disk}${slice} obs=128k > /dev/null 2>&1
#rewrite the label
format /dev/rdsk/${disk}${slice}<<EOF > /dev/null
label
y
q
EOF
echo "Disk ${disk} pass 2/3 completed."
# rewrite random pass 3
#rescan device because it has a new label
efi_check
dd if=/dev/urandom of=/dev/rdsk/${disk}${slice} obs=64k > /dev/null 2>&1
#rewrite the label
format /dev/rdsk/${disk}${slice}<<EOF > /dev/null
label
y
q
EOF
echo "Disk ${disk} pass 3/3 completed."
echo ""
}
std_method()
{
efi_check
echo "The above disk(s) will be sanitized with the
NCSC-TG-025 algorithm for overwriting data.
This meets or exceeds NIST guidelines for media sanitization.
"
format /dev/rdsk/${disk}${slice}<<EOF
analyze
purge
y
q
EOF
}
#Parse arguments
EXCLUDE=""
INCLUDE=""
FAST=0
POWEROFF=0
while getopts pfi:x: o; do
case ${o} in
x) EXCLUDE="${EXCLUDE} ${OPTARG}"
if [[ "${EXCLUDE}" = "none" ]]; then
echo "Not excluding any disks!"
EXCLUDE=""
fi
;;
i) INCLUDE="${INCLUDE} ${OPTARG}"
;;
f) FAST=1
;;
p) POWEROFF=1
;;
*) usage
exit 0
;;
esac
done
shift `expr $OPTIND - 1`
#set the rewrite method
if [[ ${FAST} -eq 1 ]]; then
method=fast_method
else
method=std_method
fi
echo "--> Generating Disk list..."
drvs_all=`format < /dev/null | awk '{print $2}' | grep c[0-9][0-9]*`
#Process Includes
if [[ -n "${INCLUDE}" ]]; then
#include listed disks
drvs=""
for i in ${INCLUDE}; do
echo " -- ${i} included"
drvs="${drvs}
`echo "${drvs_all}" | grep "${i}"`"
done
else
# select all disks
drvs="${drvs_all}"
fi
#Process Excludes
xtotal=0
if [[ -n "${EXCLUDE}" ]]; then
#exclude listed disks
for i in ${EXCLUDE}; do
echo " -- ${i} excluded"
xcnt=`echo "${drvs}" | grep "${i}" | wc -l`
drvs=`echo "${drvs}" | grep -v "${i}"`
xtotal=$(( ${xtotal} + ${xcnt} ))
done
fi
a_cnt=`echo "${drvs_all}" | wc -w | awk '{print $1}'`
cnt=`echo "${drvs}" | wc -w | awk '{print $1}'`
x_cnt=`echo "${EXCLUDE}" | wc -w | awk '{print $1}'`
i_cnt=`echo "${INCLUDE}" | wc -w | awk '{print $1}'`
printf -- "--> %5d total devices found\n" "${a_cnt}"
if [[ "${i_cnt}" -eq 0 ]]; then
printf -- "--> All devices and paths included\n"
else
printf -- "--> %5d devices||paths included\n" "${i_cnt}"
fi
printf -- "--> %5d devices||paths excluded\n" "${x_cnt}"
printf -- "--> %5d actual devices excluded\n" "${xtotal}"
printf -- "--> %5d devices selected\n" "${cnt}"
echo ""
echo "--> Final Device Selections:"
echo "${drvs}"
if [[ "${cnt}" -eq 0 ]]; then
echo "Nothing to do!"
echo ""
exit 0
fi
echo ""
echo "**** ALL DATA ON ALL LISTED DISKS WILL BE DESTROYED ****"
echo "**** IN 60 SECONDS. HALT OR INTERRUPT THIS PROCESS ****"
echo "**** NOW TO PRESERVE YOUR DATA. ****"
echo ""
echo "CTRL-C to Interrupt ..."
sleep 65
#The Bell
echo -e "\07"; sleep .2
echo -e "\07"; sleep .2
echo -e "\07"; sleep .4
echo -e "\07"; sleep .4
echo -e "\07"; sleep .4
echo -e "\07"; sleep .4
echo -e "\07"; sleep .2
echo -e "\07"; sleep .2
echo -e "\07"; sleep .2
for i in 10 9 8 7 6 5 4 3 2 1; do
sleep 1
echo -e "PURGING ALL DATA in $i ... \r\c"
sleep 1
done
#debug
#read q
echo ""
for disk in ${drvs}; do
echo "--> Processing $disk <--"
${method} &
pid_list="$! ${pid_list}"
done
wait
echo ""
echo "Data Purge Completed"
if [[ "${POWEROFF}" -eq 1 ]]; then
echo "Powering off system now"
init 5
fi
exit 0