ft@0
|
1 |
#!/bin/sh
|
ft@0
|
2 |
|
ft@0
|
3 |
# ------------------------------------------------------------
|
ft@0
|
4 |
# opensecurity package file
|
ft@0
|
5 |
#
|
ft@0
|
6 |
# Autor: X-Net Services GmbH <office@x-net.at>
|
ft@0
|
7 |
#
|
ft@0
|
8 |
# Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology
|
ft@0
|
9 |
#
|
ft@0
|
10 |
#
|
ft@0
|
11 |
# X-Net Technologies GmbH
|
ft@0
|
12 |
# Elisabethstrasse 1
|
ft@0
|
13 |
# 4020 Linz
|
ft@0
|
14 |
# AUSTRIA
|
ft@0
|
15 |
# https://www.x-net.at
|
ft@0
|
16 |
#
|
ft@0
|
17 |
# AIT Austrian Institute of Technology
|
ft@0
|
18 |
# Donau City Strasse 1
|
ft@0
|
19 |
# 1220 Wien
|
ft@0
|
20 |
# AUSTRIA
|
ft@0
|
21 |
# http://www.ait.ac.at
|
ft@0
|
22 |
#
|
ft@0
|
23 |
#
|
ft@0
|
24 |
# Licensed under the Apache License, Version 2.0 (the "License");
|
ft@0
|
25 |
# you may not use this file except in compliance with the License.
|
ft@0
|
26 |
# You may obtain a copy of the License at
|
ft@0
|
27 |
#
|
ft@0
|
28 |
# http://www.apache.org/licenses/LICENSE-2.0
|
ft@0
|
29 |
#
|
ft@0
|
30 |
# Unless required by applicable law or agreed to in writing, software
|
ft@0
|
31 |
# distributed under the License is distributed on an "AS IS" BASIS,
|
ft@0
|
32 |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
ft@0
|
33 |
# See the License for the specific language governing permissions and
|
ft@0
|
34 |
# limitations under the License.
|
ft@0
|
35 |
# ------------------------------------------------------------
|
ft@0
|
36 |
|
ft@0
|
37 |
BASEDIR="$(dirname $0)"
|
ft@0
|
38 |
DEVICE="$1"
|
ft@0
|
39 |
MOUNTPOINT="$2"
|
ft@0
|
40 |
PASSWORD="$3"
|
ft@0
|
41 |
KEYFILE="$4"
|
ft@0
|
42 |
|
ft@0
|
43 |
|
ft@0
|
44 |
getRemoteIp ()
|
ft@0
|
45 |
{
|
ft@0
|
46 |
ip_address=$(ifconfig eth0 | grep "inet " | awk '{ print $2 }' | cut -d ":" -f 2)
|
ft@0
|
47 |
ip_netmask=$(ifconfig eth0 | grep "inet " | awk '{ print $4 }' | cut -d ":" -f 2)
|
ft@0
|
48 |
remote_ip=$(ipcalc $ip_address/$ip_netmask | grep HostMin | awk '{ print $2}')
|
ft@0
|
49 |
|
ft@0
|
50 |
echo $remote_ip
|
ft@0
|
51 |
}
|
ft@0
|
52 |
|
ft@0
|
53 |
sendInfoNotification ()
|
ft@0
|
54 |
{
|
ft@0
|
55 |
MESSAGE="$1"
|
ft@0
|
56 |
wget -q -T 3 -t 1 -O /dev/null "http://$(getRemoteIp):8090/message?msgtype=information&text=$MESSAGE"
|
ft@0
|
57 |
}
|
ft@0
|
58 |
|
ft@0
|
59 |
sendErrorNotification ()
|
ft@0
|
60 |
{
|
ft@0
|
61 |
MESSAGE="$1"
|
ft@0
|
62 |
wget -q -T 3 -t 1 -O /dev/null "http://$(getRemoteIp):8090/notification?msgtype=critical&text=$MESSAGE"
|
ft@0
|
63 |
}
|
ft@0
|
64 |
|
ft@0
|
65 |
|
ft@0
|
66 |
if [ -r "$BASEDIR/truecrypt_config.cfg" ]
|
ft@0
|
67 |
then
|
ft@0
|
68 |
. "$BASEDIR/truecrypt_config.cfg"
|
ft@0
|
69 |
else
|
ft@0
|
70 |
echo "truecrypt_config.cfg not found" >&2
|
ft@0
|
71 |
exit 1
|
ft@0
|
72 |
fi
|
ft@0
|
73 |
|
ft@0
|
74 |
# make sure to have "/dev/sdb" (not "/dev/sdb1")
|
ft@0
|
75 |
#DEVICE="${DEVICE:0:8}" the bash way does not work in dash -.-
|
ft@0
|
76 |
DEVICE="$(echo "$DEVICE" | awk '{print substr($1,0,9)}')"
|
ft@0
|
77 |
|
ft@0
|
78 |
sendInfoNotification "Encrypt device"
|
ft@0
|
79 |
if [ -z "$KEYFILE" ]
|
ft@0
|
80 |
then
|
ft@0
|
81 |
message="$($tc_cmd -c --non-interactive --quick --filesystem=none --encryption=AES --hash=RIPEMD-160 -p "$PASSWORD" "$DEVICE")"
|
ft@0
|
82 |
result="$?"
|
ft@0
|
83 |
else
|
ft@0
|
84 |
message="$($tc_cmd -c --non-interactive --quick --filesystem=none --encryption=AES --hash=RIPEMD-160 -p "$PASSWORD" -k "$KEYFILE" "$DEVICE")"
|
ft@0
|
85 |
result="$?"
|
ft@0
|
86 |
fi
|
ft@0
|
87 |
|
ft@0
|
88 |
|
ft@0
|
89 |
if [ "$result" != "0" ]
|
ft@0
|
90 |
then
|
ft@0
|
91 |
sendErrorNotification "Encryption failed"
|
ft@0
|
92 |
exit 1
|
ft@0
|
93 |
fi
|
ft@0
|
94 |
|
ft@0
|
95 |
sendInfoNotification "Device encrypted"
|
ft@0
|
96 |
|
ft@0
|
97 |
|
ft@0
|
98 |
|
ft@0
|
99 |
if [ -z "$KEYFILE" ]
|
ft@0
|
100 |
then
|
ft@0
|
101 |
message="$message\n$($tc_cmd --non-interactive --filesystem=none -p "$PASSWORD" "$DEVICE")"
|
ft@0
|
102 |
result="$?"
|
ft@0
|
103 |
else
|
ft@0
|
104 |
message="$message\n$($tc_cmd --non-interactive --filesystem=none -p "$PASSWORD" -k "$KEYFILE" "$DEVICE")"
|
ft@0
|
105 |
result="$?"
|
ft@0
|
106 |
fi
|
ft@0
|
107 |
|
ft@0
|
108 |
if [ "$result" != "0" ]
|
ft@0
|
109 |
then
|
ft@0
|
110 |
exit 1
|
ft@0
|
111 |
fi
|
ft@0
|
112 |
|
ft@0
|
113 |
|
ft@0
|
114 |
|
ft@0
|
115 |
sendInfoNotification "Create NTFS filesystem on encrypted device"
|
ft@0
|
116 |
|
ft@0
|
117 |
TC_DEVICE=$(truecrypt -l | awk '{print $3}')
|
ft@0
|
118 |
|
ft@0
|
119 |
message="$message\n$(mkfs.ntfs --quick "$TC_DEVICE")"
|
ft@0
|
120 |
result="$?"
|
ft@0
|
121 |
|
ft@0
|
122 |
if [ "$result" != "0" ]
|
ft@0
|
123 |
then
|
ft@0
|
124 |
sendErrorNotification "Filesystem creation failed"
|
ft@0
|
125 |
exit 1
|
ft@0
|
126 |
fi
|
ft@0
|
127 |
|
ft@0
|
128 |
sendInfoNotification "Filesystem successfully created"
|
ft@0
|
129 |
|
ft@0
|
130 |
mount "$TC_DEVICE" "$MOUNTPOINT"
|
ft@0
|
131 |
|
ft@4
|
132 |
# Not an Error but the User should click away this message
|
ft@4
|
133 |
sendErrorNotification "Stick is now initialized"
|
ft@0
|
134 |
|
ft@0
|
135 |
echo "$message"
|
ft@4
|
136 |
exit 0
|