ft@0: #!/bin/sh ft@0: ft@0: # ------------------------------------------------------------ ft@0: # opensecurity package file ft@0: # ft@0: # Autor: X-Net Services GmbH ft@0: # ft@0: # Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology ft@0: # ft@0: # ft@0: # X-Net Technologies GmbH ft@0: # Elisabethstrasse 1 ft@0: # 4020 Linz ft@0: # AUSTRIA ft@0: # https://www.x-net.at ft@0: # ft@0: # AIT Austrian Institute of Technology ft@0: # Donau City Strasse 1 ft@0: # 1220 Wien ft@0: # AUSTRIA ft@0: # http://www.ait.ac.at ft@0: # ft@0: # ft@0: # Licensed under the Apache License, Version 2.0 (the "License"); ft@0: # you may not use this file except in compliance with the License. ft@0: # You may obtain a copy of the License at ft@0: # ft@0: # http://www.apache.org/licenses/LICENSE-2.0 ft@0: # ft@0: # Unless required by applicable law or agreed to in writing, software ft@0: # distributed under the License is distributed on an "AS IS" BASIS, ft@0: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ft@0: # See the License for the specific language governing permissions and ft@0: # limitations under the License. ft@0: # ------------------------------------------------------------ ft@0: ft@0: BASEDIR="$(dirname $0)" ft@0: DEVICE="$1" ft@0: MOUNTPOINT="$2" ft@0: PASSWORD="$3" ft@0: KEYFILE="$4" ft@0: ft@0: ft@0: getRemoteIp () ft@0: { ft@0: ip_address=$(ifconfig eth0 | grep "inet " | awk '{ print $2 }' | cut -d ":" -f 2) ft@0: ip_netmask=$(ifconfig eth0 | grep "inet " | awk '{ print $4 }' | cut -d ":" -f 2) ft@0: remote_ip=$(ipcalc $ip_address/$ip_netmask | grep HostMin | awk '{ print $2}') ft@0: ft@0: echo $remote_ip ft@0: } ft@0: ft@0: sendInfoNotification () ft@0: { ft@0: MESSAGE="$1" ft@0: wget -q -T 3 -t 1 -O /dev/null "http://$(getRemoteIp):8090/message?msgtype=information&text=$MESSAGE" ft@0: } ft@0: ft@0: sendErrorNotification () ft@0: { ft@0: MESSAGE="$1" ft@0: wget -q -T 3 -t 1 -O /dev/null "http://$(getRemoteIp):8090/notification?msgtype=critical&text=$MESSAGE" ft@0: } ft@0: ft@0: ft@0: if [ -r "$BASEDIR/truecrypt_config.cfg" ] ft@0: then ft@0: . "$BASEDIR/truecrypt_config.cfg" ft@0: else ft@0: echo "truecrypt_config.cfg not found" >&2 ft@0: exit 1 ft@0: fi ft@0: ft@0: # make sure to have "/dev/sdb" (not "/dev/sdb1") ft@0: #DEVICE="${DEVICE:0:8}" the bash way does not work in dash -.- ft@0: DEVICE="$(echo "$DEVICE" | awk '{print substr($1,0,9)}')" ft@0: ft@0: sendInfoNotification "Encrypt device" ft@0: if [ -z "$KEYFILE" ] ft@0: then ft@0: message="$($tc_cmd -c --non-interactive --quick --filesystem=none --encryption=AES --hash=RIPEMD-160 -p "$PASSWORD" "$DEVICE")" ft@0: result="$?" ft@0: else ft@0: message="$($tc_cmd -c --non-interactive --quick --filesystem=none --encryption=AES --hash=RIPEMD-160 -p "$PASSWORD" -k "$KEYFILE" "$DEVICE")" ft@0: result="$?" ft@0: fi ft@0: ft@0: ft@0: if [ "$result" != "0" ] ft@0: then ft@0: sendErrorNotification "Encryption failed" ft@0: exit 1 ft@0: fi ft@0: ft@0: sendInfoNotification "Device encrypted" ft@0: ft@0: ft@0: ft@0: if [ -z "$KEYFILE" ] ft@0: then ft@0: message="$message\n$($tc_cmd --non-interactive --filesystem=none -p "$PASSWORD" "$DEVICE")" ft@0: result="$?" ft@0: else ft@0: message="$message\n$($tc_cmd --non-interactive --filesystem=none -p "$PASSWORD" -k "$KEYFILE" "$DEVICE")" ft@0: result="$?" ft@0: fi ft@0: ft@0: if [ "$result" != "0" ] ft@0: then ft@0: exit 1 ft@0: fi ft@0: ft@0: ft@0: ft@0: sendInfoNotification "Create NTFS filesystem on encrypted device" ft@0: ft@0: TC_DEVICE=$(truecrypt -l | awk '{print $3}') ft@0: ft@0: message="$message\n$(mkfs.ntfs --quick "$TC_DEVICE")" ft@0: result="$?" ft@0: ft@0: if [ "$result" != "0" ] ft@0: then ft@0: sendErrorNotification "Filesystem creation failed" ft@0: exit 1 ft@0: fi ft@0: ft@0: sendInfoNotification "Filesystem successfully created" ft@0: ft@0: mount "$TC_DEVICE" "$MOUNTPOINT" ft@0: ft@0: sendInfoNotification "Stick is now initialized" ft@0: ft@0: echo "$message" ft@0: exit 0