author | ft |
Wed, 03 Dec 2014 10:50:25 +0100 | |
changeset 33 | a9dcb543be7a |
parent 27 | a8c8d86b8501 |
permissions | -rwxr-xr-x |
ft@1 | 1 |
#!/bin/sh |
ft@1 | 2 |
|
ft@27 | 3 |
# ------------------------------------------------------------ |
ft@27 | 4 |
# opensecurity package file |
ft@27 | 5 |
# |
ft@27 | 6 |
# Autor: X-Net Services GmbH <office@x-net.at> |
ft@27 | 7 |
# |
ft@27 | 8 |
# Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology |
ft@27 | 9 |
# |
ft@27 | 10 |
# |
ft@27 | 11 |
# X-Net Technologies GmbH |
ft@27 | 12 |
# Elisabethstrasse 1 |
ft@27 | 13 |
# 4020 Linz |
ft@27 | 14 |
# AUSTRIA |
ft@27 | 15 |
# https://www.x-net.at |
ft@27 | 16 |
# |
ft@27 | 17 |
# AIT Austrian Institute of Technology |
ft@27 | 18 |
# Donau City Strasse 1 |
ft@27 | 19 |
# 1220 Wien |
ft@27 | 20 |
# AUSTRIA |
ft@27 | 21 |
# http://www.ait.ac.at |
ft@27 | 22 |
# |
ft@27 | 23 |
# |
ft@27 | 24 |
# Licensed under the Apache License, Version 2.0 (the "License"); |
ft@27 | 25 |
# you may not use this file except in compliance with the License. |
ft@27 | 26 |
# You may obtain a copy of the License at |
ft@27 | 27 |
# |
ft@27 | 28 |
# http://www.apache.org/licenses/LICENSE-2.0 |
ft@27 | 29 |
# |
ft@27 | 30 |
# Unless required by applicable law or agreed to in writing, software |
ft@27 | 31 |
# distributed under the License is distributed on an "AS IS" BASIS, |
ft@27 | 32 |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
ft@27 | 33 |
# See the License for the specific language governing permissions and |
ft@27 | 34 |
# limitations under the License. |
ft@27 | 35 |
# ------------------------------------------------------------ |
ft@27 | 36 |
|
ft@1 | 37 |
BASEDIR="$(dirname $0)" |
ft@1 | 38 |
DEVICE="$1" |
ft@1 | 39 |
MOUNTPOINT="$2" |
ft@1 | 40 |
PASSWORD="$3" |
ft@1 | 41 |
KEYFILE="$4" |
ft@1 | 42 |
|
ft@16 | 43 |
|
ft@16 | 44 |
getRemoteIp () |
ft@16 | 45 |
{ |
ft@16 | 46 |
ip_address=$(ifconfig eth0 | grep "inet " | awk '{ print $2 }' | cut -d ":" -f 2) |
ft@16 | 47 |
ip_netmask=$(ifconfig eth0 | grep "inet " | awk '{ print $4 }' | cut -d ":" -f 2) |
ft@16 | 48 |
remote_ip=$(ipcalc $ip_address/$ip_netmask | grep HostMin | awk '{ print $2}') |
ft@16 | 49 |
|
ft@16 | 50 |
echo $remote_ip |
ft@16 | 51 |
} |
ft@16 | 52 |
|
ft@16 | 53 |
sendInfoNotification () |
ft@16 | 54 |
{ |
ft@16 | 55 |
MESSAGE="$1" |
ft@25 | 56 |
wget -q -T 3 -t 1 -O /dev/null "http://$(getRemoteIp):8090/message?msgtype=information&text=$MESSAGE" |
ft@16 | 57 |
} |
ft@16 | 58 |
|
ft@16 | 59 |
sendErrorNotification () |
ft@16 | 60 |
{ |
ft@16 | 61 |
MESSAGE="$1" |
ft@17 | 62 |
wget -q -T 3 -t 1 -O /dev/null "http://$(getRemoteIp):8090/notification?msgtype=critical&text=$MESSAGE" |
ft@16 | 63 |
} |
ft@16 | 64 |
|
ft@16 | 65 |
|
ft@1 | 66 |
if [ -r "$BASEDIR/truecrypt_config.cfg" ] |
ft@1 | 67 |
then |
ft@1 | 68 |
. "$BASEDIR/truecrypt_config.cfg" |
ft@1 | 69 |
else |
ft@1 | 70 |
echo "truecrypt_config.cfg not found" >&2 |
ft@1 | 71 |
exit 1 |
ft@1 | 72 |
fi |
ft@1 | 73 |
|
ft@8 | 74 |
# make sure to have "/dev/sdb" (not "/dev/sdb1") |
ft@15 | 75 |
#DEVICE="${DEVICE:0:8}" the bash way does not work in dash -.- |
ft@13 | 76 |
DEVICE="$(echo "$DEVICE" | awk '{print substr($1,0,9)}')" |
ft@8 | 77 |
|
ft@16 | 78 |
sendInfoNotification "Encrypt device" |
ft@7 | 79 |
if [ -z "$KEYFILE" ] |
ft@7 | 80 |
then |
ft@7 | 81 |
message="$($tc_cmd -c --non-interactive --quick --filesystem=none --encryption=AES --hash=RIPEMD-160 -p "$PASSWORD" "$DEVICE")" |
ft@7 | 82 |
result="$?" |
ft@7 | 83 |
else |
ft@7 | 84 |
message="$($tc_cmd -c --non-interactive --quick --filesystem=none --encryption=AES --hash=RIPEMD-160 -p "$PASSWORD" -k "$KEYFILE" "$DEVICE")" |
ft@7 | 85 |
result="$?" |
ft@7 | 86 |
fi |
ft@16 | 87 |
|
ft@7 | 88 |
|
ft@7 | 89 |
if [ "$result" != "0" ] |
ft@7 | 90 |
then |
ft@16 | 91 |
sendErrorNotification "Encryption failed" |
ft@7 | 92 |
exit 1 |
ft@7 | 93 |
fi |
ft@1 | 94 |
|
ft@16 | 95 |
sendInfoNotification "Device encrypted" |
ft@16 | 96 |
|
ft@1 | 97 |
|
ft@1 | 98 |
|
ft@1 | 99 |
if [ -z "$KEYFILE" ] |
ft@1 | 100 |
then |
ft@7 | 101 |
message="$message\n$($tc_cmd --non-interactive --filesystem=none -p "$PASSWORD" "$DEVICE")" |
ft@7 | 102 |
result="$?" |
ft@1 | 103 |
else |
ft@7 | 104 |
message="$message\n$($tc_cmd --non-interactive --filesystem=none -p "$PASSWORD" -k "$KEYFILE" "$DEVICE")" |
ft@7 | 105 |
result="$?" |
ft@1 | 106 |
fi |
ft@1 | 107 |
|
ft@7 | 108 |
if [ "$result" != "0" ] |
ft@7 | 109 |
then |
ft@7 | 110 |
exit 1 |
ft@7 | 111 |
fi |
ft@7 | 112 |
|
ft@7 | 113 |
|
ft@7 | 114 |
|
ft@16 | 115 |
sendInfoNotification "Create NTFS filesystem on encrypted device" |
ft@7 | 116 |
|
ft@7 | 117 |
TC_DEVICE=$(truecrypt -l | awk '{print $3}') |
ft@7 | 118 |
|
ft@7 | 119 |
message="$message\n$(mkfs.ntfs --quick "$TC_DEVICE")" |
ft@1 | 120 |
result="$?" |
ft@1 | 121 |
|
ft@1 | 122 |
if [ "$result" != "0" ] |
ft@1 | 123 |
then |
ft@16 | 124 |
sendErrorNotification "Filesystem creation failed" |
ft@1 | 125 |
exit 1 |
ft@1 | 126 |
fi |
ft@1 | 127 |
|
ft@16 | 128 |
sendInfoNotification "Filesystem successfully created" |
ft@16 | 129 |
|
ft@7 | 130 |
mount "$TC_DEVICE" "$MOUNTPOINT" |
ft@7 | 131 |
|
ft@33 | 132 |
# Not an Error but the User should click away this message |
ft@33 | 133 |
sendErrorNotification "Stick is now initialized" |
ft@16 | 134 |
|
ft@1 | 135 |
echo "$message" |
ft@33 | 136 |
exit 0 |