#!/usr/bin/sudo -s # Eli Criffield # # 1162004045 # # boot ubuntu-6.06-desktop-i386.iso # Applicatioins -> Accessories -> Terminal # open terminal # wget http://216.58.238.243/eli/cryptroot/crypted_lvm_root.sh # ./crypted_lvm_root.sh # # to rescue # boot ubuntu-6.06-desktop-i386.iso # Applicatioins -> Accessories -> Terminal # open terminal # sudo mount -L boot /tmp # cp /tmp/rescue-script . # ./rescuse-script # # for debug please uncommnet the next line and run like this and mail me # the log # ./script 2>&1 |tee log #set -x ch='chroot /install sh -c' URL='http://216.58.238.243/eli/cryptroot/' DISK=`sfdisk -l 2>/dev/null |grep Disk |awk '{print $2}'|sed 's/://g' |grep -v '/dev/md' |head -1` MEM=`free -m |grep Mem |awk '{print $2}'` let MEM=MEM+128 function errck { if [ $? -ne 0 ] ; then echo "SOMETHING WENT WRONG " echo echo $1 exit 1; fi } function umountALL { swapoff -a umount /install/sys umount /install/proc umount /install/dev for i in `df |awk '{print $NF}' |grep install |sort -r` ; do umount $i errck done } function mountALL { mkdir /BOOTinstall 2>&1 > /dev/null mkdir /install 2>&1 > /dev/null umount ${DISK}1 mount ${DISK}1 /BOOTinstall errck dpkg -i /BOOTinstall/crypt/cryptsetup*.deb cryptsetup luksOpen ${DISK}3 pvcrypt vgscan vgchange -a y vg=`vgdisplay -s |awk '{print $1}' |sed -s 's/"//g' |head -1` cd /dev/${vg}/ swapon /dev/${vg}/swap errck mount /dev/${vg}/root /install errck cd /install errck for mnt in home var tmp usr; do mount /dev/${vg}/$mnt /install/$mnt errck done mount --bind /BOOTinstall /install/boot errck for i in var/run var/lock sys proc dev ; do mount --bind /${i} /install/${i} errck done cp /etc/lvm/.cache /install/etc/lvm/ } function chRoot { mountALL cat < /install/etc/mtab proc /proc proc rw 0 0 /sys /sys sysfs rw 0 0 varrun /var/run tmpfs rw 0 0 varlock /var/lock tmpfs rw 0 0 udev /dev tmpfs rw 0 0 ${DISK} /boot reiserfs rw 0 0 /dev/mapper/${vg}-root / reiserfs rw 0 0 /dev/mapper/${vg}-home /home reiserfs rw 0 0 /dev/mapper/${vg}-var /var reiserfs rw 0 0 /dev/mapper/${vg}-tmp /tmp reiserfs rw 0 0 /dev/mapper/${vg}-usr /usr reiserfs rw 0 0 XXXX chroot /install } ################### function create_sources.list { outfile=${1:-/etc/apt/sources.list} cat < $outfile # Eli Criffield # setup by the cryptolvm install script deb http://us.archive.ubuntu.com/ubuntu/ dapper main universe multiverse restricted deb-src http://us.archive.ubuntu.com/ubuntu/ dapper main universe multiverse restricted deb http://us.archive.ubuntu.com/ubuntu/ dapper-updates main universe multiverse restricted deb-src http://us.archive.ubuntu.com/ubuntu/ dapper-updates main universe multiverse restricted deb http://us.archive.ubuntu.com/ubuntu/ dapper-backports main universe multiverse restricted deb-src http://us.archive.ubuntu.com/ubuntu/ dapper-backports main universe multiverse restricted deb http://security.ubuntu.com/ubuntu dapper-security main universe multiverse restricted deb-src http://security.ubuntu.com/ubuntu dapper-security main universe multiverse restricted EOF errck "create_source.list" } ############# ############## function create_fstab { outfile=${1:-/install/etc/fstab} cat < $outfile # Eli Criffield # use only spaces, tabs work but are messy # /etc/fstab: static file system information. # # proc /proc proc defaults 0 0 /dev/mapper/vgcrypt-root / reiserfs user_xattr 0 1 ${DISK}1 /boot reiserfs notail 0 2 /dev/mapper/vgcrypt-home /home reiserfs user_xattr 0 2 /dev/mapper/vgcrypt-tmp /tmp reiserfs defaults 0 2 /dev/mapper/vgcrypt-usr /usr reiserfs user_xattr 0 2 /dev/mapper/vgcrypt-var /var reiserfs user_xattr 0 2 /dev/mapper/vgcrypt-swap none swap sw 0 0 /dev/cdrom /media/cdrom0 udf,iso9660 user,noauto 0 0 EOF errck "create_fstab" } ############# function create_interfaces { outfile=${1:-/install/etc/network/interfaces} cat < $outfile # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # # Eli Criffield # auto lo eth0 iface lo inet loopback iface eth0 inet dhcp EOF errck "create_interfaces" } ############# function create_mtab { outfile=${1:-/install/etc/mtab} cat < $outfile proc /proc proc rw 0 0 /sys /sys sysfs rw 0 0 varrun /var/run tmpfs rw 0 0 varlock /var/lock tmpfs rw 0 0 udev /dev tmpfs rw 0 0 ${DISK}1 /boot reiserfs rw 0 0 /dev/mapper/vgcrypt-root / reiserfs rw 0 0 /dev/mapper/vgcrypt-home /home reiserfs rw 0 0 /dev/mapper/vgcrypt-var /var reiserfs rw 0 0 /dev/mapper/vgcrypt-tmp /tmp reiserfs rw 0 0 /dev/mapper/vgcrypt-usr /usr reiserfs rw 0 0 EOF errck "create_mtab" } ############# function create_kernel-img.conf { outfile=${1:-/install/etc/kernel-img.conf} cat < $outfile do_symlinks = yes relative_links = yes do_bootloader = no do_bootfloppy = no do_initrd = yes link_in_boot = no postinst_hook = /sbin/update-grub postrm_hook = /sbin/update-grub EOF errck "create_kernel-img.conf" } ############### function create_sudoers { outfile=${1:-/install/etc/sudoers} cat <> $outfile # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL EOF errck "create_sudoers" } function create_hosts { outfile=${1:-/install/etc/hosts} cat < $outfile # Eli Criffield 127.0.0.1 localhost localhost.localdomain ubuntu # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts EOF errck "create_sudoers" } ############### function create_cryptlvm-initramfs_1-1_i386.deb { outfile=${1:-/BOOTinstall/crypt/cryptlvm-initramfs_1-1_i386.deb} tmpfl=`mktemp` cat < $tmpfl ### cryptlvm-initramfs_1-1_i386.deb, not encrypted just stored -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.5 (GNU/Linux) owFby6qbJJ9cVFlQklOWq5uZl1lSlJibVhxvqGsYn2lsYaaXkprk6nShWtEmsSg5 w44LyM1MzNNNysxLLKpUUFAwNDQzMjAwNTA3UlAwUAABCGloYGBmYqKgYKIAAwlc RnoGXMn5eSVF+Tl6JYlFeulVhPUbG1jC9ct3czCAAfPbi47ZhwxE2D/M+6z5ifXK sShRf76ym4kKHLunfwmVv7ZE5aXZ95ff18SZ3Sgr2vDxv2PlQ9W/k7/1qt88+zQp cJqz6PzXG8wqLc+ejsxc9vxf0kTxmXqb4y8cD2Fdu/lB7a93d/x/11+pSNrrfXC7 +bz/NWa/i/4d3fPDoj6Za3K61fE/+XnBN523Lp667eGVpd9+WiQd1ww5rrbKN0He Ym7YrLilS7elCFerp39P4X/z5PzWtVU7Qla5R9dNXrC0as0N1UqNmGTbrXu2Nc5u W7n2eN+kXdxl5z2Zfiu8L9g4Z7U6V2GHufLidyuVw49nOyy5Un6pW+hS7LsNstMC ze1eJKtuv/ny9dnSsx8Fvp6eN+fd48rmOxOctk7jD5FkQAMH6j/ytXqkrGTQYGDg SkksSYQHNxExZm5hhi3Ew2PzbxmIPL25/9G0sNdRnJMYGj2vyi1r3LIvR3e1mu/l lp7iTJ1JFptlo8K+7j/Pd4Hf6/babO/lPz00Nr63Fb/9fJLMq7inJx9KlxzasEdK J/707wP80nU3uJj3Jz6zlt0f2bjhE4/GlGVCC5RaL5Q/vSv+3z3we4Dx+9aX8j/W bnj7pd7u72XD8zummchqvld9cf/L2aMv94v9TVY81n+btX5dvXZGi9//0lfnn5hc V5q5xH/9/ol2EZf2y/6Yy/XD77/68Wdt5k9mLk9y4vu1t+79h9ytXh56gY/4v1a1 zxGcwRyps2CX6elVk4qdJEI5ohk/5Dje2Hlinn/MJv+dbP+Tdmx3Dwh045A/aH6j 4ZZmxSm9JW+sW3edePhb7oXE5qdCyn4esnucPDdnaV3cnXF3lpjSTNOC3JAUn+KJ mk6XCo+o5swtrZ7fv+v338+bHs/k7GQJZ/e9Xd3ytMD0svQstgs2R39ZLK38++N5 rqi4TfSRmldpdVt+cbvYyT7QNNJQ9WDpPWYR+vRF1oV3W2xmVSzKZ5nOv3aOguZZ rlk8GSK8QYKinFoLVmTZ1FyOEzV+foMj3G1RSYCY+pJHAT/15/3v8szb9VJQ9gDz vf9r/R7c+//6qr1gj9qzibOqz6+v332z7P//+J5/9a9Z33+uP5vg+b/tfo7p3P/R k/9rK82xOcKcd8gwK/tPVlt4wVHTVe3Sh1X9S6YLKx9b+ySIRzCr3Tk78syMFSyG 7W2mM45funO1ruGU8KqkDz7rNKe5cZ7/0HV8j0lko+lMHUctz52P395VdXj/+Pe/ 682L48Tt9rwuX3j7/v9LzXejN8SGzZy66tUM7QSls9y9QlypayPZZky1N+o5EHGL Q+mkesRc42WLGq5s0Ux5dEQlalak8ZOQlcKJk7Y2cHhbFexVmJkbHaeyKZc3+fSe Yxs3zvC7cKVF2MrUVMyleofCkrVeks6p081bO7K4vLgzwzSMdmzrlJx8Z8MiT8Ow +UVnDhjzPj0qmOtkN3PnyfviR18Fiek96zRlWy82ceaxpVHnTlpaoII1x/Stn+26 C8pOAA== =jZbu -----END PGP MESSAGE----- EOFXXXXXXXXXXXX errck "create_cryptlvm-initramfs_1-1_i386.deb" rm -f $outfile gpg --output $outfile $tmpfl errck "create_cryptlvm-initramfs_1-1_i386.deb" } ############### function umountDISK { DISK=${1:-$DISK} # CATION DOESN't work if there are lvm's mounted or # fs is in use for i in `df |awk '{print $1}' |grep $DISK` ; do umount $i errck "umount $i" done } function partition_disk { DISK=${1:-$DISK} umountDISK $DISK echo "Are you SURE you want to destroy all data on $DISK" echo "type YES now to continue " echo -n "anything else will exit:" read an if [ $an == "YES" -o $an == "yes" ]; then echo partition disk now else echo bailing out exit fi echo echo "Has this disk ever had any sensitive data on it" echo "If so we can securely delete it now (by using shred)" echo "type YES will shred, this will take hours " echo -n "anything else will continue without shreding:" read an if [ $an == "YES" -o $an == "yes" ]; then # 5 times better be enough, if your paraonied make it 25 shred -n 4 -z -v $DISK fi # 3 partitions # 1 512M for boot # 2 MEMSIZE for resume # 3 CRYPTED for LVM sfdisk -uM -L $DISK <