--- /dev/null
+#!/bin/bash
+
+function help() {
+
+ echo "immudex-crypt - script used for listing, open and close crypt_LUKS ppartitions";
+ echo "@ 2024 morketsmerke.org";
+ echo "Superuser (root) privileges are required.";
+ echo "Options:";
+ echo " list - displaing list of opened and available crypt_LUKS devices";
+ echo " create - formatting device for crypt_LUKS";
+ echo " open - opening crypt_LUKS device, after this device is ready to mount";
+ echo " close - unmount and closing crypt_LUKS devices";
+ echo "Using:";
+ echo "# immudex-crypt list";
+ echo "# immudex-crypt create <disk partition>";
+ echo "# immudex-crypt open <crypt_LUKS device>";
+ echo "# immudex-crypt close immudex-crypt[0-9] | ic[0-9] | [0-9]";
+ echo "LVM prep:";
+ echo "It's possible to mount EXT4 LV with your data, behind LUKS. For now";
+ echo "only open function works, so you need prepare whole LVM structure on";
+ echo "your disk or partition even with file system instalation. If there is";
+ echo "only one EXT4 LV it will be mounted automaticly, but if there is more";
+ echo "than one, you will be asked to choose which one shoud be mounted.";
+ echo "LVM behind LUKS, can be used for swap. Turning on swap partition is up";
+ echo "to you, but close function check is there any swap partition in use";
+ echo "and turn off swap before deactivating volume group and close LUKS.";
+}
+
+function list() {
+
+ mapperDeviceList=$(ls /dev/mapper | grep 'immudex-*' | awk '{printf $1" "}');
+
+ echo "==============================================================";
+ echo -e "Opened devices:";
+ echo "==============================================================";
+ echo -e "Device:\t\tMapper name:\t\tMount point:";
+
+ if [ "$mapperDeviceList" ]; then
+ for dmDevice in $mapperDeviceList; do
+ if cryptsetup status /dev/mapper/${dmDevice} > /dev/null 2>&1; then
+ mountPoint=$(df --output=source,target /dev/mapper/${dmDevice} | tail -n 1 | awk '{printf $2}');
+ device=$(sudo cryptsetup status /dev/mapper/${dmDevice} | grep "device" | awk '{printf $2}');
+ if [ "$mountPoint" ] && [ "$mountPoint" != "/dev" ]; then
+ echo -e "$device\t /dev/mapper/${dmDevice}\t$mountPoint";
+ else
+ if $(sudo blkid | grep "${dmDevice}" | grep -q "LVM2_member"); then
+ echo -e "$device\t /dev/mapper/${dmDevice}\tNot mounted (LVM2_member)";
+ else
+ echo -e "$device\t /dev/mapper/${dmDevice}\tNot mounted";
+ fi
+ fi
+ fi
+ done
+ else
+ echo -e "No opened crypt devices was found";
+ fi
+ echo "==============================================================";
+
+ luksDevicesList=$(sudo blkid | grep 'LUKS' | cut -d ":" -f 1 | awk '{printf $1" "}');
+
+ echo "==============================================================";
+ echo -e "crypt_LUKS devices:";
+ echo "==============================================================";
+ echo -e "Device:\t\t\tSize:";
+
+ if [ "$luksDevicesList" ]; then
+ for lDevice in $luksDevicesList; do
+ lDeviceSize=$(lsblk | grep "$(basename $lDevice)" | awk '{printf $4}');
+ echo -e "$lDevice\t\t$lDeviceSize";
+ done
+ else
+ echo "No crypt device was found";
+ fi
+ echo "==============================================================";
+}
+
+function open() {
+
+ if [ $# -lt 1 ]; then help; exit 1;
+ else
+ index=$(ls --hide=control /dev/mapper | grep "immudex-crypt" | grep -o "[0-9]*$"| tail -1);
+ if [ "$index" ]; then
+ index=$((index + 1));
+ else
+ index=0;
+ fi
+ cryptsetup open $1 immudex-crypt${index};
+ mkdir -p /media/${USER}/immudex-crypt${index};
+ # Różnica w reprezentacji czasu modyfikacji miedzy Debian testing a stable i oldstable
+ #dmDevice=$(ls -l /dev/mapper/immudex-crypt${index} | awk '{printf $10}' | cut -d "/" -f 2);
+ lastField=$(ls -l /dev/mapper/immudex-crypt${index} | grep -o ' ' | wc -l);
+ dmDevice=$(ls -al /dev/mapper/immudex-crypt${index} | cut -d " " -f ${lastField}- | cut -d "/" -f2);
+ if ! $(sudo file -s /dev/${dmDevice} | grep -q 'ext4'); then
+ if $(sudo file -s /dev/${dmDevice} | grep -q 'LVM'); then
+ lvm_member=0;
+ else
+ echo "Could not determine filesystem of unlocked device.";
+ echo -n "Format this device to ext4? (y/n): "
+ read format;
+ if [ "$format" = "y" ]; then
+ mkfs.ext4 /dev/mapper/immudex-crypt${index};
+ else
+ echo "Refuse to mount.";
+ cryptsetup close immudex-crypt${index};
+ exit 1;
+ fi
+ fi
+ fi
+ if [ "$lvm_member" ]; then
+ luksDeviceName="immudex-crypt${index}";
+ vgName=$(sudo pvs | grep "$luksDeviceName" | awk '{printf $2}');
+ extLVS=$(sudo blkid | grep "$(echo "$vgName" | sed 's,-,--,g')" | grep 'ext4' | sed 's/://g' | awk '{printf $1" "}');
+ if [ $(echo $extLVS | wc -w) -gt 0 ]; then
+ if [ $(echo $extLVS | wc -w) -gt 1 ]; then
+ select extLV in $extLVS; do
+ break;
+ done
+ mount $extLV /media/${USER}/immudex-crypt${index};
+ else
+ mount $extLVS /media/${USER}/immudex-crypt${index};
+ fi
+ else
+ echo "Refuse to mount.";
+ cryptsetup close immudex-crypt${index};
+ exit 1;
+ fi
+ else
+ mount /dev/mapper/immudex-crypt${index} /media/${USER}/immudex-crypt${index};
+ fi
+ if [ ! -e /ic${index} ]; then
+ ln -s /media/${USER}/immudex-crypt${index} /ic${index};
+ fi
+ fi
+
+}
+
+function close() {
+
+ if [ $# -lt 1 ]; then help; exit 1;
+ else
+ if [ $1 -ge 0 ] 2> /dev/null; then
+ cryptfsName="immudex-crypt${1}";
+ elif echo $1 | grep -q 'ic'; then
+ cryptfsName="immudex-crypt$(echo $1 | grep -o '[0-9]')";
+ else
+ cryptfsName=$1;
+ fi
+ if cryptsetup status /dev/mapper/${cryptfsName} > /dev/null 2>&1; then
+ mountPoint=$(df --output=source,target /media/${USER}/${cryptfsName} | tail -1 | awk '{printf $2}');
+ if [ "$mountPoint" ] && [ "$mountPoint" != "/dev" ]; then
+ umount -R $mountPoint;
+ if $(sudo blkid | grep "$cryptfsName" | grep -q 'LVM2_member'); then
+ vgName=$(sudo pvs | grep "$cryptfsName" | awk '{printf $2}' | sed 's/-/--/g');
+ swapFile=$(cat /proc/swaps | sed -n 2p | awk '{printf $1}');
+ if [ "$swapFile" ]; then
+ if $(ls -l /dev/mapper | grep "$(basename $swapFile)" | grep -q "$vgName"); then
+ sudo swapoff $swapFile;
+ fi
+ fi
+ sudo vgchange -a n;
+ fi
+ cryptsetup close ${cryptfsName};
+ else
+ if $(sudo blkid | grep "${cryptfsName}" | grep -q 'LVM2_member'); then
+ sudo vgchange -a n;
+ fi
+ cryptsetup close ${cryptfsName};
+ fi
+ else
+ echo "Given devices isn't opened crypt device or it was closed before";
+ fi
+ fi
+}
+
+function create() {
+ if [ $# -lt 1 ]; then help; exit 1;
+ else
+ cryptsetup -y -v luksFormat $1;
+ fi
+}
+
+function set_ownership(){
+ if [ $# -lt 1 ]; then help; exit 1;
+ else
+ mountPoint=$(list | grep "$USER" | grep "$1" | awk '{printf $3}')
+ owner=$(stat -c %u $mountPoint);
+ if [ $owner -eq $RUID ]; then
+ if id $USER | grep -q $RUID; then
+ echo "User $USER is already owner of $mountPoint";
+ fi
+ else
+ chown ${USER}:${USER} $mountPoint;
+ fi
+ fi
+}
+
+if [ "$1" ]; then
+
+ if [ $UID -ne 0 ]; then
+ echo "Permission denied!";
+ help;
+ exit 1;
+ fi
+
+ #immudex-crypt RUID is EUID of sudo, which spawning immudex-crypt
+ export RUID=$(grep '^Uid:' /proc/$(pidof -s sudo)/status | awk '{printf $2}');
+ export USER=$(grep "$RUID" /etc/passwd | cut -d ":" -f1);
+
+ case $1 in
+ "list") list;;
+ "open") if [ "$2" ]; then open $2;
+ else help; exit 1;
+ fi;;
+ "close") if [ "$2" ]; then close $2;
+ else help; exit 1;
+ fi;;
+ "create") if [ "$2" ]; then
+ create $2;
+ open $2;
+ set_ownership $2;
+ else help; exit 1;
+ fi;;
+ *) help;;
+ esac
+else
+ help; exit 1;
+fi
--- /dev/null
+#!/bin/bash
+
+source /usr/local/bin/library.sh;
+
+launcher="/home/${USER}/.config/xfce4/panel/launcher-14/16844255236.desktop";
+
+function main_unlock() {
+ sudo /usr/local/sbin/immudex-crypt open $1;
+ index=$(basename $(sudo /usr/local/sbin/immudex-crypt list | grep "$1" | head -1 | awk '{printf $2}' | grep -o '[0-9]'));
+ #sudo mkdir -p /media/${USER}/$devName;
+ #sudo mount /dev/mapper/$devName /media/${USER}/$devName;
+
+ xfce4-terminal --default-working-directory=/ic${index};
+ sed -i 's/padlock-icon/changes-allow/' ${launcher};
+ #sudo rm /usr/share/icons/padlock-icon.png;
+ #sudo ln -s /usr/share/icons/changes-allow.png /usr/share/icons/padlock-icon.png;
+
+}
+
+function unlock() {
+
+ cryptParts=$(sudo blkid | grep 'LUKS' | sed 's/://g' | awk '{printf $1" "}');
+ if [ "$cryptParts" ]; then
+ if [ $(echo $cryptParts | wc -w) -gt 1 ]; then
+ select cryptPart in $cryptParts; do
+ main_unlock $cryptPart;
+ break;
+ done
+ else
+ main_unlock $cryptParts;
+ fi
+ else
+ echo -e "\e[31mThere is no LUKS partition to open.\e[0m";
+ sleep 3;
+ fi
+}
+
+function lock() {
+
+ mapperDeviceList=$(ls /dev/mapper | grep 'immudex-*' | awk '{printf $1" "}');
+
+ if [ "$mapperDeviceList" ]; then
+ for dmDevice in $mapperDeviceList; do
+ if sudo cryptsetup status /dev/mapper/${dmDevice} > /dev/null 2>&1; then
+ mountPoint=$(df --output=source,target /media/${USER}/${dmDevice} | tail -n 1 | awk '{printf $2}');
+ if [ "$mountPoint" ]; then
+ if $(sudo lsof $mountPoint > /dev/null 2>&1); then
+ notify-send "Padlock" "The /dev/mapper/${dmDevice} cannot be unmount, because there are opened file or running proceses." --icon=dialog-error;
+ else
+ sudo umount $mountPoint;
+ if [ $? -ne 0 ]; then
+ notify-send "Padlock" "The /dev/mapper/${dmDevice} cannot be unmount, because there are other filesystem is mounted in." --icon=dialog-error;
+ else
+ deactivate_lvm_w_swap $dmDevice;
+ sudo cryptsetup close /dev/mapper/${dmDevice};
+ fi
+ fi
+ else
+ deactivate_lvm_w_swap $dmDevice;
+ sudo cryptsetup close /dev/mapper/${dmDevice};
+ fi
+ fi
+ done
+ fi
+ if ! $(df -h | grep -q '/dev/mapper'); then
+ sed -i 's/changes-allow/padlock-icon/' ${launcher};
+ #sudo rm /usr/share/icons/padlock-icon.png;
+ #sudo ln -s /usr/share/icons/changes-prevent.png /usr/share/icons/padlock-icon.png;
+ fi
+}
+
+mapperDeviceList=$(ls /dev/mapper | grep 'immudex-*' | awk '{printf $1" "}');
+
+if [ "$mapperDeviceList" ]; then lock;
+else unlock;
+fi
--- /dev/null
+#!/bin/bash
+
+function get_debian_branch() {
+ if grep -q 'trixie' /etc/os-release; then
+ echo "testing";
+ elif grep -q 'bookworm' /etc/os-release; then
+ echo "stable";
+ else
+ echo "oldstable";
+ fi
+}
+
+function get_machine_arch() {
+ arch=$(uname -m);
+ if [ "$arch" = "i686" ]; then
+ echo "32";
+ else
+ echo "64";
+ fi
+}
+
+function check_distro_commit() {
+ versionFile="/run/live/medium/live/version";
+ if [ -f $versionFile ]; then
+ localVersion=$(cat $versionFile);
+ if [ -d /tmp/immudex ]; then
+ $(cd /tmp/immudex && git pull -q);
+ else
+ git clone -q https://github.com/xf0r3m/immudex /tmp/immudex;
+ fi
+ latestVersion=$(cd /tmp/immudex && git log --pretty=oneline | head -1 | cut -d " " -f 1);
+ if [ "$1" ] && [ "$1" == "--print" ]; then
+ echo "$(cd /tmp/immudex && git log ${localVersion}..${latestVersion})";
+ fi
+ if [ "$localVersion" = "$latestVersion" ]; then
+ return 0;
+ else
+ return 1;
+ fi
+ else
+ return 255;
+ fi
+}
+
+function ascii_colors() {
+
+ BLUE="\e[1;94m";
+ RED="\e[1;91m";
+ CYAN="\e[1;96m";
+ ENDCOLOR="\e[0m";
+
+ echo -e "${BLUE} _ ${RED} _ ${CYAN} ${ENDCOLOR}";
+ echo -e "${BLUE}(_)_ __ ___ _ __ ___ _ _ ${RED} __| | ___${CYAN}__ __${ENDCOLOR}";
+ echo -e "${BLUE}| | '_ \` _ \| '_ \` _ \| | | |${RED}/ _\` |/ _ \\\\${CYAN} \/ /${ENDCOLOR}";
+ echo -e "${BLUE}| | | | | | | | | | | | |_| |${RED} (_| | __/${CYAN}> < ${ENDCOLOR}";
+ echo -e "${BLUE}|_|_| |_| |_|_| |_| |_|\__,_|${RED}\__,_|\___/${CYAN}_/\_\\";
+ echo -e "${ENDCOLOR}";
+
+}
+
+function deactivate_lvm_w_swap() {
+ if $(sudo blkid | grep "$1" | grep -q 'LVM2_member'); then
+ vgName=$(sudo pvs | grep "$1" | awk '{printf $2}' | sed 's/-/--/g');
+ swapFile=$(cat /proc/swaps | sed -n 2p | awk '{printf $1}');
+ if [ "$swapFile" ]; then
+ if $(ls -l /dev/mapper | grep "$(basename $swapFile)" | grep -q "$vgName"); then
+ sudo swapoff $swapFile;
+ fi
+ fi
+ sudo vgchange -a n;
+ fi
+}
+
+function deactivate_lvm() {
+ if $(sudo blkid | grep "$1" | grep -q 'LVM2_member'); then
+ sudo vgchange -a n;
+ fi
+}
projects / X200.git / commitdiff