Created
November 13, 2018 19:34
-
-
Save johnmaguire/06d1e36c82e60b2545db8187d2c35e4e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| encrypted_root=0 | |
| encrypted_home=0 | |
| # Determine what is mounted at / and /home | |
| root_mount="$(findmnt --noheadings --raw --target / | awk '{ print $2 }')" | |
| home_mount="$(findmnt --noheadings --raw --target /home | awk '{ print $2 }')" | |
| # check if root | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "This script must be run as root" | |
| exit 1 | |
| fi | |
| cryptsetup="$(which cryptsetup)" | |
| if [ $? -ne 0 ]; then | |
| echo "No cryptsetup, assuming disk unencrypted" | |
| exit 1 | |
| fi | |
| # Checking all devices in /dev/mapper to find cryptsetup device | |
| echo "Checking mapper devices for crypto_LUKS devices" | |
| crypt_mappers=() | |
| for mapper in /dev/mapper/*; do | |
| found_device="$(cryptsetup status ${mapper} | grep 'is active')" | |
| if [ $? -eq 0 ]; then | |
| echo "Found crypt device ${mapper}" | |
| crypt_mappers+=("${mapper}") | |
| fi | |
| done | |
| # Check if any crypt mappers are mounted directly on / and/or /home | |
| echo "Checking for encrypted devices mounted on / and /home" | |
| for device in "${crypt_mappers[@]}"; do | |
| if [ "${device}" = "${root_mount}" ]; then | |
| echo "/ is encrypted using crypto_LUKS device" | |
| encrypted_root=1 | |
| fi | |
| if [ "${device}" = "${home_mount}" ]; then | |
| echo "/home is encrypted using crypto_LUKS device" | |
| encrypted_home=1 | |
| fi | |
| done | |
| if [ ${encrypted_root} -eq 1 ] && [ ${encrypted_home} -eq 1 ]; then | |
| echo "Disk is encrypted with LUKS" | |
| exit 0 | |
| fi | |
| pvs="$(which pvs)" | |
| if [ $? -ne 0 ]; then | |
| echo "pvs not installed -- not checking for LVM on LUKS" | |
| echo "Disk Encryption is not enabled" | |
| exit 1 | |
| fi | |
| echo "Checking for LVM partitions on crypto_LUKS devices" | |
| for device in "${crypt_mappers[@]}"; do | |
| logical_volumes="$(pvs --quiet --noheadings \ | |
| --options="lv_dm_path" \ | |
| --sort="lv_dm_path" \ | |
| --select="lv_active=active,pv_name=${device}" | | |
| uniq)" | |
| for lv in ${logical_volumes}; do | |
| if [ "${lv}" = "${root_mount}" ]; then | |
| echo "/ is encrypted using LVM on crypto_LUKS device" | |
| encrypted_root=1 | |
| fi | |
| if [ "${lv}" = "${home_mount}" ]; then | |
| echo "/home is encrypted using LVM on crypto_LUKS device" | |
| encrypted_home=1 | |
| fi | |
| done | |
| done | |
| if [ ${encrypted_root} -eq 1 ] && [ ${encrypted_home} -eq 1 ]; then | |
| echo "Disk is encrypted with LVM on LUKS" | |
| exit 0 | |
| fi | |
| echo "Disk Encryption is not enabled" | |
| exit 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment