erincerys/luks-helper.sh

## luks-helper.sh
#!/bin/bash

# Description:
#  Take action to secure an open LUKS container
#  Helpful when bound to a keyboard shortcut in your favorite DE/WM

# DISCLAIMER:
#  Must be ran as root - take care in securing access to this script
#  I added a selective line to /etc/sudoers.d such as:
#    %wheel ALL=(ALL) NOPASSWD: /bin/bash /path/to/script/ close /path/to/mountpoint
#  Then added myself to the wheel system group

# Usage: action mountpoint
#  actions
#    close: kill all PIDS accessing the volume and close it
#    suspend: suspend IO of the volume, causing processing accessing it to hang

if [[ -z "$1" || -z "$2" ]] ; then
	echo "Incorrect arguments supplied. Usage: $0 action mountpoint"
	exit 1
fi

volume="$2"
# Check to see if the mountpoint specified is actually that of a LUKS container
# prevents umounting a volume maliciously
if ! [[ "$(mount | grep $volume | cut -f1 -d' ')" =~ /luks ]] ; then
	echo "Volume is not a LUKS container"
	exit 1
fi
logical=$(df | grep "$volume" | cut -f1 -d' ')

# Get out of volume's mounted path if shell was in it upon running of this script
if [ "$PWD" == "$volume" ] ; then
	cd -
fi

if [ "$1" == 'close' ] ; then
	# Kill all processes accessing the volume
	pids=($(lsof -t ${volume}))
	for pid in ${pids[@]} ; do
		echo "Killing $(cat /proc/${pid}/cmdline) (pid ${pid})"
		kill -9 $pid
	done
	# wait a bit
	sleep 2

	echo "Unmounting and closing volume (${volume})"
	# Unmount the volume
	umount ${volume}
	# Close the luks volume
	cryptsetup luksClose ${logical}
elif [ "$1" == 'suspend' ] ; then
	echo "Suspending IO of volume (${volume})"
	cryptsetup luksSuspend ${logical}
fi
	#!/bin/bash

	# Description:
	# Take action to secure an open LUKS container
	# Helpful when bound to a keyboard shortcut in your favorite DE/WM

	# DISCLAIMER:
	# Must be ran as root - take care in securing access to this script
	# I added a selective line to /etc/sudoers.d such as:
	# %wheel ALL=(ALL) NOPASSWD: /bin/bash /path/to/script/ close /path/to/mountpoint
	# Then added myself to the wheel system group

	# Usage: action mountpoint
	# actions
	# close: kill all PIDS accessing the volume and close it
	# suspend: suspend IO of the volume, causing processing accessing it to hang

	if [[ -z "$1" \|\| -z "$2" ]] ; then
	echo "Incorrect arguments supplied. Usage: $0 action mountpoint"
	exit 1
	fi

	volume="$2"
	# Check to see if the mountpoint specified is actually that of a LUKS container
	# prevents umounting a volume maliciously
	if ! [[ "$(mount \| grep $volume \| cut -f1 -d' ')" =~ /luks ]] ; then
	echo "Volume is not a LUKS container"
	exit 1
	fi
	logical=$(df \| grep "$volume" \| cut -f1 -d' ')

	# Get out of volume's mounted path if shell was in it upon running of this script
	if [ "$PWD" == "$volume" ] ; then
	cd -
	fi

	if [ "$1" == 'close' ] ; then
	# Kill all processes accessing the volume
	pids=($(lsof -t ${volume}))
	for pid in ${pids[@]} ; do
	echo "Killing $(cat /proc/${pid}/cmdline) (pid ${pid})"
	kill -9 $pid
	done
	# wait a bit
	sleep 2

	echo "Unmounting and closing volume (${volume})"
	# Unmount the volume
	umount ${volume}
	# Close the luks volume
	cryptsetup luksClose ${logical}
	elif [ "$1" == 'suspend' ] ; then
	echo "Suspending IO of volume (${volume})"
	cryptsetup luksSuspend ${logical}
	fi