Browse Source

pivotroot.sh to wipe a remote debian machine

master
n 4 months ago
parent
commit
7e550dc1b2
2 changed files with 62 additions and 0 deletions
  1. 1
    0
      README.md
  2. 61
    0
      pivotroot.sh

+ 1
- 0
README.md View File

@@ -15,6 +15,7 @@ Scripts
15 15
   * [secupdate](https://forge.tourmentine.com/n/scripts/src/master/secupdate) => apply security updates & recompile kernel (FreeBSD)
16 16
   * [superscreen](https://forge.tourmentine.com/n/scripts/src/master/superscreen) => open multiple ssh sessions to a bunch of servers inside a screen
17 17
   * [zfsync.sh](https://forge.tourmentine.com/n/scripts/src/master/zfsync.sh) => sync some ZFS pools between two machines
18
+  * [pivotroot.sh](https://forge.tourmentine.com/n/scripts/src/master/pivotroot.sh) => pivot root to tmpfs on a live server in order to wipe it
18 19
 
19 20
 Greasemonkey/Userscripts
20 21
 ------------------------

+ 61
- 0
pivotroot.sh View File

@@ -0,0 +1,61 @@
1
+#!/bin/bash
2
+
3
+# script used to chroot/pivot a live system on tmpfs in order to wipe it
4
+# only tested with Debian 7.11
5
+#
6
+# first copy and execute it:
7
+# scp pivotroot.sh root@<remote_host>:/tmp/
8
+# ssh root@<remote_host> bash /tmp/pivotroot.sh
9
+#
10
+# you will then be able to connect again to it on port 666 (change it if you like) and do what you want
11
+#
12
+# note: bash is the default shell under debian so there will be bashisms (don't run it with Bourne shell)
13
+#
14
+
15
+apt-get install -y dropbear screen tmux
16
+
17
+CHROOTDIR='/tmp/tmproot'
18
+CHROOTPORT=666
19
+
20
+mkdir ${CHROOTDIR}
21
+mount -t tmpfs none ${CHROOTDIR}
22
+
23
+mkdir ${CHROOTDIR}/{bin,sbin,proc,sys,dev,run,usr,var,tmp,etc,root,oldroot}
24
+mkdir -p ${CHROOTDIR}/usr/bin
25
+mkdir -p ${CHROOTDIR}/lib/x86_64-linux-gnu ${CHROOTDIR}/lib64 ${CHROOTDIR}/usr/share ${CHROOTDIR}/usr/lib/x86_64-linux-gnu ${CHROOTDIR}/var/run/screen
26
+
27
+mount -t proc proc ${CHROOTDIR}/proc
28
+mount --bind /dev ${CHROOTDIR}/dev
29
+mount --bind /dev/pts ${CHROOTDIR}/dev/pts
30
+mount --make-rprivate / # necessary for pivot_root to work
31
+
32
+cp -vrp /usr/share/terminfo ${CHROOTDIR}/usr/share/
33
+cp -vrp /usr/lib/x86_64-linux-gnu/libevent* ${CHROOTDIR}/usr/lib/x86_64-linux-gnu/
34
+cp -vrp /lib/x86_64-linux-gnu/* ${CHROOTDIR}/lib/x86_64-linux-gnu/
35
+cp -vrp /lib64/ld-linux-x86-64.so.2 ${CHROOTDIR}/lib64/
36
+cp -vrp /sbin/* ${CHROOTDIR}/sbin/
37
+cp -vrp /bin/* ${CHROOTDIR}/bin/
38
+cp -vrp /usr/bin/id /usr/bin/shred /usr/bin/ldd /usr/bin/screen /usr/bin/tmux ${CHROOTDIR}/usr/bin/
39
+cp -vrp /usr/sbin/dropbear ${CHROOTDIR}/sbin/
40
+
41
+#cp -vrp /etc/passwd* /etc/shadow* /etc/group* /etc/shells ${CHROOTDIR}/etc/
42
+#cp -vrp /etc/dropbear ${CHROOTDIR}/etc/
43
+cp -vrp /etc/* ${CHROOTDIR}/etc/
44
+
45
+chmod g+w ${CHROOTDIR}/run 
46
+
47
+echo "" > ${CHROOTDIR}/root/.bash_history
48
+echo "TERM=xterm-16color" >>${CHROOTDIR}/root/.profile #necessary for tmux/screen to work
49
+echo "alias halt=\"echo 'o' > /proc/sysrq-trigger\"" >>${CHROOTDIR}/root/.profile 
50
+echo "alias reboot=\"echo 'b' > /proc/sysrq-trigger\"" >>${CHROOTDIR}/root/.profile 
51
+
52
+pivot_root ${CHROOTDIR} ${CHROOTDIR}/oldroot
53
+/sbin/dropbear -p ${CHROOTPORT}
54
+
55
+echo
56
+echo "system pivot-rooted."
57
+echo "you can now connect with ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p ${CHROOTPORT} root@`hostname`, launch screen/tmux and shred"
58
+echo "and finaly use reboot or halt commands (warning: they are not the real thing...)"
59
+echo
60
+echo "happy wiping!"
61
+echo

Loading…
Cancel
Save