Browse Source

pivotroot.sh to wipe a remote debian machine

master
n 8 months ago
parent
commit
7e550dc1b2
2 changed files with 62 additions and 0 deletions
  1. +1
    -0
      README.md
  2. +61
    -0
      pivotroot.sh

+ 1
- 0
README.md View File

@@ -15,6 +15,7 @@ Scripts
* [secupdate](https://forge.tourmentine.com/n/scripts/src/master/secupdate) => apply security updates & recompile kernel (FreeBSD)
* [superscreen](https://forge.tourmentine.com/n/scripts/src/master/superscreen) => open multiple ssh sessions to a bunch of servers inside a screen
* [zfsync.sh](https://forge.tourmentine.com/n/scripts/src/master/zfsync.sh) => sync some ZFS pools between two machines
* [pivotroot.sh](https://forge.tourmentine.com/n/scripts/src/master/pivotroot.sh) => pivot root to tmpfs on a live server in order to wipe it

Greasemonkey/Userscripts
------------------------

+ 61
- 0
pivotroot.sh View File

@@ -0,0 +1,61 @@
#!/bin/bash

# script used to chroot/pivot a live system on tmpfs in order to wipe it
# only tested with Debian 7.11
#
# first copy and execute it:
# scp pivotroot.sh root@<remote_host>:/tmp/
# ssh root@<remote_host> bash /tmp/pivotroot.sh
#
# you will then be able to connect again to it on port 666 (change it if you like) and do what you want
#
# note: bash is the default shell under debian so there will be bashisms (don't run it with Bourne shell)
#

apt-get install -y dropbear screen tmux

CHROOTDIR='/tmp/tmproot'
CHROOTPORT=666

mkdir ${CHROOTDIR}
mount -t tmpfs none ${CHROOTDIR}

mkdir ${CHROOTDIR}/{bin,sbin,proc,sys,dev,run,usr,var,tmp,etc,root,oldroot}
mkdir -p ${CHROOTDIR}/usr/bin
mkdir -p ${CHROOTDIR}/lib/x86_64-linux-gnu ${CHROOTDIR}/lib64 ${CHROOTDIR}/usr/share ${CHROOTDIR}/usr/lib/x86_64-linux-gnu ${CHROOTDIR}/var/run/screen

mount -t proc proc ${CHROOTDIR}/proc
mount --bind /dev ${CHROOTDIR}/dev
mount --bind /dev/pts ${CHROOTDIR}/dev/pts
mount --make-rprivate / # necessary for pivot_root to work

cp -vrp /usr/share/terminfo ${CHROOTDIR}/usr/share/
cp -vrp /usr/lib/x86_64-linux-gnu/libevent* ${CHROOTDIR}/usr/lib/x86_64-linux-gnu/
cp -vrp /lib/x86_64-linux-gnu/* ${CHROOTDIR}/lib/x86_64-linux-gnu/
cp -vrp /lib64/ld-linux-x86-64.so.2 ${CHROOTDIR}/lib64/
cp -vrp /sbin/* ${CHROOTDIR}/sbin/
cp -vrp /bin/* ${CHROOTDIR}/bin/
cp -vrp /usr/bin/id /usr/bin/shred /usr/bin/ldd /usr/bin/screen /usr/bin/tmux ${CHROOTDIR}/usr/bin/
cp -vrp /usr/sbin/dropbear ${CHROOTDIR}/sbin/

#cp -vrp /etc/passwd* /etc/shadow* /etc/group* /etc/shells ${CHROOTDIR}/etc/
#cp -vrp /etc/dropbear ${CHROOTDIR}/etc/
cp -vrp /etc/* ${CHROOTDIR}/etc/

chmod g+w ${CHROOTDIR}/run

echo "" > ${CHROOTDIR}/root/.bash_history
echo "TERM=xterm-16color" >>${CHROOTDIR}/root/.profile #necessary for tmux/screen to work
echo "alias halt=\"echo 'o' > /proc/sysrq-trigger\"" >>${CHROOTDIR}/root/.profile
echo "alias reboot=\"echo 'b' > /proc/sysrq-trigger\"" >>${CHROOTDIR}/root/.profile

pivot_root ${CHROOTDIR} ${CHROOTDIR}/oldroot
/sbin/dropbear -p ${CHROOTPORT}

echo
echo "system pivot-rooted."
echo "you can now connect with ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p ${CHROOTPORT} root@`hostname`, launch screen/tmux and shred"
echo "and finaly use reboot or halt commands (warning: they are not the real thing...)"
echo
echo "happy wiping!"
echo

Loading…
Cancel
Save