pivotroot.sh to wipe a remote debian machine

n 4 years ago committed by Nicolas Le Gaillart
parent d48ea8110a
commit 7e550dc1b2

@ -15,6 +15,7 @@ Scripts
* [secupdate](https://forge.tourmentine.com/n/scripts/src/master/secupdate) => apply security updates & recompile kernel (FreeBSD)
* [superscreen](https://forge.tourmentine.com/n/scripts/src/master/superscreen) => open multiple ssh sessions to a bunch of servers inside a screen
* [zfsync.sh](https://forge.tourmentine.com/n/scripts/src/master/zfsync.sh) => sync some ZFS pools between two machines
* [pivotroot.sh](https://forge.tourmentine.com/n/scripts/src/master/pivotroot.sh) => pivot root to tmpfs on a live server in order to wipe it

@ -0,0 +1,61 @@
# script used to chroot/pivot a live system on tmpfs in order to wipe it
# only tested with Debian 7.11
# first copy and execute it:
# scp pivotroot.sh root@<remote_host>:/tmp/
# ssh root@<remote_host> bash /tmp/pivotroot.sh
# you will then be able to connect again to it on port 666 (change it if you like) and do what you want
# note: bash is the default shell under debian so there will be bashisms (don't run it with Bourne shell)
apt-get install -y dropbear screen tmux
mkdir ${CHROOTDIR}
mount -t tmpfs none ${CHROOTDIR}
mkdir ${CHROOTDIR}/{bin,sbin,proc,sys,dev,run,usr,var,tmp,etc,root,oldroot}
mkdir -p ${CHROOTDIR}/usr/bin
mkdir -p ${CHROOTDIR}/lib/x86_64-linux-gnu ${CHROOTDIR}/lib64 ${CHROOTDIR}/usr/share ${CHROOTDIR}/usr/lib/x86_64-linux-gnu ${CHROOTDIR}/var/run/screen
mount -t proc proc ${CHROOTDIR}/proc
mount --bind /dev ${CHROOTDIR}/dev
mount --bind /dev/pts ${CHROOTDIR}/dev/pts
mount --make-rprivate / # necessary for pivot_root to work
cp -vrp /usr/share/terminfo ${CHROOTDIR}/usr/share/
cp -vrp /usr/lib/x86_64-linux-gnu/libevent* ${CHROOTDIR}/usr/lib/x86_64-linux-gnu/
cp -vrp /lib/x86_64-linux-gnu/* ${CHROOTDIR}/lib/x86_64-linux-gnu/
cp -vrp /lib64/ld-linux-x86-64.so.2 ${CHROOTDIR}/lib64/
cp -vrp /sbin/* ${CHROOTDIR}/sbin/
cp -vrp /bin/* ${CHROOTDIR}/bin/
cp -vrp /usr/bin/id /usr/bin/shred /usr/bin/ldd /usr/bin/screen /usr/bin/tmux ${CHROOTDIR}/usr/bin/
cp -vrp /usr/sbin/dropbear ${CHROOTDIR}/sbin/
#cp -vrp /etc/passwd* /etc/shadow* /etc/group* /etc/shells ${CHROOTDIR}/etc/
#cp -vrp /etc/dropbear ${CHROOTDIR}/etc/
cp -vrp /etc/* ${CHROOTDIR}/etc/
chmod g+w ${CHROOTDIR}/run
echo "" > ${CHROOTDIR}/root/.bash_history
echo "TERM=xterm-16color" >>${CHROOTDIR}/root/.profile #necessary for tmux/screen to work
echo "alias halt=\"echo 'o' > /proc/sysrq-trigger\"" >>${CHROOTDIR}/root/.profile
echo "alias reboot=\"echo 'b' > /proc/sysrq-trigger\"" >>${CHROOTDIR}/root/.profile
pivot_root ${CHROOTDIR} ${CHROOTDIR}/oldroot
/sbin/dropbear -p ${CHROOTPORT}
echo "system pivot-rooted."
echo "you can now connect with ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p ${CHROOTPORT} root@`hostname`, launch screen/tmux and shred"
echo "and finaly use reboot or halt commands (warning: they are not the real thing...)"
echo "happy wiping!"