#!/bin/bash # # Initialize encrypted swap space # # chkconfig: 12345 00 99 # # description: initializes swap files with randomly chosen encryption. Right # now, it only works for partitions # # FILE: cryptoswap # AUTHOR: Adalbert Prokop # DATE: 11. June 2005 # # Copyright (C) 2005 Adalbert Prokop # All rights reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # source function library . /etc/rc.d/init.d/functions myname=$(basename $0) cryptsetup=/sbin/cryptsetup mkswap=/sbin/mkswap swaplist=/etc/sysconfig/swaps if [ ! -x $cryptsetup ]; then cryptsetup=$(which cryptsetup) if [ -z "$cryptsetup" ]; then echo "$myname: no cryptsetup found." exit 1 else echo "$myname: using $cryptsetup for cryptsetup" fi fi if [ ! -x $mkswap ]; then mkswap=$(which mkswap) if [ -z "$mkswap" ]; then echo "$myname: no mkswap found." exit 1 else echo "$myname: using $mkswap for mkswap" fi fi if [ -f $swaplist ]; then swaps=$(cat $swaplist) else echo "$myname: no swaplist found at $swaplist" exit 1 fi activeswaps="$(cat /proc/swaps|awk -- "{print \$1}")" # how are we called? case "$1" in start) for swap in $swaps; do mapperfile="swap$(echo $swap|tr / -)" if ( echo "$activeswaps"|egrep -q "$mapperfile\$" ); then echo "Swap $swap seems to be already active." elif ( echo "$activeswaps" | grep -q "$swap\$" ); then echo "Swap $swap seeps to be already active and unencrypted." else echo -n "Creating swap for $swap " $cryptsetup -c aes-cbc-essiv:sha256 -d /dev/random create $mapperfile $swap && \ $mkswap /dev/mapper/$mapperfile >& /dev/null && \ /sbin/swapon /dev/mapper/$mapperfile && \ daemon /bin/true || daemon /bin/false echo fi done ;; stop) for swap in $swaps; do mapperfile="swap$(echo $swap|tr / -)" if ( echo "$activeswaps"|egrep -q "$mapperfile\$" ); then echo -n "Stopping swap on $swap " /sbin/swapoff /dev/mapper/$mapperfile && \ $cryptsetup remove $mapperfile && \ daemon /bin/true || daemon /bin/false echo else echo "Swap $swap does not seem to be active." fi done ;; status) for swap in $swaps; do mapperfile="swap$(echo $swap|tr / -)" $cryptsetup status $mapperfile done ;; restart) $0 stop $0 start ;; *) echo "Usage: $myname {stop|start|restart|status}" exit 1 ;; esac