#!/bin/bash # # Initialize encrypted tmp-partition # # chkconfig: 12345 01 98 # # description: mounts tmp-partition with random encryption # # *************************************************************************** # * CAUTION! Your tmp-partition will be reformated every time this script * # * is started. There is no way to recover your data, so don't * # * store important data in /tmp * # *************************************************************************** # # FILE: cryptotmp # AUTHOR: Adalbert Prokop # DATE: 11. June 2005 # # Copyright (C) 2005 Adalbert Prokop # All rights reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # source function library . /etc/rc.d/init.d/functions TMPDEV=/dev/hda9 CRYPTONAME=crypto-tmp myname=$(basename $0) cryptsetup=/sbin/cryptsetup mke2fs=/sbin/mke2fs if [ ! -x $cryptsetup ]; then cryptsetup=$(which cryptsetup) if [ -z "$cryptsetup" ]; then echo "$myname: no cryptsetup found." exit 1 else echo "$myname: using $cryptsetup for cryptsetup" fi fi if [ ! -x $mke2fs ]; then mke2fs=$(which mke2fs) if [ -z "$mke2fs" ]; then echo "$myname: no mke2fs found." exit 1 else echo "$myname: using $mke2fs for mke2fs" fi fi # How are we called? case "$1" in start) # is partition already mounted? if ( grep -q "^$TMPDEV " /etc/mtab ); then mountpt=$(grep "^$TMPDEV " /etc/mtab | cut -d" " -f 2) echo -n "$TMPDEV is already mounted on $mountpt" daemon /bin/false echo exit 1 fi if ( cut -d" " -f 2 /etc/mtab|grep -q "^/tmp\$" ); then mountdev=$(grep " /tmp " /etc/mtab | cut -d" " -f 1) echo -n "$mountdev is already mounted on /tmp" daemon /bin/false echo exit 1 fi if [ -b /dev/mapper/$CRYPTONAME ]; then echo -n "Encryption layer already exists. I'll delete it first" $cryptsetup remove $CRYPTONAME RETVAL=$? if [ $RETVAL != 0 ]; then daemon /bin/false echo exit 1 else echo fi fi echo -n "Mounting encrypted $TMPDEV on /tmp" $cryptsetup -c aes-cbc-essiv:sha256 -d /dev/urandom create $CRYPTONAME $TMPDEV && \ $mke2fs -q -m 0 /dev/mapper/$CRYPTONAME >& /dev/null && \ mount /dev/mapper/$CRYPTONAME /tmp && \ chmod 1777 /tmp && daemon /bin/true || daemon /bin/false echo ;; stop) echo -n "Unmounting encrypted /tmp partition" umount /tmp && \ $cryptsetup remove $CRYPTONAME && \ daemon /bin/true || daemon /bin/false echo ;; status) if [ -b /dev/mapper/$CRYPTONAME ]; then echo "Encrypted device for /tmp exists." else echo "Encrypted device for /tmp dosn't exists." fi mount|grep "^$TMPDEV " mount|grep "^/dev/mapper/$CRYPTONAME " ;; restart) $0 stop $0 start ;; *) echo "Usage: $myname {stop|start|restart|status}" exit 1 ;; esac