debian/patches/08_readonly_devices.dpatch

   1 #! /bin/sh /usr/share/dpatch/dpatch-run
   2 ## 08_readonly_devices.dpatch by  <mika@grml.org>
   3 ##
   4 ## All lines beginning with `## DP:' are a description of the patch.
   5 ## DP: set all harddisk devices to read-only mode for forensics investigations
   6
   7 @DPATCH@
   8 diff -urNad live-initramfs-grml~/debian/rules live-initramfs-grml/debian/rules
   9 --- live-initramfs-grml~/debian/rules   2009-02-22 15:43:59.000000000 +0100
  10 +++ live-initramfs-grml/debian/rules    2009-02-22 18:32:20.021999087 +0100
  11 @@ -59,6 +59,8 @@
  12         install -m 755 grml/23networking \
  13           ./debian/live-initramfs/usr/share/initramfs-tools/scripts/live-bottom/23networking
  14
  15 +       chmod 755 ./debian/live-initramfs/usr/share/initramfs-tools/scripts/live-premount/readonly
  16 +
  17         # Removing double files
  18         rm -f debian/live-initramfs/usr/share/doc/live-initramfs/COPYING
  19         rm -f debian/live-initramfs/usr/share/doc/live-initramfs/ChangeLog
  20 diff -urNad live-initramfs-grml~/hooks/live live-initramfs-grml/hooks/live
  21 --- live-initramfs-grml~/hooks/live     2009-02-22 18:32:19.815331281 +0100
  22 +++ live-initramfs-grml/hooks/live      2009-02-22 18:32:20.021999087 +0100
  23 @@ -163,6 +163,12 @@
  24         copy_exec /usr/bin/wget /bin
  25  fi
  26
  27 +# Program: blockdev
  28 +if [ -x /sbin/blockdev ]
  29 +then
  30 +       copy_exec /sbin/blockdev /sbin
  31 +fi
  32 +
  33  # FUSE kernel module
  34  manual_add_modules fuse
  35
  36 diff -urNad live-initramfs-grml~/scripts/live-premount/readonly live-initramfs-grml/scripts/live-premount/readonly
  37 --- live-initramfs-grml~/scripts/live-premount/readonly 1970-01-01 01:00:00.000000000 +0100
  38 +++ live-initramfs-grml/scripts/live-premount/readonly  2009-02-22 18:34:53.115350292 +0100
  39 @@ -0,0 +1,32 @@
  40 +#!/bin/sh
  41 +
  42 +#set -e
  43 +
  44 +# initramfs-tools header
  45 +
  46 +PREREQ="udev"
  47 +
  48 +prereqs()
  49 +{
  50 +       echo "${PREREQ}"
  51 +}
  52 +
  53 +case "${1}" in
  54 +       prereqs)
  55 +               prereqs
  56 +               exit 0
  57 +               ;;
  58 +esac
  59 +
  60 +# live-initramfs script
  61 +
  62 +# make sure all harddisk devices are read-only
  63 +# this is important for forensic investigations
  64 +if grep -qe forensic -qe readonly /proc/cmdline ; then
  65 +   for device in /dev/hd* /dev/sd* ; do
  66 +      if [ -b "$device" ] ; then
  67 +        /usr/bin/printf " * Setting device %-9s to read-only mode: " $device >/dev/console
  68 +         blockdev --setro $device && printf "done [ execute \"blockdev --setrw %-9s\" to unlock]\n" $device >/dev/console || printf "failed\n" >/dev/console
  69 +       fi
  70 +   done
  71 +fi