This repository has been archived by the owner on Feb 1, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathencswap
executable file
·40 lines (32 loc) · 1.51 KB
/
encswap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#!/usr/bin/env bash
# encswap - Set up encryption on a non-encrypted swap partition
# Usage: encswap [<swapdevice>]
# Required: mount(swapon swapoff) coreutils(ls head) grep sed wget apt patch
# Process commandline
[[ $1 ]] && swapdev=$1 || swapdev=$(swapon --show=NAME --noheadings)
# Handle swapfile
[[ -f $swapdev ]] &&
echo 'A swapfile should just be on an encrypted fs' && exit 1
swapdev=${swapdev#/} swapdev=${swapdev#dev/}
swapid=$(ls -l /dev/disk/by-id |grep -o "[^ ]* -> \.\./\.\./$swapdev$" |
head -1 |cut -d' ' -f1)
[[ -z $swapid ]] && echo "No swap device mounted or given" && exit 2
id=/dev/disk/by-id/$swapid
sudo swapoff /dev/$swapdev
echo -e "\n=== Encrypting non-encrypted swap partition ===\n"
type -p cryptsetup >/dev/null || sudo apt install cryptsetup
# Comment-out current swap line in /etc/fstab and append new one
sudo sed -i "/^\/dev\/$swapdev /s/^/#/" /etc/fstab
swapuuid=$(blkid /dev/$swapdev --output=value --match-tag=UUID)
sudo sed -i "/^UUID=$swapuuid/s/^/#/" /etc/fstab
sudo sed -i "/^${id//\//\\/} /s/^/#/g" /etc/fstab
add="/dev/mapper/swap$swapdev encswap swap defaults 0 0"
grep "^$add" /etc/fstab &>/dev/null ||
echo "$add" |sudo tee -a /etc/fstab
# Append line to crypttab if it isn't there yet
add="swap$swapdev $id /dev/urandom swap,cipher=aes-xts-plain64:sha256,size=512"
grep "^$add" /etc/crypttab &>/dev/null ||
echo "$add" |sudo tee -a /etc/crypttab
echo 'Review the crypttab and fstab:'
grep '^[^#]' /etc/crypttab /etc/fstab
echo -e "\nReboot recommended to start using encrypted swap"