johnmaguire · November 13, 2018 19:34
diff --git a/encryption_check.sh b/encryption_check.sh
 #!/bin/bash

 encrypted_root=0
 encrypted_home=0

 # Determine what is mounted at / and /home
 root_mount="$(findmnt --noheadings --raw --target / | awk '{ print $2 }')"
 home_mount="$(findmnt --noheadings --raw --target /home | awk '{ print $2 }')"

 # check if root
 if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root"
   exit 1
 fi

 cryptsetup="$(which cryptsetup)"
 if [ $? -ne 0 ]; then
 	echo "No cryptsetup, assuming disk unencrypted"
 	exit 1
 fi

 # Checking all devices in /dev/mapper to find cryptsetup device
 echo "Checking mapper devices for crypto_LUKS devices"
 crypt_mappers=()
 for mapper in /dev/mapper/*; do
    found_device="$(cryptsetup status ${mapper} | grep 'is active')"
    if [ $? -eq 0 ]; then
        echo "Found crypt device ${mapper}"
        crypt_mappers+=("${mapper}")
    fi
 done

 # Check if any crypt mappers are mounted directly on / and/or /home
 echo "Checking for encrypted devices mounted on / and /home"
 for device in "${crypt_mappers[@]}"; do
    if [ "${device}" = "${root_mount}" ]; then
        echo "/ is encrypted using crypto_LUKS device"
        encrypted_root=1
    fi
    if [ "${device}" = "${home_mount}" ]; then
        echo "/home is encrypted using crypto_LUKS device"
        encrypted_home=1
    fi
 done

 if [ ${encrypted_root} -eq 1 ] && [ ${encrypted_home} -eq 1 ]; then
    echo "Disk is encrypted with LUKS"
    exit 0
 fi

 pvs="$(which pvs)"
 if [ $? -ne 0 ]; then
    echo "pvs not installed -- not checking for LVM on LUKS"
    echo "Disk Encryption is not enabled"
    exit 1
 fi

 echo "Checking for LVM partitions on crypto_LUKS devices"
 for device in "${crypt_mappers[@]}"; do
    logical_volumes="$(pvs --quiet --noheadings \
                           --options="lv_dm_path" \
                           --sort="lv_dm_path" \
                           --select="lv_active=active,pv_name=${device}" |
                       uniq)"
    for lv in ${logical_volumes}; do
        if [ "${lv}" = "${root_mount}" ]; then
            echo "/ is encrypted using LVM on crypto_LUKS device"
            encrypted_root=1
        fi
        if [ "${lv}" = "${home_mount}" ]; then
            echo "/home is encrypted using LVM on crypto_LUKS device"
            encrypted_home=1
        fi
    done
 done

 if [ ${encrypted_root} -eq 1 ] && [ ${encrypted_home} -eq 1 ]; then
    echo "Disk is encrypted with LVM on LUKS"
    exit 0
 fi

 echo "Disk Encryption is not enabled"
 exit 1
	#!/bin/bash

	encrypted_root=0
	encrypted_home=0

	# Determine what is mounted at / and /home
	root_mount="$(findmnt --noheadings --raw --target / \| awk '{ print $2 }')"
	home_mount="$(findmnt --noheadings --raw --target /home \| awk '{ print $2 }')"

	# check if root
	if [[ $EUID -ne 0 ]]; then
	echo "This script must be run as root"
	exit 1
	fi

	cryptsetup="$(which cryptsetup)"
	if [ $? -ne 0 ]; then
	echo "No cryptsetup, assuming disk unencrypted"
	exit 1
	fi

	# Checking all devices in /dev/mapper to find cryptsetup device
	echo "Checking mapper devices for crypto_LUKS devices"
	crypt_mappers=()
	for mapper in /dev/mapper/*; do
	found_device="$(cryptsetup status ${mapper} \| grep 'is active')"
	if [ $? -eq 0 ]; then
	echo "Found crypt device ${mapper}"
	crypt_mappers+=("${mapper}")
	fi
	done

	# Check if any crypt mappers are mounted directly on / and/or /home
	echo "Checking for encrypted devices mounted on / and /home"
	for device in "${crypt_mappers[@]}"; do
	if [ "${device}" = "${root_mount}" ]; then
	echo "/ is encrypted using crypto_LUKS device"
	encrypted_root=1
	fi
	if [ "${device}" = "${home_mount}" ]; then
	echo "/home is encrypted using crypto_LUKS device"
	encrypted_home=1
	fi
	done

	if [ ${encrypted_root} -eq 1 ] && [ ${encrypted_home} -eq 1 ]; then
	echo "Disk is encrypted with LUKS"
	exit 0
	fi

	pvs="$(which pvs)"
	if [ $? -ne 0 ]; then
	echo "pvs not installed -- not checking for LVM on LUKS"
	echo "Disk Encryption is not enabled"
	exit 1
	fi

	echo "Checking for LVM partitions on crypto_LUKS devices"
	for device in "${crypt_mappers[@]}"; do
	logical_volumes="$(pvs --quiet --noheadings \
	--options="lv_dm_path" \
	--sort="lv_dm_path" \
	--select="lv_active=active,pv_name=${device}" \|
	uniq)"
	for lv in ${logical_volumes}; do
	if [ "${lv}" = "${root_mount}" ]; then
	echo "/ is encrypted using LVM on crypto_LUKS device"
	encrypted_root=1
	fi
	if [ "${lv}" = "${home_mount}" ]; then
	echo "/home is encrypted using LVM on crypto_LUKS device"
	encrypted_home=1
	fi
	done
	done

	if [ ${encrypted_root} -eq 1 ] && [ ${encrypted_home} -eq 1 ]; then
	echo "Disk is encrypted with LVM on LUKS"
	exit 0
	fi

	echo "Disk Encryption is not enabled"
	exit 1