Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/bin/   drwxr-xr-x
Free 52.29 GB of 127.8 GB (40.91%)
                            Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    

Viewing file:     ecryptfs-setup-swap (4.43 KB)      -rwxr-xr-x

#!/bin/sh -e
#    ecryptfs-setup-swap
#    Copyright (C) 2008 Canonical Ltd.
#
#    Authors: Dustin Kirkland <kirkland@canonical.com>
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; version 2 of the License.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.

# The cryptswap setup used here follows a guide published at:
#  * http://ubuntumagnet.com/2007/11/creating-encrypted-swap-file-ubuntu-using-cryptsetup

error() {
	echo "ERROR: $1" 1>&2
	exit 1
}

info() {
	echo "INFO: $1"
}

warning() {
	echo "WARNING: "
}

usage() {
	echo
	echo "Usage:"
	echo "  $0 [-f|--force]"
	echo
	exit 1
}

# Handle command line options
FORCE=0
while [ ! -z "$1" ]; do
	case "$1" in
		-f|--force)
			FORCE=1
			shift 1
		;;
		*)
			usage
		;;
	esac
done

# Ensure that cryptsetup is available
[ -x /sbin/cryptsetup ] || error "Please install 'cryptsetup'"

# Ensure that we're running with root privileges
[ -w /etc/passwd ] || error "This program must be run with 'sudo', or as root"

# Count swap spaces available
# BUG: We only support setting up a single swap space at this time
if [ $(grep -c "^/" /proc/swaps) -eq 0 ]; then
	mem=$(grep "^MemTotal:" /proc/meminfo | awk '{print $2}')
	swapsize=$((4*$mem))
	info "You do not currently have any swap space defined."
	echo
	echo "You can create a swap file by doing:"
	echo " $ sudo dd if=/dev/zero of=/swapfile count=$swapsize"
	echo " $ sudo mkswap /swapfile"
	echo " $ sudo swapon /swapfile"
	echo
	echo "And then re-run $0"
	echo
	exit 0
elif [ $(grep -c "^/" /proc/swaps) -gt 1 ]; then
	info "You have more than one swap space defined."
	error "$0 only supports setting up a single swap space"
else
	swap=$(grep "^/" /proc/swaps | awk '{print $1}')
fi

# Make sure this is swap space
if ! blkid "$swap" | grep -qs "TYPE=.*swap"; then
	error "[$swap] does not appear to be swap space"
fi

# Check if this this swap space is already setup for encryption
if /sbin/dmsetup table "$swap" | grep -qs " crypt " 2>/dev/null; then
	info "[$swap] already appears to be encrypted."
	exit 0
else
	# keep going
	/bin/true
fi

base=$(basename "$swap")
if grep -qs "^$base.*swap.*cipher" /etc/crypttab 2>/dev/null; then
	info "[$swap] already has an entry in /etc/crypttab."
	exit 0
fi
if grep -qs "$swap" /etc/initramfs-tools/conf.d/cryptroot 2>/dev/null; then
	info "[$swap] already has an entry in /etc/fstab."
	exit 0
fi

# Ensure available dev mapper name 'cryptswap'
if grep -qs "^cryptswap" /etc/crypttab; then
	error "There appears to be a cryptswap entry in /etc/cryptab; aborting."
fi

# Ensure available fstab entry
if grep -qs "^/dev/mapper/cryptswap" /etc/fstab; then
	error "There appears to be a cryptswap entry in /etc/fstab; aborting."
fi

# Ensure that the existing swap space exists in fstab
if grep -qs "^$swap" /etc/fstab; then
	sed -i "s:^$swap:\#$swap:" /etc/fstab
	info "Commented out your unencrypted swap from /etc/fstab"
else
	info "Your swap space isn't currently listed in /etc/fstab"
fi

##########################################################################
# Warn the user about breaking hibernate mode
if [ "$FORCE" != 1 ]; then
	echo
	warning
	echo "    An encrypted swap is required to help ensure that encrypted files"
	echo "    are not leaked to disk in an unencrypted format."
	echo
	echo "    HOWEVER, THE SWAP ENCRYPTION CONFIGURATION PRODUCED BY THIS PROGRAM"
	echo "    WILL BREAK HIBERNATE/RESUME ON THIS SYSTEM!"
	echo
	echo "    NOTE: Your suspend/resume capabilities will not be affected."
	echo
	echo -n "Do you want to proceed with encrypting your swap [y/N]: "
	CONFIRM=`head -n1`
	echo
	if [ "$CONFIRM" != "y" -a "$CONFIRM" != "Y" ]; then
		echo
		info "Aborting."
		echo
		exit 0
	fi
fi
##########################################################################


info "Setting up swap: [$swap]"

# Add crypttab entry
echo "cryptswap $swap /dev/urandom swap,cipher=aes-cbc-essiv:sha256" >> /etc/crypttab

# Add fstab entry
echo "/dev/mapper/cryptswap none swap sw 0 0" >> /etc/fstab

info "Successfully setup encrypted swap!"
info "This will take effect after reboot"