#! /bin/sh # classcontrol # (Disk Classification Control) # # Version 1.22 # 1 June 2000 # J.Mercier, Autometric, Inc # jmercier@autometric.com # # Checks disks to determine if a vol is # classified based on the following rule: # # -- Partition 4 reserved for UNCLASSIFIED volumes # -- Partition 5 reserved for SCI volumes # -- Partition 7 reserved for SECRET disks # # Requires chkconfig flag 'class_control' and # the file /etc/config/system.classification to operate # IS_ON=/sbin/chkconfig if ! $IS_ON class_control; then lfmt -l "classcontrol" -s "" "\n\nClasscontrol turned off. Entering single-user mode....\n" sleep 2 init s exit 0 fi echo "\n\nRunning classcontrol checks..." if ! test -e /etc/config/system.classification; then lfmt -s warn -G 4 "Cannot determine system classification!" echo "Please verify and edit /etc/config/system.classification.\n\nSwitching to single user mode..." sleep 2 init s exit 0 else MODE=`cat /etc/config/system.classification` echo "\n\nTHIS SYSTEM IS $MODE. Checking for illegal disks..." fi case $1 in 'start') if [ $MODE = UNCLASSIFIED ]; then while test -e /dev/dsk/*s7 || test -e /dev/dsk/*s5; do lfmt -s halt -G 4 "\n\nCLASSIFIED DISK ATTACHED! Forcing Removal...\n\n" sleep 2 cd /dev/dsk #Remove any SECRET vols while test -e /dev/dsk/*s7; do for offender in `ls *s7`; do SEESAW=`echo $offender | sed -e 's#dks##' | sed -e 's#s7##'` BUS=`echo $SEESAW | awk -F d '{ print $1 }'` DEV=`echo $SEESAW | awk -F d '{ print $2 }'` lfmt -s info "\n\nForcing scsiadminswap of device $DEV on controller $BUS..." echo ; echo scsiadminswap -u -b$BUS -d$DEV read CHOMP sleep 5 if test -e $offender; then echo "\nDevice $DEV on controller $BUS not removed." break fi echo ; echo done done while test -e /dev/dsk/*s5; do for offender in `ls *s5`; do SEESAW=`echo $offender | sed -e 's#dks##' | sed -e 's#s5##'` BUS=`echo $SEESAW | awk -F d '{ print $1 }'` DEV=`echo $SEESAW | awk -F d '{ print $2 }'` lfmt -s info "\n\nForcing scsiadminswap of device $DEV on controller $BUS..." echo ; echo scsiadminswap -u -b$BUS -d$DEV read CHOMP sleep 5 if test -e $offender; then echo "\nDevice $DEV on controller $BUS not removed. Freezing system... " break fi echo ; echo done done done elif [ $MODE = COLLATERAL ]; then while test -e /dev/dsk/*s5 || test -e /dev/dsk/*s4; do while test -e /dev/dsk/*s4; do lfmt -s halt -G 4 "WARNING: UNCLASSIFIED DISK ATTACHED!!! Forcing Removal...\n\n" for offender in `ls *s4`; do SEESAW=`echo $offender | sed -e 's#dks##' | sed -e 's#s4##'` BUS=`echo $SEESAW | awk -F d '{ print $1 }'` DEV=`echo $SEESAW | awk -F d '{ print $2 }'` lfmt -s info "\n\nForcing scsiadminswap of device $DEV on controller $BUS..." echo ; echo scsiadminswap -u -b$BUS -d$DEV read CHOMP sleep 5 if test -e $offender; then echo "\nDevice $DEV on controller $BUS not removed." break fi echo ; echo done done while test -e /dev/dsk/*s5; do lfmt -s halt -G 4 "WARNING: SCI DISK ATTACHED!!! Forcing Removal...\n\n" for offender in `ls *s5`; do SEESAW=`echo $offender | sed -e 's#dks##' | sed -e 's#s5##'` BUS=`echo $SEESAW | awk -F d '{ print $1 }'` DEV=`echo $SEESAW | awk -F d '{ print $2 }'` lfmt -s info "\n\nForcing scsiadminswap of device $DEV on controller $BUS..." echo ; echo scsiadminswap -u -b$BUS -d$DEV read CHOMP sleep 5 if test -e $offender; then echo "\nDevice $DEV on controller $BUS not removed. Freezing system... " break fi echo ; echo done done done elif [ $MODE = SCI ]; then while test -e /dev/dsk/*s4 || test -e /dev/dsk/*s7; do while test -e /dev/dsk/*s4; do lfmt -s halt -G 4 "WARNING: UNCLASSIFIED DISK ATTACHED!!! Forcing Removal...\n\n" for offender in `ls *s4`; do SEESAW=`echo $offender | sed -e 's#dks##' | sed -e 's#s4##'` BUS=`echo $SEESAW | awk -F d '{ print $1 }'` DEV=`echo $SEESAW | awk -F d '{ print $2 }'` lfmt -s info "\n\nForcing scsiadminswap of device $DEV on controller $BUS..." echo ; echo scsiadminswap -u -b$BUS -d$DEV read CHOMP sleep 5 if test -e $offender; then echo "\nDevice $DEV on controller $BUS not removed." break fi echo ; echo done done while test -e /dev/dsk/*s7; do lfmt -s halt -G 4 "WARNING: COLLATERAL DISK ATTACHED!!! Forcing Removal...\n\n" for offender in `ls *s7`; do SEESAW=`echo $offender | sed -e 's#dks##' | sed -e 's#s7##'` BUS=`echo $SEESAW | awk -F d '{ print $1 }'` DEV=`echo $SEESAW | awk -F d '{ print $2 }'` lfmt -s info "\n\nForcing scsiadminswap of device $DEV on controller $BUS..." echo ; echo scsiadminswap -u -b$BUS -d$DEV read CHOMP sleep 5 if test -e $offender; then echo "\nDevice $DEV on controller $BUS not removed. Freezing system... " break fi echo ; echo done done done else lfmt -s warn -G 4 "Cannot determine system classification!\n" echo "\nInvalid entry in /etc/config/system.classification." echo "Switching to single-user mode." sleep 2 init s exit 0 fi echo "Classcontrol checks complete. Booting system.\n" sleep 2 ;; 'stop') echo echo "PLEASE DISCONNECT EXTERNAL DEVICES AFTER POWERDOWN....." echo exit 0 ;; *) echo "usage: /etc/init.d/classcontrol {start|stop}" ;; esac init 2 > /dev/null