I know we can list all mounted devices using the mount command. or even the df command.
But how can we know if the listed device is removable or not, such as USB, CMROM, External Hardisk, etc?
For this question, we can start with how to do it on SUSE or RedHat.
Thanks!
After thinking about this a bit more, the way to determine if a drive is removable is to check whether the contents of:
/sys/block/sdX/removable
Is set to 0 - non-removable or 1 - removable. You can get the list of mounted drives (presuming the form /dev/sdX where X is a, b, c, etc..) and then loop over the devices checking the contents of the removable file.
For bash using Process-Substitution to feed a while loop to loop over the device names removing the trailing partition digits and only taking unique devices you could do:
#!/bin/bash
while read -r name; do
if [ "$(<${name/dev/sys\/block}/removable)" -eq "1" ]; then
echo "$name - removable"
else
echo "$name - non-removable"
fi
done < <(awk '/^\/dev\/sd/ {sub(/[0-9]+$/,"",$1); print $1}' /proc/mounts | uniq)
Which will list all devices and whether they are removable. For example, running the script with a flash drive inserted (/dev/sdc) and my normal hard drive (/dev/sdb), you would receive:
$ bash list-removable.sh
/dev/sdb - non-removable
/dev/sdc - removable
There are probably many other ways to do it.
You can do something like this:
for dev in /dev/disk/by-id/usb*; do mount | grep $(readlink -f ${dev}); done
This first runs mount to list devices that are mounted. It then looks at /dev/disk/by-id/ which will have a udev link to the device, using the manufacture id of the device. This link will resolve to the /dev/device that it corresponds to. It greps the output of mount for these devices and will display them on the screen along with their current mount points and fs options.
*Edit to include checking against mount
Related
Im writing shell script to check if user may be doing some nasty things in Linux enviroment. One check i would like to do is determine if / filesyste was mounted using external OS (like using live SO) in previous mount.
First i think to exec script when boot to get the mount time in previous boot using journalctl and actual last mount using tune2fs, to compare it. But last mount using tune2fs gets current mount, not previous, because system is mounted when ckecks it.
Any idea to solve it?
Thanks!
dmesg's output shows about the mounting of / (and other infos as well). If your current OS's dmesg's output has that info, it was mounted by the current system.
You can use the output of dmesg in your script like :
#!/bin/bash
number=$(dmesg | grep -c "sdaN")
if [ $number == 0 ]; then
echo "It was not mounted by the current system"
else
echo "It was mounted by the current system"
fi
I’m a beginner programmer and I'm try to learn how to successfully mount a disk image and analyse it but can't fine any guides online or any mention on web pages.
I’ve set myself the task as I’m thinking of joining a computer forensics course next year and believe these skills will give me a head start.
This is the code I've made so far but I've become stuck. I want the script to be able to extract command history data for all users, and also log successful and unsuccessful login attempts from log files such as /var/log/wtmp.
I’m not exactly looking for someone to complete the code (as that would be counterproductive) but to point me towards hints and tips, guides and tutorials to get over these early stage of programming.
#!/bin/bash
mount="/myfilesystem"
if grep -qs "$mount" /proc/mounts; then
echo "It's mounted."
else
echo "It's not mounted."
mount "$mount"
if [ $? -eq 0 ]; then
echo "Mount success!"
else
echo "Something went wrong with the mount..."
fi
fi
sudo fdisk -l | grep/bin /sbin
For mounting a filesystem, you need two arguments at least.
The image file or block device to be mounted and
The place where to mount it in your filesystem
So, if you want to mount some external USB drive, that e.g. shows as /dev/sda and has a single partition (sda1), you need to do the following:
Find or create a directory to mount your device (easiest as root), say you created a directory /root/mountpoint
Execute the mount command: mount /dev/sda1 /root/mountpoint
You then can step into the mounted filesystem cd /root/mountpoint and look around.
Just as a sidenote: For forensics, you should always draw an image from the device (e.g. dd if=/dev/sda1 of=/root/disk.img) to avoid destroying any evidence and then mount it through the loop driver (losetup /dev/loop1 /root/disk.img; mount /dev/loop1 /root/mountpoint).
Hope this gives you a hint to start over...
I want to make a bootable USB device by following this page.
http://planet-lab.org/node/172
It asks me to do these to steps:
umount /dev/sda*
grep -q /dev/sda1 /proc/mounts || dd if=PlanetLab-BootCD-3.3.usb of=/dev/sda1
But it makes me confused.
Since I think /dev/sda is my HDD, I thought it should be unmount /dev/sdb* in order to unmount USB device.
And I really don't understand what grep -q /dev/sda1 /proc/mounts is doing.
It seems to check whether "/dev/sda1" is mounted, but I don't exactly know what are the two parameters of grep command is doing. I know -q is for quiet.
And I also know dd can write an image to a drive.
The instructions state
assuming that the device is detected as /dev/sda
If the assumption is different from the actual mount point, you must modify the commands to match your configuration.
The grep -q is used to test for existence without cluttering the screen with the text which is found. The two parameters are
the text sought "/dev/sda1", and
the file in which the text is sought "/proc/mounts".
In other scripts, you may see something like
grep /dev/sda1 /proc/mounts >/dev/null
to achieve the same effect as the -q option.
I am a Windows admin and dev, I do not generally work with Linux so forgive me if this is in some way obvious.
I have a not so good Linux box, some older version of Open SUSE, and I have a script that unmounts the USB thumb drive, formats it, and then waits for the device to become ready again before it runs a script that does a copy/MD5 checksum verification on the source and destination file to ensure the copy was valid. The problem is that on one box the USB thumb drive does not become ready after the format in a consistent way. It takes anywhere from 1 to 2+ minutes before I can access the drive via /media/LABELNAME.
The direct path is /dev/sdb but, of course, I cannot access it directly via this path to copy the files. Here is my shell script as it stands:
#!/bin/bash
set -e
echo "Starting LABELNAME.\n\nUnmounting /dev/sdb/"
umount /dev/sdb
echo "Formatting /dev/sdb/"
mkfs.vfat -I -F32 -n "LABELNAME" /dev/sdb
echo "Waiting on remount..."
sleep 30
echo "Format complete. Running make master."
perl /home/labelname_master.20120830.pl
Any suggestions? How might I wait for the drive to become ready and detect it? I have seen Detecting and Writing to a USB Key / Thumb DriveAutomatically but quite frankly I don't even know what that answer means.
It seems that you have some automatic mounting service running which detects the flash disk and mounts the partition. However, you already know what the partition is, so I recommend that you simply mount the disk in your script, choosing a suitable mount point yourself.
mkfs.vfat -I -F32 -n "LABELNAME" /dev/sdb
echo "Format complete, remounting"
mount /dev/sdb $mountpoint #<-- you would choose $mountpoint
echo "Running make master."
perl /home/labelname_master.20120830.pl
Back in the good-old days of floppy, if you enable write protection of a floppy, DOS would kindly tell you that you cannot write to it. Now we have SD card that can hold the content of thousands of floppy and we still have the write protection - and it's handy sometime. But nobody is able to tell me I can't write to it, at least on Linux. I have a lovely script that partition and format a SD card in a way I like. It took me 1/2 hour of debugging just to find out that the SD card is write-protected.
So the question, is there a way that the software can detect such condition?
Thanks,
The driver knows when the card is write-protected, and it actually warns when you mount it via command line:
# mount /dev/sdc1 /media/flash
mount: block device /dev/sdc1 is write-protected, mounting read-only
In case you would like to check it yourself at device level, you can use the hdparm command to query read-only status of disk device, including SD card and USB flash drive in general. This program should be available in most GNU/Linux distributions, commonly in a package named "hdparm".
If you are not root, be sure to specify full path to the hdparm command; and this assumes you have read permission on your card of course.
For example: my SD card is inserted, detected as /dev/sdc, and write protection tab is at Unlock:
$ /sbin/hdparm -r /dev/sdc
/dev/sdc:
readonly = 0 (off)
When I slided the write protection tab to Lock, re-insert the card, and run the command again:
$ /sbin/hdparm -r /dev/sdc
/dev/sdc:
readonly = 1 (on)
If you would like to do it in shell script, you can try something like:
READONLY=`/sbin/hdparm -r /dev/sdc 2>&1 | sed -n 's/^.*= *\([01]\) .*$/\1/p'`
if [ "$READONLY" = "0" ]
then
echo Card is writable.
else
echo Card is not writable.
fi
Note: If you prefer to do it in C, you can try either:
Opening the device file in write mode and see if it fails with errno value EROFS (Read-only file system), or...
Opening the device file in read mode, then issue ioctl() named BLKROGET, and check if the result value is nonzero; this is the way hdparm work.