-
Notifications
You must be signed in to change notification settings - Fork 27
/
Copy pathbfgrubcheck
executable file
·105 lines (94 loc) · 3.38 KB
/
bfgrubcheck
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/bin/sh -e
# Copyright (c) 2021, NVIDIA Corporation
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# The views and conclusions contained in the software and documentation are those
# of the authors and should not be interpreted as representing official policies,
# either expressed or implied, of the FreeBSD Project.
GRUBPASSWDFILE=/tmp/grubpasswd.out
GRUBPASSWDCMD=grub-mkpasswd-pbkdf2
GRUBCFGFILE=/boot/grub/grub.cfg
if [ -x /usr/bin/grub2-mkpasswd-pbkdf2 ]; then
GRUBPASSWDCMD=grub2-mkpasswd-pbkdf2
else
GRUBPASSWDCMD=grub-mkpasswd-pbkdf2
fi
update_message()
{
cat <<EOF
System admin requires GRUB password be changed from factory default.
EOF
}
usage()
{
cat <<EOF
Usage: $0
[ -h | --help ]
[ -g | --grubcfg ] pathname
EOF
}
PARSED_OPTIONS=$(getopt -n "$0" -o hg: --long help,grubcfg: -- "$@")
eval set -- "$PARSED_OPTIONS"
while true
do
case $1 in
-h | --help)
usage
exit 0
;;
-g | --grubcfg)
GRUBCFGFILE=$2
shift 2
;;
--)
shift
break
;;
esac
done
# Default password is "BlueField".
DEFAULT_PASSWORD="password_pbkdf2 admin grub.pbkdf2.sha512.10000.5EB1FF92FDD89BDAF3395174282C77430656A6DBEC1F9289D5F5DAD17811AD0E2196D0E49B49EF31C21972669D180713E265BB2D1D4452B2EA9C7413C3471C53.F533423479EE7465785CC2C79B637BDF77004B5CC16C1DDE806BCEA50BF411DE04DFCCE42279E2E1F605459F1ABA3A0928CE9271F2C84E7FE7BF575DC22935B1"
if [ ! -f "$GRUBCFGFILE" ]; then
echo "$GRUBCFGFILE not found"
exit 1
elif grep -q "$DEFAULT_PASSWORD" $GRUBCFGFILE ; then
update_message
rm -f $GRUBPASSWDFILE.tmp
rm -f $GRUBPASSWDFILE
RET=1
until [ ${RET} -eq 0 ]; do
$GRUBPASSWDCMD | tee $GRUBPASSWDFILE.tmp
if grep -q "grub.pbkdf2" $GRUBPASSWDFILE.tmp ; then
RET=0
else
RET=1
fi
done
tail -n 1 $GRUBPASSWDFILE.tmp > $GRUBPASSWDFILE
sed -i -r 's/^.*grub.pbkdf2/grub.pbkdf2/' $GRUBPASSWDFILE
export GRUBPASSWD=$(cat $GRUBPASSWDFILE)
rm -f $GRUBPASSWDFILE.tmp
rm -f $GRUBPASSWDFILE
sed -i -e "s/password_pbkdf2 admin.*$/password_pbkdf2 admin $GRUBPASSWD/" $GRUBCFGFILE
fi
exit 0