This page looks best with JavaScript enabled

Usb dumper

 ·  🎃 kr0m

Many times, colleagues at work connect USBs to our computer. Usually, these devices contain sensitive information that can be very tempting, such as RSA private keys, saved password files, among others.

The idea of this post is to create an auto-backup system for the USBs inserted into our computer.

To make all the magic possible, several steps must be followed:

  • Create the UDEV rule to execute the backup script as soon as a USB is detected
  • Perform the backup
  • Notify us when the backup is finished
vi /etc/udev/rules.d/10-usbmount.rules
KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="usb", RUN+="/usr/bin/UsbDumper.sh"

The backup script will be:

vi /usr/bin/UsbDumper.sh

#! /bin/bash
USER="XXXX"
DATE=$(date +%d-%m-%Y)
echo -e "--------------- $DATE --------------" >> /tmp/usb_dumper
echo -e "ID: $(id)" >> /tmp/usb_dumper
echo -e "-- Making necesary directories for device: $DEVNAME" >> /tmp/usb_dumper
DRIVE=$(echo $DEVNAME|awk -F "/" '{print$3}')
echo -e "DRIVE: $DRIVE" >> /tmp/usb_dumper
for PARTITION in $(cat /proc/partitions |grep -E $DRIVE'[0-9]'|awk '{print$4}'); do
    echo -e "PARTITION: $PARTITION" >> /tmp/usb_dumper
    mkdir -p /var/UsbDumper/$ID_SERIAL_SHORT'_'$DATE/$PARTITION 2>/dev/null
    mkdir -p /mnt/$ID_SERIAL_SHORT 2>/dev/null
    mount /dev/$PARTITION /mnt/$ID_SERIAL_SHORT
    echo -e "-- Copying files" >> /tmp/usb_dumper
    rsync -a /mnt/$ID_SERIAL_SHORT/ /var/UsbDumper/$ID_SERIAL_SHORT'_'$DATE/$PARTITION
    echo -e "-- Umounting drive" >> /tmp/usb_dumper
    umount /mnt/$ID_SERIAL_SHORT
done
echo -e "++ Finished" >> /tmp/usb_dumper

su $USER -c "/home/$USER/.scripts/UsbNotify.sh"

NOTE: USER must be assigned to the user to whom notifications should be sent.

And finally, the notification script that integrates with awesome. The text to be displayed is intentionally left blank so that when the data copy is finished, a small almost imperceptible box will appear for those who are not paying attention. This way, we will know when we can remove the USB.

vi /home/XXXX/.scripts/UsbNotify.sh

#!/bin/bash
USER="XXX"
AWESOME_PID=$(pidof awesome)
export $(xargs --null --max-args=1 echo < /proc/$AWESOME_PID/environ|grep DBUS_SESSION_BUS_ADDRESS)
export XAUTHORITY='/home/$USER/.Xauthority'
export DISPLAY=':0.0'
echo 'naughty.notify({ text = "" })' | awesome-client -

Make sure that awesome was launched with the dbus-launch parameter:

vi .xinitrc

exec dbus-launch --sh-syntax --exit-with-session awesome
If you liked the article, you can treat me to a RedBull here