Youry's Blog

Youry's Blog

Secure Erase in UNIX

leave a comment »

I found this is not a trivial procedure, especially for a UNIX journalled file systems. See:

“One major problem with all of these utilities is that most modern file systems use techniques called “journalling” or “logging” to help prevent file system corruption. Unfortunately, these techniques can also make it nearly impossible to ensure that all traces of a file’s data get overwritten unless you are willing to completely wipe out all data on the disk. Operating system buffers, hardware caches, “bad block” lists and file system corruption (e.g., orphaned inodes which are neither in a file nor in the disk’s free space) can also interfere with the proper operation of these utilities.” http://www.slac.stanford.edu/comp/unix/secure-erase.html

Securely Erasing files:
find directory -type f | xargs shred –remove
rm -rf directory

Securely Erasing free space:
scrub -X /scratch/junk
rm /scratch/junk
but I’ve got this error: “scrub: -X argument cannot exist” and didn’t find any solution.

Securely Erasing an entire partition or disk:

But to the explanation below I would suggest to migrate any journalled partition to ext2 partition on the fly and do what is recommended below:
(from http://www.distrostop.org/forums/index.php?topic=6573.0)

Open a console, as root, convert ext3 to ext2:
tune2fs -O ^has_journal /dev/sdb1
and then:
e2fsck /dev/sdb1
You will also need to amend /etc/fstab (as root) in your favourite text editor to change the entry to ext2. Once you have used the shred command you need to re-convert the file system back to ext3:
tune2fs -j /dev/sdb1

or as in my case make ext2 fs from zero by: sudo mkfs.ext2 /dev/sdb1

From http://www.linuxquestions.org/questions/linux-security-4/secure-unused-disk-space-wipes-dd-and-shred-627070/:
The intent is; To securely wipe a single partition (/dev/hda1).
Method 1: dd if=/dev/urandom of=/dev/sdb1
Method 2:
sudo mount /dev/sdb1 /mnt/extra
dd if=/dev/zero of=/mnt/extra/foo.img
shred -uvz -n 7 /mnt/extra/foo.img

[Method 1] will write 1 pass, Method 2 creates a fake file (foo.img) until the disk is full, then uses shred to delete that file 7 times.
Does that mean that Method 2 is superior to a dd pass ?

Advertisements

Written by youryblog

December 4, 2010 at 1:34 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: