It seems that almost every Linux blog I read today had something about recovering deleted files from ext3 filesystems. That’s all well and good, but what if you are sure you want the data deleted? What if it needs to be more than just deleted, it needs to be securely destroyed? Well the concept certainly isn’t new, and as such, this won’t be the first time it’s covered on a Linux blog, but I’ll show you a few different ways to securely delete whatever incriminating information may be tucked away in your computer.
Basic Data Destruction
The first tool that comes to mind, and in many cases, the first tool typically mentioned on forum posts is shred. Shred is a good tool, and is included by default in many distributions. If you just need to quickly destroy the data in a file called kill-list.txt, the following command will work just fine:
shred kill-list.txt
That command will make 25 passes, each overwriting the data with random bits leaving the filename. Depending on where you are and who’s after you though, the filename may be enough to put you away, so to have shred destroy the data, and then delete the file, use this one:
shred -u kill-list.txt
In some cases, this may be enough to protect you. Sometimes though, your computer will be confiscated and examined no matter what. If that is a possibility, you may want to overwrite the data with random bits, delete the file and cover the random bits with zeros to make it look like random junk on a hard drive. To do that, use this command:
shred -u -z kill-list.txt
If you’re the paranoid sort, or if the data absolutely, positively has to be completely destroyed, you can tell shred to do everything mentioned above, but go the extra mile and overwrite that data a few more times using the -n switch, like below:
shred -u -z -n 257 kill-list.txt
That little gem will overwrite the data 257 times with random junk, then overwrite all of that with zeros, then delete the file. That’s pretty secure, right? Keep reading!
Swap & RAM
If any of the data you destroyed with that last shred command is still in RAM or in Swap space when the men in the black suits arrive, there’s a pretty good chance that they will recover it. Unacceptable right? Well, in that case you need to use some different tools, a package called secure-delete. It’s not included by default, but is typically available via your distribution’s package manager. In Ubuntu, installation is easy as:
sudo aptitude install secure-delete
With your new set of tools ready, lets look again at destroying your kill list. The first thing you would do is overwrite the data with random junk, then zeros, and finally, delete the file. The srm command does all of this by default. Here’s an excerpt from the man file:
The secure data deletion process of srm goes like this:
* 1 pass with 0xff
* 5 random passes. /dev/urandom is used for a secure RNG if available.
* 27 passes with special values defined by Peter Gutmann.
* 5 random passes. /dev/urandom is used for a secure RNG if available.
* Rename the file to a random value
* Truncate the file
As an additional measure of security, the file is opened in O_SYNC mode and after each pass an fsync() call is done. srm writes 32k blocks for the purpose of speed, filling buffers of disk caches to force them to flush and overwriting old data which belonged to the file.
So, with that in mind, the command to do everything the first three shred commands do, plus more is this:
srm kill-list.txt
Now that the file, and its data are destroyed, clear your RAM with this command:
smem
While that’s running, get some sleep. It takes a good while to clean your RAM.
After your nap, and after smem has finished, clean your swap space like this:
sudo swapoff /path/to/your/swap
sudo sswap /path/to/your/swap
sudo swapon /path/to/your/swap
Now you just need to clean your free space, just in case, with this command:
sfill
You should be safe from The Man and his prying eyes now.
I know there are other tools for this. If you know of one that I missed, tell everyone about it in the comments.
4 Comments
This doesn’t address the log-structured or journalled filesystem or RAID having extra copies of pieces of the file in places that shred doesn’t find per SHREDs own MAN page ?
That’s right Bill. Destroying data on some systems is really tough. As far as I know there isn’t a solution for this problem.
This all depends on who you’re trying to protect your data from. Most of us just need to make sure some nosy busybody doesn’t get our info, or that some script kiddie can’t easily nab anything from our machine. The steps described above will do that nicely.
Protecting your data from a determined forensics expert who has physical access to your computer — well, that’s another story. But then, how often (and why?) is that really a concern?
Linux (including ubuntu) stores an abundance of data all over the place. It helps (especially if you use a laptop) to encrypt the whole hard drive, which is easy with Ubuntu; it’s an option during install. For when I need to return the system to a ‘clean’ state, though, I wrote a script that overwrites swap space, file slack, RAM, and the free space on the drive, and deletes temp files, cache files, recently used lists, etc.
The Helix websites and the Jetico websites offer some free tools and info that will help you a lot in protecting your private data.
http://jetico.com
http://www.e-fense.com/helix/
Maybe the script I wrote would help? Just in case it could be useful for someone, here it is:
———————
#!/bin/sh
## deepclean, a shell script for enhancing privacy
##################################################################################
##################################################################################
## This script cleans up memory by removing old tmp files, emptying ##
## cache directories, clearing histories, etc. ##
## Written by EAB 030508 for my Q4 amd64 machine running Ubuntu 8.04. ##
## You may use this script however you wish, but I am NOT a programmer or an ##
## IT professional, and this script comes with no warranties or guarantees. ##
## This script may or may not work for you (I hope that it does), BUT ##
## USE IT AT YOUR OWN RISK! ##
##################################################################################
##################################################################################
##################################################################################
##################################################################################
## This script depends on tmpreaper, bcwipe, smem, and sswap. ##
## bcwipe can be downloaded from http://www.jetico.com ##
## secure-delete tools can be obtained via the apt package manager in Ubuntu. ##
## smem and sswap are included in the secure-delete tools package. ##
## tmpreaper can also be obtained via the package manager. ##
##################################################################################
##################################################################################
##################################################################################
##################################################################################
## This version includes swap synchronizations and RAM overwrites, as well as ##
## wipes file slack and disk free space. It takes a long time to run. ##
## Comment out whatever lines you don’t need or want. ##
##################################################################################
##################################################################################
##################################################################################
##################################################################################
## For excellent free, open source security tools and information on computer ##
## security, visit the Helix web site http://www.e-fense.com/helix/. Helix is ##
## a downloadable Live CD based on Knoppix that has a bunch of really useful ##
## utilities, and the site has several free pdf files for download that ##
## serve as good technical references for both Winblows and Linux systems. ##
##################################################################################
##################################################################################
##################################################################################
##################################################################################
## If you would like to disable the Recent Documents list under GNOME, a simple ##
## way to do so is to delete the .recently-used.xbel files in the user’s Home ##
## directory and the root user’s directory. Replace these files with ##
## directories of the same name, and nothing will appear in your Recent ##
## Documents list. In the words of the blogger I learned this from, “This is ##
## an ugly hack. But whatever works, right?” ##
##################################################################################
##################################################################################
##################################################################################
##################################################################################
## To use this script successfully on your machine, your user name ##
## will need to replace all instances of the word mithrandir below. ##
## Alternatively, you can use the home wildcard as part of the path. If you ##
## use Firefox, you need to substitute your directory’s name wherever ##
## a0mmsaru.default appears below. Otherwise, delete or comment out the ##
## Firefox section. Likewise for sections dealing with software you don’t have ##
## installed. ##
## ##
## In other words, you will need to make sure that the path references, ##
## directory names, and file names are correct for your machine, and that they ##
## address software you have installed. ##
##################################################################################
##################################################################################
##################################################################################
##################################################################################
## This is just a script I wrote for myself. I’ve spent a fair amount of ##
## time researching computer security issues, but, as I say, I am not an IT pro ##
## or a programmer. No doubt this is an unsophisticated and possibly ##
## incomplete attempt to improve computer data privacy and security. Even so, ##
## since it wasn’t that easy or quick to acquire the knowledge and tools ##
## necessary to put this script together, I wanted to share it as help for ##
## anyone who is interested in these issues. I have gained a lot from numerous ##
## people who have unselfishly shared their time, knowledge, and skill, ##
## including and especially Linus Torvalds, Mark Shuttleworth, and the myriad ##
## hackers who’ve developed the abundance of open source software that is ##
## readily available nowadays. Their efforts have given us all a viable and ##
## superior suite of alternatives to the would-be Microsoft Hegemony. They’ve ##
## given us back choice and control of our own computers, as well as a little ##
## of the freedom every person deserves. Thanks to all of you. May this simple ##
## little script contribute positively to the pool of good that is open source ##
## software. ##
##################################################################################
##################################################################################
# Begin
clear
echo “Beginning deep clean . . .”
echo ” ”
##################################################################################
# Synchronize Swap Space, turn it off, wipe it, and turn it on again
# To identify the path to and name of your swap space, type cat /proc/swaps
# at the command prompt, then substitute your path for the path below.
echo “Cycling and wiping swap space…”
sync
swapoff /dev/mapper/mercury-swap_1
sswap /dev/mapper/mercury-swap_1
swapon /dev/mapper/mercury-swap_1
echo “Done with this step.”
echo ” ”
##################################################################################
##################################################################################
# Overwrite RAM with random data
echo “Overwriting RAM…”
# For info on other switch options for smem, type man smem at the command
# prompt.
smem -l
echo “Done with this step.”
echo ” ”
##################################################################################
##################################################################################
## Firefox section
# Wipe the mithrandir Firefox bookmark backups files
cd /home/mithrandir/.mozilla/firefox/a0mmsaru.default/bookmarkbackups
echo “Eliminating the mithrandir Firefox bookmark backups files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /home/mithrandir/.mozilla/firefox/a0mmsaru.default/bookmarkbackups | wc -l` -eq 0 ]
then
echo “No mithrandir Firefox bookmark backups files are present.”
else
bcwipe -frImd /home/mithrandir/.mozilla/firefox/a0mmsaru.default/bookmarkbackups/*
fi
echo “Done with this step.”
echo ” ”
# Wipe the mithrandir Firefox offline cache files
cd /home/mithrandir/.mozilla/firefox/a0mmsaru.default/OfflineCache
echo “Eliminating the mithrandir Firefox offline cache files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /home/mithrandir/.mozilla/firefox/a0mmsaru.default/OfflineCache | wc -l` -eq 0 ]
then
echo “No mithrandir Firefox offline cache files are present.”
else
bcwipe -frImd /home/mithrandir/.mozilla/firefox/a0mmsaru.default/OfflineCache/*
fi
echo “Done with this step.”
echo ” ”
# Wipe the mithrandir Firefox localstore file
cd /home/mithrandir/.mozilla/firefox/a0mmsaru.default
echo “Eliminating the mithrandir Firefox localstore file . . .”
# Test if the file exists, and wipe it if it does.
if [ -f /home/mithrandir/.mozilla/firefox/a0mmsaru.default/localstore.rdf ]
then
bcwipe -frImd /home/mithrandir/.mozilla/firefox/a0mmsaru.default/localstore.rdf
else
echo “No mithrandir Firefox localstore file is present.”
fi
echo “Done with this step.”
echo ” ”
# Wipe the mithrandir Firefox cookies file
cd /home/mithrandir/.mozilla/firefox/a0mmsaru.default
echo “Eliminating the mithrandir Firefox cookies file . . .”
# Test if the file exists, and wipe it if it does.
if [ -f /home/mithrandir/.mozilla/firefox/a0mmsaru.default/cookies.sqlite ]
then
bcwipe -frImd /home/mithrandir/.mozilla/firefox/a0mmsaru.default/cookies.sqlite
else
echo “No mithrandir Firefox cookies file is present.”
fi
echo “Done with this step.”
echo ” ”
# Wipe the mithrandir Firefox downloads file
cd /home/mithrandir/.mozilla/firefox/a0mmsaru.default
echo “Eliminating the mithrandir Firefox downloads file . . .”
# Test if the file exists, and wipe it if it does.
if [ -f /home/mithrandir/.mozilla/firefox/a0mmsaru.default/downloads.sqlite ]
then
bcwipe -frImd /home/mithrandir/.mozilla/firefox/a0mmsaru.default/downloads.sqlite
else
echo “No mithrandir Firefox downloads file is present.”
fi
echo “Done with this step.”
echo ” ”
# Wipe the mithrandir Firefox formhistory file
cd /home/mithrandir/.mozilla/firefox/a0mmsaru.default
echo “Eliminating the mithrandir Firefox formhistory file . . .”
# Test if the file exists, and wipe it if it does.
if [ -f /home/mithrandir/.mozilla/firefox/a0mmsaru.default/formhistory.sqlite ]
then
bcwipe -frImd /home/mithrandir/.mozilla/firefox/a0mmsaru.default/formhistory.sqlite
else
echo “No mithrandir Firefox formhistory file is present.”
fi
echo “Done with this step.”
echo ” ”
# Wipe the mithrandir Firefox search file
cd /home/mithrandir/.mozilla/firefox/a0mmsaru.default
echo “Eliminating the mithrandir Firefox search file . . .”
# Test if the file exists, and wipe it if it does.
if [ -f /home/mithrandir/.mozilla/firefox/a0mmsaru.default/search.sqlite ]
then
bcwipe -frImd /home/mithrandir/.mozilla/firefox/a0mmsaru.default/search.sqlite
else
echo “No mithrandir Firefox search file is present.”
fi
echo “Done with this step.”
echo ” ”
# Wipe the mithrandir Firefox cache files
cd /home/mithrandir/.mozilla/firefox/a0mmsaru.default/Cache
echo “Eliminating the mithrandir Firefox cache files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /home/mithrandir/.mozilla/firefox/a0mmsaru.default/Cache | wc -l` -eq 0 ]
then
echo “No mithrandir Firefox cache files are present.”
else
bcwipe -frImd /home/mithrandir/.mozilla/firefox/a0mmsaru.default/Cache/*
fi
echo “Done with this step.”
echo ” ”
##################################################################################
##################################################################################
## Session and tmp files section
# Eliminate tmp files older than 30s
echo “Eliminating tmp files older than 30s . . .”
tmpreaper 30s /tmp
echo “Done with this step.”
echo ” ”
# Wipe mithrandir Tracker Data files
cd /home/mithrandir/.local/share/tracker/data
echo “Eliminating mithrandir Tracker Data files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /home/mithrandir/.local/share/tracker/data | wc -l` -eq 0 ]
then
echo “No mithrandir Tracker Data files are present.”
else
bcwipe -frImd /home/mithrandir/.local/share/tracker/data/*
fi
echo “Done with this step.”
echo ” ”
# Wipe the root Tracker data files
cd /root/.local/share/tracker/data
echo “Eliminating the root Tracker data files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /root/.local/share/tracker/data | wc -l` -eq 0 ]
then
echo “No root Tracker data files are present.”
else
bcwipe -frImd /root/.local/share/tracker/data/*
fi
echo “Done with this step.”
echo ” ”
# Wipe mithrandir Tracker cache files
cd /home/mithrandir/.cache/tracker
echo “Eliminating mithrandir tracker cache files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /home/mithrandir/.cache/tracker | wc -l` -eq 0 ]
then
echo “No mithrandir tracker cache files are present.”
else
bcwipe -frImd /home/mithrandir/.cache/tracker/*
fi
echo “Done with this step.”
echo ” ”
# Wipe the root Tracker cache files
cd /root/.cache/tracker
echo “Eliminating the root Tracker cache files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /root/.cache/tracker | wc -l` -eq 0 ]
then
echo “No root Tracker cache files are present.”
else
bcwipe -frImd /root/.cache/tracker/*
fi
echo “Done with this step.”
echo ” ”
# Wipe mithrandir Nautilus metafiles
cd /home/mithrandir/.nautilus/metafiles
echo “Eliminating mithrandir Nautilus metafiles . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /home/mithrandir/.nautilus/metafiles | wc -l` -eq 0 ]
then
echo “No mithrandir Nautilus metafiles are present.”
else
bcwipe -frImd /home/mithrandir/.nautilus/metafiles/*
fi
echo “Done with this step.”
echo ” ”
# Wipe the root Nautilus metafiles
cd /root/.nautilus/metafiles
echo “Eliminating the root Nautilus metafiles . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /root/.nautilus/metafiles | wc -l` -eq 0 ]
then
echo “No root Nautilus metafiles are present.”
else
bcwipe -frImd /root/.nautilus/metafiles/*
fi
echo “Done with this step.”
echo ” ”
# Wipe mithrandir metacity session files
cd /home/mithrandir/.metacity/sessions
echo “Eliminating mithrandir metacity session files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /home/mithrandir/.metacity/sessions | wc -l` -eq 0 ]
then
echo “No mithrandir metacity session files are present.”
else
bcwipe -frImd /home/mithrandir/.metacity/sessions/*
fi
echo “Done with this step.”
echo ” ”
# Wipe mithrandir cache session files
cd /home/mithrandir/.cache/sessions
echo “Eliminating mithrandir cache session files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /home/mithrandir/.cache/sessions | wc -l` -eq 0 ]
then
echo “No mithrandir cache session files are present.”
else
bcwipe -frImd /home/mithrandir/.cache/sessions/*
fi
echo “Done with this step.”
echo ” ”
# Wipe mithrandir Thunar cache files
cd /home/mithrandir/.cache/Thunar
echo “Eliminating mithrandir Thunar cache files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /home/mithrandir/.cache/Thunar | wc -l` -eq 0 ]
then
echo “No mithrandir Thunar cache files are present.”
else
bcwipe -frImd /home/mithrandir/.cache/Thunar/*
fi
echo “Done with this step.”
echo ” ”
# Wipe mithrandir Evolution cache files
cd /home/mithrandir/.evolution/cache/tmp
echo “Eliminating mithrandir Evolution cache files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /home/mithrandir/.evolution/cache/tmp | wc -l` -eq 0 ]
then
echo “No mithrandir Evolution cache files are present.”
else
bcwipe -frImd /home/mithrandir/.evolution/cache/tmp/*
fi
echo “Done with this step.”
echo ” ”
# Wipe mithrandir Gimp tmp files
cd /home/mithrandir/.gimp-2.4/tmp
echo “Eliminating mithrandir Gimp tmp files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /home/mithrandir/.gimp-2.4/tmp | wc -l` -eq 0 ]
then
echo “No mithrandir Gimp tmp files are present.”
else
bcwipe -frImd /home/mithrandir/.gimp-2.4/tmp/*
fi
echo “Done with this step.”
echo ” ”
# Wipe mithrandir Transmission cache files
cd /home/mithrandir/.transmission/cache
echo “Eliminating mithrandir Transmission cache files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /home/mithrandir/.transmission/cache | wc -l` -eq 0 ]
then
echo “No mithrandir Transmission cache files are present.”
else
bcwipe -frImd /home/mithrandir/.transmission/cache/*
fi
echo “Done with this step.”
echo ” ”
##################################################################################
##################################################################################
## Recently used section
# Wipe the mithrandir recently-used.xbel file
cd /home/mithrandir/
echo “Eliminating the mithrandir recently-used.xbel file . . .”
# Test if the file exists, and wipe it if it does.
if [ -f /home/mithrandir/.recently-used.xbel ]
then
bcwipe -frImd /home/mithrandir/.recently-used.xbel
else
echo “No mithrandir recently-used.xbel file is present.”
fi
echo “Done with this step.”
echo ” ”
# Wipe the root recently-used.xbel file
cd /root/.recently-used.xbel
echo “Eliminating the root recently-used.xbel file . . .”
# Test if the file exists, and wipe it if it does.
if [ -f /root/.recently-used.xbel ]
then
bcwipe -frImd /root/.recently-used.xbel
else
echo “No root recently-used.xbel file is present.”
fi
echo “Done with this step.”
echo ” ”
##################################################################################
##################################################################################
## Thumbnails section
# Wipe mithrandir failed thumbnail files
cd /home/mithrandir/.thumbnails/fail/gnome-thumbnail-factory
echo “Eliminating mithrandir failed thumbnail files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /home/mithrandir/.thumbnails/fail/gnome-thumbnail-factory | wc -l` -eq 0 ]
then
echo “No mithrandir failed thumbnail files are present.”
else
bcwipe -frImd /home/mithrandir/.thumbnails/fail/gnome-thumbnail-factory/*
fi
echo “Done with this step.”
echo ” ”
# Wipe mithrandir normal thumbnail files
cd /home/mithrandir/.thumbnails/normal
echo “Eliminating mithrandir normal thumbnail files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /home/mithrandir/.thumbnails/normal | wc -l` -eq 0 ]
then
echo “No mithrandir normal thumbnail files are present.”
else
bcwipe -frImd /home/mithrandir/.thumbnails/normal/*
fi
echo “Done with this step.”
echo ” ”
# Wipe the root failed thumbnail files
cd /root/.thumbnails/fail/gnome-thumbnail-factory
echo “Eliminating the root failed thumbnail files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /root/.thumbnails/fail/gnome-thumbnail-factory | wc -l` -eq 0 ]
then
echo “No root failed thumbnail files are present.”
else
bcwipe -frImd /root/.thumbnails/fail/gnome-thumbnail-factory/*
fi
echo “Done with this step.”
echo ” ”
# Wipe the root normal thumbnail files
cd /root/.thumbnails/normal
echo “Eliminating the root failed thumbnail files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /root/.thumbnails/normal | wc -l` -eq 0 ]
then
echo “No root normal thumbnail files are present.”
else
bcwipe -frImd /root/.thumbnails/normal/*
fi
echo “Done with this step.”
echo ” ”
##################################################################################
##################################################################################
## BASH history section
# Delete BASH history
history -c
# Wipe the mithrandir bash_history file
cd /home/mithrandir
echo “Eliminating the mithrandir bash_history file file . . .”
# Test if the file exists, and wipe it if it does.
if [ -f /home/mithrandir/.bash_history ]
then
bcwipe -frImd /home/mithrandir/.bash_history
else
echo “No mithrandir bash_history file is present.”
fi
echo “Done with this step.”
echo ” ”
# Wipe the root bash_history file
cd /root
echo “Eliminating the root bash_history file file . . .”
# Test if the file exists, and wipe it if it does.
if [ -f /root/.bash_history ]
then
bcwipe -frImd /root/.bash_history
else
echo “No root bash_history file is present.”
fi
echo “Done with this step.”
echo ” ”
##################################################################################
##################################################################################
## Googleearth section
# Wipe the mithrandir Googleearth cache files
cd /home/mithrandir/.googleearth/Cache
echo “Eliminating the mithrandir Googleearth cache files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /home/mithrandir/.googleearth/Cache | wc -l` -eq 0 ]
then
echo “No mithrandir Googleearth cache files are present.”
else
bcwipe -frImd /home/mithrandir/.googleearth/Cache/*
fi
echo “Done with this step.”
echo ” ”
# Wipe the root Googleearth cache files
cd /root/.googleearth/Cache
echo “Eliminating the root Googleearth cache files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /root/.googleearth/Cache | wc -l` -eq 0 ]
then
echo “No root Googleearth cache files are present.”
else
bcwipe -frImd /root/.googleearth/Cache/*
fi
echo “Done with this step.”
echo ” ”
##################################################################################
##################################################################################
## Trash section
# Wipe the root Trash files
cd /root/.local/share/Trash/files
echo “Eliminating the root Trash files files . . .”
# Test if the directory is empty. Wipe the files if it’s not.
if [ `ls /root/.local/share/Trash/files | wc -l` -eq 0 ]
then
echo “No root Trash files are present.”
else
bcwipe -frImd /root/.local/share/Trash/files/*
fi
echo “Done with this step.”
echo ” ”
##
## You can add in a similar block of commands for the user Trash directory. I use
## wipe as context menu add-in to delete files, so I didn’t include that
## directory here.
##################################################################################
##################################################################################
# Free space section
# Wipe file slack with random data
echo “Wiping file slack…”
bcwipe -frISmd /
echo “Done with this step.”
echo ” ”
# Wipe disk free space with zeros
# To overwrite with random data via the DOD
# 7 pass method, replace mz below with md
echo “Wiping disk free space…”
bcwipe -frIFmz /
echo “Done with this step.”
echo ” ”
# You may be able to comment out or remove this section. For some reason,
# since I installed Hardy Heron (Ubuntu 8.04), bcwipe leaves the file it
# creates to write patterns to. So, I added this section to remove that file
# and free the disk space.
# Eliminate bcwipe temp file
echo “Eliminating bcwipe temp file…”
rm -dfr /bcwipe*
echo “Done with this step.”
echo ” ”
##################################################################################
##################################################################################
# Synchronize Swap Space, turn it off, wipe it, and turn it on again
# To identify the path to and name of your swap space, type cat /proc/swaps
# at the command prompt and substitute your path for the path below.
echo “Cycling and wiping swap space…”
sync
swapoff /dev/mapper/mercury-swap_1
sswap /dev/mapper/mercury-swap_1
swapon /dev/mapper/mercury-swap_1
echo “Done with this step.”
echo ” ”
##################################################################################
##################################################################################
# Overwrite RAM with random data
echo “Overwriting RAM…”
# For other smem switches, type man smem at the command prompt.
smem -l
echo “Done with this step.”
echo ” ”
##################################################################################
##################################################################################
# End section
# Since it takes a long time, I typically start this script before going to bed.
# If you want to restart your computer instead of shutting it down when the script
# ends, change the P below to r. If you just want to exit the script without
# restarting or shutting down, replace the lines below with exit 0.
# Shutdown the computer
echo “Shutting down the computer . . .”
shutdown -P now
One Trackback/Pingback
[...] Brain Dump] Secure Data Destruction: It seems that nearly every UNIX journal I feature today had something most sick deleted files from [...]
Post a Comment