When it comes to the destruction of data, one tool stands out from the crowd on Linux systems: shred. This little binary lets you overwrite files if you need to hide their contents. Using shred, you can “just delete” files or, if necessary, overwrite a file repeatedly in order to help try and hide the file contents from even professional, mission-impossible hardware.
Note, as stated in the manual for the shred utility, that only certain filesystems are compatible with its modus operandi. It requires a filesystem that overwrites the data “in place” to work effectively. As stated in the manual, shred won’t work as effectively on the following types of filesystems:
- Log structured or journaled filesystems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
- Filesystems that write redundant data and carry on even if some writes fail, such as RAIDbased filesystems
- Filesystems that make snapshots, such as Network Appliance’s NFS server
- Filesystems that cache in temporary locations, such as NFS version 3 clients
- Compressed filesystems
The long and short of it is that you can be pretty certain on filesystems other than those types listed that the shred utility has done its job admirably.
Let’s look at some of options the shred utility provides. The shred utility is part of the coreutils package, which should almost always be installed. As a result, if for some reason you can’t run shred on Debian derivatives, then install it using this command:
aptget install coreutils
On Fedora and RHEL et al., you can try this:
yum install coreutils
I’m sure you get the idea. Incidentally, it will be highly unusual not to have coreutils installed, owing to the fact that all your basic file, text, and shell utilities come with it. It’s from whence ls and rm appear, for example.
Getting Started with shred
To get started, if you wanted to wipe an entire disk partition, you could begin as follows. This example targets the partition called sda3.
shred vfz n 25 /dev/sda3
Here’s how this command breaks down:
- The f switch means that if the shred utility struggles with the requisite permissions needed to wipe a file or partition, you can simply “force” the operation to succeed. Be warned, though; it’s frighteningly easy to lose precious data with this remarkable utility.
- The all-pervasive and friendly v for displaying an operation’s progress is commonplace and stands for verbose. To hide your tracks, you can add the z or zero switch, which adds an overwrite using zeros to cleverly disguise the act of shredding.
- Finally, n 25 means that rather than the default three overwrites, you will hammer your disk 25 times to obfuscate the previously stored data. All very covert and professional.
This action also applies to RAID partitions. And, with the simplest of adjustments, if you wanted to wipe an entire drive then you’d just drop the partition number off the end. Very carefully try something along the following lines on a test box, with fewer overwrites for a big disk: # shred vfz n 5 /dev/sdc If privacy is your greatest concern, you can simply increase the overwrite settings. There’s also another nice feature available in the shred utility. It lets you throw a file full of random data into the mix. You can achieve this by using this switch randomsource=FILENAME, where FILENAME refers to the name of your data file.
Published on Wed 08 February 2006 by Fiona Mogg in Linux with tag(s): shred linux