Difference between revisions of "Securely delete files with shred"
PeterHarding (talk | contribs) (New page: <i>by Vincent Danen, TechRepublic</i> There are two utilities on a typical Linux box that can be used to delete files. Most users are familiar with the rm command. Most of the time, this...) |
PeterHarding (talk | contribs) |
||
Line 112: | Line 112: | ||
[[Category:Technet]] | [[Category:Technet]] | ||
[[Category: | [[Category:Whitepapers]] |
Latest revision as of 08:03, 31 October 2013
by Vincent Danen, TechRepublic
There are two utilities on a typical Linux box that can be used to delete
files. Most users are familiar with the rm command. Most of the time, this
command is sufficient for routine deletion, but for files that contain
sensitive data, you might need to scrub them so that they cannot be
recovered later with other data retrieval tools.
To delete files with sensitive content, rm is not sufficient. Instead, consider using the shred command, which not only deletes a file, but deletes it in such a way that it cannot be recovered. Shred overwrites the file multiple times with garbage prior to deleting it, ensuring that if anything does get retrieved, it isn't your top-secret data.
For instance: $ echo "this is private data" >private.txt $ cat private.txt this is private data $ ls -l private.txt -rw-r -- r-- 1 vdanen vdanen 21 Mar 4 09:36 private.txt
To illustrate how shred works, call it without any command-line options so that the garbage in the file can be viewed:
$ shred private.txt $ cat private.txt ?9?-?w?K?=???l;b8SƉ?b???????@,?18!??DM??P? ... $ ls -l private.txt -rw-r -- r-- 1 vdanen vdanen 4096 Mar 4 09:36 private.txt
The rest of the output is removed as it is binary gibberish. You can also see the file size has changed.
To delete the file after overwriting it with garbage, use the -u option. To see what shred is actually doing, give it the verbose -v option:
$ shred -u -v private.txt shred: private.txt: pass 1/25 (random)... shred: private.txt: pass 2/25 (cccccc)... shred: private.txt: pass 3/25 (111111)... shred: private.txt: pass 4/25 (000000)... shred: private.txt: pass 5/25 (999999)... shred: private.txt: pass 6/25 (aaaaaa)... shred: private.txt: pass 7/25 (924924)... shred: private.txt: pass 8/25 (b6db6d)... shred: private.txt: pass 9/25 (6db6db)... shred: private.txt: pass 10/25 (888888)... shred: private.txt: pass 11/25 (492492)... shred: private.txt: pass 12/25 (db6db6)... shred: private.txt: pass 13/25 (random)... shred: private.txt: pass 14/25 (ffffff)... shred: private.txt: pass 15/25 (bbbbbb)... shred: private.txt: pass 16/25 (777777)... shred: private.txt: pass 17/25 (444444)... shred: private.txt: pass 18/25 (dddddd)... shred: private.txt: pass 19/25 (333333)... shred: private.txt: pass 20/25 (555555)... shred: private.txt: pass 21/25 (222222)... shred: private.txt: pass 22/25 (eeeeee)... shred: private.txt: pass 23/25 (666666)... shred: private.txt: pass 24/25 (249249)... shred: private.txt: pass 25/25 (random)... shred: private.txt: removing shred: private.txt: renamed to 00000000000 shred: 00000000000: renamed to 0000000000 shred: 0000000000: renamed to 000000000 shred: 000000000: renamed to 00000000 shred: 00000000: renamed to 0000000 shred: 0000000: renamed to 000000 shred: 000000: renamed to 00000 shred: 00000: renamed to 0000 shred: 0000: renamed to 000 shred: 000: renamed to 00 shred: 00: renamed to 0 shred: private.txt: removed
As you can see, shred overwrites the file 25 times with garbage. After this, it renames the file 11 times before deleting it.
Shred can also be used to overwrite entire disks instead of just files. If you wished to overwrite the contents of an entire hard drive, a process which would definitely take a fair amount of time, use:
- shred -u -n 30 /dev/hda
This will overwrite the data on the drive with garbage using 30 passes. The drive will need to be re-formatted after this as even the filesystem structure will be destroyed.