قالب وردپرس درنا توس
Home / Tips and Tricks / Secure deletion of files under Linux

Secure deletion of files under Linux



  Open the hard disk in the hot-swap compartment.
Bender Michael / Shutterstock.com

Destroy old data files for the same reason you destroy old paper documents. We tell you what you need to know about safely deleting Linux files. This tutorial covers the command shred and the utilities secure-delete .

Deleted files can usually be recovered

When you delete a file, it does not really drive away from your hard drive. It all depends on how your file system uses inodes. These are the data structures within the file system that contain the metadata about the files. The name of the file, its location on the disk, its attributes and permissions, etc. are all stored in an inode. A directory is nothing more than a file. One that contains the names and inode numbers of the files contained in the directory.

If you delete a file with rm the file system releases the corresponding inode and adjusts the directory file. This marks the disk space that the file was using as unused. Imagine going into a library, scanning the file, looking for the catalog of a book and tearing it up. The book is still on the shelf. It's just harder to find.

In other words, the space used by the file can now be used by other files. However, the contents of the old file are still in this area. As long as this space is not overwritten, there is a good chance that the file can be retrieved.

However, removing a file completely is not as easy as simple overriding. As we will see.

Do not do this with SSDs.

These techniques apply to conventional electromechanical hard disk drives (HDDs) and should not be used with solid state drives (SSDs). This does not work and results in extra writes and unnecessary wear to your SSD. To safely delete data from an SSD, you should use the utility provided by the manufacturer of your SSD.

RELATED: Deleting Files and Directories in the Linux Terminal [1

9659009] The shred

shred command causes overwriting to run so that a deleted file is not recovered can be. It is included in all Linux distributions tested while researching this article, including Ubuntu, Fedora, and Manjaro.

In this example, we work in a directory named ~ / research contains many text files. It also contains some other directories, which in turn contain other files. We assume that these files are confidential and must be completely deleted from the hard disk.

The directory tree is displayed with the command tree as follows. The option -d (directory) causes tree to list only directories and not all files. The directory tree looks like this:

  tree -d 

  Directory tree in a terminal window

Destroying a single file

You can use the following command to destroy a single file. The following options are used:

  • u : Release and remove the file after overwriting.
  • v : Full option so that shred tells us what she is doing.
  • z : Performs a final override with zeros.
  shred -uvz Preliminary_Notes.txt_01.txt 

  shred -uvz Preliminary_Notes.txt_01.txt in a Terminal Window

shred overwrites the file four times by default. The first three passes use random data, and the last pass uses zeroes as we requested. Then the file is removed and some of the metadata in inode

 is overwritten, performing four passes

. Setting the number of overrun passages

We can ask for Use more or less overrun passes with the option -n (number). shred always uses at least one pass. The number we specify here is the number of additional passes for which execution Shred is required. So shred will always make one more pass than the number we're asking for. To obtain a total of three passes, we request two additional passes:

  shred -uvz -n 2 Preliminary_Notes.txt_02.txt 

  shred -uvz -n 2 Preliminary_Notes.txt_02.txt in a Terminal Window [19659006] How to Expect Shredding in three passes.

 Shredding in Three Transits in a Terminal Window

Less passes – less shredding if you want – are obviously faster. But is it less safe? Interestingly enough, three runs are probably more than enough.

RELATED: You must delete a disk only once

Destroy multiple files

Wildcards can be used with shred to select file groups which should be deleted. * stands for multiple characters and ? stands for a single character. This command deletes all remaining "Preliminary_Notes" files in the current working directory.

  shred -uvz -n 2 Preliminary_Notes_ *. * 

  shred -uvz -n 2 Preliminary_Notes_ *. * In a terminal window

The remaining files are each processed sequentially by shred .

 The output of shred in a terminal window

shred is not recursive This option can not be used to delete directory trees of nested directories.

The problem with secure deletion of files

As good as shred is, there is a problem. Modern journal file systems such as ext3 and ext4 make enormous efforts to ensure that they do not break, become corrupt or lose data. And with journaling file systems, there is no guarantee that overwriting will actually occur over the disk space used by the deleted file.

If you're just reassured that the files were deleted a bit more thoroughly than rm would have done it, then Shred is probably fine. But do not make the mistake of believing that the data has definitely disappeared and can not be recovered. This is very likely not the case .

CONNECTED: Why You Can not Safely Delete a File and What You Should Do Instead

The Suite for Secure Erase

The Commands for Secure Erase trying to overcome the greatest effort in recording file systems and safely overwriting the file. But exactly the same restrictions apply. There is still no guarantee that overwriting will actually occur over the hard disk area you need to erase the file you want. There are more opportunities, but no guarantee.

The commands for safe deletion use the following order of overrides and actions:

  • 1 Overwrite with 0xFF value bytes.
  • 5 Overwrite with random data.
  • 27 overwrites with special values ​​defined by Peter Gutmann.
  • 5 more overwrites with random data.
  • Rename the file to a random value.
  • Shorten the file.

If all this seems excessive For you, you are in good company. Peter Gutmann, a professor at the University of Aukland, seems too exaggerated. In 1996, he published an article on these techniques, from which the urban myth emerged that you must apply all the techniques discussed in this article all at once.

Peter Gutmann has since tried to get the ghost back in the bottle and said, "A good cleanup with random data is about as good as expected. "

But we are where we are, and these are the various techniques used by the commands for safe deletion . But first we have to install it.

Installing Secure-Delete

Use apt-get to install this package on your system if you are using Ubuntu or any other Debian-based distribution. Instead, use the package management tool of your Linux distribution on other Linux distributions.

  sudo apt-get install secure-delete 

  sudo apt-get install secure-delete in a terminal window

There are four commands included in the package secure deletion . [196909066] srm is a secure rm that is used to delete files by deleting and overwriting the hard disk space.

  • sfill is a tool for overwriting all free space on your hard drive.
  • sswap is used to override and clean up your swap space.
  • sdmem is used to clean up your RAM.
  • The command srm [19659005] They use the command srm as well as the command rm . Use the following command to remove a single file. The option -z (zeros) causes smr to use zeros instead of random data for final deletion. With the option -v (in detail) srm is informed about the progress.

      srm -vz Chapter_One_01.txt 

      srm -vz Chapter_One_01.txt in a Terminal Window

    The first thing that strikes you is that srm is slow. While there is visual feedback while it works, it is a relief to see the prompt again.

     Issue of srm in a terminal window

    You can - l The option (decrease security) to reduce the number of passes to two speeds things up dramatically.

      srm -lvz Chapter_One_02.txt 

      srm -lvz Chapter_One_02.txt in a Terminal Window [19659006] srm tells us that this is less secure in his opinion, but deletes and overwrites the file for us.

     srm output in a terminal window [19659006] You can use the -l (decrease security) option twice to reduce the number of passes to one.

      srm -llvz Chapter_One_03.txt 

      srm -llvz Chapter_One_03.txt in a terminal window

    Using srm with multiple files

    We can also use wildcards for srm . This command deletes and deletes the remaining parts of Chapter 1:

      srm -vc Chapter_One_0? .Txt 

      srm -vc Chapter_One_0? .Txt in a terminal window

    The files are processed by ] srm in turn.

     srm Delete multiple files in a terminal window

    Delete directories and their contents with srm

    The -r (recursive) This option causes srm deletes all subdirectories and their contents. You can pass the path to the first directory to srm .

    This example deletes the entire current ~ / research directory. This means that all files in ~ / research and all subdirectories are safely removed.

      srm -vz * 

      srm -vz * in a terminal window

    srm starts processing the directories and files.

     srm starts processing in a terminal window.

    Finally, you return to the command prompt. On the test computer that researched this article, it took about an hour to remove about 200 files distributed between the current directory and three nested directories.

     srm complete in a terminal window

    All of the files and subdirectories were removed as expected.

    The sfill Command

    What happens if you are worried about a file that you deleted with rm, how can you go over this old cause and make sure it gets overwritten? The command sfill overwrites all free space on your hard disk.

    You find that you have less and less free space on your hard drive, to the point where there is no free space at all? When sfill is completed, all free space is freed up for you. Managing a multi-user system is very annoying. This is a maintenance task that should be performed outside business hours.

    Even on a single-user computer, the loss of hard disk space means it is useless once sfill has used most of the space. This is something you start from and then go away.

    To speed things up, you can use the option -l (decrease security). The other options are the options -v (detailed) and -z (zeros), which we have seen before. Here we request sfill to safely override all free space in the / home directory.

      sudo sfill -lvz / home 

      sudo sfill-lvz / home in a terminal window ]

    Get comfortable. On the test computer – which has only a 10 GB hard drive – this process was started in the afternoon and completed overnight.

     The output is executed in a terminal window

    for hours. And this is with the option -l (decrease security). Eventually, you will return to the command prompt.

    The sswap Command

    The sswap command overwrites the memory in your swap partition. First, we need to identify your swap partition. We can do this with the command blkid which lists block devices.

      sudo blkid 

      sudo blkid in a terminal window.

    and make a note of the block device to which it is attached.

     Output of blkid in a terminal window

    We can see that the swap partition is associated with / dev / sda5 ].

    We need to disable the write operations on the swap partition for the duration of the overwrite. We will use the command swapoff :

      sudo swapoff / dev / sda5 

      sudo swapoff / dev / sda5 in a terminal window

    We can now use the command sswap Command .

    We will use / dev / sda5 as part of the command line for the sswap command. We will also use the options -v (detailed) and -ll (less security) that we used previously.

      sudo sswap -llv / dev / sda5 [19659123] sudo sswap -llv / dev / sda5 in a terminal window " width="644" height="55" src="/pagespeed_static/1.JiBnMqyl6S.gif" onload="pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);" onerror="this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);"/> 

    sswap works through your swap partition and overwrites everything is in it. It does not take that long for to be fulfilled. It just feels that way.

    Once completed, we need to recover the swap partition as an active swap space. We do this with the command swapon :

      sudo swapon / dev / sda5 

      sudo swapon / dev / sda5 in a terminal window

    The command sdmem

    The package secure -delete even includes a tool to erase Random Access Memory (RAM) chips in your computer.

    A cold boot attack requires physical access to your computer shortly after it is turned off. This type of attack may potentially allow retrieving data from your RAM chips.

    If you think you need to protect yourself from this type of attack - and it would be difficult for most people to find it necessary - you can clear your RAM before turning off your computer. We will reuse the options -v (detailed) and -ll (reduce security).

      sudo sdmem -vll 

      sudo sdmem -vll in a terminal window

    The terminal window is filled with asterisks to indicate that sdmem works through your RAM.

     Output from sdmem in a terminal window

    The easy option: just encrypt your drive.

    Instead of safely deleting files, you can back up your hard disk or private folder with encryption.

    If you do, no one can access it, regardless of whether this is a live file or a deleted file. And you do not have to be wary of remembering to safely delete sensitive files because all your files are already protected.

    Most Linux distributions ask if you want to use encryption when installing. Saying yes will save a lot of trouble in the future. You must not handle secret or sensitive information. However, if you think you can hand over or sell the computer to someone else when you're done, encryption will also simplify it.




    Source link