Destroy old data files for the same reason you destroy old paper documents. We tell you what you need to know about safely deleting Linux files. This tutorial covers the command
shred and the utilities
Deleted files can usually be recovered
When you delete a file, it does not really drive away from your hard drive. It all depends on how your file system uses inodes. These are the data structures within the file system that contain the metadata about the files. The name of the file, its location on the disk, its attributes and permissions, etc. are all stored in an inode. A directory is nothing more than a file. One that contains the names and inode numbers of the files contained in the directory.
If you delete a file with
rm the file system releases the corresponding inode and adjusts the directory file. This marks the disk space that the file was using as unused. Imagine going into a library, scanning the file, looking for the catalog of a book and tearing it up. The book is still on the shelf. It's just harder to find.
In other words, the space used by the file can now be used by other files. However, the contents of the old file are still in this area. As long as this space is not overwritten, there is a good chance that the file can be retrieved.
However, removing a file completely is not as easy as simple overriding. As we will see.
Do not do this with SSDs.
These techniques apply to conventional electromechanical hard disk drives (HDDs) and should not be used with solid state drives (SSDs). This does not work and results in extra writes and unnecessary wear to your SSD. To safely delete data from an SSD, you should use the utility provided by the manufacturer of your SSD.
RELATED: Deleting Files and Directories in the Linux Terminal [1
shred command causes overwriting to run so that a deleted file is not recovered can be. It is included in all Linux distributions tested while researching this article, including Ubuntu, Fedora, and Manjaro.
In this example, we work in a directory named ~ / research contains many text files. It also contains some other directories, which in turn contain other files. We assume that these files are confidential and must be completely deleted from the hard disk.
The directory tree is displayed with the command
tree as follows. The option
-d (directory) causes
tree to list only directories and not all files. The directory tree looks like this:
Destroying a single file
You can use the following command to destroy a single file. The following options are used:
- u : Release and remove the file after overwriting.
- v : Full option so that
shredtells us what she is doing.
- z : Performs a final override with zeros.
shred -uvz Preliminary_Notes.txt_01.txt
shred overwrites the file four times by default. The first three passes use random data, and the last pass uses zeroes as we requested. Then the file is removed and some of the metadata in inode
. Setting the number of overrun passages
We can ask
for Use more or less overrun passes with the option
shred always uses at least one pass. The number we specify here is the number of additional passes for which execution
Shred is required. So
shred will always make one more pass than the number we're asking for. To obtain a total of three passes, we request two additional passes:
shred -uvz -n 2 Preliminary_Notes.txt_02.txt
 How to Expect
Shredding in three passes.
Less passes – less shredding if you want – are obviously faster. But is it less safe? Interestingly enough, three runs are probably more than enough.
RELATED: You must delete a disk only once
Destroy multiple files
Wildcards can be used with
shred to select file groups which should be deleted.
* stands for multiple characters and
? stands for a single character. This command deletes all remaining "Preliminary_Notes" files in the current working directory.
shred -uvz -n 2 Preliminary_Notes_ *. *
The remaining files are each processed sequentially by
shred is not recursive This option can not be used to delete directory trees of nested directories.
The problem with secure deletion of files
As good as
shred is, there is a problem. Modern journal file systems such as ext3 and ext4 make enormous efforts to ensure that they do not break, become corrupt or lose data. And with journaling file systems, there is no guarantee that overwriting will actually occur over the disk space used by the deleted file.
If you're just reassured that the files were deleted a bit more thoroughly than
rm would have done it, then
Shred is probably fine. But do not make the mistake of believing that the data has definitely disappeared and can not be recovered. This is very likely not the case .
CONNECTED: Why You Can not Safely Delete a File and What You Should Do Instead
The Suite for Secure Erase
for Secure Erase trying to overcome the greatest effort in recording file systems and safely overwriting the file. But exactly the same restrictions apply. There is still no guarantee that overwriting will actually occur over the hard disk area you need to erase the file you want. There are more opportunities, but no guarantee.
for safe deletion use the following order of overrides and actions:
- 1 Overwrite with 0xFF value bytes.
- 5 Overwrite with random data.
- 27 overwrites with special values defined by Peter Gutmann.
- 5 more overwrites with random data.
- Rename the file to a random value.
- Shorten the file.
If all this seems excessive For you, you are in good company. Peter Gutmann, a professor at the University of Aukland, seems too exaggerated. In 1996, he published an article on these techniques, from which the urban myth emerged that you must apply all the techniques discussed in this article all at once.
Peter Gutmann has since tried to get the ghost back in the bottle and said, "A good cleanup with random data is about as good as expected. "
But we are where we are, and these are the various techniques used by the commands
for safe deletion . But first we have to install it.
apt-get to install this package on your system if you are using Ubuntu or any other Debian-based distribution. Instead, use the package management tool of your Linux distribution on other Linux distributions.
sudo apt-get install secure-delete
There are four commands included in the package
secure deletion .  srm is a secure
rm that is used to delete files by deleting and overwriting the hard disk space.
sfillis a tool for overwriting all free space on your hard drive.
sswapis used to override and clean up your swap space.
sdmemis used to clean up your RAM.
The command srm  They use the command
srm as well as the command
rm . Use the following command to remove a single file. The option
-z (zeros) causes
smr to use zeros instead of random data for final deletion. With the option
-v (in detail)
srm is informed about the progress.
srm -vz Chapter_One_01.txt
The first thing that strikes you is that
srm is slow. While there is visual feedback while it works, it is a relief to see the prompt again.
- l The option (decrease security) to reduce the number of passes to two speeds things up dramatically.
srm -lvz Chapter_One_02.txt
srm tells us that this is less secure in his opinion, but deletes and overwrites the file for us.
 You can use the -l (decrease security) option twice to reduce the number of passes to one.
srm -llvz Chapter_One_03.txt
Using srm with multiple files
We can also use wildcards for
srm . This command deletes and deletes the remaining parts of Chapter 1:
srm -vc Chapter_One_0? .Txt
The files are processed by
] srm in turn.
Delete directories and their contents with srm
-r (recursive) This option causes
srm deletes all subdirectories and their contents. You can pass the path to the first directory to
This example deletes the entire current ~ / research directory. This means that all files in ~ / research and all subdirectories are safely removed.
srm -vz *
srm starts processing the directories and files.
Finally, you return to the command prompt. On the test computer that researched this article, it took about an hour to remove about 200 files distributed between the current directory and three nested directories.
All of the files and subdirectories were removed as expected.
The sfill Command
What happens if you are worried about a file that you deleted with rm, how can you go over this old cause and make sure it gets overwritten? The command
sfill overwrites all free space on your hard disk.
You find that you have less and less free space on your hard drive, to the point where there is no free space at all? When
sfill is completed, all free space is freed up for you. Managing a multi-user system is very annoying. This is a maintenance task that should be performed outside business hours.
Even on a single-user computer, the loss of hard disk space means it is useless once
sfill has used most of the space. This is something you start from and then go away.
To speed things up, you can use the option
-l (decrease security). The other options are the options
-v (detailed) and
-z (zeros), which we have seen before. Here we request
sfill to safely override all free space in the / home directory.
sudo sfill -lvz / home
Get comfortable. On the test computer – which has only a 10 GB hard drive – this process was started in the afternoon and completed overnight.
for hours. And this is with the option
-l (decrease security). Eventually, you will return to the command prompt.
The sswap Command
command overwrites the memory in your swap partition. First, we need to identify your swap partition. We can do this with the command
blkid which lists block devices.
and make a note of the block device to which it is attached.
We can see that the swap partition is associated with
/ dev / sda5 ].
We need to disable the write operations on the swap partition for the duration of the overwrite. We will use the command
sudo swapoff / dev / sda5
We can now use the command
sswap Command .
We will use
/ dev / sda5 as part of the command line for the
sswap command. We will also use the options
-v (detailed) and
-ll (less security) that we used previously.
sudo sswap -llv / dev / sda5  sudo sswap -llv / dev / sda5 in a terminal window " width="644" height="55" src="/pagespeed_static/1.JiBnMqyl6S.gif" onload="pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);" onerror="this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);"/>
sswapworks through your swap partition and overwrites everything is in it. It does not take that long for
to be fulfilled. It just feels that way.
Once completed, we need to recover the swap partition as an active swap space. We do this with the command
swapon:sudo swapon / dev / sda5
The command sdmem
The package secure -deleteeven includes a tool to erase Random Access Memory (RAM) chips in your computer.
A cold boot attack requires physical access to your computer shortly after it is turned off. This type of attack may potentially allow retrieving data from your RAM chips.
If you think you need to protect yourself from this type of attack - and it would be difficult for most people to find it necessary - you can clear your RAM before turning off your computer. We will reuse the options
-ll(reduce security).sudo sdmem -vll
The terminal window is filled with asterisks to indicate that
sdmemworks through your RAM.
The easy option: just encrypt your drive.
Instead of safely deleting files, you can back up your hard disk or private folder with encryption.
If you do, no one can access it, regardless of whether this is a live file or a deleted file. And you do not have to be wary of remembering to safely delete sensitive files because all your files are already protected.
Most Linux distributions ask if you want to use encryption when installing. Saying yes will save a lot of trouble in the future. You must not handle secret or sensitive information. However, if you think you can hand over or sell the computer to someone else when you're done, encryption will also simplify it.