Sunday, August 9, 2009

Secure files deletion

Have you ever wondered what happens when you delete a file? If you think it disappears you're wrong. The standard linux filesystems (ext2/ext3) only zero the pointers to the data blocks, however the data still remain and can be retrieved with some effort. There are some ways however to securely delete the file. The secure deletion usually means multiple overwriting the file with random patterns and zeros in the end. The last phase is made to hide the file shreding. After these steps we can issue rm command to remove the file. To achieve this we can use dd command:

$ dd if=/dev/urandom of=file2delete count=$(ls -s file2delete|cut -f1 -d' ') bs=1K
$ dd if=/dev/zero of=file2delete count=$(ls -s file2delete|cut -f1 -d' ') bs=1K
$ rm -f
file2delete

There is also the shred command which does the same (in a better way :). By default it overwrites the data with random patterns 25 times (the -n switch specifies the exact number). The -z switch causes zeroing the file in the end. The -u switch truncates and removes the file permanently. Removing is optional, because shred can be used to secure deletion of the whole hard disk or partition. Let's delete the file2delete file:

$ shred -z -u -v file2delete
shred: file2delete: pass 1/26 (random)...
shred: file2delete: pass 2/26 (cccccc)...
shred: file2delete: pass 3/26 (666666)...
shred: file2delete: pass 4/26 (aaaaaa)...
shred: file2delete: pass 5/26 (db6db6)...
shred: file2delete: pass 6/26 (249249)...

shred: file2delete: pass 7/26 (222222)...
shred: file2delete: pass 8/26 (924924)...

shred: file2delete: pass 9/26 (ffffff)...

shred: file2delete: pass 10/26 (777777)...
shred: file2delete: pass 11/26 (111111)...
shred: file2delete: pass 12/26 (b6db6d)...
shred: file2delete: pass 13/26 (random)...
shred: file2delete: pass 14/26 (bbbbbb)...

shred: file2delete: pass 15/26 (6db6db)...
shred: file2delete: pass 16/26 (444444)...
shred: file2delete: pass 17/26 (dddddd)...
shred: file2delete: pass 18/26 (000000)...
shred: file2delete: pass 19/26 (888888)...
shred: file2delete: pass 20/26 (333333)...
shred: file2delete: pass 21/26 (492492)...
shred: file2delete: pass 22/26 (999999)...
shred: file2delete: pass 23/26 (eeeeee)...
shred: file2delete: pass 24/26 (555555)...
shred: file2delete: pass 25/26 (random)...
shred: file2delete: pass 26/26 (000000)...

shred: file2delete: removing
shred: file2delete: renamed to 00000000000

shred: 00000000000: renamed to 0000000000
shred: 0000000000: renamed to 000000000
shred: 000000000: renamed to 00000000
shred: 00000000: renamed to 0000000

shred: 0000000: renamed to 000000
shred: 000000: renamed to 00000
shred: 00000: renamed to 0000
shred: 0000: renamed to 000
shred: 000: renamed to 00
shred: 00: renamed to 0
shred: file2delete: removed

Shred has one disadvantage. It doesn't have recursive mode, so we can't delete the whole directory at once. We can however overcome this with little shell script:

#!/bin/bash
if [ -z "$1" ]; then
echo "usage: $0 <file> or <directory>"
exit
fi

if [ -d "$1" ]; then
find "$1" -type f -exec shred -u '{}' \;
rm -rf "$1"
elif [ -f "$1" ]; then
shred -u "$1"
fi

There are also other tools for this purpose. One of them is srm, which can be found at http://srm.sourceforge.net. It has recursive deletion and several erase modes (one of them is compatible with OpenBSD rm command).

No comments:

Post a Comment