We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

shred command usage and examples for deleting files securely in linux


oceano
04/03/2014, 10:39
Hola, buenos das.

Cuando se deja un servidor, toda la informacin que contiene un disco no es borrada realmente, nicamente se borran los inodos y punteros de redireccin a archivos.

Qu significa esto? Qu toda la informacin an habiendo formateado el disco sigue ah. Y si por ejemplo alguien con algo ms de experiencia que nosotros sabe como acceder a esta informacin, seguramente estemos comprometidos ms adelante.

Aqu un ejemplo de utilizacin de esta buena herramienta.

******************************************
1.-
# tail -f anaconda-ks.cfg

trousers
fipscheck
device-mapper-multipath
sgpio
perl-Convert-ASN1

******************************************

2.-
# tail -f anaconda-ks.cfg

4% hcc~l&bYVзUwFL
+3۪|VqOmIJ\*`4h"/IDP1`;4#iHqG
6UG4sM*Po"Xm{X_?]J,_GIR~iU
.]kh^`>]TX>=

******************************************

3.-

# shred -n 30 /dev/sda2 & // ( random 30 veces - lanzado a background )

[2] 5902

# shred -v -n 30 /dev/sda2 // ( random 30 veces - vervose )

shred: /dev/sda2: pass 1/30 (random)...
shred: /dev/sda2: pass 1/30 (random)...622MiB/912GiB 0%
shred: /dev/sda2: pass 1/30 (random)...1.2GiB/912GiB 0%
shred: /dev/sda2: pass 1/30 (random)...1.8GiB/912GiB 0%
shred: /dev/sda2: pass 1/30 (random)...2.4GiB/912GiB 0%
shred: /dev/sda2: pass 1/30 (random)...3.0GiB/912GiB 0%
shred: /dev/sda2: pass 1/30 (random)...3.7GiB/912GiB 0%
shred: /dev/sda2: pass 1/30 (random)...4.3GiB/912GiB 0%
shred: /dev/sda2: pass 1/30 (random)...4.9GiB/912GiB 0%
shred: /dev/sda2: pass 1/30 (random)...5.6GiB/912GiB 0%
shred: /dev/sda2: pass 1/30 (random)...6.2GiB/912GiB 0%
shred: /dev/sda2: pass 1/30 (random)...6.6GiB/912GiB 0%
shred: /dev/sda2: pass 1/30 (random)...7.2GiB/912GiB 0%
shred: /dev/sda2: pass 1/30 (random)...7.8GiB/912GiB 0%
shred: /dev/sda2: pass 1/30 (random)...8.4GiB/912GiB 0%
shred: /dev/sda2: pass 1/30 (random)...9.1GiB/912GiB 1%
shred: /dev/sda2: pass 1/30 (random)...9.7GiB/912GiB 1%
shred: /dev/sda2: pass 1/30 (random)...10GiB/912GiB 1%
shred: /dev/sda2: pass 1/30 (random)...11GiB/912GiB 1%
shred: /dev/sda2: pass 1/30 (random)...12GiB/912GiB 1%


Fuente:
http://www.slashroot.in/shred-comman...securely-linux

Si se pierde la fuente ...

************************************

shred command usage and examples for deleting files securely in linux

0
Submitted by Sarath Pillai on Fri, 12/21/2012 - 09:01
delete files securely in linux
Whenever you delete a file under Linux or any other operating system, the operating system does not remove the data of that file completely from the hard disk. There are several things that an operating system does whenever you ask it to delete a file. If you want to understand how a file deletion works then getting some basic understanding of inodes in Linux is very much necessary.

Many open source forensic tools are freely available on the internet which can be used to retrieve lost or deleted data from the hard disk. Many of them are so easy to use and are graphical, that normal desktop users can also simply download them and retrieve data.

So if you want to securely delete some data on the disk without being worried about the retrieval then shred utility available in Linux will be a good tool to start with.

I recommend reading my posts on inodes and file deletion to have some idea.

Shred is a program that comes preloaded in most of the distributions out there. If you look at the command, you will come to know that, it gets installed through coreutils package in redhat/centos

[root@localhost ~]# rpm -qf /usr/bin/shred
coreutils-5.97-34.el5


coreutils package is avialble in the installation DVD centos/redhat. Now lets understand the command and its working.

if you delete a file with shred command lets see what happens to the file. We will test this with the default installation kickstart file in root's home directory.

Normally the contents of the file are as below.



[root@localhost ~]# tail -f anaconda-ks.cfg
trousers
fipscheck
device-mapper-multipath
sgpio
perl-Convert-ASN1

lets delete this file with shred command.

[root@localhost ~]# shred anaconda-ks.cfg


And now lets try and look at the contents of the file.





tail -f anaconda-ks.cfg
4% hcc~l&bYVзUwFL
+3۪|VqOmIJ\*`4h"/IDP1`;4#iHqG
6UG4sM*Po"Xm{X_?]J,_GIR~iU
.]kh^`>]TX>=

you can clearly see that shred made the contents of the file full gibrish. Which is junk. So it overwrites the file's blocks with junk data when ran with no other options. This means the real data is overwrited with some gibrish data, so that even if someone recovers the file, they will not get the original data.

By default shred will overwrite the contents of the file with junk data 25 times.

If you want to overwrite the data of the file more times than the default 25, then you can do that by using the -n option as shown below.

[root@localhost ~]# shred -n 30 anaconda-ks.cfg
[root@localhost ~]#


Note: The default anaconda kickstart file is so small, thats why shred was able to overwrite it 30 times, so fast. The speed of the overwrite will depend on the size of the file.

If you want to see the operation in verbose mode, then you can use the -v option as shown below.

[root@localhost ~]# shred -v -n 30 anaconda-ks.cfg
shred: anaconda-ks.cfg: pass 1/30 (random)...
shred: anaconda-ks.cfg: pass 2/30 (7fffff)...
shred: anaconda-ks.cfg: pass 3/30 (000000)...
shred: anaconda-ks.cfg: pass 4/30 (dddddd)...
shred: anaconda-ks.cfg: pass 5/30 (800000)...
shred: anaconda-ks.cfg: pass 6/30 (777777)...
shred: anaconda-ks.cfg: pass 7/30 (888888)...
shred: anaconda-ks.cfg: pass 8/30 (249249)...
shred works by taking an assumption that the file system always overwrites data.

There are some major limitations of applying shred on a file(although it works perfect on ext2).Some are mentioned below.



shred file deletion does not applies to some journaling file system's, which journals both the data and the blocks
Shredding files on a heavily deployed RAID, where data is copied in multiple disks, might involve some complications.


You can use -s option to shred some first required bytes of a file.

[root@localhost ~]# shred -s 2B anaconda-ks.cfg
[root@localhost ~]#


The above mentioned example will overwrite the first 2 bytes of the file (similarly you can use K, for kilobytes,M for mega, etc).



[root@localhost ~]# shred -n 30 -u anaconda-ks.cfg


using the -u option as shown above will truncate/delete the file after overwriting it with junk content 30 times.

Due to the previously mentioned limitations of shred while deleting files with it, its better suited to wipe out partitions and devices fully.

example shredding of the whole partition is shown below.

[root@localhost ~]# shred -n 30 /dev/sda1


if you want to delete the contents of an external device, you can pass the device name as an argument, to shred, similar to the above shown.

Please note that, data recovery is not secure until you destroy the whole physical device with some acid or burning the whole device. Because underlying data can be retrieved with expensive laboratory research, which IT forensic team does.

However you can be sure about the fact that, shred utility will help you achieve a considerable level of security. Because normal tools out there in the market cannot easily detect data from the partitions or devices shredded with this utility.

************************************


Un saludo !