Using "shred" to Securely Delete Files
| Using "shred" to Securely Delete Files |
| Security - Security Tools |
|
Using "shred" to Securely Delete Files When you use the "rm" utility, you may think that you're deleting a file, but you're not. All you're doing is removing the file's index--or, inode number--from the hard drive. The file is still there, and can still be recovered, as long as you don't overwrite the space that it occupies with another file. (Even then, recovery experts still might be able to retrieve it.) If you have sensitive files that you need to delete, consider using "shred". This handy utility will overwrite a file with gibberish multiple times, and optionally, will delete the file. To see how this works, let's create the "secret.txt" file. Use shred at your own risk...it can lead to serious problems!!!!! shred may not work correctly for JFS, XFS, EXT3 ,NFS or RAID systems because they are journaled systems and may allow the reconstruction of the file.cat > secret.txt This is a secret file. Nobody but me is to read it. We can use "less" to read this file, the same as we would any other text file. less secret.txt This is a secret file. Nobody but me is to read it. Now, we've finished with the file, and want to render it useless to anyone else. If we use "shred" without any option switches, we won't delete the file, but we will overwrite it with gibberish. shred secret.txt less secret.txt "secret.txt" may be a binary file. See it anyway?
The output will look something like: ^Dm<A4><E0><A6><CE>R<D8><EB>m^A<AF><B2><C6>A'DLn<CE>^T<D5><C8><DE>¹<85><F0><8B>ƍ<AB>J<C3>o<FF>¯&<B5><E9><F3>(<U+A8B6> <U+AF267>lE<A1><AB><A4><DC><F6><E8><8E><E7>N<9B><EA>މ^U<B5>JlG<AB>BN^? %<E2>Q^K[$<92>c'$<ED> ^\V<F5>Y~<F3>vJ<8D><BD><87> <93><8D>^^^^<FA>^\<A7><E5>S~W<ED>hդ<AE><B1><95>^B}k[C<F1>`j#<AA><A2><A8>_<EB><99>j<8E><D7>q^V6<9C>6<D0>)=<BC><A9>5<A1>(6zG <DA>^@r<91>V'u<97>}<B7>>֤<B8><91><94>%<AA>&5<BE>^E i<B3>l^M<C1>^^⊿ܟxT<9F><C6><E5>n<F1>^Z<B6>P<CB><FD><E1><83><<EA>u9g9<E8>+ ^W<92>D<C8><C7>/^@ ^Fx^<E0>0|<99>smJ<F5>^@^T<FC>lz<A0><CF><U+A90B>^_<A0>1^]A^X+<97><B2><9B>x^G<FB><81>ܛ9<D1>Jw<F1>f^W<CC><C7>t^N<EC>^F^T=;͔<F5>!^V<A5>tgs<D1>x<A4><B7>^UC<92>Z^F/^G<CE>3<D5>Z<AE>^Z<D5>y<C8><E1> secret.txt
So, you can see that the file is no longer very useful. If you want to both overwrite the file with gibberish, and then delete it, use the "-u" option. shred -u secret.txt less secret.txt secret.txt: No such file or directory
If you want verbose output, so that you can see exactly what "shred" is doing for you, use the "-v" switch. shred -u -v secret.txt shred: secret.txt: pass 1/25 (random)... shred: secret.txt: pass 2/25 (aaaaaa)... shred: secret.txt: pass 3/25 (444444)... shred: secret.txt: pass 4/25 (db6db6)... shred: secret.txt: pass 5/25 (111111)... shred: secret.txt: pass 6/25 (dddddd)... shred: secret.txt: pass 7/25 (888888)... shred: secret.txt: pass 8/25 (eeeeee)... shred: secret.txt: pass 9/25 (000000)... shred: secret.txt: pass 10/25 (924924)... shred: secret.txt: pass 11/25 (249249)... shred: secret.txt: pass 12/25 (bbbbbb)... shred: secret.txt: pass 13/25 (random)... shred: secret.txt: pass 14/25 (ffffff)... shred: secret.txt: pass 15/25 (222222)... shred: secret.txt: pass 16/25 (555555)... shred: secret.txt: pass 17/25 (333333)... shred: secret.txt: pass 18/25 (666666)... shred: secret.txt: pass 19/25 (999999)... shred: secret.txt: pass 20/25 (cccccc)... shred: secret.txt: pass 21/25 (492492)... shred: secret.txt: pass 22/25 (6db6db)... shred: secret.txt: pass 23/25 (b6db6d)... shred: secret.txt: pass 24/25 (777777)... shred: secret.txt: pass 25/25 (random)... shred: secret.txt: removing shred: secret.txt: renamed to 0000000000 shred: 0000000000: renamed to 000000000 shred: 000000000: renamed to 00000000 shred: 00000000: renamed to 0000000 shred: 0000000: renamed to 000000 shred: 000000: renamed to 00000 shred: 00000: renamed to 0000 shred: 0000: renamed to 000 shred: 000: renamed to 00 shred: 00: renamed to 0 shred: secret.txt: removed
By default, "shred" will overwrite the file with 25 sets of gibberish data. If you're extra paranoid about your data security, you may want to use a few extra passes. For this, use the "-n" switch, followed by the number of passes you want to make. shred -u -v -n 40 secret.txt shred: secret.txt: pass 1/40 (random)... shred: secret.txt: pass 2/40 (c92492)... shred: secret.txt: pass 3/40 (444444)... shred: secret.txt: pass 4/40 (666666)... shred: secret.txt: pass 5/40 (4ccccc)... shred: secret.txt: pass 6/40 (36db6d)... shred: secret.txt: pass 7/40 (bbbbbb)... shred: secret.txt: pass 8/40 (cccccc)... shred: secret.txt: pass 9/40 (800000)... shred: secret.txt: pass 10/40 (d55555)... shred: secret.txt: pass 11/40 (6db6db)... shred: secret.txt: pass 12/40 (924924)... shred: secret.txt: pass 13/40 (249249)... shred: secret.txt: pass 14/40 (random)... shred: secret.txt: pass 15/40 (2aaaaa)... shred: secret.txt: pass 16/40 (f77777)... shred: secret.txt: pass 17/40 (eeeeee)... shred: secret.txt: pass 18/40 (333333)... shred: secret.txt: pass 19/40 (492492)... shred: secret.txt: pass 20/40 (db6db6)... shred: secret.txt: pass 21/40 (888888)... shred: secret.txt: pass 22/40 (ffffff)... shred: secret.txt: pass 23/40 (555555)... shred: secret.txt: pass 24/40 (dddddd)... shred: secret.txt: pass 25/40 (edb6db)... shred: secret.txt: pass 26/40 (aaaaaa)... shred: secret.txt: pass 27/40 (random)... shred: secret.txt: pass 28/40 (000000)... shred: secret.txt: pass 29/40 (5b6db6)... shred: secret.txt: pass 30/40 (111111)... shred: secret.txt: pass 31/40 (a49249)... shred: secret.txt: pass 32/40 (b6db6d)... shred: secret.txt: pass 33/40 (124924)... shred: secret.txt: pass 34/40 (e66666)... shred: secret.txt: pass 35/40 (222222)... shred: secret.txt: pass 36/40 (7fffff)... shred: secret.txt: pass 37/40 (3bbbbb)... shred: secret.txt: pass 38/40 (999999)... shred: secret.txt: pass 39/40 (777777)... shred: secret.txt: pass 40/40 (random)... shred: secret.txt: removing shred: secret.txt: renamed to 0000000000 shred: 0000000000: renamed to 000000000 shred: 000000000: renamed to 00000000 shred: 00000000: renamed to 0000000 shred: 0000000: renamed to 000000 shred: 000000: renamed to 00000 shred: 00000: renamed to 0000 shred: 0000: renamed to 000 shred: 000: renamed to 00 shred: 00: renamed to 0 shred: secret.txt: removed
The "-z" option tells "shred" to perform one extra pass, writing all zeroes to the file. shred -v -z secret.txt shred: secret.txt: pass 1/26 (random)... shred: secret.txt: pass 2/26 (bbbbbb)... shred: secret.txt: pass 3/26 (888888)... shred: secret.txt: pass 4/26 (dddddd)... shred: secret.txt: pass 5/26 (6db6db)... shred: secret.txt: pass 6/26 (924924)... shred: secret.txt: pass 7/26 (cccccc)... shred: secret.txt: pass 8/26 (249249)... shred: secret.txt: pass 9/26 (333333)... shred: secret.txt: pass 10/26 (444444)... shred: secret.txt: pass 11/26 (b6db6d)... shred: secret.txt: pass 12/26 (eeeeee)... shred: secret.txt: pass 13/26 (random)... shred: secret.txt: pass 14/26 (000000)... shred: secret.txt: pass 15/26 (111111)... shred: secret.txt: pass 16/26 (db6db6)... shred: secret.txt: pass 17/26 (492492)... shred: secret.txt: pass 18/26 (666666)... shred: secret.txt: pass 19/26 (999999)... shred: secret.txt: pass 20/26 (777777)... shred: secret.txt: pass 21/26 (222222)... shred: secret.txt: pass 22/26 (555555)... shred: secret.txt: pass 23/26 (ffffff)... shred: secret.txt: pass 24/26 (aaaaaa)... shred: secret.txt: pass 25/26 (random)... shred: secret.txt: pass 26/26 (000000)...
(Of course, you can also combine the "-z" and "-u" options.) If you need to work with a file that has had its write permissions removed, you can use the "-f" option. This way, you can eliminate the step of having to change permissions settings on the file just so you can get rid of it. chmod a-w secret.txt ls -l secret.txt -r--r--r-- 1 donnie donnie 28 2008-02-15 18:15 secret.txt shred -v -f -u secret.txt shred: secret.txt: pass 1/25 (random)... shred: secret.txt: pass 2/25 (db6db6)... shred: secret.txt: pass 3/25 (333333)... shred: secret.txt: pass 4/25 (b6db6d)... shred: secret.txt: pass 5/25 (444444)... shred: secret.txt: pass 6/25 (777777)... shred: secret.txt: pass 7/25 (eeeeee)... shred: secret.txt: pass 8/25 (999999)... shred: secret.txt: pass 9/25 (bbbbbb)... shred: secret.txt: pass 10/25 (555555)... shred: secret.txt: pass 11/25 (dddddd)... shred: secret.txt: pass 12/25 (666666)... shred: secret.txt: pass 13/25 (random)... shred: secret.txt: pass 14/25 (6db6db)... shred: secret.txt: pass 15/25 (111111)... shred: secret.txt: pass 16/25 (000000)... shred: secret.txt: pass 17/25 (249249)... shred: secret.txt: pass 18/25 (222222)... shred: secret.txt: pass 19/25 (492492)... shred: secret.txt: pass 20/25 (924924)... shred: secret.txt: pass 21/25 (ffffff)... shred: secret.txt: pass 22/25 (cccccc)... shred: secret.txt: pass 23/25 (888888)... shred: secret.txt: pass 24/25 (aaaaaa)... shred: secret.txt: pass 25/25 (random)... shred: secret.txt: removing shred: secret.txt: renamed to 0000000000 shred: 0000000000: renamed to 000000000 shred: 000000000: renamed to 00000000 shred: 00000000: renamed to 0000000 shred: 0000000: renamed to 000000 shred: 000000: renamed to 00000 shred: 00000: renamed to 0000 shred: 0000: renamed to 000 shred: 000: renamed to 00 shred: 00: renamed to 0 shred: secret.txt: removed less secret.txt secret.txt: No such file or directory
You can also use "shred" to securely overwrite the contents of entire disks. For this, though, you don't want to use the "-u" option. Otherwise, you'll also destroy the disk's filesystem, and you'll then have to reformat it. Let's say you want to securely overwrite a floppy drive 50 times. shred -n 50 /dev/fd0 After you do this, you can use "rm" to delete the files as you would normally would. Using "shred" can make files extremely difficult, if not downright impossible, for even experts to recover. You can use it not only for text files, but also for graphics files, audio files, etc. It's already installed on your Linux system, so it's easy to add it to your security toolkit. |
