|
||
 |
||
|
| Linux: Shred It All |
 Email This
 Print ThisView My Personal Library |
|
Tips & Tricks June 2006 • Vol.17 Issue 6 |
 Linux: Shred It All | ||
|
As you no doubt know, deleting a file or reformatting a hard drive doesn’t actually destroy your data. When you delete a file, you simply tell the system it can overwrite the data whenever it wants. Now if you accidentally delete some data, this is a good thing as you can often reclaim your data with the proper tools. On the other hand, if you have sensitive data that you want permanently removed from your hard drive, this behavior poses a problem. If you reformat your hard drive before selling a PC, for instance, your sensitive financial data may still be on the PC when you sell it. In Linux, the shred command lets you delete information permanently by overwriting data numerous times (25 times by default). This makes shredded data nearly impossible to reclaim.  Prerequisites You should find shred preinstalled on most systems. Alternatively, if you install KGpg, a shredder icon appears on your KDE desktop. You can shred files by dragging them from a file manager such as Konqueror to the shredder icon on the desktop. Use Shred To use shred from the command line, simply type shred followed by the file or directory you want removed. If you prefer, you can shred an entire partition by using a device name (such as /dev/hda1). Shred, however, cannot delete the partition on which it currently resides. If you want to change the number of times shred overwrites data, use the –n switch. For instance, shred –n 5 checkbook.txt will overwrite the file checkbook.txt a total of five times. If someone examines a hard drive you’ve shredded, he will be able to see the random data written by shred. This may suggest that you’ve shredded data in the past, or it may appear to be encrypted data. If you’re paranoid and want hide the fact that you used shred, add the –z switch. This option overwrites data one last time with a string of zeros. This looks more natural than random data. One thing we should note: It’s best to use shred on an entire partition rather than just individual files. Some journaling file systems, such as ext3 and ReiserFS, may store duplicate information elsewhere on the drive. Shred has no knowledge of such information and therefore no way to delete it. Blanking An Entire Drive If you’ve ever sold an old computer, you’ve probably reformatted the hard drive and maybe reinstalled the OS (operating system) before selling it. If the buyer knows what he’s doing, however, he may be able to salvage sensitive personal information that you thought you erased. Shredding the contents of your drive helps ensure you don’t leave behind any personal information. There is just one problem: Shred can’t operate on the partition where it resides. The easiest way around this limitation is to use a Live CD. A Live CD boots Linux from a CD rather than your hard drive. Knoppix is perhaps the best-known Live Linux distribution. You can download a Knoppix ISO file from knoppix.net. ISO files contain an image of the CD. If you use K3B in Linux, make sure you select Burn CD Image in the Tools menu. If you’re using Windows, try using ISO Recorder. It’s available free at isorecorder.alexfeinman.com. Once installed, right-click the ISO file and select Burn ISO Image. After burning the image file, leave the CD in the drive and reboot your system. If you don’t see a Knoppix boot menu, your system is probably set to boot from your hard drive before it boots from a CD. You need to enter your system’s CMOS Setup Utility (usually you do this by pressing DELETE when you first boot the system) and set your boot priority so your system boots from a CD before it accesses your hard drive. The exact method will vary from system to system, so consult your system’s documentation. If you receive the Knoppix boot prompt, press ENTER to continue. It may take a few minutes for Knoppix to boot completely. Once it boots, press ALT-F2 and type konsole. From here, you can use the shred command. When shredding a hard drive partition, use the Linux device name. For instance, your primary hard drive is usually known as /dev/hda. Numbers after the device name indicate a partition. Thus /dev/hda1 indicates the first or primary partition on the first hard drive. Logical partitions start with the number 5 so /dev/hda5 is the first logical partition on a drive. Thus, if you want to shred the contents of a drive, you could use the command shred –n 10 /dev/hda. You can denote a specific partition using a partition number such as /dev/hda1. Note that we included the option –n 10 in the command above. As mentioned above, this will overwrite data 10 times rather than the default 25 times. This will reduce the amount of time it takes to complete the operation. Of course, if you really want to make sure you delete all your data, omit the –n 10 option.  by Chad Denton |
|
Home Copyright & Legal Information Privacy Policy Site Map Contact Us