Ubuntu/shred?
-
Hey folks,
I'm donating a few older servers to charity and want to wipe the arrays. I usually go to DBAN for this (as the drives are donated too), but it is failing to run on all these servers - so gave up and using Ubuntu boot disk instead which is running perfectly...
So, one of the servers has 6TB of 7.2k SAS drives. I'd usually run this where I cant get DBAN to work:
sudo shred -n 1 -v -z /dev/sda
That will fill the whole drive with random data fully, (one pass), and then fill with zeros (second pass). I think that's correct anyway.
The data its self isn't really that important or a worry to the company if found. But we should make a decent attempt in wiping it. So I just want to do a reasonable wipe to make a 'quick effort' rather than 'best effort'... and we don't want to wait days and days for the process to finish. Being a 6TB array (in raid 0), it would take a long time... So, how secure is running this instead?
sudo shred -n 0 -v -z /dev/sda
That would do no first random pass, and will just fill the drive with zeros right?
Is that pretty much cleaned? Or would getting the data bac be trivial?I imagine zeros, rather than random and then zeros, would be much faster - and still pretty secure wipe - but want to check as no experience on the recovery side of what is possible...
So, use -n 1, or -n 0 would be fine?
Best,
Jim -
Why not follow up with gparted and do a complete format of the system afterwards?
-
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
-
If drives are identical in all servers, why don't you just randomly mix them? Pull drive 2 from server 1 and swap it with drive 4 from server 2, etc. Then just destroy the arrays, create new, preferably different RAID levels and just write some sample data.
-
@marcinozga said in Ubuntu/shred?:
If drives are identical in all servers, why don't you just randomly mix them? Pull drive 2 from server 1 and swap it with drive 4 from server 2, etc. Then just destroy the arrays, create new, preferably different RAID levels and just write some sample data.
Wouldn't this leave quite a risk of the data being on a drive still?
I have mixed the drives. Destroyed the arrays, and set as Raid0. Then, running shred on those new Raid 0 arrays... -
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard.... -
@dustinb3403 said in Ubuntu/shred?:
Why not follow up with gparted and do a complete format of the system afterwards?
How long would that format take? I presume it does the same as zeroing the drive anyway?
-
@jimmy9008 said in Ubuntu/shred?:
@dustinb3403 said in Ubuntu/shred?:
Why not follow up with gparted and do a complete format of the system afterwards?
How long would that format take? I presume it does the same as zeroing the drive anyway?
Formatting will depend on the drive size,.. larger the drive, the longer it will take.
-
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
-
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
-
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
If drives are identical in all servers, why don't you just randomly mix them? Pull drive 2 from server 1 and swap it with drive 4 from server 2, etc. Then just destroy the arrays, create new, preferably different RAID levels and just write some sample data.
Wouldn't this leave quite a risk of the data being on a drive still?
I have mixed the drives. Destroyed the arrays, and set as Raid0. Then, running shred on those new Raid 0 arrays...Risk? Unlikely. If you mix few drives from each array in few servers, there's no way to recover it unless you get the original set of drives together. The more drives and servers, the lower the chances of re-assembling the array. You're not donating these to NSA, are you?
-
If you setup raid 0 after swapping the drives, and intentionally failed the arrays by pulling drives you're going to destroy the data further.
You can absolutely do a few passes of random data, or just write 0's to each array.
Seems like overkill to me though if you've already swapped the drives around, destroyed the existing arrays, and rebuilt them to raid 0.
-
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.
When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..
-
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.
When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..
Single format doesn't destroy the data, you need to actually overwrite it.
-
@marcinozga said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.
When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..
Single format doesn't destroy the data, you need to actually overwrite it.
Yes, that's what I believe I'm doing by the entre write of 0's on the entire array...
Sound pretty safe. So I will stick with it. -
@marcinozga said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
If drives are identical in all servers, why don't you just randomly mix them? Pull drive 2 from server 1 and swap it with drive 4 from server 2, etc. Then just destroy the arrays, create new, preferably different RAID levels and just write some sample data.
Wouldn't this leave quite a risk of the data being on a drive still?
I have mixed the drives. Destroyed the arrays, and set as Raid0. Then, running shred on those new Raid 0 arrays...Risk? Unlikely. If you mix few drives from each array in few servers, there's no way to recover it unless you get the original set of drives together. The more drives and servers, the lower the chances of re-assembling the array. You're not donating these to NSA, are you?
No, lol. Two servers are going to a School to be their production environment. Another server is going to a different School to be a lab machine so students can try virtualisation.
-
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.
When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..
Single format doesn't destroy the data, you need to actually overwrite it.
Yes, that's what I believe I'm doing by the entre write of 0's on the entire array...
Sound pretty safe. So I will stick with it.RAID array is different than single disk or SD card.
-
@marcinozga said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@gjacobse said in Ubuntu/shred?:
Nothing wrong with doing a multi pass as well... I have heard of people going so far as to create a 'dumb text' file of junk text and copying it to fill the drive, then doing the DBAN. Also - if it is a physical ARRAY - by killing it, you add another layer of obscurity...
I generally have just pulled drives and kept them. They are cheap and easy enough to replace, and can be found new, refurb or used...
We're donating with the drives, so will be wiping them to a reasonable standard.
Just trying to find out id one pass of 0's is actually a reasonable standard....I would go multi pass with random data... single pass to me just isn't enough
That would take a long time. Its not data that's about customers, or patients or whatever, this is data that if found wouldn't cause an issue. Hence doing 'quick best effort'. Leaving the array doing multiple passes with random data for a week is just too long... but, if one pass of zeros is easy to get the data back, then I have no choice but to do random...
I look at it this way; I am no hacker, not a digital forensic specialist - but I have formatted SD cards from my digital camera, and been able to recover the images with nearly 98% error free recovery.
When it comes to digital storage - I don't like to chance things. I go extreme in some cases doing a full DoD wipe twice..
Single format doesn't destroy the data, you need to actually overwrite it.
Yes, that's what I believe I'm doing by the entre write of 0's on the entire array...
Sound pretty safe. So I will stick with it.RAID array is different than single disk or SD card.
From the process of what has already been done, gparted formatting the array, destroying the array and now writing 0'd to the array should be sufficient.
You aren't expecting the DoD to come knocking on your door, nor do you expect (forsee) a forensic researcher to be tearing apart the system to recover the data from these systems.
-
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
@jimmy9008 said in Ubuntu/shred?:
@marcinozga said in Ubuntu/shred?:
If drives are identical in all servers, why don't you just randomly mix them? Pull drive 2 from server 1 and swap it with drive 4 from server 2, etc. Then just destroy the arrays, create new, preferably different RAID levels and just write some sample data.
Wouldn't this leave quite a risk of the data being on a drive still?
I have mixed the drives. Destroyed the arrays, and set as Raid0. Then, running shred on those new Raid 0 arrays...Risk? Unlikely. If you mix few drives from each array in few servers, there's no way to recover it unless you get the original set of drives together. The more drives and servers, the lower the chances of re-assembling the array. You're not donating these to NSA, are you?
No, lol. Two servers are going to a School to be their production environment. Another server is going to a different School to be a lab machine so students can try virtualisation.
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
Let me illustrate what will happen when you mix disks. In a set of 6 disks in 3 servers you have some data, but that data is completely unknown to bad actor. So:
ABCDEF - in server 1, abcdef in server 2, and 123456 in server 3. After mixing you end up with Ae2DE4 in server 1, a3BF16 in server 2 and bcCd5f in server 3. After writing some random data you'll have Ae2DEx, a3BF1y, and bcCd5z. Now go ahead and try to recover original data, not knowing what it was in first place. And do it on school's time and budget.
-
@marcinozga said in Ubuntu/shred?:
Then just make sure complete set of disks from any server doesn't end up in one school. Schools don't have the budgets/personnel/skills/time/motivation to play the NSA.
But kids in a lab do.
