January 5, 2009 · Security · Email This Post

Sponsored Link
Deleting a file or reformatting a disk does not destroy your sensitive data. The data can easily be undeleted. That's a good thing if you accidentally throw something away, but what if your trying to destroy financial data, bank account passwords, or classified company information. In this article you will learn number of tools to delete files securely in ubuntu Linux

1) Shred

Although it has some important limitations, the shred command can be useful for destroying files so that their contents are very difficult or impossible to recover. shred accomplishes its destruction by repeatedly overwriting files with data patterns designed to do maximum damage so that it becomes difficult to recover data even using high-sensitivity data recovery equipment1.

Deleting a file with the rm command does not actually destroy the data; it merely destroys an index listing the location of the file and makes the file's data blocks available for reuse. Thus, a file deleted with rm can be easily recovered using special utilities or commands if its freed data blocks have not yet been reused. However, on an active system with a nearly full hard disk drive (HDD), freed space can be reused in a matter of minutes or even seconds.

Shred Syntax

shred [option(s)] file(s)_or_devices(s)

Available Options

-f, --force -- change permissions to allow writing if necessary

-n, --iterations=N -- Overwrite N times instead of the default (25)

-s, --size=N -- shred this many bytes (suffixes like K, M, G accepted)

-u, --remove -- truncate and remove file after overwriting

-v, --verbose -- show progress

-x, --exact -- do not round file sizes up to the next full block

-z, --zero -- add a final overwrite with zeros to hide shredding
-shred standard output

--help -- display this help and exit

--version -- output version information and exit

Shred Examples

1) The following command could be used securely destroy the three files named file1, file2 and file3

shred file1 file2 file3

2) The following would destroy data on the seventh partition on the first HDD

shred /dev/hda7

3) You might use the following command to erase all trace of the filesystem you'd created on the floppy disk in your first drive.  That command takes about

20 minutes to erase a "1.44MB" (actually 1440 KiB)
floppy.

shred --verbose /dev/fd0

4) Erase all data on a selected partition of your hard disk, you could give a command like this

shred --verbose /dev/sda5

Adding shred to Nautilus menu in Ubuntu

First Install nautilus-actions package using the following command in the terminal

sudo aptitude install nautilus-actions

Now Open up Nautilus Actions Configuration from System->Preference->Nautilus Actions Configuration

1

Once opens you should see similar to the following screen here Click Add

2

Now Enter the following details

Label: Shred
Tooltip: shred utility to securely erase files
Icon: gtk-dialog-warning
Path: shred
Parameters: -f -u -v -z %M

3

Click on the Conditions tab Under the “Appears if selection contains“, check “Only files” (If you want files and folders select Both).Check the box “Appears if selection has multiple files or folders“. Click OK

4

After adding you should see similar to the following screen click close

5

Open up a terminal, run the following commands to update the nautiuls

nautilus -q

nautilus

Now this will open nautilus window Now right click on any files, you should be able to see the shred command in the menu.

6

wipe

wipe is a little command for securely erasing files from magnetic media. It compiles under various unix platforms, including Linux 2.*, (Open+Net+Free)BSD, aix 4.1, SunOS 5.5.1, Solaris 2.6. Recovery of supposedly erased data from magnetic media is easier than what many people would like to believe. A technique called Magnetic Force Microscopy (MFM) allows any moderately funded opponent to recover the last two or three layers of data written to disk. Wipe repeatedly writes special patterns to the files to be destroyed, using the fsync() call and/or the O_SYNC bit to force disk access.

Install wipe in Ubuntu

sudo aptitude install wipe

wipe Syntax

wipe [options] path1 path2 ... pathn

Wipe Examples

Wipe every file and every directory (option -r) listed under /home/berke/plaintext/, including /home/berke/plaintext/.Regular files will be wiped with 34 passes and their sizes will then be halved a random number of times. Special files (character and block devices, FIFOs...) will not. All directory entries (files, special files and directories) will be renamed 10 times and then unlinked. Things with inappropriate permissions will be chmod()'ed (option -c). All of this will happen without user confirmation (option -f).

wipe -rcf /home/berke/plaintext/

Assuming /dev/hda3 is the block device corresponding to the third partition of the master drive on the primary IDE interface, it will be wiped in quick mode (option -q) i.e. with four random passes. The inode won't be renamed or unlinked (option -k). Before starting, it will ask you to type "yes".

wipe -kq /dev/hda3

Since wipe never follows symlinks unless explicitly told to do so, if you want to wipe /dev/floppy which happens to be a symlink to /dev/fd0u1440 you will have to specify the -D option. Before starting, it will ask you to type "yes".

wipe -kqD /dev/floppy

Here, wipe will recursively (option -r) destroy everything under /var/log, excepting /var/log. It will not attempt to chmod() things. It will however be verbose (option -i). It won't ask you to type "yes" because of the -f option.

wipe -rfi >wipe.log /var/log/*

Due to various idiosyncracies of the operating system, it's not always easy to obtain the number of bytes a given device might contain (in fact, that quantity can be variable). This is why you sometimes need to tell wipe the amount of bytes to destroy. That's what the -l option is for. Plus, you can use b,K,M and G as multipliers, respectively for 2^9 (512), 2^10 (1024 or a Kilo), 2^20 (a Mega) and 2^30 (a Giga) bytes. You can even combine more than one multiplier !! So that 1M416K = 1474560 bytes.

wipe -Kq -l 1440k /dev/fd0

Adding Wipe to Nautilus menu in Ubuntu

First Install nautilus-actions package using the following command in the terminal

sudo aptitude install nautilus-actions

Now Open up Nautilus Actions Configuration from System->Preference->Nautilus Actions Configuration Click Add

Enter the following details

Label: Wipe
Tooltip: Wipe utility to securely erase files
Icon: gtk-dialog-warning
Path: wipe
Parameters: -rf %M

Click on the Conditions tab Under the “Appears if selection contains“, check “both”

Check the box “Appears if selection has multiple files or folders“. Click OK

Open up a terminal, run the following commands to update the nautiuls

nautilus -q

nautilus

From Now right click on any files, you should be able to see the wipe command in the menu.You can check above procedure for screenshots.

Secure-Delete tools

Tools to wipe files, free disk space, swap and memoryEven if you overwrite a file 10+ times, it can still be recovered. This package contains tools to securely wipe data from files, free disk space, swap and memory.

The Secure-Delete tools are a particularly useful set of programs that use advanced techniques to permanently delete files. To install the Secure-Delete tools in Ubuntu, run the following command

sudo aptitude install secure-delete

The Secure-Delete package comes with the following commands

srm(Secure remove) -- used for deleting files or directories currently on your hard disk.

smem(Secure memory wiper) -- used to wipe traces of data from your computer's memory (RAM).

sfill(Secure free space wiper) -- used to wipe all traces of data from the free space on your disk.

sswap(Secure swap wiper) -- used to wipe all traces of data from your swap partition.

srm -- Secure remove

srm removes each specified file by overwriting, renaming, and truncat-ing it before unlinking. This prevents other people from undeleting  or recovering any information about the file from the command line.

srm,  like  every  program  that  uses the getopt function to parse its arguments, lets you use the --- option to indicate  that  all  arguments are non-options.  To remove a file called ‘-f' in the current directory, you could type either "srm --- -f" or "srm ./-f".

srm Syntax

srm [OPTION]... FILE...

Available Options

-d, --directory -- ignored (for compatibility with rm)

-f, --force -- ignore nonexistent files, never prompt

-i, --interactive -- prompt before any removal

-r, -R, --recursive -- remove the contents of directories recursively

-s, --simple -- only overwrite with a single pass of random data

-m, --medium -- overwrite the file with 7 US DoD compliant passes  (0xF6,0×00,0xFF,random,0×00,0xFF,random)

-z, --zero -- after overwriting, zero blocks used by file

-n, --nounlink -- overwrite file, but do not rename or unlink it

-v, --verbose -- explain what is being done

--help display this help and exit

--version -- output version information and exit

srm Examples

Delete a file using srm

srm myfile.txt

Delete a directory using srm

srm -r myfiles

smem -- Secure memory wiper

smem is designed to delete data which may lie still in your memory (RAM) in a secure manner which can not be recovered by thiefs, law enforcement or other threats. Note that with the new SDRAMs, data will not wither away but will be kept static -- it is easy to extract the necessary information! The wipe algorythm is based on the paper “Secure Deletion of Data from Magnetic and Solid-State Memory” presented at the 6th Usenix Security Symposium by Peter Gutmann, one of the leading civilian cryptographers.

smem Syntax

smem [-f] [-l] [-l] [-v]

Available Options

-f -- fast (and insecure mode): no /dev/urandom.

-l -- lessens the security. Only two passes are written: the first with 0×00 and a final random one.

-l -l for a second time lessons the security even more: only one pass with 0×00 is written.

-v -- verbose mode

sfill -- secure free space wipe

sfill is designed to delete data which lies on available diskspace on mediums in a secure manner which can not be recovered by thiefs, law enforcement or other threats. The wipe algorythm is based on the paper “Secure Deletion of Data from Magnetic and Solid-State Memory” presented at the 6th Usenix Security Symposium by Peter Gutmann, one of the leading civilian cryptographers.

sfill Syntax

sfill [-f] [-i] [-I] [-l] [-l] [-v] [-z] directory/mountpoint

Available Option

-f -- fast (and insecure mode): no /dev/urandom, no synchronize mode.

-i -- wipe only free inode space, not free disk space

-I -wipe only free disk space, not free inode space

-l -lessens the security. Only two passes are written: one mode with 0xff and a final mode with random values.

-l -l for a second time lessons the security even more: only one random pass is written.

-v -- verbose mode

-z -- wipes the last write with zeros instead of random data

directory/mountpoint this is the location of the file created in your filesystem. It should lie on the partition you want to write.

sswap -- Secure swap wiper

sswap is designed to delete data which may lie still on your swapspace in a secure manner which can not be recovered by thiefs,  law  enforce?ment  or  other  threats.The  wipe  algorythm  is based on the paper "Secure Deletion of Data from Magnetic  and  Solid-State  Memory"  pre?sented  at  the  6th Usenix Security Symposium by Peter Gutmann, one of the leading civilian cryptographers.

sswap Syntax

sswap [-f] [-l] [-l] [-v] [-z] swapdevice

Available Option

-f -- fast (and insecure mode): no /dev/urandom, no synchronize  mode.

-l -- lessens the security. Only two passes are written: one mode with 0xff and a final mode with random values.

-l  -l for a second time lessons the security even  more:  only  one pass with random values is written.

-v -- verbose mode

-z -- wipes the last write with zeros instead of random data

sswap Examples

Before you start using sswap you must disable your swap partition.You can determine your mounted swap devices using the following command

cat /proc/swaps

Disable swap using the following command

sudo swapoff /dev/sda3

/dev/sda3 -- This is my swap device

Once your swap device is disabled, you can wipe it with sswipe using the following command

sudo sswap /dev/sda3

After completing the above command you need to re-enable swap using the following command

sudo swapon /dev/sda3

Other Tool

DBAN

Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.

You can download from here

Sponsored Link

Incoming search terms:

Related posts

30 Comments to “Tools to delete files securely in ubuntu Linux”

  1. Thomas says:

    NOTE!!

    None of these methods _guarantee_ irrevocable deletion.

    Modern HDD’s automagically remap weak sectors. Flash drives do wear-levelling. Both of these could cause some (if not all) of the over-writing passes to miss the physical media that held you data.
    There are various levels of caching which may prevent the shred pattern from being physically written to disk.

    These software tools are great for a bit of peace-of-mind, but if you _really_ want to kill stuff use physical means (heat, impact, grinder etc.). Oh, and then make sure there are no backups or archives :-)

    Also…. shadows of your data may survive even after the original file is gone (print-spool, ‘recently opened documents’ list, thumbprints, print-preview, auto-saves etc. etc.)

    Even FDE may not protect agains a determined enough foe:
    http://www.schneier.com/blog/archives/2008/02/cold_boot_attac.html

    [Reply]

  2. It would be nice if someone could spell out which — if any — of these work for ext3 filesystems. (Or, indeed, reiserfs, XFS, whatever).

    AFAIK ext3 automatically defeats all this stuff, unfortunately.

    [Reply]

  3. Thomas says:

    AFAIK filesystem has little or nothing to do with data deletion.

    Filesystems are mostly about meta-data (information about the file, like name, modification date, owner, permissions etc). A journaling filesystem (like ext3) can make deleting this stuff more difficult (but then, this sort of stuff is ghosted in places like recent-documents lists and slocate databases so it’s almost impossible to get rid of anyway). Metadata writes are usually small making caching a bigger concern.

    Some journalling filesystems (incl. ext3) can be set to journal data as well as metadata writes, but this is is a huge write penalty and therefore very unusual (if you want that level of reliability get a battery-backed RAID array).

    filesystems optimised for flash media might have asynchronous block deletion and/or wear-levelling built-in, which might make data deletion trickier.

    If you’re worried enough about your data being recovered to care about filesystem peculiarities then I suggest you use a sledgehammer and/or angle-grinder to wipe your data.

    http://en.wikipedia.org/wiki/File_system

    [Reply]

  4. Thomas, my caution comes from the man page of Wipe:

    Wiping over NFS or over a journalling filesystem (ReiserFS etc.) will most probably not work.

    Reading between the lines, though, what you say makes sense: ‘wipe’ and ‘shred’ should work on ext3 so long as it is not in Journal mode. And in Ubuntu, Ordered mode is the default, at least according to the ‘mount’ man page.

    [Reply]

  5. foobar says:

    As has already being said, the methods explained are not necessarily secure. (But it’s also not always necessary to physically destroy the drive.)

    Securely deleting one single file on a partition requires to securely wipe that whole partition. After that, some of the data may still survive in swap space or RAM, therefore you have to use multiple measures for deleting files.

    On a side note, why to spoil this article with completely uninteresting tips how to ad functions “to Nautilus menu in Ubuntu”?
    I don’t see why I should use Nautilus or Ubuntu[1], for that matter, that is not interesting at all. Maybe you should have put these tips on separate pages and just linked them here.

    [1] I know this site is specifically about Ubuntu, but wiping data and changing settings in Nautilus are two different an unrelated things. Well, and while I indeed do use Ubuntu from time to time, I only use the server edition and Kubuntu, no Nautilus at all.

    [Reply]

  6. Thomas says:

    Securely deleting one single file on a partition requires to securely wipe that whole partition.

    That depends on how paranoid you are, and (despite what I said earlier) your filesystem.

    A filesystem with transparent compression (like NTFS) can mess up wipes: the overwrite patterns will compress to a different degree than the original data so they will not use the same number of (and hence identical) sectors.

    Though shred tries to disable caching it may still be present and might just be sufficient to prevent rewrites from actually ever reaching the ‘bare metal’. Network filesystems introduce even more caching (and remove even more control) so don’t bother shredding network mounted drives.

    Disks automagically remap weak sectors. If part of your file is on a weak sector then it might get remapped, preventing the numerous rewrites that should be destroying the data.

    If you’re going to give away a disk then shred the whole thing, that should keep things reasonably safe.
    It you’re at all worried then take to the old disk with an axe and buy a new one.

    [Reply]

  7. karlzt says:

    thanks for the article :)

    [Reply]

  8. Isn’t the easiest way to wipe a disk with a tool to use badblocks destructive write test iterate over it until it’s done all blocks on the drive? or have dd write out 0′s? sure that doesn’t help with individual files… but you don’t need any special tool either.

    as far as data_journal it speeds up reads and reads while writing in ext3 (maybe ext4?) and many people may not realize this… but in most use cases you spend more time reading from your fs than writing to it.

    [Reply]

  9. Thomas says:

    @Caleb

    From
    $ info coreutils ‘shred invocation’

    “””For more details, see the source code and Peter Gutmann’s paper `Secure
    Deletion of Data from Magnetic and Solid-State Memory’
    (http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html), from the
    proceedings of the Sixth USENIX Security Symposium (San Jose,
    California, July 22-25, 1996).”””

    The paper explains why simple one-time over-writes aren’t enough.

    [Reply]

  10. @Thomas hmm… thanks for the link, also didn’t realize shred was part of coreutils

    [Reply]

  11. p-root says:

    great knowledgebase article……….

    p-root :)

    [Reply]

  12. Andreas says:

    I for one appreciate the ‘add to nautilus’ section of this article. Very end user friendly and accesible. And I do think it is very relevant how the average not to user (or a geeks grandmother) can have a litle piece of mind.

    2 cents

    thx

    [Reply]

  13. foobar says:

    @Andreas

    I for one appreciate the ‘add to nautilus’ section of this article. Very end user friendly and accesible.

    Yes, although it really doesn’t interest me in any way, I think this piece of information may be very important for others, therefore, it shouldn’t be simply erased. But still, it wouldn’t interrupt the reading flow as much if these instructions were only linked to from this page.

    2 cents

    My 2.5 cents added. ;)

    @Thomas (or whoever posted this article):
    I forgot to rant about the hyphens; WordPress or some other software with auto-error-insertion replaced the two hyphens (I’ll try it here: “–”) with an n-dash; that’s somewhat disturbing when occurring with options (like “-v, –verbose”).

    [Reply]

  14. foobar says:

    Self-reply:

    (I’ll try it here: “–”)

    You see, it did it again. ;)

    [Reply]

  15. Thomas says:

    re: nautilus

    I don’t think adding a shred option to nautilus is a good idea.

    In file-by-file mode shred can, at best, securely delete the sectors currently allocated to a file
    (as none of these tools can guarantee that all caching is disabled, or that the exact same sectors will be used in the re-writes, they cannot even do that).

    If the file recently shrunk then the de-allocated sectors won’t be wiped.

    Many applications save new versions of working data in a new file (rather than replacing the old date in-situ) leaving ghost copies on your disk. Then there are backups, spool files, intermediate working files, …
    In short, deleting the current working file may not be enough.

    Nautilus may not show backup files created by various applications (this can be mitigated by selecting “show hidden files”).

    Having a nautilus option to shred is user-friendly, but using it without understanding the limitations it dangerous, all you get is a false sense of security.

    Unfortunately “user friendly” and “secure” are often opposite (worse still, people often confuse “user friendly” with “useful” and thus sacrifice too much security in order to gain productivity).

    All I’d recommend to novice users is dban-ing disks before disposing of them.
    Anything else isn’t fool-proof enough for the novice user.

    [Reply]

  16. Andrew Z says:

    BleachBit (a cleaning tool reviewed on this site) has ‘shred files’ as a menu option.

    [Reply]

  17. Adding Srm to Nautilus menu in Ubuntu

    First Install nautilus-actions package using the following command in the terminal

    sudo aptitude install nautilus-actions

    Now Open up Nautilus Actions Configuration from System->Preference->Nautilus Actions Configuration Click Add

    Enter the following details

    Label: Srm
    Tooltip: Srm utility to securely erase files
    Icon: gtk-dialog-warning
    Path: srm
    Parameters: -rv %M

    Click on the Conditions tab Under the “Appears if selection contains“, check “both”

    Check the box “Appears if selection has multiple files or folders“. Click OK

    Open up a terminal, run the following commands to update the nautilus

    nautilus -q

    nautilus

    From Now right click on any files, you should be able to see the wipe command in the menu.You can check above procedure for screenshots.

    [Reply]

  18. Greg says:

    I wanted to add SRM to nautilus and did so successfully, but wanted to know if there is a way to get SRM to confirm or prompt you before deleting (shredding, removing etc) the file or folder?

    I tried adding -i in the parameters (in nautilus) but then srm would not function. I then tried using -i in the terminal and I got a message that it was an invalid function (or something to that effect).

    Any ideas how to get a prompt before nuking my files?

    Disclaimer: I’m a total noobie with linux (and this site has been a huge help).

    [Reply]

  19. codethief says:

    @Greg: The option list presented above seems to be outdated in general. Just compare it to “srm –help”.

    Anyway, I’d be interested in a solution to your question as well.

    [Reply]

  20. tommat says:

    Thanks ! :)

    [Reply]

  21. Ben says:

    Thanks for the useful article. Excellent explanations.

    I tried SFILL. What a nightmare! It consumed 100% of the CPU on my old laptop for hours and did its best to melt my CPU. I was afraid to CTRL-C out of it while it worked on my partition so I started up a fan and pointed it at the laptop while SFILL ran. This held the internal temps down to hot 74 degrees.

    SFILL needs a flag to tell how many passes to make (like most such programs offer). Perhaps the -l or -ll flags mean fewer passes? It’s not clear from the man pages.

    As posters note, to truly protect a disk against forensics you need to physically destroy it. But for practical purposes I’ve used DBAN and trust it — you can set the number of passes as high as you want.

    [Reply]

  22. Denis S says:

    A sudo sfill -v / session is working on my system disk for more than ten days, adding * after * after * on my terminal screen. Already 6 *. I run Netty on 600 Go disk, and a secondary 2 To disk is also mounted.
    Could someone tell my how to kill it securely ?

    [Reply]

  23. Thomas says:

    “””Could someone tell my how to kill it securely ?”””

    “it” being the sfill program or the data on the disk?

    if “it” is the program, have you tried CNTRL-C?

    if “it” is the data, read some of the above posts about ghost copies, and sector remapping etc. and then DBAN the disk.

    [Reply]

  24. Denis S says:

    Great, Thomas, thanks.

    [Reply]

  25. cmb77 says:

    if I deleted a file X with simple rm command I can restore with photorec.

    now, how can I erase that file X again with sfill or srm from HD? where is the file X? is it posible erase it again?

    thanks

    [Reply]

  26. sdmem not smem says:

    It’s sdmem (not smem).

    [Reply]

  27. india says:

    my Nautilus Actions Configuration looks nothing like the one in the sample. so i do not kn ow what to do. can you update this to the latest Nautilus Actions Configuration manager?

    [Reply]

  28. india says:

    i have version 3.0.5

    [Reply]

  29. Guillaume says:

    I have the latest shred on natty, and i can’ figure out how to do it. The item is there on the Nautilus menu, but it doesn’t do anything.

    [Reply]

  30. Guillaume says:

    Oops,I meant the latest Nautilus Actions Configuration (3.05). it is totally different.

    [Reply]

Leave a Reply