Every day we perform various actions on files , folders, directories, where we highlight the creation and removal of these. When we delete an element we usually select it and press the Delete or Del key on our keyboard or we use the rm command for this purpose and, it is true, although the element is deleted, it can be recovered with the necessary knowledge and tools..
This is because when we delete a file it is hosted in a sector of the hard drive and from there it can be recovered. If we think that there are sensitive files of the system, personal information or configuration that in the wrong hands can be a problem, it is ideal and practical to know in detail how to erase both elements safely and totally.
Given this detail, a question arises and is, How to delete an item correctly? This applies to all operating systems and the answer is that the ideal and useful way is to repeatedly overwrite the data that we are going to destroy, replacing them with others. random data In this way the data on the disk will be magnetically destroyed and we make it unlikely that the information hosted again can be recovered..
That is why today TechnoWikis brings on this day a series of commands that will be of great help to all Linux administrators and users that require their files or directories to be completely removed from the system and not vulnerable to being recovered and thus have access to your information.
1. Use shred command to permanently delete files and directories in Linux
Shred is a command to overwrite a specific file with the gift of hiding its content or deleting it if we wish. With the shred command, we have a utility that overwrites the file (s) that is difficult to recover by an unauthorized user..
Something important to know with the shred command is that the file system overwrites the data in the same place of origin, but some modern file systems modify this task and there shred will not fulfill its management correctly, these file systems are:
File systems
- File systems with registration structure or with versions such as those included in AIX and Solaris, these are JFS, ReiserFS, XFS, Ext3, etc.
- File systems that run snapshots, such as the Network Appliance NFS server
- File systems that write redundant data and can continue even when writing failures occur, an example is the RAID-based file system
- File systems that cache in temporary sites as NFS version 3 clients
Step 1
The syntax for using shred is as follows:
shred [OPTIONS] FILE [...]
The options to use with shred are the following:
F
force, modify file permissions if necessary
n
Indicates the number of times to overwrite the file or partition (3 times by default). The higher this number, the harder it will be to recover regardless of the type of software used
or
Truncate and delete the file after overwriting it
v
verbose, allows us to see the progress on the screen
z
zero, overwrite 0 to avoid leaving a trace of any kind in the file
-s, --size = N
allows to define the use of bytes (suffixes such as K, M, G are accepted)
-x, --exact
Does not round the file size until the next complete block
--help
Display command help
--version
It allows us to see the current version of the command
Step 2
To see the use of this command we will execute the following syntax:
shred -zvu -n (# of times) “Archiveâ€
Step 3
We can see that the overwriting process is executed as indicated, the file is renamed in zeros and deleted. Some other options to use shred are:
Delete multiple files simultaneously using the predefined delete method
shred file.txt file.jpg file.doc
Delete files simultaneously and at the same time delete them from the hard disk freeing that space
shred -u file.txt file.jpg file.doc
Overwrite all data on the selected partition
shred / dev / hda1
To get more help from shred we can execute the following:
shred man
2. Use Wipe command to permanently delete files and directories in Linux
The wipe command has been developed to erase any file or directory in Linux securely directly from the magnetic memory and, thus, it is impossible to recover these deleted files or directory content guaranteeing security and privacy.
Step 1
To install wipe on Linux we can execute any of the following commands:
sudo apt-get install wipe (In Debian and derivatives) sudo yum install wipe (In CentOS or RHEL)
Step 2
Then, just run the following syntax:
wipe -rfi “Archive†/ *
For example, we are going to delete all the content stored in the TechnoWikis1 directory:
wipe -rfi TechnoWikis1 / *
Step 3
The parameters used are:
-r
Tell wipe to resort the subdirectories
-F
Enable forced deletion and deactivate the delete confirmation query
-i
Display the progress of the removal process
We can see a summary with how many files have been deleted in the selected directory. Additional we can use the following parameters in wipe:
-c (chmod)
Applies in case the directory does not have write permissions
-s (silent mode)
All messages will be deleted except error messages or correct completion
-q
It allows us to use the default number of times to overwrite the file or directory and its value is 4
-Q
It allows us to define the number of times the data will be overwritten
-to
The program will settle with an EXIT_FAILUREN if a non-critical error is generated
-and
Use the exact file size
-v
Display the wipe version
To consult more about this command we will use the following line:
man wipe
3. Use Secure-delete command to permanently delete files and directories in Linux
Secure-delete is a collection of secure file deletion tools in Linux which contains the srm tool (secure_deletion), which is used to securely delete files or directories.
Step 1
The first step is to install the utility using one of the following commands:
sudo apt-get install secure-delete (For Debian and derivatives) sudo yum install secure-delete (For CentOS and RHEL)
Step 2
Once installed just run the following syntax:
srm -vz file / *
We can see that by default 38 passes are executed on the file.
Step 3
The options we have used are:
-v
Enable detailed progress mode
-z
Delete the last write with zeros instead of random data
Some additional options to use are:
-d
Ignore the characters. and .. on the command line
-F
Enable fast mode, it is less secure and does not use synchronization mode
-r
Enable recursive mode where all data in the subdirectories is deleted
-l
Just run two passes over the file
Srm limitations
Some of the limitations of srm are:
- Not all data in NFS file systems will be deleted
- Raid systems make use of deleted disks and have large amounts of cache memory, making removal more complex
- Not all data in swap and / tmp will be deleted.
For more help we can execute the following command:
man srm
4. Use sfill command to permanently delete files and directories in Linux
The sfill command is part of the Secure-delete toolkit and is an inode space cleaner, it also deletes files in the free disk space safely. sfill checks the free space on the selected partition and then fills it with random data from / dev / urandom.
In theory, sfill takes care of filling in the space that remains after deleting a file, preventing information from being recovered. Its deletion algorithm is based on the secure deletion of data from magnetic and solid state memory which was presented by Peter Gutmann in Usenix.
Step 1
We can execute the following command on the root partition, with the -v switch to enable the detailed mode:
sudo sfill -v / home / solvetic / tmp /
Step 2
If you have created a separate partition of the type / home to store the home directories of normal system users, it will be possible to indicate a directory in that partition to apply sfill as follows:
sudo sfill -v / home / user
Step 3
Some of the parameters to use with sfill are:
-F
Enable fast mode, it is less secure and does not use synchronization mode
-i
Delete only the inode free space
-I
Erase only free hard disk space
For more information we can execute the command:
man sfill
5. Use sswap command to permanently delete files and directories in Linux
Sswap (Secure Swap Wipe) is a command developed to act as a secure partition cleaner, so sswap deletes data in the swap partition securely. Before using sswap it will be necessary to disassemble the swap partition.
For its use, the swap partition is determined, then, using the swapon command, it is verified if the exchange devices or files are active and then disable the search and exchange of devices or files with the swap command.
For this we will execute the following:
cat / proc / swaps swapon sudo swapoff "partition" sudo sswap -V "partition"
6. Use sdmem command to permanently delete files and directories in Linux
Another useful command is sdmem which, as the name implies, is a secure memory cleaner, and is designed to delete active data in RAM safely.
For its execution it is enough to use the following line:
sudo sdmem -f -v
We have seen how we have practical solutions for secure deletion of information in Linux.
