Tag Archives: data security

Removing sensitive data with ‘shred’

We’ve all been in the situation where we’re selling a computer, giving it to charity or a friend or neighbor or simply throwing it away. Most likely we have resume’s, family pictures and the like stored on it and may not want that data to get into even trusted hands.

The simple solution most go for is formatting the disk or deleting the files if they want to preserve the operating system. This is far from a forensically sound way of doing things and the data is still easily recoverable by anyone with forensic or data recovery knowledge. The blunt, simple route is to write random data across the entire disk and if you have many, many hours and either a livecd/usb or another system you can connect the drive to; this is a reasonable and secure option. You’d use something like the following to do such a thing:

me@myshell:~$ dd if=/dev/urandom of=/dev/DISKTOBEWIPED

But what if you want to leave the OS intact and just remove the files you don’t want to share? The answer is ‘shred’!

What shred does is overwrite the blocks and clusters assigned to the file you’re deleting. Essentially it makes recovery of the file impossible besides the name if the attempt to recover is almost immediate. It can be used on block devices (partitions and disks) as well as regular files but only use that if you want to wipe an entire partition of personal information or files.

<WARNING!!!>

Never (and I mean NEVER) shred a partition as root from inside that partition. Modern versions should have error checking that will not allow you to shred a mounted partition but don’t ever issue a command that could do this!

</WARNING!!!>

To shred a single file is not much more difficult than removing it with rm you simply type the following

me@myshell:~$ shred -u myfile

You won’t get any output and your file will be gone, securely. If you want to see what’s going on you just need to add the “-v” flag. You can string flags together so the following will work fine, shown after is what you will get.

me@myshell:~$ shred-uv myfile
shred: myfile: pass 1/3 (random)...
shred: myfile: pass 2/3 (random)...
shred: myfile: pass 3/3 (random)...
shred: myfile: removing
shred: myfile: renamed to 000000
shred: 000000: renamed to 00000
shred: 00000: renamed to 0000
shred: 0000: renamed to 000
shred: 000: renamed to 00
shred: 00: renamed to 0
shred: myfile: removed

This is all very well and good and is great if you only have a couple of files you want to remove. What, however, if you want to safely remove an entire directory of files? Let’s assume we have a directory full of family pictures called “fampics” Shred doesn’t have a recursive flag like “rm -r

The solution is to use a for loop and a find command so we get the full path of each file. The little, one-line script looks like this:

me@myshell:~$ for file in `find fampics/ -printf "%p %A@\n"`; do shred -vu $file; done

What this does is execute the find command, which prints the relative path (the path from your current position) of each file in the directory followed by a newline. Then passes the output to “shred -vu” and then repeat until there is no more input. What you will be left with is an empty directory that you can safely remove knowing that its contents can’t be recovered.

While those of us who crave complexity and to whom such a for loop has become second nature (pray for us!) it’s not exactly the most convenient of ways to do things in a normal situation, especially given that you’re not likely to use it that often. I’ve put a little, rudimentary script together to do the job. You can either pop it in your home directory or an executable path on your system to use at your leisure. Here’s what it looks like: (download below)

#!/usr/bin/env bash

# Script to descend into and shred the contents of a
# directory then, optionally, remove the directory

#Set named var (for sanity!)

targdir=$1

# Check user has issued a valid command

if [ -z "$targdir" ];
then
	printf "usage: dirshred directory/\n"
	exit 1
fi

# Confirm and shred directory

printf "Really shred: $targdir? "
read confans

if [ "$confans" != "y"];
then
	exit 1
fi

for file in `find $targdir -printf "%p %A@\n"`; do shred -vu $file; done

# Ask user if they want to remove the target directory

printf "Remove target directory? "
read remans

if [ "$remans" = "y" ];
then
	rm -rfv $targdir
fi