What's that? You deleted some files by dragging them into the trash can, and now you think they're gone, irrecoverable? Well, that's just not right! Anyone can still access your files using a variety of utilities. How can you safely remove these ghostly images of data that remain on your hard drive?

Although on both Mac and Windows, there are programs that allow you to WIPE the hard drive--something I'll mention in an upcoming audio blog entry--it's not as easy a process on Linux. Or at least, that's what I know! If someone knows of a better way than the way shared here, let me know! Remember, this is all self-taught. To date, I have only found one approach to wiping deleting data on a Linux system.

That way is to use the following WIPE script. There are two scripts, one to WIPE ALL the data on your computer, and the second, to wipe only the free space on your computer. Rather than use the WIPE ALL script, I would encourage you to use a boot-cd such as Derik's Boot-n-Nuke first. In regards to the second, you can be up and going fairly quickly with this. You can do this one of two ways. The first is to save this file with the extension of "sh" This makes the file "executable". You'll be able to execute the file after saving it by typing in the following command on UbuntuLinux (other distros should type "su" and then your password to get root level access).

sudo sh ./wipefree.sh

This will print some instructions to the screen, then give you the option of cancelling or pressing ENTER to begin. Press ENTER and then go do something else for awhile. I typically leave this running all night.

There are several versions of the script, as I mentioned earlier. They include the following:

1) WipeAll: Wipes your entire hard drive, destroying ALL data, deleted or not. I wouldn't use this but instead prefer Derik's Boot-n-Nuke. I'm not including this one here.

2) WipeFree1: Wipes all logical partitions of deleted data.

3) WipeFree2: Wipes your home and root directories of deleted data. Good for those of us that have a single primary partition. I would guess that most of us fall into this category.

The basic script for scripts 2 and 3 are shown below for you...note that you can change line 26 to reflect any file system you want. For example, if I had a USB external drive located at this path "/media/usbdisk" then I could put that in the example to wipe the external drives deleted files.

ORIGINAL FOR A SINGLE PRIMARY PARTITION

fs="/"

MODIFIED TO WIPE FREE SPACE (which cleans out deleted files) ON AN EXTERNAL USB DRIVE

fs="/media/usbdisk"

MODIFIED TO WIPE FREE SPACE ON MULTIPLE PARTITIONS

fs="/ /root /home /var /usr /tmp /opt /etc"

SCRIPT

#!/bin/sh

# wipefree2.sh

# by Thomas C. Greene (thomas.greene@theregister.co.uk

# http://basicsec.org)

#

echo " -- This is the WipeFree-2 script"

echo " -- This script will wipe unused disk space on the"

echo " -- root ( / ) partition"

echo " -- It is meant for systems with a single, logical partition"

echo " -- Users with several primary partitions should use the"

echo " -- WipeFree-1 script instead"

echo " -- If you do not know how your filesystem is set up,"

echo " -- use the *WipeFree-1* script instead"

echo " -- Read the README before running this script!"

echo " -- This is a rough hack with NO WARRANTY"

echo " -- It is not completely effective on journaled file systems"

echo " -- Use the ext2 filesystem for maximum effectiveness"

echo " -- USE AT YOUR OWN RISK!"

echo " -- Press Ctrl+C to exit, or"

echo " -- Press Enter to continue"

read

echo " -- Wiping . . . This routine can take a long time"

fs="/"

for f in $fs; do

name="${f}/_cleanupfile_"

echo "Creating $name"

set +e +u

dd if=/dev/urandom of="${f}/_cleanupfile_"

sync; sync

rm "${f}/_cleanupfile_"

sync; sync

done

echo " * * * *"

echo " -- The wipe is finished"

Posted by Miguel Guhlin at | +Del.icio.us |
Categories: GNU/Linux, MGuhlin.net, OpenLearning