Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have been asked to ensure that shred complies with DoD 5220.22-M standards.
Does anyone know the answer?
I think, if i understand it correctly, DoD 5220.22-M talks about zero fill, one fill, random fill, zero fill again in order to erase a drive correctly?
Back Story:
I need to erase hundreds of drives. I have developed a computer with a few USB pci cards and have purchased some IDE/SATA to USB connectors. I have made a script which detects when a drive is plugged into a usb port using UDEV rules. Once the drive is detected the computer will go to work erasing the drive. The idea is that i can erase between 5 and 10 drives at once. Anyone can plug in a drive at any time and it will start erasing no confirmation etc.
I know DBAN is compliant but is not suitable for my purposes i.e a machine that runs all day and service technicians can plug in a drive whenever without needing to reboot etc.
Scrub is compliant as well but i have been having problems with stability (eg when a drive is unplugged part way through by accident or just locking up half way through)
So in total i have 3 questions:
Is shred DoD 5220.22-M compliant?
Can dd be used in a DoD 5220.22-M compliant way(if so how)?
c. Overwrite all addressable locations with a single character.
d. Overwrite all addressable locations with a character, its complement, then a random character and verify. THIS METHOD IS NOT APPROVED FOR SANITIZING MEDIA THAT CONTAINS TOP SECRET INFORMATION.
e. Overwrite all addressable locations with a character, its complement, then a random character.
You seem to be correct, or almost so, in your interpretation of this.
It could all be achieved (or mostly) by just using dd...
dd if=/dev/zero of=/dev/<drive-to-be-erased>
There is also the issue of how to write the complement of 0... do you read the drive, flip it and rewrite it, or do you just fill it with ones? This thread makes interesting (and possibly valuable) reading.
Being triggered by your "I have made a script" statement and in addition to what's been said already there's some aspects I'd like to point you to, most of which do not apply to wipes in the home environment but are triggered by you mentioning a certain standard. If you don't have any specific reasons to comply with that part of NISPOM / DoD 5220.22-M you may stop reading here. If anything mentioned below doesn't mean anything to you (or will not be addressed for subjective reasons) then you may stop reading here too as you don't need to bother with that part of NISPOM / DoD 5220.22-M that governs destruction of classified data.
0) First of all you should be aware that creating a script for this type of operation can be a liability itself. With all due respect if your wipe ops are subject to formal regulations, if the result of your wipe ops may have a severe impact (privacy, financial, judicial or otherwise) then I strongly suggest you look into ready-made solutions first. That would keep you from having to know every detail, weakening ops by seeking illogical trade-offs and help guarantee the required end result. 1) If you know the ATA specs you will know Host Protected Areas and Device Configuration Overlays (HPA/DCO). The point: even commercial forensic HW/SW a while back had problems figuring those out. If you don't know how to detect and handle these you should do research to ensure you can detect, destroy and verify the end result. 2) I've often promoted a faster random solution on LQ (like here). Of course that should be followed by a controlled uniform fill & verify pass but it will speed up wipes as the stats show. Instead, using a purpose-built hardware device to handle wipes, will show higher I/O speed than your device can manage. It will have configuration presets governing accuracy/time trade-offs, verify the end result making these devices suitable for situations where a formal guarantee is mandatory. 3) Finally, addressing the "Anyone can plug in a drive" part: wipe ops are a trade-off (accuracy vs time) but the end result should not be. Those with experience in for instance forensics know wipe ops must happen in a controlled environment by trained personnel, ensuring HW/SW is handled correctly, doing required bookkeeping and checking end results.
unSpawn:
Getting a little more hairy then i was hoping.
Maybe i didn't give enough detail,..or the wrong detail,.. not sure.
We are a non profit organisation that receives second hand computers via donation. We clean, erase, test and ship the computers to other non profit organisations that need them.
We are entering into a refurbishment program with a certain large operating system/application vendor. We will call the vendor Tfosorcim.
One of the requirements of this is that we erase drives to DoD 5220.22-M standards. We don't care care if the data on the drive was used for top secret purposes, an internet kiosk or a as a paperweight. We are to erase ALL drives using DOD compliant techniques. We were using DBAN with the quick option in the past but when we started using the DOD option the time this took blew out from around 1 and half hours to between 4-9 depending on the specs of the pc. So now we need to rejig our process so that we don't have to wait up to 9 hours just for the drive erasure.
So this means we will now:
1 remove hdd(s) from pc's
2 plug the drive into one of our "erasure pc's"
- these pc's will scan any drive that is inserted for bad sectors and then erase using shred or some other method.
3 the rest of the computer runs a live cd with stress testing software while the hdd is being tested.
By doing it this way we are no longer worried about the time it takes to erase the drive. It means we can have a stockpile of clean drives available that we know to be good and can use immediately instead of waiting for disk wipes. So the time it takes to process a computer should actually be reduced overall.
The only real loss that we risk is if we get caught with our pants down for not erasing these drives properly which would effect our reputation and companies may not be so willing to donate anymore.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.