shredding everything within a directory

Smokey · 07-15-2004, 04:11 AM

Sometimes I have a directory that I would like to completely 'shred', but since the 'shred' command cannot shred entire directories at once, how can I make it so that it would 'shred' file by file? This is not possible by what is given in commandline right? Would I need to look into a python or perl script to do this? Thank you.

Shade · 07-15-2004, 04:44 AM

Code:

for i in * ;
do
shred $i
done

From within the directory.
That'll do all files, but probably spit an error out when it hits the directories.

However... I just read in the manpage for shred that:

Quote:

CAUTION: Note that shred relies on a very important assumption: that the filesystem
overwrites data in place. This is the traditional way to do things, but many modern
filesystem designs do not satisfy this assumption. The following are examples of
filesystems on which shred is not effective:

* log-structured or journaled filesystems, such as those supplied with

AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)

So keep that in mind

You're almost certainly running Reiser or EXT3...

--Shade

Smokey · 07-15-2004, 02:01 PM

I currently have ext2

thegeekster · 07-15-2004, 03:43 PM

Hey, Shade

I've been giving some thought to that bit about the journaled filesystems when I came acorss it several weeks ago and an idea I came up with is to create a dummy file that fills up the whole partition and then you can shred that file if you want with something like this:

dd if=/dev/zero of=dummy

Let that command run until it runs out of disk space............Then you can run the command:

shred dummy

The theory is since there is no more room on the partition, it will have to overwrite the file in place..........and the shredding is optional since the dummy file created is an empty file made up of zero bits......you can merely 'rm dummy'............of course if you're the paranoid type, then shred the file..........

However, the thing to be aware of using this method is since there is no more room on the disk, there can be no new files created on the disk, such a tmp files created by the OS, so it would be best to log out of any GUIs and run as few apps and services as possible while doing this................for data partitions, this shouldn't be a problem...........

Another thing to remember is this can take a very long time to do..........the dummy file created will be a very large file whcih can take a long time to create....................and if you shred it, too..................well you get the idea........

I haven't tried this because I'm not the paranoid type but I thought I'd share this for those who may be interested in my

................

thegeekster · 07-15-2004, 03:54 PM

Hey, I jsut though of a variation on my theme above...................this shouldn't take quite as long....

Before removing any files you want to shred, first create the dummy file with the 'dd' command I showed above...........then run the shred command on the files to be shredded................after which you can 'rm dummy'............

For this to work correctly, the dummy file can't be in the same directory as the files to be shredded or it will be shredded along with the rest with that 'for' loop above, which will take forever to accomplish (shredding the dummy file).............you can do somehting like this:

Code:

dd if=/dev/zero of=../dummy
for i in * ; do shred $i ; done
rm ../dummy

Smokey · 07-15-2004, 04:00 PM

ok but what if you want to use any of the shred switches?

such as:

shred -n 555 -uvz filename.format

thegeekster · 07-15-2004, 04:49 PM

Quote:

Originally posted by Smokey
ok but what if you want to use any of the shred switches?

such as:

shred -n 555 -uvz filename.format

Just include is as part of the shred command above, between "shred" and "$i". For example, plugging in the options you gave on the 'for' loop:

Code:

for i in * ; do shred -n 555 -uvz $i ; done

thegeekster · 07-15-2004, 05:46 PM

To avoid errors if one of the "files" is a subdirectory from the 'for' loop is to modify the command to test if "$i" is a file:

Code:

for i in * ; do [ -f $i ] && shred -n 555 -uvz $i ; done

The bold part that was added will first check to see if "$i" is a file and if true the shred command will be executed, otherwise the shred command will be ignored if it isn't a file..................That should get rid of any error messages about "shred: <name>: Is a directory"............

Smokey · 07-15-2004, 07:14 PM

I dont know how to execute this code that you guys told me about

Code:

for i in * ; do shred -n 555 -uvz $i ; done

What do I save it as? How do I execute it?

thegeekster · 07-15-2004, 08:13 PM

Okay, I just made this little script for you and anyone else, too, which will shred the contents of a directory (I was already working on this before I saw your last post

).................This script can be run from anywhere, all you need to do is to supply the name of the directory (with the path if needed) and it will shred the contents of the directory and will only shred the files found in that directory.................NOTE: This script will not shred the contents of any subdirectories, recursively.........only the files found in the named directory. You can change the options passed to the 'shred' command by making changes in the options for the SHRED variable (such as the number of passes) by using the same options the 'shred' command accepts:

Code:

#!/bin/sh
#*******************************************************************************
# Name: shreddir

SHRED="`which shred` -uvzn 2"

[ -z "$1" -o ! -d "$1" ] && echo "
  Usage: $0 <directory>

NOTE: You must supply the name of a single directory, or include the path to the directory.
" && exit

( cd $1 ; find * -type f -maxdepth 0 | while read i ; do $SHRED "$i" ; done )

Just copy-n-paste into a text file and name it "shreddir", then put it in the /usr/local/bin directory. After putting it in the /usr/local/bin directory, be sure to make it executable by running the 'chmod' command:

chmod 755 /usr/local/bin/shreddir

You will need to be root to put it in the /usr/local/bin directory and make it executable with the 'chmod' command. After that anyone will be able to run this script as long as they have the proper permissions on the files being shredded.

Shade · 07-15-2004, 08:38 PM

Geekster, some nice stuff.

I was thinking about how to get something working on a journalled system as well, after I had read an article in MacWorld about MacOSX's "srm" or secure remove command... I found shred, and wondered how similar they are.

There has to be a better way than filling up the entire partition though.

I'm going to do some more research on this.

--Shade

thegeekster · 07-15-2004, 08:51 PM

Shade

While it does take a little time creating that dummy file (the time will vary depending on how much free space there is on the drive or partition), it does have the added benefit of zero'ing the free space on the drive, even if you don't shred that large dummy file.....

But for a quick shred, yeah, it would be nice to find a different way of doing it on journaled filesystems........

Shade · 07-15-2004, 11:09 PM

Thought --

Would it be possible to analyze inode info against journal info to "shred" the exact areas on the disk the file is stored?
Perhaps a patch to shred could be developed.

--Shade

thegeekster · 07-15-2004, 11:25 PM

That would seem to be the best approach, finding the actual locations the file is stored at on the disk and just targeting those locations..........but with all the different journaled filesystems, and not just the Linux ones, that would seem to be a pretty tall order...............and might bloat shred quite a bit.........

jschiwal · 07-15-2004, 11:42 PM

I think using the find command is best in this case
find ./ -type f -exec shred -zuv {} \;
will shred all files in the directory and subdirectories.