How to wipe out all the data on a machine
 

Hi all. I have a couple of machines running old hardware that I need to decommission. I want to wipe out the entire OS to make sure no data is left before we get rid of the machines. Ideally, I would like the machine to try to boot, and when it does, nothing comes up. Is there an easy way to do this? A format command or something? I thought about just deleting the partitions, but I'm not sure if this will destroy the data as well. Couldn't someone use a boot disk to then find the data?

Any help is much appreciated. Thanks!

well in Linux-like systems there is a command called shred, that overwrites data with the options you give to it...X many times and so on, before deleting ("freeing the memory place") it. it takes time/processor time, but is somehow more secure than normal deleting/removing partitions..I guess. but it won't work on journalled filesystems, or so I've heard (never used myself, though).

Take a look at << http://dban.sourceforge.net/ >>.

I've not tried it myself, but I've heard it works.

hmm interesting. well we do use reiser, so the shred command will not work. as for dban, some of the machines are remote, and therefore cannot get to them with a boot disk. thanks anyway.

am i making this too complicated? will deleting the partitions securely delete the data as well? cfdisk, fdisk, etc...?

No. It doesn't take too much to recover a deleted partition.

DBAN will wipe journalled filesystems...I'm sure it wouldn't be too hard to make a DBAN disk and see what program it uses. You might even be able to distribute it to the remote computers and run it.

ok, will try to look into that. thanks for the advice.

what about mke2fs or mkfs or something? doesn't that format the drive?

If you are planning on getting rid of the hardware, it's best to use something like DBAN which will overwrite the filesystems. Deleting the partition table and creating new filesystems just remove all of the pointers to the old data. The data is still on the disk. There's just no mountable filesystem and directory tree to get you to the data quickly. If you don't completely destroy the data, you might wind up the subject of one of those "we bought drive off Ebay and look what we found" articles.

If the systems are remote, make some floppies and mail them out to the people who do have physical access. You can talk them through it over them phone.

I would suggest taking a look at section 18.5.2 of the Rute guide here which describes how you can use the dd command to write random characters to fill the entire disk.

I'd suggest considering using cfdisk to drop all the existing partitions on the drive, then recreate a single partition occupying the entire disk, then running something along the lines of
where xxxxx is whatever number necessary to fill your disk (and of course "hda1" is the appropriate value). See the man pages of dd for more info. Unless you have some pretty extreme security concerns, I would think that probably would be sufficient. Naturally, the other suggestions already listed are worthwhile. -- J.W.

That's easy, and fast, but unreliable ...

http://freshmeat.net/projects/securedelete/


That's the way to go ;)


Cheers,
Tink (putting on his tin-foil hat)

If the hardware is not going to be re-used, have you considered taking a drill bit and putting a few holes through the platters?

I think we all agree in principle, but probably disagree on the level of paranoia that is appropriate given the described scenario. I'm assuming that the data in question is considered "company confidential" rather than something more serious/important, and most likely as long as steps were taken to delete and then overwrite the full disk with dummy bits, I think you'd be covered. If the data in question is more critical, and any "leakage" would create major problems, then physical destruction of the disk, such as the suggested of drilling holes into the disks, or other point-of-no-return decisions such as using bolt cutters to clip the disks into pieces, etc, may be appropriate.

Realistically though, I'd say the next owner of a second-hand PC is probably unlikely to have either the technical savvy, resources, or desire to try to recover old data which has been overwritten from a used computer, and they're just looking for an extra machine at a decent price. As long as you take steps to wipe the data from the disk and possibly even install something like Windows 95 or 98 onto it as a red herring, you're doing the right thing, and are doing more than most people. Naturally, if the data on your disks is such that any kind of recovery by an outside party would or could create a major problem, then you probably do need to destroy them. If not, the previously suggested options to wipe out the data should work out OK Just my 2 cents, others (obviously ;) ) have other views. Definitely clear the data though, just to play it safe. -- J.W.

LOL Excelent suggestion that would make it totally unusable.:D

If it were me I would do the old 'rm -rf /' and then boot off a knopix CD and use J.W.'s dd command to totally wipe it.

thanks for all the help. i initally tried the dd command, but it seemed to take a really long time. i ended up just using the dban. it is simple, works well, and i can just pop it in and walk away. maybe for the remote systems that i need to clean, i will use the dd command since i cannot get a disk to them. either way, it was some pretty cool stuff. thanks!

You might want to consider an alternate strategy for your remote systems if you plan to wipe the entire disk. If you ssh in and start a dd command, things may not work as expected since you'll be overwriting the OS. If you started to wipe filesystems where key binaries and libraries are kept, there's no guarantee that your dd command will finish.

Like putting busybox, a few tools and libraries into
a chroot-jail in a RAM-disk? :)


Cheers,
Tink