Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-16-2009, 08:47 AM   #1
LQ Newbie
Registered: Dec 2009
Location: Ireland
Distribution: ubuntu, SUSe, Redhat, AIX
Posts: 3

Rep: Reputation: 0
Secure erase HDD from within itself

Hoping somebody else has come across this type of problem, I have several RH linux blades on a remote site which use SAN drives for all their disc, what I need to do is to secure erase the systems own discs from within itself as I am not able to get a network boot working from the kickstart server (hardware issue), I am decommissioning the servers but need to securely wipe the SAN LUNs before handing them back to be allocated for other systems. I have checked with the SAN team and they cannot preform this task for me as they have no visibility of the LUNs/filesystems only the block devices, any suggestions would be welcome.
Old 12-16-2009, 09:26 AM   #2
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,803
Blog Entries: 4

Rep: Reputation: 3082Reputation: 3082Reputation: 3082Reputation: 3082Reputation: 3082Reputation: 3082Reputation: 3082Reputation: 3082Reputation: 3082Reputation: 3082Reputation: 3082
This is a bit "out of my league," but I was under the impression that SAN devices usually possess the ability to "secure-erase themselves." In other words, specifically for this purpose: you've pulled the devices but need to erase them before you can put them back into the stockroom, on eBay, or into the trash. I would be very surprised if such a useful feature were limited to "guv'mint grade" hardware intended only for applications such as ==OMITTED==.

"Secure erase" would, of course, be a "block-level operation," not a filesystem-level operation.
Old 12-16-2009, 09:48 AM   #3
LQ Newbie
Registered: Dec 2009
Location: Ireland
Distribution: ubuntu, SUSe, Redhat, AIX
Posts: 3

Original Poster
Rep: Reputation: 0
You are correct that the SAN would be able to secure erase themselves but only at a Block device level and not at the LUN/filesystem level that I need to, as there are other LUNs in the same block that are still required, so I need a way to securely wipe the data including the OS from the LUNs before handing them back to the SAN team. Is there a way to store say the commands that I would need in to system memory to preform the task and then shutdown the machine.
Old 12-16-2009, 02:43 PM   #4
Registered: Mar 2008
Location: UK
Distribution: Fedora, Gentoo
Posts: 209

Rep: Reputation: 36
Interesting problem.
First off, you can do the secure equivalent of 'rm -rf'. That would wipe out the files, but you wouldn't be able to reboot. Dunno if that's absolutely essential to you, but I don't think it's a good solution anyway.
Second trick might be to try chrooting into a ram disk, and remounting the root partitions within that. I'm fairly sure it wouldn't work though. It's still mounted above, and chroot isn't a full blown 'new' boot. In a similar vein, I wonder if you could use 'kexec' to soft reboot the kernel into a ram disk?

Your best shot might be to reboot and use an initramfs to mount and wipe the SAN filesystems. Although initramfs's are usuually used to load modules and such at bootup, there's not reason you can't have them do anything you want (such as wiping the filesystems). Depending on your distro, there's probably a mkinitramfs package available to help you. Check this to get the general idea as to what can be achieved.

Finally, it might be easier to try to figure out how to get network booting working rather than messing around with the above. What's the problem with it?

Hope that gives you some ideas.
Old 12-16-2009, 05:20 PM   #5
LQ Veteran
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 16,113

Rep: Reputation: 2255Reputation: 2255Reputation: 2255Reputation: 2255Reputation: 2255Reputation: 2255Reputation: 2255Reputation: 2255Reputation: 2255Reputation: 2255Reputation: 2255
Me, I'd just drop down to an "init 1", disable SELinux, unmount what I could and start wiping.
The non-O/S system LUNs shouldn't be a problem; why not just "dd if=/dev/zero ..." over the top of them. Depends on your "securely delete" requirement - but for in-house I'd consider that sufficient.
For the system itself you should be able to do similar - turn off as much logging as possible and zap it. I can't see why you'd need to go out to the disk itself for data whilst doing this.

Untested of course ...


erase, harddisk, secure, system

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Best method to secure erase an external hard drive xri Linux - Hardware 1 01-17-2009 12:40 AM
how can I secure my nis server ?can I use openSSL to secure it form sniffing ? abhi_raj Linux - Networking 1 07-10-2006 07:19 AM
how to secure data on HDD Vs FBI, CIA MI5 PeterOnTheNet Slackware 5 03-07-2005 10:13 PM
Secure Erase Tool? subaruwrx General 5 08-14-2004 11:51 PM
alter boot floppy to auto erase hdd then shutdown NewtonMan Linux - Software 3 11-14-2003 03:48 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:49 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration