i have a client that for reasons that have not been explained to me would like a "panic button" on a redhat linux server on his LAN. hes looking for a small script, command, program.... that when run, will systematically wipe out every file on the harddrive. anyone have an easy solution?

and please, lets try to keep the "holier than thou" flame-type comments to a minimum, ok? dont like the question, dont waste your time replying.

thanks

Ha, sounds like your client is pushing child porn or something and wants a quick fix to if the feds show up. So if this is your client, I would -definately- find out what they are doing to want a feature like this.

Anyhow, in any case if there is some odd reason this can be legitimate (please check to see if it is, you don't want to help the spread of kiddy porn do you?) I'd say the command to execute would be

dd if=/dev/zero of=/dev/hda or whatever, corresponding to the drive he wants to ruin.

doing that command would end up in his drive needing a low level format (which drives dont come with lowlevel format software anymore -- so basically, a dead drive)

Now, how would he wire in a big red button like that to execute such a command? I don't know. That would need some big computer engineering expierience + ability to write a kernal module.

Oh, and I'd put a plastic guard around the big red button too. Wouldn`t wanna drop a book on it or something.... ooops!


On another note -- why not just suspend a 3 ton anvil above the server held up by 4 ropes. Want to ruin the system? Cut the rope! (Warning: keep feet clear!)

If he/she is doing this........WHY should WE help him/her not get caught!!

and if he/she is running an mp3 file sharing server, then the RIAA already has his/her number.......lol....!!

You can make the "-" key on the numpad (or, really, any button) become that Panic button by linking that key to the script via the same process as binding the Windows key to a script.

Changing Keybinds

This has been done a lot to "re-route" the Windows key to F13 or somesuch and then bind F13 to your script.

-- Poetics

Dude - this totally sounds suspicious to me, and it would be difficult to imagine any sort of legitimate scenario where this kind of "feature" would be needed. This is sort of like asking a home builder to install a panic button that would cause the house to burn down. If I were you I would either insist on knowing the rationale behind this bizarre requirement or turn down the job. IANAL but if this client actually is involved in activities that could land him/her in hot water, it seems to me that you could be making yourself an accessory by performing consulting work for that person. I wouldn't touch this with a 10 foot pole. Just my 2 cents. -- J.W.

one of you was pretty close. although the plot wasnt as sinister as you hoped. the client is the entire company, which i deal with several days a week. one of the employees who ive gotten close to is running this server as a test server.... learning linux etc. he has apache running a BBS just like this one but is allowing the posting/trading of MP3's and DVD rips. so he pulled me aside and said that if his bos found out blah blah blah....

so me being the anarchist that i am would never turn down a chance to stick it to the man!

so theres no simple deltree-like command.... oh well. ill play around with him

Its not hard to delete everything. A few are:
echo /dev/urandom > /dev/hda
rm -rf /
Still, you could be in hot water by helping someone whos running a server for DVD rips and MP3s...

Well, if I understand you correctly, the situation is that you have the XYZ Co. as a client, and one of their admins is using one of the company's servers to host an mp3 and DVD trading forum, without the management's knowledge or permission. That admin has approached you asking how to do a recursive delete to wipe out an entire disk.

Assuming the above is reasonably accurate, and assuming that sooner or later somebody else at the company notices the unauthorized activity, it might be something to think about that maybe one day a conversation like this may take place:

CEO: What's all this I hear about you setting up an illegal website on my computers?
Admin: Uh, umm, well, uh, I was just trying to learn Linux. I didn't think it was a big deal.
CEO: Well you're wrong. It's a huge deal. You're fired.
Admin: What! That's not fair! I mean, if jjd228 hadn't helped me, none of this would have happened.
CEO: Really?? (picks up phone) jjd228 - get in here now
You: Yes sir, what can I do for you?
CEO: Admin here tells me that you helped him set up an illegal website on my computers. Is this true?
You: No, of course not, I merely showed him how to run a few commands about how to delete ....
CEO: Enough. I don't want to hear it, you're fired too. You can expect to hear from my attorney soon.

My point is that you might want to consider whether or not you want to keep working for this company in the future. All I can say is that I'd have no hesitation firing someone if he/she were misusing company resources to host their own personal website -- obviously you might get lucky and none of this may ever happen but why risk your professional reputation and a good gig on something stupid. Again, just my 2 cents -- J.W.

All the legal/ethical concerns aside ... if the feds came in, and
you pressed the button, they'd probably just power the
box off. Even on a fast machine using any of the suggested
methods would take quite a while... and as we can learn
from tools like wipe (do a search on freshmeat.net) a
singular erase / overwrite won't necessarily do it .



Cheers,
Tink

Very interesting discussion in here.

But nobody is helping the man much. I think everybody is entitled to do with his machines what he wants.
Would be interesting to know how long it would take to perform such a wipe and if the feds could restore it after it has been wiped. If so, written with random data, I ask myself: If I write data over existing data, I erase it. If it still can be retrieved, it exists in a parallel place, i.e. the harddisk has much more capacity and it is not used.
Does anybody know about this?

Nulling the data can leave some echo I heard, from which you can see the "shadow", but randomizing it?

Also, I would very much like to know how to realize this button, not for wiping, but for example to put the machine into standby without fiddeling with acpi and kernel 2.6. Would you connect a cable to the serial port and trigger a switch? Where in /proc could you read this data?

I guess I am a hacker, in the old context: somebody that wants to know something, how something works, for it's own sake (not the one that breaks into systems, that is a cracker). It makes my brain stay smart and sharp.

I live in europe and the more I read news and posts, the more I have the ugly feeling that in the U.S. people do nothing else than sue eachother. The guy gets fired then (see story above). He gets sued for damages from his boss. The boss gets sued by the RIAA, then the guy get's sued by Linus for damaging his trademark Linux by associating it with illegal music file sharing.

Here in europe you usualy never use a lawyer, don't know and need one. But a company in U.S. (see SCO for example), you just get sued for a big heap of money from a large corporation, since you violated some software patent (which is not yet valid here in europe, but very much so in the U.S.), since the own the rights on a "progress bar", which you did develop and your lawyer did not check if a patent exists for it.
You then have a choice of spending lots of money going to court or settling for a little less money (but still lots) out of court. Who wins? The large corporation, the court system. You basically can bankrupt a small company like this, stamp it into the ground.

Maybe somebody has some insight for me in this issue...

The amount of time it would take to completely clear and/or rewrite an entire disk would depend mainly on the size of the disk and the speed at which it spins. Depending on which file system you are using, you are correct in that a basic delete operation may just wipe out the pointers to that file from the directory structure, but the data itself may still exist intact on the disk, until it is overwritten (more info here: http://batleth.sapienti-sat.org/proj.../ext3-faq.html )

Even after a file is overwritten however, it may still be possible to reconstruct that original file (this is similar to a double exposure on film). The way it works is this: each bit on the disk can be considered to be a tiny magnet, and the magnet's strength can vary. For illustration purposes, suppose that each bit on the drive consists of 100 magnetic particles, and therefore we can rate the magnetism level based on how many are pointed to "north" and how many are pointed to "south". In this system, if all 100 particles were pointed north, that would equate to a perfect "one bit" (aka ON). Similarly, if zero particles were pointed north, then that would be interpreted as a perfect zero bit (aka OFF).

The fact is however that the disk will have some imperfections, and so in reality, most of the time a zero bit (aka OFF) will be written to the disk with a low magnetic score that may range from say, 15 to 25 particles pointing north, and likewise a one bit (aka ON) may have a high score that falls between say 75 and 85 particles pointing north. The disk drive itself will treat a low score between zero and 50 as a zero bit (OFF), and a high score between 51 and 100 as a one bit (ON).

To continue, if a zero bit is overwritten by a one bit, then it's possible that not all particles will be perfectly flipped, and thus the new score will not be quite as high as normal due to the residual magnetic charge. In this example, the previous zero bit (score 20) may be rewritten as a one bit (attempted score of 75) but the final score might only be 65 -- enough to be correctly interpreted as a one bit (ON) but not as strong as usual. Similarly, if a one bit (score of 80) is overwritten by another one bit, the score may be boosted to say 95 because more particles will end up getting pointed north.

By searching the disk for bits that are either over or under the typical signal strength, it would be possible to make a reasonably accurate determination as to the previous value of each bit, and thus, at least to some degree to recover the previous contents of the disk. This is what professional data recovery services do. Naturally however, the more times a given bit is overwritten, the fainter the original signal would become, and after a given point it would be too faint to be reliably interpreted. In the data recovery biz it seems that a 7 layer rewrite is generally considered a "safe" way to wipe the disks, meaning that you would alternate between writing all zeroes to the disk, then all ones, then random ones/zeroes, etc, etc. Repeat. It is not a speedy process, and as Tinkster already said, just doing it once would not necessarily be enough.

I'd suggest Google for more info about the business of data recovery, but to return to the original question, as I stated before it would be difficult to imagine any sort of legitimate need to destroy all the data on a disk instantly and via only a couple of keystrokes, mainly because it goes against all kinds of standard business practices (ie, always make backups) and as far as I'm concerned its only use would be in attempting to hide activities that shouldn't be done in the first place, or which could lead to serious trouble. If that is a concern to someone, then the best thing to do would be to just discontinue doing those things. Besides, most likely if person A is smart enough to figure out that person B is doing something illegal or whatever, then person A will also have already collected enough evidence to prove it. Like I said before I would steer clear of anything even close to this situation. Just my 2 cents. -- J.W.

Just got an idea:
Hmm, would an emp do the trick?
(electro magnetic pulse)

That would be fast and wipe the disk real good. Could that be contained inside the computer, to just affect this machine and nothing else?

thinking out of the box here, with minimal electrical engineering u cud set up a panic button which connected 240v (or 120v) across the hard drive. my prediction is that that wouldnt do the greatest things to it.

try and make him sign something first acquitting you or something like that....

Problem is
Never said whether the server was his or his company's, but if he is using a company server or the company's bandwidth, then he has no right to be doing what he is doing.

I'm surprised no-one's mentioned thermite

Igniter > Thermite Canister > Disks > Floor

Rather a drastic solution though