LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-20-2019, 03:33 AM   #1
hddfsck
Member
 
Registered: Aug 2019
Distribution: Debian; Ubuntu
Posts: 122

Rep: Reputation: Disabled
Is shred, srm, or wipe, considered good enough against forensics (when using with ext4)?


The following is from an article whereby the use of one or more of the previous commands is called into question when using them with ext4: https://www.computerhope.com/unix/shred.htm

CAUTION: Take note that shred relies on an important assumption: that the file system overwrites data "in-place." This assumption is the traditional way to do things, but many modern file systems do not do things exactly this way. The following are examples of file systems on which shred is not effective, or is not guaranteed to be effective in all file system modes:

log-structured or journaled file systems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
file systems that write redundant data and carry on even if some writes fail, such as RAID-based file systems
file systems that make snapshots, such as Network Appliance's NFS server
file systems that cache in temporary locations, such as NFS version 3 clients
compressed file systems

In the case of ext3 file systems, the above disclaimer applies (and shred is thus of limited effectiveness) only in data=journal mode, which journals file data in addition to file metadata. In both the data=ordered (default) and data=writeback modes, shred works as usual. Ext3 journaling modes can be changed by adding the data=something option to the mount options for a particular file system in the /etc/fstab file, as documented in the mount manual.

......................

I found the following article which is very close to where I am at right now. https://stackoverflow.com/questions/...rely-on-centos

"I would like to know how would to permanently and securely delete files on CentOS. The problem I'm having right now is that, the filesystem is ext3, and when I thought of using srm- it said something like

"It should work on ext2, FAT-based file systems, and the BSDnative file system. Ext3 users should be especially careful as it can be set to journal data as well, which is an obvious route to reconstructing information."

If I can't use shred or srm, and secure-delete is also not an option, I'm clueless about how to securely and permanently delete the data. The files I'm deleting are NOT encrypted. linux security filesystems centos

ANSWER: just use shred:

shred -v -n 1 -z -u /path/to/your/file

this will shred the given file by overwriting it first with random data and then with 0x00 (zeros), afterwards it will remove the file happy shreding!

notice that ext3/ext4 (and all journaling FS) could buffer the shred with random data and zeros and will only wirte the zeros to disk, this would be the case when you have a little file. for a little file use this:

shred -v -n 1 /path/to/your/file #overwriting with random data sync #forcing a sync of the buffers to the disk shred -v -n 0 -z -u /path/to/your/file #overwriting with zeroes and remove the file

for ext3 1MB or greater should be enough to write to the disk (but im not sure on that, its a long time since i used ext3!), for ext4 theres a huge buffer (up to half a gig or more/less).

** AS A SIDENOTE ONLY: I don't understand the following: "for ext4 theres a huge buffer (up to half a gig or more/less)."
 
Old 09-20-2019, 04:06 AM   #2
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 13,098

Rep: Reputation: 4143Reputation: 4143Reputation: 4143Reputation: 4143Reputation: 4143Reputation: 4143Reputation: 4143Reputation: 4143Reputation: 4143Reputation: 4143Reputation: 4143
if you really want to make files unavailable you ought to destroy your disk completely.
(the solution depends on how paranoiac is the owner).
 
1 members found this post helpful.
Old 09-20-2019, 04:48 AM   #3
hddfsck
Member
 
Registered: Aug 2019
Distribution: Debian; Ubuntu
Posts: 122

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by pan64 View Post
if you really want to make files unavailable you ought to destroy your disk completely.
(the solution depends on how paranoiac is the owner).
Yes, I agree. But, the safest way is to 'shred' them, or something like this, and then after a certain period of time, securely erase the disk. Until the disk is securely erased, this is one of the best options. The other is to encrypt the disk. But in the meantime, everyone should 'shred' when trying to remove so they can not be recovered. Thanks.

Last edited by hddfsck; 09-20-2019 at 04:49 AM.
 
Old 09-20-2019, 04:58 AM   #4
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 18,144

Rep: Reputation: 2935Reputation: 2935Reputation: 2935Reputation: 2935Reputation: 2935Reputation: 2935Reputation: 2935Reputation: 2935Reputation: 2935Reputation: 2935Reputation: 2935
Why do you care ?. Most files probably don't matter - and who cares enough to bother with forensics on your deleted data ?.
For the data that does matter, it should always be encrypted when at rest - at least.
 
Old 09-20-2019, 04:05 PM   #5
hddfsck
Member
 
Registered: Aug 2019
Distribution: Debian; Ubuntu
Posts: 122

Original Poster
Rep: Reputation: Disabled
After decrypt the hdd to access the computer & internet

Quote:
Originally Posted by hddfsck View Post
Yes, I agree. But, the safest way is to 'shred' them, or something like this, and then after a certain period of time, securely erase the disk. Until the disk is securely erased, this is one of the best options. The other is to encrypt the disk. But in the meantime, everyone should 'shred' when trying to remove so they can not be recovered. Thanks.
ACTUALLY... If my hdd is encrypted, this doesn't seem to prevent anyone remotely connected to my computer from using recovery software to recover deleted files after I decrypt the hdd to use the computer/ internet.......?

This brings me back to where I started.
 
Old 09-20-2019, 07:51 PM   #6
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,509

Rep: Reputation: 1811Reputation: 1811Reputation: 1811Reputation: 1811Reputation: 1811Reputation: 1811Reputation: 1811Reputation: 1811Reputation: 1811Reputation: 1811Reputation: 1811
Quote:
Originally Posted by hddfsck View Post
ACTUALLY... If my hdd is encrypted, this doesn't seem to prevent anyone remotely connected to my computer from using recovery software to recover deleted files after I decrypt the hdd to use the computer/ internet.......?
If your threat model includes remote attackers being able to execute code on your computer, then I think you're setting the bar too high. It's just not feasible to defend against that kind of thing.
 
Old 09-30-2019, 01:15 AM   #7
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.10, Centos 7.5
Posts: 17,670

Rep: Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487Reputation: 2487
Quote:
In the case of ext3 file systems,....
In both the data=ordered (default) and data=writeback modes, shred works as usual
Check the setting on your system, but I believe it's very rare for anyone to change the 'default' setting, so you would be good to go .
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Secure remove (srm) every log file excluding a certain directory, xargs problem... archh Linux - Security 1 09-30-2014 09:05 AM
srm vs wipe vs shred siddartha Linux - Security 5 08-30-2012 08:20 AM
LXer: Hack and / - Forensics with Ext4 LXer Syndicated Linux News 0 02-27-2012 03:50 PM
LXer: How To Securely Destroy/Wipe Data On Hard Drives With shred LXer Syndicated Linux News 0 02-22-2012 10:10 AM
Should I include srm.conf in httpd.conf in apache2? xpucto Linux - Software 3 02-16-2006 08:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration