Securely Delete Files in Linux

Securely Delete Files in Linux

It used to be that only paranoids cared a whit about shredding their data—or their office paperwork, for that matter. But these days, there really are people out there just waiting for you to slip up and expose your private data. Fortunately, if you're running Linux, deleting sensitive information is fast and easy with the 'shred' utility.

Let's say you've been using the free app HomeBank to manage your finances, and all your data—complete with account numbers and balances—is saved in a file called banking.xhb. Now say you've copied that file to a USB key to transfer it to another PC. Once you've finished transferring the file, you'd be remiss to leave it sitting on a tiny drive that could easily get lost. While you could just delete the file, the smarter move would be to shred it.

Shred is a simple command line utility that's included with many Linux distributions, and it repeatedly overwrites a file with garbage data to render the file unrecoverable. Used in its simplest form (simply 'shred <filename>'), it will overwrite the file 25 times to obscure everything in it, and leave the file on your drive. But with the addition of command arguments, Shred becomes much more powerful and effective.

The shred command arguments are: [from the Shred help file]

-f, --force (change permissions to allow writing if necessary)

-n, --iterations=N (Overwrite N times instead of the default (25))

-s, --size=N (shred this many bytes (suffixes like K, M, G accepted))

-u, --remove (truncate and remove file after overwriting)

-v, --verbose (show progress)

-x, --exact (do not round file sizes up to the next full block; this is the default for non-regular files)

-z, --zero (add a final overwrite with zeros to hide shredding)

--help (display help and exit)

--version (output version information and exit)

For a typical file like our fictional banking.xhb, a good use of command arguments would be 'shred -vfzu banking.xhb', which would turn on verbose mode (v) to show you what Shred is doing, force file permissions to enable you to shred the document (f), add a final overwrite of zeros to hide the shredding (z), and then delete the file (u). If an identity thief were to later find your USB key and search it for useful information, he might well discover that there had once been a file called banking.xhb on there, but his efforts to extract your erased data would lead him to believe the file had been empty.

Easy enough. But let's say your USB key did once contain sensitive files, but that you deleted them all long ago using a non-secure method such as rm or just dragging them to the trash. You can use Shred to delete (most of) the free space on the drive by using the --size=N command argument. To do this, you must first create an empty file for Shred to work with, because it can't create files on its own. You might choose to give this file an obvious name, like 'shredfile', for your own convenience, or you might give it an obscure name, like '425672f4w', for the sake of improved security. Either way, the 'touch' command is a great way to do the job, with 'touch <filename>'.

Now that you've created a file to shred, you need to know how large to make the file so it fills up your drive. If your 2GB thumb drive has 839MB of free space, subtract 1MB from that number to avoid running out of space while shred is doing its job. (Sure, it will leave 1MB of unshredded space, but that's life.) To commence your shredding, type 'shred -vfzu --size=838M <filename> '. This will perform all the same actions as in our banking.xhb example, but it will also expand the file to a size of 838MB in the process, rendering all that drive space unrecoverable. If you're really concerned about wiping the whole drive, this isn't really the ideal way to go about it, but it will do the trick for most common situations.

For more secure deletion, there are some other great open source apps out there for the having, including Scrub and Wipe, which work in much the same way as Shred, but include additional options for greater versatility. They're available in most of the big repositories, so you can use your package manager to download and install them.

Tags:
4

Comments

+ Add a Comment
avatar

computerforensics

Protecting personal data is very important. Be sure to choose the right computer forensics tool to do this. I'm glad there are many tools around for people like detectives and others from the forensics field.

Take care!

avatar

kennon

Be sure to read the man page before you breath a sigh of relief. Shred Does not work on modern journaling filesystems (ReiserFS, EXT3 in Journaling mode, XFS or JFS and a few others). It also doesnt work in some RAID situations or against files on NFS mount points. And many computer forensic folks will tsay the only way to make data unrecoverable permanently is to physically destroy the media it was written to. Against the casual thief shred will most likely fulfill your needs as long as you are not using one of the aforementioned filesystems. But against someone armed with knowledge of modern data recovery techniques shred is little more than a distraction.

avatar

Robert Strohmeyer

Very true, Kennon. That's exactly why I chose a thumb drive for the example above. For completely erasing a hard drive with a modern journaling filesystem, it's best to use a boot-and-nuke utility like DBAN (http://dban.sourceforge.net/).

avatar

XRolando

Excellent. I'm selling an old laptop of mine and was about to start researching the subject that you so adequately covered!

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.