shred_linux_unix

Sometimes you need to destroy or wipe data from hard drives (for example, before you sell your old hard drives on eBay) so that nobody else can access them. Simply deleting data (e.g. with rm) is not enough because that just removes the file system pointer, but not the data, so it can easily be undeleted with recovery software. Even zero'ing out your hard drive might not be enough. Here's where shred comes into play - shred can overwrite the files and partitions repeatedly, in order to make it harder for even very expensive hardware probing to recover the data.

I do not issue any guarantee that this will work for you!

1 Preliminary Note

shred can be used to wipe files and also partitions and hard drives. If you take a look at shred's man page...

man shred

... you might notice the following:

CAUTION: Note that shred relies on a very important assumption: that the file system overwrites data in place. This is the traditional way to do things, but many modern file system designs do not satisfy this assumption. The following are examples of file systems on which shred is not effective, or is not guaranteed to be effective in all file system modes:

* log-structured or journaled file systems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)

* file systems that write redundant data and carry on even if some writes fail, such as RAID-based file systems

* file systems that make snapshots, such as Network Appliance's NFS server

* file systems that cache in temporary locations, such as NFS version 3 clients

* compressed file systems

In the case of ext3 file systems, the above disclaimer applies (and shred is thus of limited effectiveness) only in data=journal mode, which journals file data in addition to just metadata. In both the data=ordered (default) and data=writeback modes, shred works as usual. Ext3 journaling modes can be changed by adding the data=something option to the mount options for a particular file system in the /etc/fstab file, as documented in the mount man page (man mount).

 

This is something you need to worry about only if you use shred to wipe files. However, as I want to wipe hard drives, I will use shred for whole partitions or hard drives in this tutorial.

2 Using shred

If you want to wipe your system partition, you must boot into a live system (such as Knoppix, the Ubuntu Live-CD, your hoster's rescue system, etc.). This is not needed if you don't want to wipe your system partition.

shred should already be installed (you can check with

which shred

); if it isn't you can install it as follows (Debian/Ubuntu/Knoppix):

apt-get install coreutils

As I said before, I want to use shred on partitions and hard drives. So, for example, to wipe the partition /dev/sda5, you can use

shred -vfz -n 10 /dev/sda5

-v: show progress

-f: change permissions to allow writing if necessary

-z: add a final overwrite with zeros to hide shredding

-n: overwrite N times instead of the default (3)

So this would overwrite /dev/sda5 ten times.

You can also use shred for RAID partitions, e.g.

shred -vfz -n 10 /dev/md1

And to wipe a full hard drive like /dev/sda, you can use

shred -vfz -n 10 /dev/sda

Please note that shred can take a long time, depending on the size of your partitions/hard drives and the number of runs (-n).