Don’t entrust the deletion of sensitive data to the standard tools. Install this handy data wipe command for a more secure removal.
How to securely delete files in Linux with SRM
Don’t entrust the deletion of sensitive data to the standard tools. Install this handy data wipe command for more secure removal.
Do you have sensitive data on your Linux server drives that needs to be securely deleted? Maybe it’s configuration files or client data. Regardless of what information is to be found in those files, you need the means to get rid of it.
With the Linux platform, there are a few possible tools for this process, some of which cannot be depended on for deleting such information and some which only reliably work on magnetic drives. So if your servers work with SSDs, you need to make sure to use a tool that’s up for the task. One such tool is the Secure-delete Toolkit.
SEE: Windows 10 security: A guide for business leaders (Tech Pro Research)
Secure-delete Toolkit is a collection of file deletion tools, which includes the srm command (for secure remove). I want to walk you through the process of installing and using srm on Ubuntu Server 18.04. The toolkit can be easily installed on just about any Linux distribution, from within the standard repositories, so getting this up and running on your distribution of choice will be done in similar fashion.
The srm command deletes file in such a way that they cannot be recovered. The deletion process is:
- 1 pass with 0xff.
- 5 random passes.
- 27 passes with special values.
- 5 random passes.
- File rename.
- File truncation.
The above process is based on the paper “Secure Deletion of Data from Magnetic and Solid-State Memory,” by Peter Gutmann.
The installation of the Secure-delete Toolkit is simple. Open a terminal window and issue the command:
sudo apt-get install secure-delete -y
Once the installation completes, you’re ready to go.
Now it’s time to delete some files. Let’s create test files for deletion. First, create a file with random data. This can be done using the head command like so:
head -c 10MB </dev/urandom > testfile
The above command will create a binary file, named testfile, which is filled with 10 Mb of random data. Now, let’s delete that file. We’re going to use two options:
- v – for verbose output.
- z – to wipe the last write with zeros instead of random data.
Our command will look like this:
srm -vz testfile
Because we created a smallish file, the wipe process will happen in about one-to-two minutes. Should you have to delete a much larger file, prepare for srm to take some time. Allow it to finish, otherwise the wipe process will fail, and your data remain intact (even if only partially).
Once the command completes, your data will have been safely removed (Figure A).
Figure A: The file deletion in progress.
When the process is complete, srm will inform you it is done. Issue the ls command to verify the file is gone (Figure B).
Figure B: A flight of angels has sung this file to rest.
If you need to securely delete entire directories, srm has you covered. Create a test directory with the command:
Now create a file with random data in the same manner you did above:
head -c 10MB </dev/urandom > ~/TEST/testfile
With the test file and directory in place, they can be securely deleted with the command:
srm -r ~/TEST
And that’s all there is to securely deleting data files with the srm command. Don’t trust those need-to-be-deleted sensitive files to the standard removal process. Put this command in your toolkit for a security mission accomplished.
Cybersecurity Insider Newsletter
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays
Sign up today
- How to install the OpenVAS security audit tool on Ubuntu Server 18.04 (TechRepublic)
- How to enable phpMyadmin configuration storage to gain more options and security (TechRepublic)
- How to improve Apache server security by limiting the information it reveals (TechRepublic)
- How to increase Linux security by disabling USB support (TechRepublic)
- Hackers lurked in Citrix systems for six months (ZDNet)
- 10 dangerous app vulnerabilities to watch out for (TechRepublic download)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)
Image: Jack Wallen