6

I am going to sell a Linux server to a random person. For obvious reasons I want to clean up the hard disks so that the current data on the disk can never be retrieved. What is the safest way to do so? OS re-install? rm -rf *? or something else?

The server is colocated and I don't have physical access.

alfish
  • 3,027
  • 15
  • 45
  • 68

5 Answers5

19

DBAN.

Or, if you want something a bit more simple (but theoretically less secure), fire up a livecd and do:

$ dd if=/dev/zero of=/dev/sdX
EEAA
  • 108,414
  • 18
  • 172
  • 242
  • Can I ssh to the server after issuing this command? – alfish Sep 06 '11 at 21:22
  • 1
    After you run this command `/dev/sdX` will have no more usable data on it, so you will not be able to ssh to the server unless you get it booted off of a livecd or something similar. – EEAA Sep 06 '11 at 21:24
  • Isn't 'rm -rf *' enough? Why? – alfish Sep 06 '11 at 21:51
  • 3
    `rm -rf` doesn't zero out the drive, it only clears the filesystem table entries pointing to where the data resides on the drive. Data recovery utilities would still be able to recover data after an `rm -rf`. – EEAA Sep 06 '11 at 21:55
  • Lol, I need to copy paste your answer to the colo's tech guy how suggested to use 'rm -rf'! – alfish Sep 06 '11 at 21:59
  • Instead using `/dev/zero` you can also use `/dev/urandom`. To learn more read [wiki.archlinux.org](https://wiki.archlinux.org/index.php/Securely_wipe_disk#Select_a_data_source). – patryk.beza Jul 05 '16 at 13:32
9
shred -z /dev/sdX

This will overwrite the hard disk three times with random data, and write zeros to the disk on a final fourth pass. You can adjust the number of passes with the -n option. man shred for more options.

Chad Feller
  • 776
  • 5
  • 6
  • I just issued the command from a 'Rescue' Centos OS. How long does it take to wipe out a 1TB disk? – alfish Sep 06 '11 at 22:56
  • Depends on the speed of the disk, and the number of passes. But probably several hours with a disk that size. If you used the `-v` option, you'll be able to see the progress. You said "a 'Rescue' CentOS OS". Like a CentOS rescue CD/ISO? (I ask because if you launched `shred` from the same disk or partition you are wiping, don't stop and restart just to add the `-v` option. The disk would be partially destroyed by this point, and `shred` is only continuing to run because it is running in RAM, but restarting it would likely fail.) – Chad Feller Sep 06 '11 at 23:23
  • The Centos is an external OS provided by the hosting trough which I could ssh to my server and issue 'shred -z /dev/sda1' and know I see load ~10 mostly due to shred. I wish I'd read the man carefully. you may add a note about '-v' key to your response. Thanks – alfish Sep 06 '11 at 23:38
  • `/dev/sda1` is just the first partition of `/dev/sda`. You probably still have at least one other partition on that disk (swap), possibly more... If that wasn't what you intended to do, and if `shred` is running from the hard disk you are destroying, you may need to ask someone to drop a CD into the drive and run that command. (Alternatively, you mentioned reinstalling the OS above - how would that be accomplished? Does somebody else do it? Do you do it via an out of band method? If you do it, you may be able to just run shred from a virtual console on the installer, depending on the OS.) – Chad Feller Sep 07 '11 at 00:00
  • Multiple passes is overkill, unless your data is of interest to a major national government or shady multi-billion dollar company. A single pass of zeros is sufficient for any case where your data isn't worth hundreds of thousands of dollars to somebody. – freiheit Sep 09 '11 at 20:27
3

If you don't have any out of band management of the server, and your can only access the server via SSH, then you may find wiping it pretty challenging. You could place a copy of the dban image onto your hard drive and configure the boot-loader to wipe the system on the next boot. But if you don't have physical access you won't really be able to verify this has completed.

I suspect what you may have do is work with the techs at the collocation site, to boot a livecd and start up networking and ssh. Once the get you booted off a livecd, then use dd, or a tool like shred. Then do a base install onto it for the person you are selling it to.

Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • Does server reinstall completely eliminates the chance of data recovery? – alfish Sep 06 '11 at 21:17
  • 1
    A reinstall by itself wouldn't be enough. A reinstall, and then running a dd or zerofree to zero out all the empty space, would probably clean it up enough. – Zoredache Sep 06 '11 at 21:24
  • Even if the hard disk is throughly formatted?! – alfish Sep 06 '11 at 22:02
  • 1
    @alfish: a format doesn't write zeroes over the disk. There is no greater or lesser level of thoroughness when formatting. The dd command suggested earlier does write zeroes over the disk, as do dban and shred (the latter two also write random data and/or alternating bit patterns). – Daniel Lawson Sep 06 '11 at 22:12
3

As well as the suggestions for using dd, dban and shred, there are a couple of other options that may be possible, depending on your system.

If you have disks that support full disk encryption (also known as self-encrypting disks), you can request that the disk change the encryption key it uses. This will result in the disk immediately becoming unusable, as all the encrypted data on it is now unaccessable. Modern SSDs support this, as do many modern SAS disks (eg, Seagate Constellation ES SAS / Seagate Savvio / Seagate Cheetah). All disks that support FDE/SED are always encrypting the disks, regardless of whether you have some kind of encryption infrastructure to manage keys set up over the top - so you can always securely erase these disks by requesting a key change. (I don't have any handy docs on how to do this, and I can't remember where my research led me to last time I looked at it. )

Another option is to use the ATA Secure Erase command, which does a low-level zero write over the entire disk. This NIST Guidelines for Media Sanitization document states that the ATA Secure Erase command is good for security requirements up to purge level, which probably means it's good enough for you.

Neither method may be available to you, and I think a single dd or shred run is probably the simplest thing for you to implement, however there are other options :)

Daniel Lawson
  • 5,426
  • 21
  • 27
1
for i in $(seq 1 10);do time dd if=/dev/zero of=/dev/sdX bs=1M;echo "finished iteration $i";done

will take forever, but even the most extremist security expert won't complain about that method.

Julien Vehent
  • 2,927
  • 18
  • 26
  • Can I issue this command remotely through ssh? Roughly how long does it take to complete? – alfish Sep 06 '11 at 21:28
  • how fast is your hard drive ? At 50MB/s, and for a 200GB hard drive, it will take ~68 minutes per iteration, so 680 minutes, or a bit more than 11hours, total. You can issue that command via SSH, but your system will get highly unstable and you might lose the connectivity very quickly. Not sure that's the best way to do it. – Julien Vehent Sep 06 '11 at 21:35
  • I see. What practical alternative would you use in this circumstances? – alfish Sep 06 '11 at 21:43
  • Either ask somebody to load a livecd on the system, and do it from there, or launch that command and hope for the best :) – Julien Vehent Sep 06 '11 at 21:50