Delete Files Permanently and Securely in Unix

Sometimes we need to delete files in unix in a way that can not be recovered (such of password files) with something more efficient than a simple rm command. This script makes a safe physical deletion of a file in UNIX.

This configured to five writes, and each write makes a physical random write to soil and immediately makes another write below setting all to zeros. Although may seem excessive five writes, there are experts that recommended at least 40 writes. Of course, what about if you perform filesystem backup using a clone or differential backups?, you could recover the file from backup.

This command is done using shell script and can be somewhat inefficient, could be done in a more optimal using C code, which does not require much cost. Any volunteer to code it?

 

#!/bin/ksh

#

 

MAXWRITES=5 # Number of writes.

BLOCKSIZE=1 # I/O block size for/dev/urandom.

 

#

# Script version.

#

version=”BORSEGU 1.0 Autor: Antonio NAVARRO 17.05.2002″

 

 

#

# We need at least one parameter, the filename

#

if [ -z “$1” ] # No filename specified.

then

echo “Usage: `basename $0` filename”

echo ” (“$version”)”

exit -1

fi

 

#

# Check if file exists.

#

fichero=$1

 

if [ ! -e “$fichero” ]

then

echo “File \”$fichero\” do not exists.”

echo “(“$version”)”

exit -1

fi

 

#

# Confirm delete

#

 

echo ” ”

echo “Delete file (“$fichero”) (y/n)? ”

read respuesta

case “$respuesta” in

[nN]) echo “Canceled.”

echo “(“$version”)”

exit -1

;;

*) echo “>>> Starting secure delete of (“$fichero”).”;;

esac

 

 

#

# Get the size of file.

#

longitud=$(ls -l “$fichero” | awk ‘{print $5}’)

 

number_of_write=1

 

echo

 

while [ “$number_of_write” -le “$MAXWRITES” ]

do

echo “>>> Write: “$number_of_write

/usr/sbin/sync # Synchronize disks.

dd if=/dev/urandom of=$fichero bs=$BLOCKSIZE count=$longitud

# Refill with random values.

/usr/sbin/sync # Synchronize disks.

dd if=/dev/zero of=$fichero bs=$BLOCKSIZE count=$longitud

# Refill with zeros.

/usr/sbin/sync # Synchronize disks.

let “number_of_write += 1”

echo

done

 

 

#

# At the end, delete file

#

rm -f $fichero

/usr/sbin/sync

 

echo “>>> File (“$fichero”) deleted.”

echo “(“$version”)”

 

 

HTH – Antonio NAVARRO

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s