Deleting a file is a pretty simple task, right? Whether you’re in a GUI or on the command line, it’s really simple to delete a file. Once you’ve deleted it, it’s gone. Except - no it’s not.
When you delete a file, you just remove its index entry from your filesystem. You won’t immediately be able to find it, but the data is still there and could potentially still be recovered. If you have sensitive data stored on your hard drive, you might want to ensure that certain information is deleted permanently and make it extremely difficult to recover.
Thankfully, most Linux distributions (and possibly some other Unix systems too) include a program called shred, which overwrites the file with random data before removing it from the index. This means that it becomes very difficult, if not impossible, to recover the file.
By default, the shred command actually just does the overwrite and doesn’t unlink the file - remove it from the index. The idea of this is so that you can use it on whole partitions or drives, where you don’t want to delete the device node.
To shred and then unlink a file, use shred like follows:
$ shred -u somefile
If you do want to work on a hard drive or other devices where you want to erase an entire device, don’t pass in -u or you will end up deleting the device node too.
# shred /dev/sda1
In the above example, we shred the contents of the first partition on drive sda.
There are some more advanced options you can pass however. Firstly, if you want an extra step of paranoia, you can change the number of times the file or device will be overwritten with random data (the default is 25 times over). For example, if you want 50 times over:
$ shred -n 50 -u somefile
Finally, you can also specify a final overwrite with all zeroes as well which apparently is meant to disguise the fact you’ve been shredding data. This is easily accessible using the -z switch.
$ shred -z -u somefile
Of course, you can combine all of these options like so:
$ shred -z -u -n 250 veryimportanttodeletefile
Just make sure you’re deleting the right thing before you hit enter, because once you do, there’s no going back!
Like this article? Subscribe to FOSSwire now (
Mike wrote:
Looking at the man page, it seems that shred is not useful on any of the popular modern filesystems including ext3? Any workaround?
# Posted on 17-Sep-07 at 11:14 am
kern wrote:
shred will erase the file(s) as they stands and to most non hacker types, it’s fairly much unrecoverable. Data carving may reveal traces left around the filesystem though.
Just a side note, you can combine the operators with one instance of ” - ” ie shred -vuzn 33 test.txt
And NEVER use shred with * file operator. Simple typo, disastrous result. Compare (do not run this)
shred -vuzn test* with
shred -vuzn test * in your home/root directory
Secure Workaround:
(Not for novices - if you make mistakes u can lose everything)
You need also to wipe swap space, and empty space.
Check a program called securedelete from freeworld.thc.org . Read the instructions _very carefully_ before you install and use (as root), and check the program file “the_cleaner” to set your own preferences. Then run it to do all 3 jobs together. If it won’t run, check where you installed, and add it to the PATH or create links in /usr/bin. If you have a modern large drive, theres no need to set it to 38 passes. It would take forever and isn’t necessary.
hth
Kern
Just to mention again
You could lose everything if you screw up with shred/etc
# Posted on 25-Sep-07 at 1:50 am
Data Shared » Linux: Elimina cualquier archivo con seguridad wrote:
[...] Más info. [...]
# Posted on 25-Sep-07 at 2:45 am
Radian Compliance Management Services » Blog Archive » Hitting Delete Is Not Enough wrote:
[...] off the hard drive. With only seven steps, it’s as intense as some other online tutorials. This post at FOSSwire describes a resident program in most Linux and some UNIX distributions called shred. Again, it doesn’t [...]
# Posted on 27-Sep-07 at 10:30 am
Hitting Delete Is Not Enough - Network Sentry wrote:
[...] off the hard drive. With only seven steps, it’s as intense as some other online tutorials. This post at FOSSwire describes a resident program in most Linux and some UNIX distributions called shred. Again, it doesn’t [...]
# Posted on 17-Oct-07 at 12:00 pm