How to Securely Wipe Hard Drive in Linux

In this article you will learn how to securely wipe hard drive Linux, also how to securely delete files in Linux.

First you need found correct disk path to hard drive which you want securely wipe, list hard drives in your system.

For securely erase hard drive or files we will use scrub utility. Scrub iteratively writes patterns on files or disk devices to make retrieving the data more difficult.

Lets install the scrub utility. For Ubuntu/Debian run:

# apt-get install scrub

or for RedHat/CentOS:

# yum install scrub

Securely Wipe Hard Drive Using Scrub

Scrub support about 15 pattern write methods such as: nnsa, dod, bsi, gutmann, schneier, pfitzner33,usarmy, fillzero, random …

To scrub a disk /dev/sda with default NNSA patterns run:

# scrub /dev/sda

To fill with zeros (0xff) we can use fillzero 1-pass pattern:

# scrub /dev/sda -p fillzero

Securely Wipe File

After file scrub only data in file will be destroyed, filename and size will remain.

To scrub file run:

$ scrub file_name


You just learn How to Securely Wipe Hard Drive in Linux using Linux Scrub package.

For more information about using Linux scrub package you can use man page:

# man scrub

Scrub may be insufficient to thwart heroic efforts to recover data in an appropriately equipped lab. If you need this level of protection, physical destruction is your best bet.
The effectiveness of scrubbing regular files through a file system will be limited by the OS and file system. File systems that are known to be problematic are journaled, log structured, copy-on-write, versioned, and network file systems. If in doubt, scrub the raw disk device.

Scrubbing free blocks in a file system with the -X method is subject to the same caveats as scrubbing regular files, and in addition, is only useful to the extent the file system allows you to reallocate the target blocks as data blocks in a new file. If in doubt, scrub the raw disk device.

On MacOS X HFS file system, scrub attempts to overwrite a file’s resource fork if it exists. Although MacOS X claims it will support additional named forks in the future, scrub иs only aware of the traditional data and resource forks.
scrub cannot access disk blocks that have been spared out by the disk controller. For SATA/PATA drives, the ATA “security erase” command built into the drive controller can do this. Similarly, the ATA “enhanced security erase” can erase data on track edges and between tracks. The DOS utility HDDERASE from the UCSD Center for Magnetic Recording Research can issue these commands, as can modern versions of Linux hdparm. Unfortunately, the analogous SCSI command is optional according to T-10, and not widely implemented.

Linux Shred Command Examples


If you like what you are reading, please:

Buy me a coffeeBuy me a coffee


Leave a Reply