In this article you will learn how to securely wipe hard drive Linux, also how to securely delete files in Linux.
First you need found correct disk path to hard drive which you want securely wipe, list hard drives in your system.
For securely erase hard drive or files we will use scrub utility. Scrub iteratively writes patterns on files or disk devices to make retrieving the data more difficult.
Lets install the scrub utility. For Ubuntu/Debian run:
# apt-get install scrub
or for RedHat/CentOS:
# yum install scrub
Securely Wipe Hard Drive Using Scrub
Scrub support about 15 pattern write methods such as: nnsa, dod, bsi, gutmann, schneier, pfitzner33,usarmy, fillzero, random …
To scrub a disk /dev/sda with default NNSA patterns run:
# scrub /dev/sda
To fill with zeros (0xff) we can use fillzero 1-pass pattern:
# scrub /dev/sda -p fillzero
Securely Wipe File
After file scrub only data in file will be destroyed, filename and size will remain.
To scrub file run:
$ scrub file_name
You just learn How to Securely Wipe Hard Drive in Linux using Linux Scrub package.
For more information about using Linux scrub package you can use man page:
# man scrub
Scrub may be insufficient to thwart heroic efforts to recover data in an appropriately equipped lab. If you need this level of protection, physical destruction is your best bet.
The effectiveness of scrubbing regular files through a file system will be limited by the OS and file system. File systems that are known to be problematic are journaled, log structured, copy-on-write, versioned, and network file systems. If in doubt, scrub the raw disk device.
Scrubbing free blocks in a file system with the -X method is subject to the same caveats as scrubbing regular files, and in addition, is only useful to the extent the file system allows you to reallocate the target blocks as data blocks in a new file. If in doubt, scrub the raw disk device.
On MacOS X HFS file system, scrub attempts to overwrite a file’s resource fork if it exists. Although MacOS X claims it will support additional named forks in the future, scrub иs only aware of the traditional data and resource forks.
scrub cannot access disk blocks that have been spared out by the disk controller. For SATA/PATA drives, the ATA “security erase” command built into the drive controller can do this. Similarly, the ATA “enhanced security erase” can erase data on track edges and between tracks. The DOS utility HDDERASE from the UCSD Center for Magnetic Recording Research can issue these commands, as can modern versions of Linux hdparm. Unfortunately, the analogous SCSI command is optional according to T-10, and not widely implemented.