Howto Delete Files Permanently and Securely in Linux

We all know that when you simply delete a file, it’s possible to recover it later. Sometimes this is useful, if you accidentally delete something important; but usually this is a problem, and you really want that file gone forever. This howto will explain how to delete a file in linux securely and permanently, so it can never be recovered.

Hard drives store data magnetically; these tools work by writing lots of random data and zeros over your old file[s], making sure that even the most advanced recovery methods aren’t able to read what was once stored in that part of the hard disk.

Most distributions of Linux, Ubuntu included, come installed with the “shred” command. Shred is a basic tool for overwriting a file many times, but is widely available and is effective in most cases. It works by writing random ones and zeros over the file you are shredding; with enough passes (see the “passes and filesystems” section below) it will become impossible to recover the old contents of the file.

The basic format of the shred command is this:

Common options you’ll want to use when you shred a file are:

So, for example, to shred a file “topsecret.txt” with twenty-six iterations (I want to make sure it’s really, really gone!), and delete it afterwards, and hide the fact that it was shredded, I would run:

For more information on the shred command, and all its various options, you should check out its manual, which can be accessed by running man shred.

Shred can only be used to overwrite files, and its use, while effective is relatively basic. What about the copies of data stored in your RAM, or in swap? And what about all the empty space on your hard drive, which was once full of personal, private information? The magnetic traces of that data is still lingering around, and if you’re getting rid of your hard drive, you’ll probably want to make sure it’s wiped before allowing the possibility of it falling into the wrong hands.

The Secure-Delete tools are a particularly useful set of programs that use advanced techniques to permanently delete files. To install the Secure-Delete tools in Ubuntu, run:

The Secure-Delete package comes with four commands:

srm – secure remove
This tool is basically a more advanced version of the “shred” command. Instead of just overwriting your files with random data, it uses a special process – a combination of random data, zeros, and special values developed by cryptographer Peter Gutmann – to really, really make sure your files are irrecoverable. It will assign a random value for the filename, hiding that key piece of evidence. srm is used like this:

Or, for directories:

With the “-r” for recursive mode. You can learn more about the srm command from its manual, accessable via man srm.

smem – secure memory wipe
While it’s true that your computer’s RAM is emptied when you power-off your computer, you probably didn’t know that residual traces of data remain in memory, like hard drives, until they are overwritten many times. This means that it’s relatively easy for someone with the right tools to figure out what you had stored in RAM, which may be the contents of important files, internet activity, or whatever else it is you do with your computer.

The basic use of smem is the same as srm, although it is a good deal slower. There are options to speed things up, but they increase the risk by performing fewer overwrite passes. For a complete list of options, read the manual on smem (the man smem command), but its basic use is just running the “smem” command, as such:

sfill – secure free space wipe
sfill follows the same general method as srm. It is used to wipe all the free space on your disk, where past files have existed. This is particularly useful if you are getting rid of a hard disk for good; you can boot a LiveCD, delete everything on the disk, and then use sfill to make sure that nothing is recoverable. You may have to be root in order to use this tool effectively, since regular users might not have write access to certain filesystems, and you might have a quota enabled. sfill usage is as such:

If you specify a directory that isn’t a mountpoint itself (for example, if you have /home/ on a separate partition, but you select /home/me/fun), sfill will wipe the freespace on which the directory resides (in the above example, the /home partition).

sswap – secure swap wipe
The sswap program is used to wipe your swap partitions, which store the data of running programs when your RAM is filled up. Therefore, feel a need to run smem, it’s probably a good idea to run sswap, too. However, before you use it you must disable your swap partition. You can determine your mounted swap devices by running:

Or looking in your /etc/fstab file for filesystems of the type “swap”. In my case, my swap partition is /dev/sda5, so to disable it I run:

Once your swap device is disabled, you can wipe it with sswipe. In my case, I run:

If you aren’t running this as root (sudo), you’re likely to get a permission denied error. As with any of the above commands, you can get more information while it’s running by adding the “-v” option for verbose mode. Also, don’t forget to re-enable swap when you’re finished! Use the swapon command:

Passes
A commonly asked question is, “how many passes does it take before a file can’t possibly be recovered by advanced tools, such as those used by law-enforcement? The answers here vary, and you can get a lot of extra information via google, but the basics are that the US Government’s standard is 7 passes, while data has been known to be recovered from as many as 14 passes. The “shred” tool allows you to specify the number of passes you wish to make, while the Secure-Delete tools use a default of 38 passes (enabling the “fast” and “lessen” options on the secure-delete tools significantly decreases the number of passes, however). Of course, more passes means more time, so there’s a trade-off here; depending on how private the data is, and how much time you have available, you may want to use a fewer or greater of passes.

Filesystems

Another thing to note is that RAID configurations and networked filesystems may affect the performance and effectiveness of these tools. Using a networked filesystem, for example, unless you can SSH into the remote computer, you can’t wipe the machine’s memory and swap. With RAID striping, there are more disks to consider, hence more redundant data traces, so you may want to consider doing a few extra passes. especially using the shred tool.

If you are throwing away an old hard drive (or giving/selling it to someone), have files with personal information you don’t want anyone to be able to access, or are just a paranoid-type in general, it’s important to make sure your deleted files are permanently gone. Using some simple command line tools, you can easily and effectively delete files permanently in Linux. These are simple commands that everyone should know how to use, and can come in handy if your privacy is of concern to you.

Tags: howto, Security

This entry was posted on Monday, March 2nd, 2009 at 4:00 pm and is filed under How-Tos. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.