Secure erase HDDs in Hong Kong (OpenBSD/Linux)
D. Hugh Redelmeier
hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org
Fri Apr 16 16:47:36 UTC 2010
| From: John Miles <jmiles242-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>
| I've got an OpenBSD machine in Hong Kong, where I would like to completely
| erase the hard drives in the machine - including the operating system.
The answer might be OpenBSD specific. And that community is probably
more security-aware than ours.
| This will probably need to be done on some of my Ubuntu machines once they
| reach end of service also, so I thought I would ask if anyone has any
| experience with this.
No experience.
| When I have physical access to the disks, I simply utilize DBAN, or boot up
| with the SystemrescueCD and dd=/dev/random to the entire disk.
Many think that a simple single overwrite is not a secure wipe.
| There are may posts about a Unix machine still able to operate if the
| underlying operating system disk goes offline, but it is difficult to find
| out whether there are some OS tweaks I need to perform first. I am assuming
| one would turn swap off, but then, from thence forth I am unsure.
I would expect that you could build a ramdisk with selected portions
of / and then "pivot" to the ramdisk. At that point you could unmount
the disk partition for / and have at it.
If this crashed, the system might be in some intermediate state that
you could not recover from but was not securely wiped.
| I am supposing that I might also be able to setup a disk image with DBAN, or
| SDD (Secure Data Disposal) on it, and set the boot loader to load that by
| default also.
Seems likely.
It also seems likely that, without a console, you'd never know if it
worked. So Clifford's suggestion is worth looking into.
Perhaps you could install a new bootable system with nothing that you care
about (e.g. only throw-away ssh keys). Then use that as a secure base
from which to wipe everything else.
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list