If you've ever wondered what the best way to properly dispose of old storage, no need to look for
dd tricks with
/dev/random content. The solution is included in
The command operates on files or block devices, and overwrites the data 25 times by default, which is enough to make it virtually unrecoverable. This is perfect for decommissioned hardware, such as servers or external storage devices, in order to ensure no potentially confidential data remains recoverable.
RHEL5 help output
Usage: shred [OPTIONS] FILE [...] Overwrite the specified FILE(s) repeatedly, in order to make it harder for even very expensive hardware probing to recover the data. Mandatory arguments to long options are mandatory for short options too. -f, --force change permissions to allow writing if necessary -n, --iterations=N Overwrite N times instead of the default (25) -s, --size=N shred this many bytes (suffixes like K, M, G accepted) -u, --remove truncate and remove file after overwriting -v, --verbose show progress -x, --exact do not round file sizes up to the next full block; this is the default for non-regular files -z, --zero add a final overwrite with zeros to hide shredding - shred standard output --help display this help and exit --version output version information and exit Delete FILE(s) if --remove (-u) is specified. The default is not to remove the files because it is common to operate on device files like /dev/hda, and those files usually should not be removed. When operating on regular files, most people use the --remove option. CAUTION: Note that shred relies on a very important assumption: that the filesystem overwrites data in place. This is the traditional way to do things, but many modern filesystem designs do not satisfy this assumption. The following are examples of filesystems on which shred is not effective: * log-structured or journaled filesystems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.) * filesystems that write redundant data and carry on even if some writes fail, such as RAID-based filesystems * filesystems that make snapshots, such as Network Appliance's NFS server * filesystems that cache in temporary locations, such as NFS version 3 clients * compressed filesystems In addition, file system backups and remote mirrors may contain copies of the file that cannot be removed, and that will allow a shredded file to be recovered later. Report bugs to <firstname.lastname@example.org>.
- Dispose of a logical volume :
shred -v /dev/vg0/lvname lvremove /dev/vg0/lvname
- Dispose of an entire emptied physical volume, 5 pass instead of the default 25 then fill with zeroes :
pvremove /dev/sdb1 shred -v -n 5 -z /dev/sdb1
- Dispose of a Xen domU image file, remove it when finished :
shred -v -u /var/lib/xen/images/vm1.img
- Dispose of an entire machine's content by booting off the install CD/DVD in rescue mode :
shred -v /dev/sda