Linux / UNIX Software that make retrieving the data more difficult with Department of Defense ( DoD 5520.22-M ) compliant disk / file wiping

last updated in Categories Debian Linux, Download of the day, Howto, Linux, RedHat/Fedora Linux, Security, Tips, Ubuntu Linux, UNIX

If you ever worked for Government or Defense organization, you may come across a request for Department of Defense (DoD) compliant disk wipe program to remove files / disk securely. There are many programs exists for doing the same job. One of my favorite program is scrub, which writes patterns on special files (i.e. raw disk devices) or regular files to make retrieving the data more difficult. Scrub implements user-selectable pattern algorithms that are compliant with DoD 5520.22-M or NNSA NAP-14.x. The dod scrub sequence is compliant with the DoD 5220.22-M procedure for sanitizing removeable and non-removeable rigid disks which requires overwriting all address able locations with a character, its complement, then a random character, and verify.

Advertisements

Download scrub

You can download scrub here. The package is available in both source and binary releases for
=> Redhat Enterprise Linux (RHEL 4 / 5)
=> Debian / Ubuntu Linux
=> HP-UX UNIX
=> Mac OS etc

How do I use scrub?

Scrub operates in one of three modes:

  1. The special file corresponding to an entire disk is scrubbed and all data on it is destroyed. This mode is selected if file is a character or block special file. This is the most effective method.
  2. A regular file is scrubbed and only the data in the file (and optionally its name in the directory entry) is destroyed. The file size is rounded up to fill out the last file system block. This mode is selected if file is a regular file.
  3. file is created, expanded until the file system is full, then scrubbed as in 2). This mode is selected with the -X option.

Examples

Scrub mysensitive.file.txt file, enter:
$ scrub mysensitive.file.txt
Output:

scrub: using NNSA NAP-14.x patterns
scrub: padding mysensitive.file.txt with 3998 bytes to fill last fs block
scrub: scrubbing mysensitive.file.txt 4096 bytes (~4KB)
scrub: random  |................................................|
scrub: random  |................................................|
scrub: 0x0     |................................................|
scrub: verify  |................................................|

To use patterns compliant with DoD 5220.22-M, enter:
$ scrub -p dod mysensitive.file.txt
Output:

scrub: using DoD 5220.22-M patterns
scrub: padding mysensitive.file.txt with 3998 bytes to fill last fs block
scrub: scrubbing mysensitive.file.txt 4096 bytes (~4KB)
scrub: 0x0     |................................................|
scrub: 0xff    |................................................|
scrub: random  |................................................|
scrub: 0x0     |................................................|
scrub: verify  |................................................|

Erase /dev/sda1 – the special file corresponding to an entire disk is scrubbed and all data on it is destroyed, enter:
# scrub /dev/sda1

Related recommended program

Please note that following programs are not compliant with DoD 5220.22-M or certified, but sufficient for home users.
=> wipe, shred and srm utilities.

See also:

ADVERTISEMENTS

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

1 comment

    Have a question? Post it on our forum!