If you ever worked for Government or Defense organization, you may come across a request for Department of Defense (DoD) compliant disk wipe program to remove files / disk securely. There are many programs exists for doing the same job. One of my favorite program is scrub, which writes patterns on special files (i.e. raw disk devices) or regular files to make retrieving the data more difficult. Scrub implements user-selectable pattern algorithms that are compliant with DoD 5520.22-M or NNSA NAP-14.x. The dod scrub sequence is compliant with the DoD 5220.22-M procedure for sanitizing removeable and non-removeable rigid disks which requires overwriting all address able locations with a character, its complement, then a random character, and verify.
Download scrub
You can download scrub here. The package is available in both source and binary releases for
=> Redhat Enterprise Linux (RHEL 4 / 5)
=> Debian / Ubuntu Linux
=> HP-UX UNIX
=> Mac OS etc
How do I use scrub?
Scrub operates in one of three modes:
- The special file corresponding to an entire disk is scrubbed and all data on it is destroyed. This mode is selected if file is a character or block special file. This is the most effective method.
- A regular file is scrubbed and only the data in the file (and optionally its name in the directory entry) is destroyed. The file size is rounded up to fill out the last file system block. This mode is selected if file is a regular file.
- file is created, expanded until the file system is full, then scrubbed as in 2). This mode is selected with the -X option.
Examples
Scrub mysensitive.file.txt file, enter:
$ scrub mysensitive.file.txt
Output:
scrub: using NNSA NAP-14.x patterns scrub: padding mysensitive.file.txt with 3998 bytes to fill last fs block scrub: scrubbing mysensitive.file.txt 4096 bytes (~4KB) scrub: random |................................................| scrub: random |................................................| scrub: 0x0 |................................................| scrub: verify |................................................|
To use patterns compliant with DoD 5220.22-M, enter:
$ scrub -p dod mysensitive.file.txt
Output:
scrub: using DoD 5220.22-M patterns scrub: padding mysensitive.file.txt with 3998 bytes to fill last fs block scrub: scrubbing mysensitive.file.txt 4096 bytes (~4KB) scrub: 0x0 |................................................| scrub: 0xff |................................................| scrub: random |................................................| scrub: 0x0 |................................................| scrub: verify |................................................|
Erase /dev/sda1 – the special file corresponding to an entire disk is scrubbed and all data on it is destroyed, enter:
# scrub /dev/sda1
Related recommended program
Please note that following programs are not compliant with DoD 5220.22-M or certified, but sufficient for home users.
=> wipe, shred and srm utilities.
1 comment
It’s a very useful program. Nice post!