All services and accounts have been migrated to the new server, firefly, for a couple of weeks now, so today I started work on decommissioning the old server, serenity. Normally I’d wipe the disks like so:

# dd infile=/dev/urandom outfile=/dev/hda1

But that has been complicated by the annoying fact that the hosting company built the OS on a single disk partition. An attempt to destroy the contents of hda1 would risk causing an
operating system crash before all the contents had been destroyed.* If I had physical access to the server I could boot from a live CD and have a free go at the hard drive, but that isn’t an option. I needed a tool that would give me some precision as to what I was destroying.

I’ve opted to use shred, a program included in the coreutils package that writes random data over a file’s bytes. Learning about shred was funny because there is a lot of misinformation out there. Its primary weakness is that it assumes that the filesystem overwrites data in-place, and not all modern filesystems do that — in fact most modern filesystems don’t do that. serenity used the ext3 filesystem, and there’s quite a number of people screaming on the ‘Net that shred is ineffective on ext3 filesystems. Well, I actually R’ed the FM, where I learned that ext3 filesystems are only problematic to shred in data=journal mode (not the default). Seems I was all clear.

I couldn’t shred the entire filesystem or I would find myself in the same conundrum as if I had used the dd method, so I decided to concentrate on user data, databases, certificates and system passwords. After that I could let loose a more dangerous (but less precise) method and call it a night.

shred’s other weakness is that it was designed to be used on single files (or whole filesystems via their device files) rather than recursing through a directory tree like “rm -Rf”. So I wrapped it in a find statement and then deleted the empty user home directory trees by hand before deleting each user’s account. Actually the whole thing can be neatly wrapped up in some awk:

# for u in `awk -F ':' '$3 <= 1000 && $3 > 65534 { print $1 }' /etc/passwd`; do
> find / -type f -user $u -exec shred -n 3 -zu {} \;
> rm -Rf /home/$u
> deluser $u
> done

So serenity has been wiped clean. I’m going to call the hosting company in just a bit and terminate service. Everything is chugging along on firefly. Our long national nightmare is over.

* I don’t really know if this is true, but it seems a good guess. Input appreciated.

Rss Commenti

No Comments

No comments yet.

Leave a Comment

You must be logged in to post a comment.