In an age of rampant security attacks, safeguarding data is paramount.
After all, data is the new Kohinoor for organizations of all sizes in the modern era.
secure-delete is one of the command line tools available for Ubuntu and its derivatives like Linux Mint to securely erase data.
Secure file and folder deletion is also important when disposing older or end-of-life PCs or servers or reselling them on auction sites like eBay.
Ensuring data security is an integral piece of data sanitization to ensure precious data does not fall into wrong hands.
Simply deleting a file or folder is not enough. There are plenty of tools that’ll allow the bad guys to easily retrieve a deleted file/folder.
So you need a robust tool to ensure that erased data is gone forever to prevent it from falling into wrong hands.
Data sanitization is a broad category and includes many options.
Hard-drive shredding and incineration are two options for extreme-security conscious organizations like the NSA, FBI or CIA.
In this post, we’ll consider a simple software technique to securely remove a file or folder from your Ubuntu Linux system.
We’ll use a CLI utility called secure-delete for an Ubuntu system.
Install and Verify Download:
You can download secure-delete and verify installation via the CLI with the following commands:
$ sudo apt install secure-delete
It’s possible your organization may have already installed secure-delete on your key servers and endpoints.
If you’re verifying a previous installation, go with the below command:
$ apt-cache policy secure-delete secure-delete: Installed: 3.1-6ubuntu2 Candidate: 3.1-6ubuntu2 Version table: *** 3.1-6ubuntu2 500 500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages 100 /var/lib/dpkg/status
Secure-delete CLI Options
Here are a few key options for the secure-delete utility that I grabbed from its man pages:
-d ignore the two special dot files . and .. on the commandline. (so you can execute it like “srm -d .* *”)
-f fast (and insecure mode): no /dev/urandom, no synchronize mode.
-l lessens the security. Only two passes are written: one mode with 0xff and a final mode random values.
-l -l for a second time lessons the security even more: only one random pass is written.
-r recursive mode, deletes all subdirectories.
-v verbose mode
-z wipes the last write with zeros instead of random data
Test File Deletion
Let’s now do a test run of secure-delete.
I created a file called Test-Delete.
Next step is to go ahead and delete it via secure-delete.
I opted to use the command srm -vz since it does 38-passes and then wipes the last write with zeros instead of random data.
$ srm -vz Test-Delete Using /dev/urandom for random input. Wipe mode is secure (38 special passes) Wiping Test-Delete ***************************** Removed file Test-Delete ... Done
If you want to delete an entire folder along with all the files inside it then you must add the -r option to your command:
$ srm -vzr [folder_name]
I suggest you take a deko at the man pages of secure-delete to learn more about this important security tool.
Note of Caution
As with some security tools, secure-delete too has limitations.
Read the man pages at man srm for secure-delete for details on the limitations.
Here’s an excerpt from the secure-delete man pages:
“Some of your data might have a temporary (deleted) copy somewhere on the disk. You should use sfill which comes with the secure_deletion package to ensure to wipe also the free diskspace. However, If already a small file acquired a block with your precious data, no tool … can help you here. For a secure deletion of the swap space sswap is available.”
secure-delete is a powerful tool and it’s unlikely you’ll be able to restore a file or folder if you accidentally delete it.
So act with caution before hitting the enter key and always ensure your organization has a robust backup policy.