When you erase a file, the data is not destroyed. Only the index listing where the file is stored is destroyed, and the storage is made available for reuse. On a busy system with a nearly full drive, this space can get overwritten and reused in a few seconds. But, there is no way to know with certainty that overwriting has occurred.
Shred is a U.S. government (Department of Defense) approved secure hard disk erasure tool. Shred lets you delete information permanently by overwriting data numerous times (25 times by default), which makes shredded data nearly impossible to reclaim.
A shell script called ShredTheSystem facilitates this process. This script can be used to:
- Prepare a system for RMA
- Prepare a system for disposal
The Shred tool uses many overwrite passes, with the data patterns chosen to maximize the damage they do to the old data. All McAfee SIEM appliances activate Shred on all appropriate files when you type
ShredTheSystem at the command line. There are also several ways to run the program manually:
- Delete the database on ESM for RMA:
# shred -fuvn1 /usr/local/ess/data/*
- Delete the databases on IPS, DBM, and APM for RMA:
# shred -fuvn1 /var/log/data/inline/*
- Delete the logs on a Receiver:
# shred -fuvn1 /var/log/data/inline/thirdparty.logs/
Command-line parameters
| -f |
Force: Change permissions to allow writing, if needed. |
| -n |
Iterations: Overwrite n times instead of the default, which is 25. |
| -s |
Size: Shred this many bytes (suffixes such as K, M, G are accepted). |
| -u |
Remove: Truncate and remove file after overwriting. |
| -v |
Verbose: Show progress. |
| -x |
Exact: Do not round file sizes up to the next full block. |
| -z |
Zero: Hide shredding by adding a final overwrite with zeros. |
| - |
Shred standard output. |
| -help |
Show man pages. |
| -version |
Output version of shred and exit. |
