Setting Data on Fire
It’s not a secret that files are not really deleted when you tell the operating system to remove them. References to the files are removed but the data stays and can be sometimes retrieved. This can save your life when you delete something you shouldn’t have. Sometimes, however, you need to deal with data that must not see the light of the day ever again.
Whenever I need to securely wipe out a few files,
shred is my good friend.
It takes one or more files and overwrites them several times, leaving no trace of the original
data (exceptions apply, see the manual page).
I was missing one feature in this tool – the
option. You cannot run
shred against a whole tree of directories and let it do
its job. Because I sometimes need to do just this, I have written a convenient script
called deurere (the Latin for “to burn down”).
#!/bin/bash # deurere, tr - to burn down # Usage: deurere [--force] directory # # http://ze.phyr.us if [ "$1" = '--force' ]; then force=1 shift else force=0 fi if [ ! -d "$1" ]; then echo $0: No input directory. exit 1 fi if [ $force != 1 ]; then echo -n "Are you sure you want to destroy '$1'? " read reply if [ "$reply" != 'yes' ]; then echo 'Aborted.' exit 2 fi fi find $1 -type f | xargs --no-run-if-empty shred --remove && rm -rf $1
Usage is straightforward:
$ ls -F victim1/ victim2/ victim3/ $ deurere victim1 Are you sure you want to destroy 'victim1'? yes $ deurere --force victim2 $ deurere victim3 Are you sure you want to destroy 'victim3'? no Aborted. $
To avoid fatal mistakes the user is required to confirm the destruction by typing
the whole word “yes”. This test can be skipped by specifying