[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] RAQ3 - Remotely Wipe Drive Clean
- Subject: RE: [cobalt-security] RAQ3 - Remotely Wipe Drive Clean
- From: "Matthew Nuzum" <newz@xxxxxxxxxxxxx>
- Date: Tue, 13 Nov 2001 11:18:30 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hey, do you want to wipe the ENTIRE drive clean, or just get rid of your
files? Here's a way to get rid of your files, in a permanent way, so
that even the NSA [probably] couldn't get them off. (like it matters,
they probably already have a copy :)
Delete your sites and users from the admin panel.
SSH (or telnet) in as admin.
SU to root.
Make sure all files are gone from /home/sites accept the default site
(aka home). Make sure all users are gone from /home/sites/home/users
except admin.
Get rid of all the log files by doing a "cat /dev/null >logfile" for
each log file in /var/log. Replace the word logfile with the actual
name of the log file.
Look at /etc/passwd and /etc/aliases (or /etc/mail/aliases) and delete
entryies you don't want.
You may want to check /home/spool for files as well.
Do a "df" command to see how much space is on each filesystem. You'll
see something like this:
Filesystem 1k-blocks Used Available Use% Mounted
on
/dev/hda1 743466 614099 129367 83% /
/dev/hda3 198601 15417 183184 8% /var
/dev/hda4 18107135 1849831 16257304 10% /home
The next few commands will use the file sizes form the available column
on my example df output. Use your actual df output.
dd if=/dev/zero of=/zeros.txt bs=1024 count=129367
dd if=/dev/zero of=/var/zeros.txt bs=1024 count=183184
dd if=/dev/zero of=/home/zeros.txt bs=1024 count=16257304
These commands create a file of whatever size is specified by
count*1024. The files will contain nothing but the number 0 repeated
over and over. By creating a file in each filesystem that exactly the
same size as the free space, you will be rewriting all the space on your
hard drive with new data, so that it cannot be read.
You may then want to reboot your server, which is a sure way to flush
the cache and make sure that all your zeros where written to disk. I
would then delete your zero files just to be nice.
You should then have a nice clean server. Hope this helps,
Matthew Nuzum
followers.net <http://www.followers.net>
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx [mailto:cobalt-security-
> admin@xxxxxxxxxxxxxxx] On Behalf Of Malcolm Wild
> Sent: Tuesday, November 13, 2001 10:50 AM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-security] RAQ3 - Remotely Wipe Drive Clean
>
> su
> rm -Rf /
>
> # ;) it'll never work again!
>
> on a serious note this only removes the system file nodeID so the data
is
> all still there and an educated person could recover it.
>
> if your really worried about the data getting into the wrong hands,
send
> them a replacement HDD and ask them to send the used one in the unit
back.
> We do this swap out on managed secure servers on HDD per client and
the
> old/broken ones are destroyed.
>
> hope that helps
>
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Chaim
Krause
> Sent: 13 November 2001 15:24
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: [cobalt-security] RAQ3 - Remotely Wipe Drive Clean
>
>
> Hello,
>
> I have been renting a RAQ3 month-by-month from an out-of-state
> colocatation facility. I no longer need to rent the box and want to
> know the best way to wipe the hard drive clean; to remove all traces
of
> my data. I will need to do this from a telnet session as I do not have
> physical access to the box.
>
> Any suggestions on how I should do this?
>
> thanx,
> chaim
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
BEGIN:VCARD
VERSION:2.1
N:Nuzum;Matthew
FN:Matthew Nuzum
ORG:Followers.Net, Inc.
TEL;WORK;FAX:(520) 244-3784
URL;WORK:http://www.followers.net
EMAIL;PREF;INTERNET:matt@xxxxxxxxxxxxx
REV:20010705T231733Z
END:VCARD