Red Hat Summit4.16. Removing Data Securely Using scrub
The scrub utility sets patterns on special files or disk devices to make retrieving data more difficult. Using scrub is faster than writing random data on a disk. This process provides high availability, reliability, and data protection.
To start using the
scrub command, install the scrub package:
~]# yum install scrub
~]# yum install scrub
The scrub utility operates in one of the following basic modes:
-
Character or Block Device - The special file corresponding to a whole disk is scrubbed and all data on it, is destroyed. This is the most effective method.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow scrub [OPTIONS] special file
scrub [OPTIONS] special file -
File - A regular file is scrubbed and only the data in the file is destroyed.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow scrub [OPTIONS] file
scrub [OPTIONS] file -
Directory - With the
-Xoption, a directory is created and filled with files until the file system is full. Then, the files are scrubbed as in file mode.Copy to Clipboard Copied! Toggle word wrap Toggle overflow scrub -X [OPTIONS] directory
scrub -X [OPTIONS] directory
Example 4.7. Scrubbing a Raw Device
To scrub a raw device /dev/sdf1 with default National Nuclear Security Administration (NNSA) patterns, enter the following command:
~]# scrub /dev/sdf1 scrub: using NNSA NAP-14.1-C patterns scrub: please verify that device size below is correct! scrub: scrubbing /dev/sdf1 1995650048 bytes (~1GB) scrub: random |................................................| scrub: random |................................................| scrub: 0x00 |................................................| scrub: verify |................................................|
~]# scrub /dev/sdf1
scrub: using NNSA NAP-14.1-C patterns
scrub: please verify that device size below is correct!
scrub: scrubbing /dev/sdf1 1995650048 bytes (~1GB)
scrub: random |................................................|
scrub: random |................................................|
scrub: 0x00 |................................................|
scrub: verify |................................................|
Example 4.8. Scrubbing a File
- Create a 1MB file:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]$ base64 /dev/urandom | head -c $[ 1024*1024 ] > file.txt
~]$ base64 /dev/urandom | head -c $[ 1024*1024 ] > file.txt - Show the file size:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]$ ls -lh total 1.0M -rw-rw-r--. 1 username username 1.0M Sep 8 15:23 file.txt
~]$ ls -lh total 1.0M -rw-rw-r--. 1 username username 1.0M Sep 8 15:23 file.txt - Show the contents of the file:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]$ head -1 file.txt JnNpaTEveB/IYsbM9lhuJdw+0jKhwCIBUsxLXLAyB8uItotUlNHKKUeS/7bCRKDogEP+yJm8VQkL
~]$ head -1 file.txt JnNpaTEveB/IYsbM9lhuJdw+0jKhwCIBUsxLXLAyB8uItotUlNHKKUeS/7bCRKDogEP+yJm8VQkL - Scrub the file:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]$ scrub file.txt scrub: using NNSA NAP-14.1-C patterns scrub: scrubbing file.txt 1048576 bytes (~1024KB) scrub: random |................................................| scrub: random |................................................| scrub: 0x00 |................................................| scrub: verify |................................................|
~]$ scrub file.txt scrub: using NNSA NAP-14.1-C patterns scrub: scrubbing file.txt 1048576 bytes (~1024KB) scrub: random |................................................| scrub: random |................................................| scrub: 0x00 |................................................| scrub: verify |................................................| - Verify that the file contents have been scrubbed:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]$ cat file.txt SCRUBBED!
~]$ cat file.txt SCRUBBED! - Verify that the file size remains the same:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ~]$ ls -lh total 1.0M -rw-rw-r--. 1 username username 1.0M Sep 8 15:24 file.txt
~]$ ls -lh total 1.0M -rw-rw-r--. 1 username username 1.0M Sep 8 15:24 file.txt
For more information on
scrub modes, options, methods, and caveats, see the scrub(1) man page.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}