准备把一个独服退掉, 需要擦除上面的数据. 不想让接下来用的人恢复出数据.
一共有两种选择, 所有方式建议使用 live cd 操作
- shred
- dd
shred 方式
它用随机位覆盖文件或整个设备中的数据,使其几乎无法恢复。
首先,您需要识别设备的名称。
这可能类似于 /dev/sdb
或者 /dev/hdb
(但不类似于/dev/sdb1,那是一个分区)。您可以使用 sudo fdisk -l
列出所有连接的存储设备,并在那里找到您的外部硬盘驱动器。
注意确保它是正确的设备,选择错误的设备会被擦除
此命令默认往磁盘中写入3次随机数据. -v
可以打印当前进度, -z
最后一次覆盖之后把整个盘写零
root@rescue ~ # shred -v /dev/sdX
我使用这样的命令, 一共写入4次, 前三次使用随机数写入, 第四次写入零
root@rescue ~ # shred -vfz /dev/sda
shred: /dev/sda: pass 4/4 (000000)...5.0TiB/5.5TiB 91%
shred: /dev/sda: pass 4/4 (000000)...5.1TiB/5.5TiB 93%
shred: /dev/sda: pass 4/4 (000000)...5.2TiB/5.5TiB 95%
shred: /dev/sda: pass 4/4 (000000)...5.3TiB/5.5TiB 97%
shred: /dev/sda: pass 4/4 (000000)...5.4TiB/5.5TiB 99%
shred: /dev/sda: pass 4/4 (000000)...5.5TiB/5.5TiB 100%
帮助文档
root@rescue ~ # shred --help
Usage: shred [OPTION]... FILE...
Overwrite the specified FILE(s) repeatedly, in order to make it harder
for even very expensive hardware probing to recover the data.
If FILE is -, shred standard output.
Mandatory arguments to long options are mandatory for short options too.
-f, --force change permissions to allow writing if necessary
-n, --iterations=N overwrite N times instead of the default (3)
--random-source=FILE get random bytes from FILE
-s, --size=N shred this many bytes (suffixes like K, M, G accepted)
-u deallocate and remove file after overwriting
--remove[=HOW] like -u but give control on HOW to delete; See below
-v, --verbose show progress
-x, --exact do not round file sizes up to the next full block;
this is the default for non-regular files
-z, --zero add a final overwrite with zeros to hide shredding
--help display this help and exit
--version output version information and exit
Delete FILE(s) if --remove (-u) is specified. The default is not to remove
the files because it is common to operate on device files like /dev/hda,
and those files usually should not be removed.
The optional HOW parameter indicates how to remove a directory entry:
'unlink' => use a standard unlink call.
'wipe' => also first obfuscate bytes in the name.
'wipesync' => also sync each obfuscated byte to disk.
The default mode is 'wipesync', but note it can be expensive.
CAUTION: shred assumes the file system and hardware overwrite data in place.
Although this is common, many platforms operate otherwise. Also, backups
and mirrors may contain unremovable copies that will let a shredded file
be recovered later. See the GNU coreutils manual for details.
GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Full documentation <https://www.gnu.org/software/coreutils/shred>
or available locally via: info '(coreutils) shred invocation'
dd 方式
使用 urandom 设备,因为它是获得随机模式的更现代和更好的方法。
dd if=/dev/zero of=/dev/hdX bs=1M
dd if=/dev/random of=/dev/hdX bs=1M
dd if=/dev/urandom of=/dev/hdX bs=1M
How can I securely erase a hard drive?