在退掉独立服务器之前, 为了防止数据被恢复, 可以选择安全擦除硬盘上的数据。以下是两种常见的方法: shred 和 dd。建议使用 Live CD 进行操作, 以避免系统占用硬盘导致擦除不完全。
方法一: 使用 shred
shred 工具通过多次随机数据覆盖文件或整个设备中的数据, 使数据几乎无法恢复。shred 对某些文件系统 (如日志型文件系统) 和硬件 (如 SSD) 可能无法完全擦除数据。
操作步骤
-
识别设备名称
使用以下命令列出所有连接的存储设备, 找到需要擦除的硬盘设备 (如
/dev/sdb或/dev/hdb, 而非分区/dev/sdb1)sudo fdisk -l -
执行擦除
注意: 确保选择正确的设备, 误操作可能导致重要数据丢失
使用
shred对设备进行多次随机数据覆盖。此命令默认往磁盘中写入 3 次随机数据。shred -v /dev/sdX
我使用这样的命令, 一共写入4次, 前三次使用随机数写入, 第四次写入零。-v 可以打印当前进度, -z 最后一次覆盖之后把整个盘写零
root@rescue ~ # shred -vfz /dev/sda
shred: /dev/sda: pass 4/4 (000000)...5.0TiB/5.5TiB 91%
shred: /dev/sda: pass 4/4 (000000)...5.1TiB/5.5TiB 93%
shred: /dev/sda: pass 4/4 (000000)...5.2TiB/5.5TiB 95%
shred: /dev/sda: pass 4/4 (000000)...5.3TiB/5.5TiB 97%
shred: /dev/sda: pass 4/4 (000000)...5.4TiB/5.5TiB 99%
shred: /dev/sda: pass 4/4 (000000)...5.5TiB/5.5TiB 100%
帮助文档
root@rescue ~ # shred --help
Usage: shred [OPTION]... FILE...
Overwrite the specified FILE(s) repeatedly, in order to make it harder
for even very expensive hardware probing to recover the data.
If FILE is -, shred standard output.
Mandatory arguments to long options are mandatory for short options too.
-f, --force change permissions to allow writing if necessary
-n, --iterations=N overwrite N times instead of the default (3)
--random-source=FILE get random bytes from FILE
-s, --size=N shred this many bytes (suffixes like K, M, G accepted)
-u deallocate and remove file after overwriting
--remove[=HOW] like -u but give control on HOW to delete; See below
-v, --verbose show progress
-x, --exact do not round file sizes up to the next full block;
this is the default for non-regular files
-z, --zero add a final overwrite with zeros to hide shredding
--help display this help and exit
--version output version information and exit
Delete FILE(s) if --remove (-u) is specified. The default is not to remove
the files because it is common to operate on device files like /dev/hda,
and those files usually should not be removed.
The optional HOW parameter indicates how to remove a directory entry:
'unlink' => use a standard unlink call.
'wipe' => also first obfuscate bytes in the name.
'wipesync' => also sync each obfuscated byte to disk.
The default mode is 'wipesync', but note it can be expensive.
CAUTION: shred assumes the file system and hardware overwrite data in place.
Although this is common, many platforms operate otherwise. Also, backups
and mirrors may contain unremovable copies that will let a shredded file
be recovered later. See the GNU coreutils manual for details.
GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Full documentation <https://www.gnu.org/software/coreutils/shred>
or available locally via: info '(coreutils) shred invocation'
方法二: 使用 dd
dd 是一个功能强大的数据复制工具, 可以将随机数据或零填充整个设备。
# 使用零填充
dd if=/dev/zero of=/dev/hdX bs=1M
# 使用随机数据覆盖
# 如果熵池耗尽随机数生成会阻塞
dd if=/dev/random of=/dev/hdX bs=1M
# 使用随机数据覆盖
# 使用 urandom 设备, 不会因熵池耗尽而阻塞
dd if=/dev/urandom of=/dev/hdX bs=1M
原文