Are you still removing your files containing sensitive information (ssh keys, account password, auth file, etc) using the standard way?
Then you are making it easier for third-party applications to recover. Let’s dig in more; every time you delete files the standard way, they just get unlinked from the filesystem, making the block free for overwriting.
Table of Contents
Is it possible to recover deleted data from a Linux system?
If you do not perform any rewrite operations after deleting the file by standard methods, Unlink Block will still hold the data of your file and can be recovered by third-party applications.
How Shredding Works in Linux
To make recovery impossible, you can shred your file by overwriting the block with multiple layers of random data.
Instead of the original data, the block will hold randomly generated data, which will be of no use if recovered by any tool.
shred command in Linux
The shred
command is part of the Coreutils
package and can help you destroy your files, making them unrecoverable by any application in Linux.
The filesystem block holding your unlinked data will have the copy of randomly generated data overwritten into your file by the shred command.
Is this method suitable? Below are some rare situations where your file might be still available for recovery, making your effort ineffective.
- A file system that supports journaling (JFS, ReiserFS, etc)
- A file system that takes a snapshot (BTRFS, NFS)
- Data getting synched over the network using tools (rsync)
- A file system that supports caching in temporary memory (NFS v3)
Syntax
$ shred [OPTIONS] [TARGET FILE]
[OPTIONS]
use to instruct the shredding process by defining the number of overwrites to perform, amount of bytes to shred, hide shredding, etc.[TARGET FILE]
is the exact path of your file.
Below is the list of the most commonly used options with the shred command.
Options of shred command | Definition |
-f | Forcing files to be shredded |
-n | Number of overwriting to perform |
-s | Amount of bytes to shred (suffixes like K, M, G accepted) |
-u | Overwrite and remove the file |
-v | Show Progress |
-z | Hide shredding performed on a file |
Shred (Overwrite) a File
The primary function of the shred command without any options is to overwrite the file with randomly generated data, making it unrecoverable.
How to delete all files from the directory except for specific files
Below is the sample file holding the data “HELLO, TREND OCEANS!” text.
$ echo "HELLO, TREND OCEANS!" > file.txt && cat file.txt
Below is the output of the above command.
Imagine this file holding sensitive information, and if deleted, anyone can quickly recover it (unless overwritten) for reading.
To overwrite this file, use the shred command with the filename, making a recovery impossible, as shown below.
$ shred file.txt
$ cat file.txt
Below is the output of the above command.
Now, if you remove this file with the standard methods and someone recovers it, it will be of no use to them.
Assigning the Number of Times to Overwrite a File
It is possible to perform multiple overwrites to a file, making it even more impossible to recover. This can be done by specifying the number of times to overwrite a file using the “-n” option, as shown below.
$ shred -n 5 file.txt
Below is the output of the above command.
Above five times, shredding is done to your file to destroy the file content, but it didn’t output anything happening while shredding.
You can use the “-v” option to see the progress of the file being overwritten multiple times using the shred command.
Show the Shredding Progress in Verbose Mode
To see the progress of the file being overwritten, use the “-v” option along with the “-n” option to see the progress of shredding, as shown below.
$ shred -vn 5 file.txt
Below is the output of the above command.
Hide Shredding Operation Performed on File
The file content is unrecoverable after shredding, but a shredding operation can be identified on the file. To hide the shredding process on the file, use the “-z” option, as shown below.
$ shred -vzf 5 file.txt
Below is the output of the above command.
In the last line, the file’s content is overwritten by the “0” to make it undetectable.
Selectively Shred the Content of the File by Bytes
The “-s” option helps selectively overwrite the file’s content defined in the bytes. You can also specify the size in k (for kilobytes), m (for megabytes), and g (for gigabytes) for shredding.
Below is the text file containing the list of passwords on the different social platforms, and I want to remove the first password. For that, I will specify the number of bytes required to shred the first row, as shown below.
$ shred -s 5 file.txt
Below is the output of the above command.
Above, you can see the first row with the password “pass1” holding the 5 byte size data is shredded using the shred command.
Overwrite and remove the file
Until now, you have seen the shredded file is only getting overwritten, but if you want to remove the file after the shredding process is done, you can use the “-u” option along with the “-v” to monitor the changes, as shown below.
$ shred -uv file.txt
Below is the output of the above command.
Above, you see that after the file is shredded, it is removed from the system.
Those are essential things to know. If you wish to explore the shred command more, don’t forget to check its manual page using the man shred
command.
Let us know in the comment section if you have any queries regarding this topic.
Innovative tech mind with 12 years of experience working as a computer programmer, web developer, and security researcher. Capable of working with a variety of technology and software solutions, and managing databases.
Unfortunately shred and other overwriting commands are totally useless with SSD drives.
True