This is my first time posting to the BT forums, but I'm a big fan of BT, so I figured I'd make my first post a contribution (albeit a small one); rather than a question.
Personally, I liberally send many files to the Trash (highlighting a file and then pressing just "delete") to keep my desktop environment organized, but the files on hand incase I deleted something important. After a while, I want to get ride of all those files securely. So, here is what I use for securely erasing my trash.
To get situated, open a terminal and cd to your root directory:
(Optional)
STEP 1: Upgrade to the latest version of scrub.
First, we'll upgrade to the latest version of scrub -- the program we'll be using to sanitize the contents of our files. This program is already included in BT, but this will get us the latest version.
Code:
wget http://diskscrub.googlecode.com/files/scrub-2.4.tar.bz2
Verify checksum -- always a good measure.
Code:
sha1sum scrub-2.4.tar.bz2
Output:
Code:
1065cde68549cd8b013f2b82bc5bb24922010da7 scrub-2.4.tar.bz2
Install it. Since BT has scrub already installed in the default directory, there is no custom configuration necessary.
Code:
tar -vxjf scrub-2.4.tar.bz2
cd scrub-2.4
./configure
make
make install
Check your version to make sure it installed correctly:
Output:
A little cleanup:
Code:
cd ~
rm -rf ./scrub-2.4
rm scrub-2.4.tar.bz2
NOTE: Obviously the version output and checksum will change depending on the version of scrub that is currently available.
STEP 2: Create a script which will perform the procedure
Code:
touch secure_trash
kate secure_trash
Add the following lines to your newly created file:
Code:
#!/bin/bash
find ~/.local/share/Trash/files ~/.local/share/Trash/info -type f -print0 | xargs -0 -I{} /usr/local/bin/scrub -Sfp nnsa {}
find ~/.local/share/Trash/files/* ~/.local/share/Trash/info/* -depth | while read i
do
cleant=$(head -c17 /dev/urandom | tr -d [[:space:]] | tr -d [[:punct:]])
mv "$i" ~/.local/share/Trash/files/"$cleant" 2> /dev/null
done
rm -rf ~/.local/share/Trash/files/*
Save it and exit Kate.
NOTE
What this script will do is, sanitize the entire contents of all files within your two Trash directories (i.e.: .../Trash/files/ & .../Trash/info/) using Roy Pfitzner's 33-random-pass method. Arguable, the most secure, but also most unnecessary of the popular algorithms. You're sacrificing time by using this method, so I suggest you pick which one is right for you. Just replace "pfitzner33" with one of the following:
- nnsa - U.S. NNSA Policy Letter NAP-14.1-C
- dod - U.S. DoD 5220.22-M
- usarmy - U.S. Army AR380-19
- bsi - German Center of Security in Information Technologies
- gutmann - 35-pass algorithm from Peter Gutmann's 1996 paper
- schneier - algorithm described in Bruce Schneier's Applied Cryptography (1996)
- pfitzner7 - Roy Pfitzner's 7-random-pass method
- pfitzner33 - Roy Pfitzner's 33-random-pass method
From scrub's website
UPDATE: I changed the default algorithm to nnsa instead of pfitzner33 -- pfitzner33 took ridiculously long with a typical sized trash. You can always change it though
Next, it will grab all files AND sub-directories from the above-two directories and rename them to a random string that's 4 characters in length. It will also move them all into .../Trash/files/. Then, it uses a simple recursive remove to free up all the space from disk.
Your trash will be completely sanitized after running it, and both Trash sub-directories (files & info) will remain intact.
STEP 3: Cleanup
Move it somewhere safe so you don't accidentally execute it by accident.
Personally, I'll hide it from the desktop environment in the root directory.
Code:
mv secure_trash /.secure_trash
Make it executable
Code:
chmod +x /.secure_trash
Now run it whenever necessary.
(Optional)
STEP 4: Automatically securely erase your trash at shutdown.
For convenience, you could make this script run automatically at shutdown.
Code:
cp /.secure_trash /etc/init.d/secure_trash
ln -s /etc/init.d/secure_trash /etc/rc0.d/K10secure_trash
ln -s /etc/init.d/secure_trash /etc/rc6.d/K10secure_trash
That's it. It's basic, but it works. I'm sure others can improve upon this easily, but I'd imagine some will find this useful.
Again, this is my first post, if I broke any forum rules, I apologize in advance (I did read them). Also, I'd appreciate any feedback (positive or constructive).
Thanks!
How To: Securely (and automatically) sanitize your trash contents and file names
Posting Permissions
