Results 1 to 2 of 2

Thread: How To: Securely (and automatically) sanitize your trash contents and file names

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Feb 2011

    Default How To: Securely (and automatically) sanitize your trash contents and file names

    This is my first time posting to the BT forums, but I'm a big fan of BT, so I figured I'd make my first post a contribution (albeit a small one); rather than a question.

    Personally, I liberally send many files to the Trash (highlighting a file and then pressing just "delete") to keep my desktop environment organized, but the files on hand incase I deleted something important. After a while, I want to get ride of all those files securely. So, here is what I use for securely erasing my trash.

    To get situated, open a terminal and cd to your root directory:
    STEP 1: Upgrade to the latest version of scrub.

    First, we'll upgrade to the latest version of scrub -- the program we'll be using to sanitize the contents of our files. This program is already included in BT, but this will get us the latest version.
    Verify checksum -- always a good measure.
    sha1sum scrub-2.4.tar.bz2
    1065cde68549cd8b013f2b82bc5bb24922010da7  scrub-2.4.tar.bz2
    Install it. Since BT has scrub already installed in the default directory, there is no custom configuration necessary.
    tar -vxjf scrub-2.4.tar.bz2
    cd scrub-2.4
    make install
    Check your version to make sure it installed correctly:
    scrub -v
    scrub version 2.4
    A little cleanup:
    cd ~
    rm -rf ./scrub-2.4
    rm scrub-2.4.tar.bz2
    NOTE: Obviously the version output and checksum will change depending on the version of scrub that is currently available.

    STEP 2: Create a script which will perform the procedure
    touch secure_trash
    kate secure_trash
    Add the following lines to your newly created file:
    find ~/.local/share/Trash/files ~/.local/share/Trash/info -type f -print0 | xargs -0 -I{} /usr/local/bin/scrub -Sfp nnsa {}
    find ~/.local/share/Trash/files/* ~/.local/share/Trash/info/* -depth | while read i
        cleant=$(head -c17 /dev/urandom | tr -d [[:space:]] | tr -d [[:punct:]])
        mv "$i" ~/.local/share/Trash/files/"$cleant" 2> /dev/null
    rm -rf ~/.local/share/Trash/files/*
    Save it and exit Kate.

    What this script will do is, sanitize the entire contents of all files within your two Trash directories (i.e.: .../Trash/files/ & .../Trash/info/) using Roy Pfitzner's 33-random-pass method. Arguable, the most secure, but also most unnecessary of the popular algorithms. You're sacrificing time by using this method, so I suggest you pick which one is right for you. Just replace "pfitzner33" with one of the following:

    • nnsa - U.S. NNSA Policy Letter NAP-14.1-C
    • dod - U.S. DoD 5220.22-M
    • usarmy - U.S. Army AR380-19
    • bsi - German Center of Security in Information Technologies
    • gutmann - 35-pass algorithm from Peter Gutmann's 1996 paper
    • schneier - algorithm described in Bruce Schneier's Applied Cryptography (1996)
    • pfitzner7 - Roy Pfitzner's 7-random-pass method
    • pfitzner33 - Roy Pfitzner's 33-random-pass method

    From scrub's website

    UPDATE: I changed the default algorithm to nnsa instead of pfitzner33 -- pfitzner33 took ridiculously long with a typical sized trash. You can always change it though

    Next, it will grab all files AND sub-directories from the above-two directories and rename them to a random string that's 4 characters in length. It will also move them all into .../Trash/files/. Then, it uses a simple recursive remove to free up all the space from disk.

    Your trash will be completely sanitized after running it, and both Trash sub-directories (files & info) will remain intact.

    STEP 3: Cleanup

    Move it somewhere safe so you don't accidentally execute it by accident.

    Personally, I'll hide it from the desktop environment in the root directory.
    mv secure_trash /.secure_trash
    Make it executable
    chmod +x /.secure_trash
    Now run it whenever necessary.

    STEP 4: Automatically securely erase your trash at shutdown.

    For convenience, you could make this script run automatically at shutdown.
    cp /.secure_trash /etc/init.d/secure_trash
    ln -s /etc/init.d/secure_trash /etc/rc0.d/K10secure_trash
    ln -s /etc/init.d/secure_trash /etc/rc6.d/K10secure_trash
    That's it. It's basic, but it works. I'm sure others can improve upon this easily, but I'd imagine some will find this useful.

    Again, this is my first post, if I broke any forum rules, I apologize in advance (I did read them). Also, I'd appreciate any feedback (positive or constructive).

    Last edited by testingresults; 03-24-2011 at 09:00 PM. Reason: Fix for-loop to be able to deal with unusual file names

  2. #2
    Just burned his ISO
    Join Date
    Feb 2011

    Default Re: How To: Securely (and automatically) sanitize your trash contents and file names

    Anyone who has used the original bash script that I wrote should update to the one that is currently in the post.

    The original script wasn't properly handling files with unusual characters in their name because of some syntax error when using find in a for-loop.

Similar Threads

  1. trash icon
    By ammadeyy in forum OLD Newbie Area
    Replies: 3
    Last Post: 12-25-2009, 08:10 PM
  2. Table of Contents
    By cynicalpsycho in forum OLD Latest Public Release - BackTrack4 Beta
    Replies: 3
    Last Post: 04-25-2009, 09:49 AM
  3. Cant delete trash!
    By M1TH1K in forum OLD Newbie Area
    Replies: 4
    Last Post: 03-27-2009, 05:35 AM
  4. contents difference between USB and iso BT3?
    By dragon1964m in forum OLD Newbie Area
    Replies: 0
    Last Post: 02-19-2008, 09:10 AM
  5. Don't forget to take out the trash.
    By Paton in forum OLD Newbie Area
    Replies: 1
    Last Post: 10-04-2007, 01:35 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts