If you have a file containing the sensitive information, deleting it simply with the rm command or pressing the Del key might not be enough. Usually, when you delete a file using the rm command, it removes just from our directory listing. The deleted file remains on the hard disk and can be recovered and misused by an attacker with some necessary skills.
In Linux, the shred command allows you to securely delete the files by overwriting the file repeatedly with gibberish data. This makes retrieval of the original data quite difficult or nearly impossible, even if the deleted file is recovered.
Shred command not just overwrites a file but deletes it as well if specified. You can also use it to overwrite partitions or an entire disk.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Linux commands queries.
In this context, we shall look into how to use the shred command in Debian 10 OS to securely delete the files. The same procedure can be followed in other Debian and Ubuntu versions.
Shred command is one of the GNU Core Utilities and is available on nearly any Linux system including Debian.
Let's see how to work with the shred command.
Shred Command Syntax
Below is the shred command syntax:
$ shred option <FILE>
Where the "FILE" can be a file or any hard disk partition.
When you use the shred command without any option, it overwrites the file with gibberish data multiple times.
To understand what the shred command does, let's create a test file named "testfile.txt" with some text in it:
$ echo "this file contains some sample text" > testfile.txt
See below how it looks like:
$ cat testfile.txt
"this file contains some sample text"
After creating the file, also check the size of the file.
We will use it later to compare it against the size of the shredded file.
$ ls -l testfile.txt
-rw-r--r-- 1 user user 42 May 1 10:10 testfile.txt
Now run the shred command (without any command line option) followed by the file name that you want to shred:
$ shred testfile.txt
The above command will overwrite the testfile.txt three times (by default).
To see what happened to the test file, call the cat command:
$ cat testfile.txt
From the cat command output, you will only see the gibberish inside the file.
Also, if you view the file size, you will notice it has increased.
Shred Command Line Options
The shred command has a few command line options to allow you to expand its functionalities.
Let's have a look at some examples of how these options work.
i. Verbose Output
Using the -v or –verbose option, you can view what is happening in the background.
$ shred -v testfile.txt
ii. Overwrite Multiple Files
If you have more than one file, you can shred them using a single command instead of shredding them one by one using separate commands.
To shred more than one files, type them all as an argument (separated by space) or use the wildcard character to specify all the files which have the same extensions:
$ shred -v testfile1.txt testfile2.txt testfile3.txt
All files will be shredded in a single process
iii. Overwrite Drives
You can also use the shred command to overwrite the drives and partitions.
For example, to overwrite all the data on the /dev/sda2 partition, the command would be:
$ sudo shred -v /dev/sda2
iv. Overwrite with zeros
Usually, the shred command overwrites the file with the random data. However, it will be conspicuous on your system that the shredding operation was performed on this device.
You may hide the shredding process using the -z or –zero option with shred command.
Using shred command with -z or –zero option first overwrites the file with random numbers, then adds a final overwrite with zeros.
$ shred -vz testfile.txt
Here, you can see that after overwriting the file three times with random numbers, the shred finally overwrote the file with zeros.
v. Selectively Overwrite
The shred command overwrites the files 3 times with random junk. To increase the number of overwrite passes, use the -n or –iterations option.
For example, to shred the testfile.txt using 5 number of overwrite passes, the command would be:
$ shred -vn5 testfile.txt
vi. Overwrite Only First x Bytes
The default behavior of the shred command is to overwrite the whole file. Using the -s or –size option with the shred command allows you to overwrite only first x bytes.
For instance, to overwrite only the first 6 bytes of testfile.txt, the command would be:
$ shred -vs6 testfile.txt
The above command will only overwrite the first 6 bytes of the specified file. You can verify it by calling the cat command.
vii. How to Delete File after Overwriting
As discussed earlier, the shred command only overwrites the file if we use it without any command line options.
However, after overwriting, you can delete the file as well using the -u or –remove option with the shred command. Note that it will also rename the file before deletion:
$ shred -vu testfile.txt
Now the file will be finally removed after being overwritten and renamed.
To find more details about the shred command, use the –help option or visit the man page:
$ shred --help
$ man shred
This article covers how to use the shred command in Debian 10 Buster system along with various command line options.
You have seen that how the shred command overwrites and deletes the files, making them hard to recover using any recovery tools.
Shred old data files for the same reason you shred old paper documents.
Commands included in the secure-delete bundle:
1. srm is a secure rm, used to erase files by deleting them and overwriting their hard drive space.
2. sfill is a tool to overwrite all free space on your hard drive.
3. sswap is used to overwrite and cleanse your swap space.
4. sdmem is used to cleanse your RAM.
How to Shred a Single FIle ?
To shred a single file, we can use the following command.
The options we are using are:
i. u: Deallocate and remove the file after overwriting.
ii. v: Verbose option, so that shred tells us what it is doing.
iii. z: Performs a final overwrite with zeroes.
$ shred -uvz test.txt_01.txt
Here, shred overwrites the file four times by default.
The first three passes use random data, and the final pass uses zeroes, as we requested.
It then removes the file and overwrites some of the metadata in the inode.