Uncomplicated File Wipe for *NIX

We needed to guarantee to one of our customers that a file will be securely deleted. Since the server was a HPUX Unix and we can’t compile nor install new applications, I managed to write this script to wipe the file.

The file is overwritten 7 times as the US Department of Defense clearing standard DoD 5220.22-M specifies and renamed another 7 times before being deleted. It is written for the KSH shell as many UNIX has it by default. It doesn’t run in bash but you can edit it to fit your needs.

Here is the code:

#!/usr/bin/ksh
# Script by Adrian Puente Z..
# Powered by Hackarandas www.hackarandas.com
# Licensed by GNU GPLv3
# http://www.gnu.org/licenses/gpl-3.0.txt

# US Department of Defense clearing standard DOD 5220.22-M (ECE)
PASES=7
# Device to overwrite the file.
# Can be:
# /dev/random
# /dev/urandom
# /dev/zero (less secure, overwritten with zeros)
RANDEV=/dev/urandom
NAME=$$
COUNT=0
FILE=$1

if [[ $# -eq 0 ]];then
    print "Syntax: $0 <file to wipe>"
    exit 1
fi

if [[ ! -f $FILE ]]
then
    print "File $FILE doesn’t exists"
    exit 1
fi

if [[ ! –w $FILE ]]
then
    print "Can’t write on file $FILE"
    exit 1
fi

SIZE=$(ls -l $FILE | cut -d‘ ‘ -f5)

print -n "About to wipe file: $FILE are you sure? \"N/y\": "
read answer
print ""

if [[ ! ( $answer = ‘y’ || $answer = ‘Y’ ) ]]
then
    print "Command canceled."
    exit 0
fi

while [[ $COUNT -lt $PASES ]];do
    (( COUNT += 1 ))
    print "Pass number: $COUNT"
    dd if=$RANDEV of=$FILE bs=$SIZE count=1
done

COUNT=0
echo "Renaming…"

while [[ $COUNT -lt $PASES ]];do
        (( COUNT += 1 ))
        (( NAME += "$NAME$COUNT" ))
    mv -v $FILE $NAME
    FILE=$NAME
done

rm -v $FILE
FILE=$1
echo File: $FILE deleted.
exit 0

The syntax is simple:

      –.^       (ch0ks@xipe)*(20:38:05)*(~)      ^.–
-=:)> uncomplicatedwipe.ksh
Syntax: uncomplicatedwipe.ksh <file to wipe>

You can follow this commands to test the script:

hexdump /dev/urandom > foo.txt
#after some seconds press CTRL+C

Now we wipe the file

      –.^       (ch0ks@xipe)*(20:36:00)*(tmp)      ^.–
-=:)> uncomplicatedwipe.sh foo.txt
About to wipe file: foo.txt are you sure? "N/y": y

Pass number: 1
1+0 records in
1+0 records out
15477760 bytes (15 MB) copied, 4.01637 s, 3.9 MB/s
Pass number: 2
1+0 records in
1+0 records out
15477760 bytes (15 MB) copied, 3.87637 s, 4.0 MB/s
Pass number: 3
1+0 records in
1+0 records out
15477760 bytes (15 MB) copied, 5.451 s, 2.8 MB/s
Pass number: 4
1+0 records in
1+0 records out
15477760 bytes (15 MB) copied, 4.48904 s, 3.4 MB/s
Pass number: 5
1+0 records in
1+0 records out
15477760 bytes (15 MB) copied, 3.88731 s, 4.0 MB/s
Pass number: 6
1+0 records in
1+0 records out
15477760 bytes (15 MB) copied, 3.98379 s, 3.9 MB/s
Pass number: 7
1+0 records in
1+0 records out
15477760 bytes (15 MB) copied, 3.2128 s, 4.8 MB/s
Renaming…
`foo.txt‘ -> `69257’
`69257‘ -> `761829’
`761829‘ -> `8380122’
`8380122‘ -> `92181346’
`92181346‘ -> `1013994811’
`1013994811‘ -> `11153942927’
`11153942927‘ -> `122693372204’
removed `122693372204
File: foo.txt deleted.

In the next release I will make a recursive version for directories and you can visit my other projects here.

Troubleshoot: Some Unix systems doesn’t have /dev/urandom device so you can play with the RANDEV variable to use the one you have.

Update: Some versions of HPUX doesn’t have /dev/[u]random so you can use as a desperate alternative the /dev/zero device. I found in a forum that some versions of HPUX doesn’t have the /dev/zero device so you can create it with this command:

#!/bin/sh

# major/minor for HPUX 11.X
mknod /dev/zero c 3 4
chown bin:bin /dev/zero
chmod 666 /dev/zero

Adrián Puente Z.

, , , , , , , ,

Share