How can I safely clear the content of a Linux server? (1)

Source: Internet
Author: User

People often talk about the convenience brought by hosting servers or ECS servers. But what if these devices end up? Of course, we can contact the equipment vendors to take charge of the decommission work, but in fact it is difficult to ensure that the data is safely cleared. If they do not have physical access to the device, it is difficult for them to take out the disk, overwrite all the old content, and finally smash it with a sledgehammer. Therefore, when we are about to abandon hosting (or cloud) servers, we should expect that the device may not be effectively destroyed.

In fact, the above questions were inadvertently mentioned in my recent discussion with Matt Prigge. Several Linux servers from a hosting service provider have reached the upper limit for three years. Therefore, you need to completely clear the content without having physical access capabilities. In this case, you do not need to consider restarting the device because you cannot guarantee that the device can be restarted normally. Although it seems that this will not cause any major trouble, any guy with the unlock permission can still steal all kinds of data on the system. In addition, although Darik's Boot and Nuke can easily complete the clearing, we want to talk about other solutions here.

You can run the rm-rf/command under root, which may mess up the device content, but it still cannot ensure that all information is safely deleted. In fact, we are not even sure whether this method has deleted all the files and made them unrecoverable-and after a period of time, the server starts to fail to respond and enters the unknown state, we cannot verify the information clearing.

Fortunately, there are other methods to safely clear Linux server content.

In this example, the goal is to perform the return to zero operation on all local disks to ensure that the MBR is completely cleared; this is an ideal and effective solution to ensure that the data in the disk is completely erased. (Unfortunately, there is no room for this exciting sleep ). In addition, I also need to confirm the disk content-and the entire device should be closed after the return to zero operation is complete.

How can we achieve this? In fact, this is quite simple.

First, create a Ramdisk and copy all related binary files and function libraries.

Next, stop all system services that may cause disk write operations, such as system logs.

After the preceding content is complete, check the Mount list, pay attention to all the Block devices, and dynamically create a script to set 0 (or any other random content that you like) write to these devices at least once-but preferably five or more times.

In addition, make sure that we write 0 to the first 512 bytes of content of each disk so that the MBR can be completely cleared.

Once the script is created and deployed to ramdisk, disable all transfer commands, change the root directory to ramdisk, and then start running.

Do not forget to keep yourself in a temporary work environment that can be accessed.

The final result of running this script is to remotely clear all active partitions in the system in full and thorough manner, and all this work is done through ssh, without the need for console or physical access capabilities. If you have Linux-hosted servers or even Internet servers on some remote sites, this script for system clearing will be of great help to you. In fact, when we plan to throw a Linux server in any location into a garbage collection-or are about to start processing-This script can quickly and conveniently complete the expected work for us.

It should be emphasized that this script has another task not completed, that is, safely deleting any backup or snapshot information held by the hosting service provider. Because this is a special specification of the vendor's own, we must take the initiative to follow up; and we must take this into account in the field of ECs instances or hosted virtual machines. If a running server has a lot of backup solutions such as snapshots, it actually doesn't make much sense to return to zero. In addition, this does not work on quasi-virtualized VPS instances because they do not allow access to low-level disks.

If you are interested, you can take a look at the following example. The functions are complete:


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.