How to clear your Linux Server

How to clear your Linux servers people are often talking about the convenience of hosting servers or ECS, But what if these devices have come to an end? Of course, we can contact the equipment vendors to take charge of the decommission work, but in fact it is difficult to ensure that the data is safely cleared. If they do not have physical access to the device, it is difficult for them to take out the disk, overwrite all the old content, and finally smash it with a sledgehammer. Therefore, when we are about to abandon hosting (or cloud) servers, we should expect that the device may not be effectively destroyed. Www.2cto.com in fact, the above problem was accidentally mentioned in my recent discussion with Matt Prigge. Several Linux servers from a hosting service provider have reached the upper limit for three years. Therefore, you need to completely clear the content without having physical access capabilities. In this case, you do not need to consider restarting the device because you cannot guarantee that the device can be restarted normally. Although it seems that this will not cause any major trouble, any guy with the unlock permission can still steal all kinds of data on the system. In addition, although Darik's Boot and Nuke can easily complete the clearing, we want to talk about other solutions here. You can run the rm-rf/command under root, which may mess up the device content, but it still cannot ensure that all information is safely deleted. In fact, we are not even sure whether this method has deleted all the files and made them unrecoverable-and after a period of time, the server starts to fail to respond and enters the unknown state, we cannot verify the information clearing. Fortunately, there are other methods to safely clear Linux server content. In this example, the goal is to perform the return to zero operation on all local disks to ensure that the MBR is completely cleared; this is an ideal and effective solution to ensure that the data in the disk is completely erased. (Unfortunately, there is no room for this exciting sleep ). In addition, I also need to confirm the disk content-and the entire device should be closed after the return to zero operation is complete. How can we achieve this? In fact, this is quite simple. First, create a Ramdisk and copy all related binary files and function libraries. Next, stop all system services that may cause disk write operations, such as system logs. After the preceding content is complete, check the Mount list, pay attention to all the Block devices, and dynamically create a script to set 0 (or any other random content that you like) write to these devices at least once-but preferably five or more times. In addition, make sure that we write 0 to the first 512 bytes of content of each disk so that the MBR can be completely cleared. Once the script is created and deployed to ramdisk, disable all transfer commands, change the root directory to ramdisk, and then start running. Do not forget to keep yourself in a temporary work environment that can be accessed. The final result of running this script is to remotely clear all active partitions in the system in full and thorough manner, and all this work is done through ssh, without the need for console or physical access capabilities. If you have Linux-hosted servers or even Internet servers on some remote sites, this script for system clearing will be of great help to you. In fact, when we plan to throw a Linux server in any location into a garbage collection-or are about to start processing-This script can quickly and conveniently complete the expected work for us. It should be emphasized that this script has another task not completed, that is, safely deleting any backup or snapshot information held by the hosting service provider. Because this is a special specification of the vendor's own, we must take the initiative to follow up; and we must take this into account in the field of ECs instances or hosted virtual machines. If a running server has a lot of backup solutions such as snapshots, it actually doesn't make much sense to return to zero. In addition, this does not work on quasi-virtualized VPS instances because they do not allow access to low-level disks. If you are interested, you can take a look at the following example. The functions are complete :#! /Bin/bash # This script will absolutely kill a RHEL/CentOS/Fedora server. use with extreme caution. # Tested with several CentOS/RHEL versions only. run as root user. #10.20.11 Paul Venezia (pvenezia@pvenezia.com) # zeroscript = "/var/ramdisk/zeroscript. sh "echo "************************************ * ******************************* This will permanently kill this Linux system and erase every *** * Local disk and filesystem. in other words, you better be *** really sure you want to do this on this system. **************************************** * *************************** "echo-n" Are you absolutely sure you want to do this? [Yes | no]: "; read yn if [-z $ yn] | [$ yn! = "Yes"]; then echo "Aborting" exit 1 fi echo-n "How many zeroing passes? "; Read zeropass if [-z $ zeropass] | [$ zeropass-lt 1]; then echo" Invalid number of passes specified. aborting. "exit 1 fi echo-n" Automatically shutdown? [Yes | no] "; read asd echo" Okay, here we go... "echo" Making and populating ramdisk (512 MB )... "mkdir-p/var/ramdisk mount-t tmpfs none/var/ramdisk-o size = 512 m # You may need to adjust this depending on the amount of RAM in the box mkdir -p/var/ramdisk/var/run for f in dev bin lib lib64 sbin etc; do cp-pr/$ f/var/ramdisk done cp-pr/var/run/var/ramdisk/var echo "Stopping services, it's pr Obably safe to ignore any errors... "for s in httpd acpid anacron atd auditd autofs secure-daemon bluetooth cpuspeed crond cups firstboot gpm secure hpld hzip secure iscsi iscsid secure lvm2-monitor mcstrans mdmonitor extends netfs nfslock extends portmap rawdevices too large rpcidmapd sendmail smartd sshd syslog vmware-tools xfs yum-update Sd; do service $ s stop done echo "Placing zeroing script..." echo "#! /Bin/bash "> $ zeroscript for I in 'fdisk-l | grep Disk | awk' {print $2} '| sed-e s /: // | grep-v/dev/md '; do DU = $ DU "" $ I DSK = 'basename $ I 'BLKS = $ ('grep-w $ DSK/proc/partitions | awk' {print $3 }' '* 2 )) # account for 512/1 k blocksizes BS = 512 echo "echo \" Zeroing $ I (dd if =/dev/zero of = $ I bs = $ BS count = $ BLKS )... \ ""> $ zeroscript for (c = 1; c <= $ zeropass; c ++); do echo "echo \" Pass $ c... \ ""> $ Zeroscript echo "dd if =/dev/zero of = $ I bs = $ BS count = $ BLKS"> $ zeroscript done echo "dd if =/dev/zero of = $ I bs = 512 count = 1 "> $ zeroscript # Just to make sure done echo" echo \ "Disk (s) $ DU have been zeroed $ zeropass times \ ""> $ zeroscript if [$ asd = 'yes']; then echo "echo \" Shutting down... \ ""> $ zeroscript echo "sleep 5 &/sbin/poweroff-n-d-f"> $ zeroscript fi chmod + x $ zeroscript echo" Turning off swap... "& swapoff-a echo" Entering chroot... "chroot/var/ramdisk/'basename $ zeroscript' this script can help you complete the task despite some overly aggressive overlord content. It is specifically used for RHEL (Red Hat Enterprise Edition Linux) and CentOS (community enterprise operating system), but it can work on any Unix-like operating system with simple adjustments. However, please be careful that this script exists for the purpose of completely damaging. If it is not your requirement, or you do not know what you are doing, do not try.