rmcommand to remove the file does not ensure that the information contained in it can not be recovered from a disk. The
wipeutility will securely erase a file, so that its contents are no longer recoverable.
Solaris packages for the wipe utility for Sparc and x86, i.e. Intel systems, are freely available from Fetter Consulting. To install and use the wipe utility take the following steps:
# bunzip2 SETECwipe-0.16-sol8-intel-local.bz2
pkgaddcommand to install the package on your system. The following command assumes that your current directory is the directory into which you downloaded the package.
# pkgadd -d ./SETECwipe-0.16-sol8-intel-local
The following packages are available: 1 SETECwipe Wipe (Sol8 x86 Build) (x86) 0.16 Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: 1 Processing package instance <SETECwipe> from </home/jdoe/sysadmin/SETECwipe-0.16-sol8-intel-local> Wipe (Sol8 x86 Build)(x86) 0.16 http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html The selected base directory </usr/local> must exist before installation is attempted. Do you want this directory created now [y,n,?,q] y Using </usr/local> as the package base directory. ## Processing package information. ## Processing system information. ## Verifying disk space requirements. ## Checking for conflicts with packages already installed. ## Checking for setuid/setgid programs. Installing Wipe (Sol8 x86 Build) as <SETECwipe> ## Installing part 1 of 1. /usr/local/bin/wipe /usr/local/doc/wipe/BUGS /usr/local/doc/wipe/CHANGES /usr/local/doc/wipe/COPYING /usr/local/doc/wipe/DOCUMENTATION /usr/local/doc/wipe/GPL /usr/local/doc/wipe/README /usr/local/doc/wipe/secure_del.html /usr/local/man/man1/wipe.1 /usr/local/man/man1/wipe.tr-asc.1 /usr/local/man/man1/wipe.tr.1 [ verifying class <none> ] Installation of <SETECwipe> was successful.
If you took the steps above, you should now be able to run the wipe command from /usr/local. You can get help on the wipe utility by typing "wipe -h".
# /usr/local/bin/wipe -h Usage: wipe [options] files... Options: -f Force, ie. don't ask for confirmation -c Do chmod on write-protected files -r Recurse into directories -q Quick wipe, less secure, 4 random passes by default -Q <number>: set number of passes for quick wipe -a Abort on error -i Informational (verbose) mode -s Silent mode -R Set random device OR random seed command -S (r|c|p) Random seed method r Read from random device (strong) c Read from output of random seed command p Use pid (), clock () etc. (weakest) -M (l|r) Set PRNG algorythm l Use libc ()'s rand ()library call a Use arcfour encryption algorythm -v Show version information -k Keep files, i.e. do not remove() them after overwriting -F Do not attempt to wipe filenames -T <tries> Set maximum number of tries for free filename search; default is 10 -P <passes> Set number of passes for filename wiping. Default is 1. -h Display this help -Z Do not wipe file size -l <length> Set wipe length to <length> bytes, where <length> is an integer followed by K (Kilo:1024), M (Mega:K^2) or G (Giga:K^3) -o <offset> Set wipe offset to <offset>, where <offset> has the same format as <length> -e Use exact file size: do not round up file size to wipe possible remaining junk on the last block -b <buffer-size-lg2> Set the size of the individual i/o buffers by specifying its logarithm in base 2. up to 30 of these buffers might be allocated
To wipe a file, simply specify the filename on the command line.
# /usr/local/bin/wipe /home/jdoe/sensitive-info.pdf Okay to WIPE 1 regular file ? (Yes/No) yes Operation finished. 1 file (0 special) in 0 directories wiped, 0 errors occured.
|Fetter Consulting (archived at The Wayback Machine)||Sparc and x86|
|MoonPoint||Solaris 8 x86||Solaris 6 Sparc||Solaris 7 Sparc||Solaris 8 Sparc|
Created: Wednesday December 14, 2005 5:05 PM