joey3002
Feb 28 2006, 01:23 PM
is there a way that someone could log onto a redhat ent3 server from ssh as root and run something that would destroy all the data? the idea is not to use the server again but not to destroy the machine. Also, data recovery tools would be useless.. once the command is run, i want the box unbootable so that it would have to be re imaged.
thanks
eth00
Feb 28 2006, 02:56 PM
It really depends on your level of paranoia, if you want to be super paranoid you need to blank the disk with 1's and 0's around 10 times.
If you want to do a quick job you can just use dd to wipe the disk once.
dd if=/dev/zero of=/dev/hda
where hda is your drive. Since it starts at the very begining of the drive it will wipe out the boot sector and partition table first.
Yivit
Feb 28 2006, 03:04 PM
Data recovery tools won't be useless. There are forensic analysis tools that would find stuff.
joey3002
Feb 28 2006, 05:02 PM
thanks, are there any utils that i could download to the box to do it?
eth00
Feb 28 2006, 05:04 PM
QUOTE (eth00)
If you want to do a quick job you can just use dd to wipe the disk once.
dd if=/dev/zero of=/dev/hda
where hda is your drive. Since it starts at the very begining of the drive it will wipe out the boot sector and partition table first.
That will wipe the disk in a reasonable matter as well as pretty much the most you can do without booting some other media to run it from.
joey3002
Feb 28 2006, 05:12 PM
does /dev/zero remain the same no matter how many hda's i have?
and any order to do first?
/dev/hda7 1012 373 588 39% /
/dev/hdc1 75095 958 70322 2% /backup
/dev/hda1 46 25 19 57% /boot
/dev/hda5 53933 32985 18209 65% /home
none 1007 0 1007 0% /dev/shm
/dev/hda6 1012 238 723 25% /tmp
/dev/hda2 10077 2693 6872 29% /usr
/dev/hda3 7056 1194 5504 18% /var
thanks
also, what will happen when it is rebooted? what will show on the screen?
eth00
Feb 28 2006, 06:36 PM
Use just "hda" that will get the entire system. On boot it will give some error about no boot record or unbootable drive.
dd if=/dev/zero of=/dev/hda
^^^ that is the literal command you want to run.
joey3002
Feb 28 2006, 07:39 PM
so not /dev/hda5 just hda ?
thanks again.. sorry for being dumb
eth00
Feb 28 2006, 07:44 PM
QUOTE (joey3002)
so not /dev/hda5 just hda ?
thanks again.. sorry for being dumb
correct, hda is saying the entire disk vs hda5 which is only one partition on the server.
joey3002
Feb 28 2006, 08:24 PM
dd if=/dev/zero of=/dev/hda seems to be just sitting there right now.. not doing anything
thanks
eth00
Feb 28 2006, 08:26 PM
QUOTE (joey3002)
dd if=/dev/zero of=/dev/hda seems to be just sitting there right now.. not doing anything
thanks
Yeah it will probably never report anything, just leave it open "forever" an in a few hours you are fine. In the first few seconds it takes out the partition table and boot record which would make somebody have to really work to get the files.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.