CentOS 6.9, Shredding A RAID

Home » CentOS » CentOS 6.9, Shredding A RAID
CentOS 12 Comments

I’ve got an old RAID that I attached to a box. LSI card, and the RAID has
12 drives, for a total RAID size of 9.1TB, I think. I started shred
/dev/sda the Friday before last… and it’s still running. Is this reasonable for it to be taking this long…?

mark

12 thoughts on - CentOS 6.9, Shredding A RAID

  • Unless you specified non-default options, shred overwrites each file three times — and writing 27 TB to an old RAID array will be extremely slow. Also, shred has a builtin PRNG, and I’m not really sure how speedy it is.

    Still, 12 days seems like a really long time…

  • With modern drives (read: larger than 100GB) writing the track over once with anything will be sufficient. Overwriting multiple times with different information was used awfully long ago when track had noticeable width and distinct edge (drives were smaller than 1 GB then), thus it was possible to distinguish narrow side of older record (using much more sensitive equipment)) as newly recorded track is usually slightly shifted with respect to old one, so narrow stripe of old one is not covered on one side. These times are long gone, one can clean drives one at a time just overwriting the whole device using dd (mind bs size to not impend speed). Better though: physically destroy platters, it may take less of _your_
    time to do that.

    Just my $0.02

    Valeri

    ++++++++++++++++++++++++++++++++++++++++
    Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
    ++++++++++++++++++++++++++++++++++++++++

  • not at all surprising, as that raid sounds like its built with older slower drives.

    I would discombobulate the raid, turn it into 12 discrete drives, and use

    dd if=/dev/zero of=/dev/sdX bse536

    on each drive, running these concurrently

    unless that volume has data that requires military level destruction, where upon the proper method is to run the drives through a grinder so they are metal filings. the old DoD multipass erasure specification is long obsolete and was never that great.

  • John R Pierce wrote:

    It’s maybe from ’09 or ’10. I *think* they’re 1TB (which would make sense, given the size of what I remember of the RAID).

    Well, shred’s already been running for this long…

    If I had realized it would run this long, I would have used DBAN…. For single drives, I do, and choose DoD 5220.22-M (seven passes), which is
    *way* overkill these days… but I sign my name to a certificate that gets stuck on the outside of the server, meaning I, personally, am responsible for the sanitization of the drive(s).

    And I work for a US federal contractor[1][2]

    mark

    1. I do not speak for my employer, the US federal government agency I work at, nor, as my late wife put it, the view out my window (if I had a window).
    2. I’m with the government, and I’m here to help you. (Actually, civilian sector, so yes, I am.

  • the DoD multipass erase procedure is long obsolete and deprecated. It was based on MFM and RLL technology prevalent in the mid 1980s. NISPOM
    2006-5220 replaced it in 2006, and says “DESTROY CONFIDENTIAL/SECRET
    INFORMATION PHYSICALLY”.

    http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html http://www.dss.mil/documents/odaa/nispom2006-5220.pdf

    from that blog,…

    so a single pass of zeros is plenty adequate for casual use, and physical device destruction is the only approved method for anything actually top secret.


    john r pierce, recycling bits in santa cruz

  • John R Pierce wrote:

    Not dealing with “secret”, dealing with HIPAA and PII data. And *sigh*
    Homeland Security Theater dictates….

    mark

  • We run all used disks through a shredder before surplusing any systems, and we are just a manufacturing company dealing with internal corporate IT stuff. the shredder is a truck from a ‘data destruction’ service that comes every so often and destroys the current inventory of surplus disks. A corporate eSecurity officer witnesses this to ensure drives aren’t diverted into the grey market. each drive goes into the shredder and comes out as metal filings.

  • Not relevant to this particular instance, but for domestic disks I keep them (along with old credit cards, memory sticks etc) until I have the garden incinerator going. With a good bright red firebed the disks don’t last long – some run out of the bottom as liquid aluminium. I’m pretty certain even MI5/NSA won’t get much off congealed Al!

  • John R Pierce wrote:
    The alternative is to wait for my manager to return, and then have the drives deGaussed.

    Oh… and I just looked, ahh, yeah, I think something’s going on… given that it’s not 12 days, but that I started it on 11 May….

    mark

  • Personally, I’d be concerned with toxic fumes from such an incinerator. There’s all kinda stuff in a drive, rare earth platings, plastics, and so forth.

  • Was the system booting from /dev/sda, or were you running any binaries/libraries from sda? Often you’ll be able to shred the device you boot from, but you won’t get a prompt back when it’s done.

  • Gordon Messmer wrote:

    No, the h/w RAID showed up as sda when I booted; / showed up on sdb.

    mark