Erase Disk

Home » CentOS » Erase Disk
CentOS 20 Comments

Hi.

I have a CentOS server (a Dell 860) with two drives in it.

One is running CentOS 6.4 which I want to keep & the bigger 400GB drive has Debian 7 on it which I want to erase & use for backups.

Which is the best way to go about achieving my intended goal? The Debian drive is not mounted when CentOS is booted.

Any help appreciated.

Cheers,

Phil…

20 thoughts on - Erase Disk

  • Burn a DBAN disk. Shutdown, pull out the drive you want to keep. Boot to the dban disk, when prompted type autonuke, wait for the process to complete. Shutdown, reinsert the CentOS drive you wanted to keep. You will now have your CentOS main drive, and a blank backup disk. You’ll need to run mkfs on the blank drive. Then mount it where you want it.

    Phil Dobbin wrote:

  • Bret Taylor wrote:

    Then put the dban disk on the shelf over your desk – you *will* want it again (and again, and again….)

    Most *excellent* piece of software. Of course, working for a US federal contractor, when I sanitize, I overkill (DoD 5220.22-M)… but I *am*
    signing my name to the form guaranteeing it’s clean.

    We, at least, are not going to have accidents with PII and HIPAA data.

    mark

  • Please don’t top post.

    Bret Taylor wrote:

    The reality is that it’s massive overkill. A dozen years ago, seven passes would guarantee cleanliness. These days, the way the data’s stored on modern drives, I’ve seen people argue that one was sufficient, and surely two would be.

    But it’s no big deal. I usually do four at a time, shove them into an old, decommissioned server that I saved for the purpose, and leave dban in the DVD drive, fire it up, choose that, and the drives, and walk away. The next day, the following Monday, who cares? I’m mostly using them for servers that we’re about to surplus.

    mark

  • this 400GB drive is /dev/sdb ?

    as root… fdisk /dev/sdb
    and delete all partitions, create a new linux partition thats the full size of the disk, exit fdisk. mkfs.ext3 /dev/sdb1
    mkdir /backups

    edit /etc/fstab and add a line to the bottom like:
    /dev/sdb1 /backups ext3 defaults 1 2

    now, mount /backups

    voila, done. your backups will be mounted as /backups when you reboot.

  • I think this question is asking everyone to make lots of assumptions about your hardware config. I tend to agree with Mr. Pierce above (again, assuming you have 2 separate physical drives and not some sort of weird LVM or Hardware raid in the mix). if you’re going to repurpose the drive to backups within the same machine, going to the effort of running 7 pass DOD graded disk wipe utils seems to me at best kinda dumb and very wasteful for time, at worse it’ll take more life off an old disk. then again, there’s assuming in that answer, too.

  • Eh, I don’t really think dban is necessary. Probably more than an fdisk and creating a file system is overkill.

    Besides there’s gnu shred that would do the job from his running CentOS
    system … hit the secondary drive with random bits or just a pass of zeros.

    # one pass random bits, one pass zero shred -vfz -n1 /dev/

    # zeros only shred -vfz -n0 /dev/

    Hehehe. ;)

    I have dban on a pxe boot server. Initially having it there was a bit disconcerting … more so that a coworker would stumble upon it. I hid the option in a separate menu and did put a warning in the splash message.

    Off-Topic:
    A coworker of mine modified the dban iso so that it would boot and auto-nuke (no keyboard) … He left that disc in a server he gave to another coworker … who we suspect put the disc in a work computer and wiped the drive! :P

  • Paul Heinlein wrote:

    You all realize that dban only offers 3 passes, unless you pay for it, right? DBAN is easy, that’s why I recommended it.

    A fairly simple solution is

    dd if=/dev/zero (or urandom) of=/dev/(device)

  • Um, no. It offers DoD 5220.22-M, which it *says* is seven passes, and I’ve seen that it is. And we normally use a disk until a) it dies, or b) the server it’s in dies, and then reuse, or, more likely, sits around until we consider it too small…. On top of which, I *do* need to guarantee that it’s clean, as I noted originally. I have *zero* intention of winding up in a news story about someone buying an old surplussed server, and finding all
    *sorts* of interesting data on the h/d in it.

    mark

  • That’s only if you just use the “autonuke” option. Press F[234] to check out the other boot options.

    There are other dban boot options that offer settings for additional passes
    (>7 passes). A person could also boot to interactive mode and specify a number of passes.

    An example from the isolinux.cfg that could be used as a springboard to concocting one’s own wiping recipe.

    LABEL paranoid KERNEL dban.bzi APPEND nuke=”dwipe –autonuke –method prng –rounds 8 –verify all” silent

    At a former place of employment we would simply not leave hard drives in servers or desktops that were intended to be recycled or junked. The hard drives got disposed of separately (in this case crushed with a hydraulic wedge).

  • mark wrote:

    although this kind of chest-thumping may elicit the occasional chuckle from bored or weary list members on this friday afternoon, it’s not much help to the OP who AFAICR was simply asking how to reuse in CentOS a HDD
    that is currently used by another OS on the same computer. So basically s/he was asking for fdisk + mkfs + edit /etc/fstab , as suggested by some. No need to digress further on DOD regulations and whatnot on this CentOS list. Thanks. Sur ce, bon week-end!

  • SilverTip257 wrote:


    that

    Hah! When we have one that’s failed, it gets deGaussed here. (Except for old, 1.5x height SCSI drives, for which they “don’t have a frame”. Then we unscrew the thing, and disassemble, and have cool magnets, and pretty disks (which we can bend, or hit with a hammer).

    mark

  • Nicolas Thierry-Mieg wrote:

    Hey, I mention that because I figure if it would meet their standards, it’s guaranteed for anything I need. And no, I am not now, nor have I ever been under the US DoD, thankyouverymuch….* But the OP did ask about cleaning it, and it’s possible that something with sensitive data could go to another dept, and then they get rid of it without cleaning it, which is why all this came up.

    mark

    * #insert “AlicesRestaurant.h”

  • From: Steve Thompson

    I disassemble the drives… I keep the shiny platters to scare birds or make sculptures, and I play with the magnets!

    JD

  • ours are collected in a secure area, then once a month or so a chipper truck comes by and grinds them up to dust.

    my feelings on disk erasure, based on years and years of being ni this industry (I started programming in 1973 with FORTRAN and punchcards, and worked on disk device drivers in the late 70s, early 80s, and work for a storage company now these last 15 years).

    DOD xxxxwhatever is obsolete and meaningless. its not even used by the DOD anymore, they physically destroy anything secret. to reasonably safely erase an modern disk (thats anything since MFM/ESDI became obsolete), one pass of anything (1’s is fine) and one pass of zeros is more than sufficient… EXCEPT modern disks have automatic bad block remapping, and its /very/ possible for there to still be readable albeit old data on those bad blocks. if that possibility of data leakage is unacceptable, physical destruction is appropriate.

  • Steve Thompson writes:

    I run badblocks in write mode on the drive. badblbocks does four passes
    (all zeroes, alternating ones and zeroes both ways and all ones). This is sufficient to keep all but a high-end forensics lab from getting anything useful off of the disk and even such a lab will have a hard time. For the OP’s question, this lets him know that the disk is both clean and is still good to use.

    For me, if badblocks says the disk is good, it goes on the shelf as a spare until it is hopelessly obsolete. Otherwise, the disk gets used for target practice. Also, very satisfying.

    Cheers, Dave

  • Thanks to everybody for their input but I think I’ll go with the method above. The disk is virtually a virgin Debian install so no secret or critical files are aboard & I think this should suffice.

    Thanks for your help,

    Cheers,

    Phil…

  • I went down the GParted route in the end. Booted from System Rescue CD &
    got shot of the stuff that was on there. Worked a treat.

    Cheers,

    Phil…

LEAVE A COMMENT