[HPADM] SUMMARY: Removing data from the drives.

From: Thomas Northup (thomaslnorthup@yahoo.com)
Date: Thu May 20 2004 - 15:14:50 EDT

Hello everyone... Thanks for the replies to my question. I found them interesting and some were quite amusing as well.
Here is they original question:

We have an old K460 system that has been removed from production. It looks like we will be getting rid of it. What I want to know is how can I remove the data from the system. It has a Jamaica box where the OS resides and then a AutoRAID where the data resides. I want to remove the data in such a way that it could never be recovered from the disk.

Here are the replies in the order they were received. I think I will look at re-using or recommend they destroy them if we can't use them.

Thanks
Thomas

-----------------------------------------------------------------
Burnes, Thomas D RE: [HPADM] Removing data from the drives.
Yo Thomas,
This is what the Governemt uses and I have used this tool. IT is great.
http://www.jetico.com/index.htm#/bcwipe_unix.htm
it is call bcwipe.
Have a Great Day,
Tom Burnes
hp
-----------------------------------------------------------------
Johnson, Craig E RE: [HPADM] Removing data from the drives.
There are many ways, but the most effective is to degauss the disks. This involves removing the disks from the system and placing them in a degausser. There are also handheld degaussers that can simply be waved over the disks.
Craig
-----------------------------------------------------------------
tvmyers@ eng.delcoelect.com Re: [HPADM] Removing data from the drives.
Well, "never" is a pretty tough requirement short of a drill press
and/or a
belt sander, ie. physical destruction of the media. If you're willing
to
accept a solution that will stop 99.5% of the technical population,
however...

After unmounting all the filesystems and vgexporting all the volume
groups
(except the root VG, of course) you can overwrite the "raw" physical
volumes
with garbage. Keep the LUNs on the AutoRAID intact then shuffle the
drives
into random slots after you're done.

I use something like this to trash the raw devices:

~/bin/yack | cat | dd of=/dev/rdsk/c4t0d0 bs=8192k

"yack" is a script that generates a stream of nonsense. I chose an 8
MB
block size to match the PE size I see most often in LVM. If you have
any
non-OS filesystems in vg00, you can do this to the rlvol devices after
unmounting them. Assuming it's the last thing you ever do to the
system,
you can do it to the raw devices in the root VG. As long as it doesn't
try
to swap, the system will usually stay up until it's nearly done. Of
course,
you can always attach the Jamaica to another server and trash the
physical
volumes that way.

~/bin/yack:
#!/bin/sh
/usr/bin/yes
"abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz0123456789you
were expecting useful
data?ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz0123456789ABCDEF"

-----------------------------------------------------------------
  Tim.Pickel@rrd.com Re: [HPADM] Removing data from the drives.
use dd
dd if=/dev/zero of=/dev/cXtXdX bs=1024
-
Ed Stouder Re: [HPADM] Removing data from the drives.
You said "never be recovered" this is a little more difficult to do than is may sound. That is because there are theoretical ways to recover the data that almost no one would ever actually use (maybe CIA or some agency like that might)
 
The only 100% way to do the "never be recovered", is to very carefully wipe out the data, then run the disk through a mechanical destructive process (think paper shredder for disk drives).
 
 
I prefer to say, can't be recovered by any normal means. (but this requires normal means to be defined)
 
Examples of normal (non file system ):
 A disk sector editor.
 A "DD" from a raw disk to a file, then looking at the file/tape.
 Diagnostics that allow you to look at the raw data on a drive.
 
These methods while not normally used, can see the data if a file system has just been removed and such.
 
These "normal" methods are what that most companies care about. They don't normally worry about someone taking the drive apart and replacing the heads with more sensitive equipment and looking at the different strengths of the magnetic field bit by bit, to try to recover data that has actually been over written(very costly and difficult to do, but in theory could be done, some say).
 
When you say Autoraid, I assume you have a Model 12H.
 (the options somewhat depend upon firmware revision, I am assuming firmware 56 or higher, but most can be done from lower versions)
 
I would from the control panel on the Array, remove the luns and then use the format array option.
The I would next recreate luns to fill the entire array(using different size luns than before) and delete the luns again. I believe this would make it difficult to get at the data on the array.
 
However if you want to be more secure than that, before you delete the luns the 2nd time, mount them to a test volume group / logical volume and write junk data to them a few times until they are completely full. Then remove the luns from the array and format it again.
 
Overwriting the data a several times with different patterns is how many of the disk wipe utilities on PC's and such work.
 
 
A similar process could be done on the other disks also, but I would probably do a minimum cold install first, then do the overwriting.
 
I also know of admins who found a PC with a compatible SCSI conttroler and used one of the PC based disk wipe programs on the drives.
 
-----------------------------------------------------------------
 Rick Jones Re: [HPADM] Removing data from the drives.
"Never?" Then you need to crush and melt the disc(s), or open it up and
grind away all the oxide from the disc platters.

Otherwise, some folks are satisfied with writting repeated patterns of
1's then 0's to the mechanism(s).

I believe there is more in the comp.sys.hp.hpux FAQ which will be
archived on rtfm.mit.edu.

rick jones
-----------------------------------------------------------------
Lanier, John RE: [HPADM] Removing data from the drives.
Hello,
 Here's what I like to do under linux (should work for hpux too, though):
 #dd if=/dev/zero of=/dev/dsk/c#t#d# bs=1440k
 (Unsure if this 1440 block size applies for hpux; this is the value I use for zeroing floppies on linux)
 One way worth trying, anyway.
 Regards,
--John Lanier

-----------------------------------------------------------------
 Steve Bonds Re: [HPADM] Removing data from the drives.
Never? How never? In order to determine the proper level of
effort/cost
that you'd like to go to, you'll need to figure out how paranoid you
should be based on the sensitivity of the information.

To defeat casual recovery, a simple "pvremove" is probably sufficient.
All the data is there, but the LVM structures would need to be
re-created.
This is not hard to do, but someone is unlikely to notice that the disk
has data on it without looking.

To defeat recovery without special equipment, a "dd" from /dev/zero or
/dev/urandom (if you have it) to the disk device is sufficient. I.e.:

dd if=/dev/zero of=/dev/dsk/c0t1d0

To defeat recovery with special equipment you'll need to overwrite each
part of the drive several times with data designed to mangle the
residual
magnetic fields of the original data. And even this is not 100%
certain.
-----------------------------------------------------------------
  Ahrendt, Marc RE: [HPADM] Removing data from the drives.
use the "dd' command
 
dd if=/dev/null of=/dev/rdsk/cXtYdZ
 
where X, Y, and Z are determined by what disks you uwant to erase
-----------------------------------------------------------------
Bill Hassell Re: [HPADM] Removing data from the drives.
You can simply run mediainit on each disk (which will take a
while depending on the size of the disk). Or you can destroy the
LVM structures so the filesystems can't be seen or used (but the
raw data is still intact) using:

   dd if=/stand/vmunix of=/dev/rdsk/<each_disk>

If the disks fall into the hands of people with unlimited
budgets, it is possible to recover data after 10 to 15 rewrites
of the disk (we're talking megabucks worth of snooping equipment)
so you'd have to create a random number writer program and run
it more than 20 times on each disk (several days of work).

However, the only guarenteed way to remove the data is to toss
the drives into a rock crusher. The choice depends on how
paranoid you are about the data.

Best regards,

Bill Hassell
-----------------------------------------------------------------
Brett Geer DHL-ZA RE: [HPADM] Removing data from the drives.
burn it, drop it into acid and finally grind it up.
 
See, even if you overwrite the data, head drift will leave traces of what was there
 
brett
-----------------------------------------------------------------
Edward Re: [HPADM] Removing data from the drives.
Hello Tom,
 
Perhaps there are some ready-made solutions out there, but of course you could always resort to something like the following:
 
   rm -rf /somepath/*
   echo 0 > /somepath/dummy
   while [[ 0 -eq 0 ]]; do
      cat /somepath/dummy >> /somepath/dummy
   done
   rm -f /somepath/dummy
 
That would quickly fill up your filesystem(s) with 0's so that at least everything got overwritten once.
 
Best regards,
Edward
-----------------------------------------------------------------
Jacox Richard A DLDN [HPADM] RE: Removing data from the drives.
Can you get your hands on a powerful magnet?
 
Rich Jacox
-----------------------------------------------------------------
O'Donovan, Kevin RE: [HPADM] RE: Removing data from the drives.
You could use the dd utility - use /dev/null for the input file, output file the device for the disk, blocksize whatever but count ensuring it writes on all of the disk.
The format command might sort you out otherwise, although I've never used it.
I guess that would still leave you in trouble with your boot disk, wouldn't be able to format the boot disk too easily, maybe boot from an install cd, enter a shell and see if dd or format is available from there?
Hope that helps,
Kevin.
-----------------------------------------------------------------
Adams, John RE: [HPADM] RE: Removing data from the drives.
While that's great for floppies, it's really overkill for drives.
 
For the AutoRAID, just bind it into a different configuration and write data. What I mean is, if the AutoRAID currently has 4 8gb LUNs, make 8 4gb LUNS, then 2 16gb LUNs. Since it "reformats" the LUNs at build, they should be pretty clean. To be sure, make a filesystem on the resized LUNs and overwrite it with garbage data (20,000 copies of /stand/vmunix) a few times.
 
The Jamaica are even simpler - read the man page on dd, then dd over the whole drive from /dev/true and then /dev/false. i.e. dd if=/dev/true of=/dev/dsk/{your drive here}

If anyone can recover from that, they're doing really really well.
 
J
-----------------------------------------------------------------

 

 

 

____________________________________________________________________________________________
Do you eBay (Click Here)
Learn how to here : PlatinumPowerSeller.com

                
---------------------------------
Do you Yahoo!?
Yahoo! Domains - Claim yours for only $14.70/year 

--
             ---> Please post QUESTIONS and SUMMARIES only!! <---
        To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
       Name: hpux-admin@dutchworks.nl     Owner: owner-hpux-admin@dutchworks.nl
 
 Archives:  ftp.dutchworks.nl:/pub/digests/hpux-admin       (FTP, browse only)
            http://www.dutchworks.nl/htbin/hpsysadmin   (Web, browse & search)

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:41 EDT