Howto wipe your hard disk quickly, securely & easily

I was looking for a way to clean all the data from a hard disk and found a tool that I had never seen before: dcfldd. I haven’t looked into all the options yet, but what I have seen works very well. Basically it is a replace for the *nix command dd. The thing that I liked about it was that it lets you add an input pattern, thus speeding up the process significantly.

So the next thing was to figure out what to write to the disk, I was taught that multi-pass writes were really a good thing, but have read a lot more recently that says you only need 1 pass to get basically the same effect. Being paranoid but in a bit of a hurry, I decided to do a 2 pass wipe. First set all bits to 1, then do a second to 0. This means that every bit will go high then low. So the history would be: ? -> 1 -> 0. That seems like a good / fast solution to me, and it does not need the slow random pass. I like the 0’s to be on the final pass so installers see a nice clean drive. If you are going to encrypt the drive you might want to a random on the end

Anyway here are the steps:

  1. Download & burn your favorite Linux live CD. Make sure that it is 32bit (i386). I used CentOS 6.
  2. Boot from the CD, login
  3. Open a terminal
  4. sudo su –
  5. goto /dev and find your hard drive(s), lets use /dev/sdb for this example (make sure to use the root drive not a partition so /dev/sdb not /dev/sdb1)
  6. write ones: dcfldd pattern=FF of=/dev/sdb bs=1024   (this is the really nice part of dcfldd the pattern statement makes this really easy)
  7. write zeros: dcfldd pattern=00 of=/dev/sdb bs=1024   (pattern should be even faster than /dev/zero, I haven’t played with block sizes with dcfldd, but coming from dd, 1024 seems to be good)

RHEL 6 Login Display messed up VMware Fusion

I had the problem with my login display on RHEL 6 being wrong. I could not see any of the additional buttons on screen (ie I couldn’t shut down the VM without logging in).

Fixing this was more of a problem than it should have been. Finally found a bug report to Red Hat:

Thanks to Daryl Herzmann for his solution/hack:

  1. Change gdm’s login shell from /sbin/nologin to /bin/bash
  2. Set some password for gdm
  3. Log into GDM as user gdm (sick, hehe)
  4. Run System Preferences -> Display tool to setup mirroring
  5. Log out
  6. Set gdm’s login shell back to /sbin/nologin
  7. (my addition) lock gdm’s account in shadow by replacing password hash with !!

Cleaning a Disk with dd

Lets say that you have an old system sitting around that you want to give to a friend or to a charity. The system itself is fine, but you had been using it for keeping track of your personal finances. You had several personal bits of information on there (credit card numbers, account numbers, ssn, etc.). How do you make it safe to hand this off?

If you have a USB enclosure and a Mac around it is easy. Disk Utility included with the Mac will erase that drive, just select the 7 (or for the ultra paranoid 35) times overwrite option. But lets say that you don’t have a Mac and you don’t want to spend money on a application to do it. But you have a good old faithful linux system.

Personally, I am a little more paranoid than average and don’t want to trust a single wipe. But on the other hand, I have found few times that a real 7 pass or 35 pass wipe is needed. In order to satisfy a 3 pass wipe, there are a couple of variations that you can use:

Variation 1 (leaves bits in a random state)

  1. Zero the drive
  2. One the drive
  3. random the drive

Variation 2 (Leaves bits as zeros)

  1. random the drive
  2. One the drive
  3. Zero the drive

Both of these set all bits to both positions & a random. Personally I like the variation for security, but it depends on what the final application will be. If the final drive will be encrypted variation 1 is preferable, if not I like 2 because the starting state of the bits would be more difficult to ascertain.

Since this can take many hours, there are also some options to get the status.

Anyway here are the commands:

First figure out what your drive is, note you cannot use the system drive that you are
 running on. For this example we will say that it is /dev/sdd. You can do just a 
 partition, but this may not be as secure.

dd if=/dev/urandom of=/dev/sdd bs=4096

dd if=/dev/zero of=/dev/sdd bs=4096

perl -e 'print chr(0xFF) while(1);' | dd of=/dev/sdd bs=4096

Status (on linux):
- to make dd pause and print it status, get the pid (ps aux | grep dd), then
# kill -s USR1 <PID>

To Test the drive:
# dd if=/dev/sdd bs=1 count=10 skip=600000000000 | hexdump -C
(this will skip a head to the 600GB & show 10 hex characters)

If something fails and you need to resume, use the test above to figure out where to 
 start. Then add a seek criteria to the dd command (make sure to divide by 4096 to 
 get the location)
# perl -e 'print chr(0xFF) while(1);' | dd of=/dev/sde bs=4096 seek=146484375
(will restart writing ones at the 600GB)

Note: there is nothing particularly special about 4096, I have just seen this used as 
a good size (bs) for writing to modern hard drives and is faster than the 512 default.

Of course you could always just use a tool like Darik’s Boot & Nuke @ Source Forge, but what fun is there in that?

Using Screen

Until recently, I had never used screen. Now I love it! Screen is awesome.

In short, screen is a virtual terminal session that allows multiple windows within a single ssh session. It also maintains your session if you lose a connection.

start screen:
$ screen

to create a new window:
cntrl-a c

to exit a window:
$ exit

to switch windows:
cntrl-a n   (next)
cntrl-a p   (previous)

cntrl-a ?

to detach your session from screen:
cntrl-a d

to find a screen session:
$ screen -ls
There is a screen on:
	6173.pts-1.localhost	(Detached)
1 Socket in /var/run/screen/S-root.

to reattach to a screen session:
$ screen -r
$ screen -r 6173.pts-1.localhost

PHP Build Test Errors with PHP 5.3.6 on RHEL 6

I have built PHP many times, and most of the time I just ignore the failing tests. This time I needed it for a production server, so I went thru each test and figured out why it was failing. As I did this, I put together a patch that would address the issues. There are a few things that are broken – all of these don’t apply to me and in general are minor, so I added SKIPIF statements to the tests, but most were just poorly written or the underlying library changed they way it handled incorrect input.
Continue reading

Good Basis for a Banner has a great basis for a login banner:

                               NOTICE TO USERS

This computer system is the private property of its owner, whether
individual, corporate or government.  It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.

Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to your employer, to authorized site, government, and law
enforcement personnel, as well as authorized officials of government
agencies, both domestic and foreign.

By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
discretion of such personnel or officials.  Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate. By continuing to
use this system you indicate your awareness of and consent to these terms
and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.

Or, you know, just do whatever you want, because you're going to anyway,
right?  Why would this stop you?  You may be evil, but you're not stupid.


Yum Groups

To install development tools:
# yum groupinstall ‘Development Tools’

To remove development tools:#
yum groupremove ‘Development Tools’

To list Yum groups:
# yum grouplist