Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Wiping server HDs before returning them to the provider
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Wiping server HDs before returning them to the provider

AmitzAmitz Member
edited June 2017 in Help

Cheerio!

I would like to wipe 2 x 3TB drives in a server before I return them to the provider.

At the moment, I am running shred -vzn 0 /dev/sdx, but that seems to take quite some time. I could imagine that "dd" is not much faster, too. Do I have any alternatives?

It's not that I need it super-duper-NSA-proof-secure, but it should be at least a bit more than a simple format. Thanks in advance for any suggestion! If "shred" is already my best choice in terms of processing time, then I will have to stick with it and simply wait...

Kind regards,
Uncle Amitz

Comments

  • RickBakkrRickBakkr Member, Patron Provider, LIR

    In case you have some iLO/iDRAC or some other management panel and you can boot from ISO you might be able to erase the disks with DBAN?

    • No idea whether that's even allowed, never done that myself...
    Thanked by 1goinsj2010
  • Amitz said: I could imagine that "dd" is not much faster, too.

    I do dd if=/dev/zero of=/dev/sdx
    The only bottleneck should be HDD write speed, and there's just no getting around that.

  • I usually use wipe (similar to shred) with the following settings:

    wipe -Q1 -P1 -r -c -q -Sp -F -f -s -Z

    (see the man page for the details). I'm sure shred has equivalent configuration/settings to achieve the same "reasonably" safe clean.

    Other than this you can always just zero the entire disk (use dd or dcfldd - should be faster than the above but they're only writing zero which is still good enough mostly).

    Assuming it's a dedi and that you can run the wipe's in parallel for each drive, and assuming that you can do roughly 100MB/s in write speed, you're looking at:

    3 * 1024 * 1024 / 100 = 31500s = ~9 hours

    Based on the actual write speed, adjust the above equation :-)

    Also, shred/wipe (etc.) will usually be slower than dd (zero's) because there's randomness involved in what they write (and multiple times too).

  • FalzoFalzo Member

    I really like that approach found at serverfault (https://serverfault.com/questions/6440/is-there-an-alternative-to-dev-urandom):

    If you want to erase a huge block device then I've found it more robust to use dd and the device mapper instead of output redirection of random data. The following will map /dev/sdb to /dev/mapper/deviceToBeErased en- and decrypting transparantly in between. To fill up the device on the encrypted end, zeros are copied to the plain text side of the mapper (/dev/mapper/deviceToBeErased).

    cryptsetup --cipher aes-xts-plain64 --key-file /dev/random --keyfile-size 32 create deviceToBeErased /dev/sdb
    dd if=/dev/zero of=/dev/mapper/deviceToBeErased bs=1M
    

    The encrypted data on /dev/sdb is guaranteed to be indistinguishable from random data if there is no serious weakness in AES. The key used is grabbed from /dev/random (don't worry - it uses only 32 bytes).

  • AnthonySmithAnthonySmith Member, Patron Provider

    quickly create create 10 different partition tables of varying sizes format into ext2/3/4/hfs+/XFS, then back into ext4, create an mdadm riad 0 arrays and set off dd if=/dev/zero of=/dev/sdx

    The chances are by the time the server is actually decommissioned enough will have been zero'd to make it practically unrecoverable anyway.

    But really just changing the fstype to xfs<>ext4 and dd if=/dev/zero of=/dev/sdx on its own should be enough to make recovery highly unlikely.

  • @Amitz Care to PM me price and specs of this (serverbidding?) server.
    (i.e are the disks Good?)

    I'm hours away from cancelling a 15 euro Kimsufi and that buggy i3 from oneprovider.

    Might as well get my first Hetzner personal dedi with that 25 euros budget.

    Else, if transfers are not supported by them, just go with the dd if=/dev/zero of=/dev/sdX suggestion.

    Should be plenty, as long as you run a sync; sync; sync; just to flush out the drive caches.

    Cheers

  • AmitzAmitz Member

    @vimalware: PM sent. :-)

    Thank you all! The data on those HDs is encrypted anyway, so I guess I will just stick with the current method, now that it is already running quite some time. 30% are already through and @nullnothere's prediction concerning the time is accurate. It will be around 8-9 hours in the end.

    I will probably try out the other approaches, just to see if there is any difference. I still have some lease time left.

    Again, thanks & enjoy your day!
    Amitz

  • nulldevnulldev Member
    edited June 2017

    Maybe ATA Secure Erase if your disk supports it? https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

  • m3gfm3gf Member
    edited June 2017

    Uncle Amitz?

    I thought you were a AUNT.

    :)

  • I always use rescue OS

    And

    shred -vfz -n 100 /dev/sda1
    And other HDDs

    Running on Screen and wipe it x100 Times to make sure all gone than be sorry later :)

  • AmitzAmitz Member
    edited June 2017

    m3gf said: Uncle Amitz?

    I thought you were a AUNT.

    I only told you that to lure you into alleged MILF sex. You were great, by the way. So cute always calling me your "sexy cougar"... I have all on tape, I will send you the pornhub link soon!

Sign In or Register to comment.