What hardware are you using?

Discussion of hardware related issues
User avatar
tlmiller
Posts: 4848
Joined: Tue Jan 16, 2018 12:29 pm
Location: AZ, USA

Re: What hardware are you using?

Post by tlmiller »

Had fun at work today. We were looking for a way to securely wipe laptops. We DO NOT require certification from the software that they have been wiped, but of course my coworker would like something. He was looking at killdisk and a few other solutions that while not EXPENSIVE, still cost money (dban has been purchased by a corporate entity). So I pointed out that we could do a ubuntu live session, use sudo shred with -vfz (verbose, force, zero after the shred) for however many passes he wants (-n x) and use it with | tee to output logs due to -v to a file so that we could then save the log file showing it was complete while also watching progress on the machine. He tested it and was like "WOW, this is awesome, does EXACTLY what I wanted and doesn't cost a THING!!"
User avatar
crosscourt
Posts: 11100
Joined: Sun Jan 14, 2018 5:38 pm
Location: Wash DC
Contact:

Re: What hardware are you using?

Post by crosscourt »

Thats a great suggestion as I believe we used Killdisk awhile back for the wiping drives.
Site Moderator
User avatar
tlmiller
Posts: 4848
Joined: Tue Jan 16, 2018 12:29 pm
Location: AZ, USA

Re: What hardware are you using?

Post by tlmiller »

The only limitation is that if someone works in a place that requires DOD or higher certification, doing shred won't suffice. If they just need to have it securely deleted, and not be able to CERTIFY it, works amazingly well and obviously completely free.
User avatar
tlmiller
Posts: 4848
Joined: Tue Jan 16, 2018 12:29 pm
Location: AZ, USA

Re: What hardware are you using?

Post by tlmiller »

Updated my suggestion to writing a script that will prompt user for their domain credentials in order to save the log to a network drive, mapping said network drive, and prompting with a list of drives for which drive to clean. Then it also now instead of just saving as <serial number>.txt it saves as <serial number>-<username>.txt so that the filename allows you to determine who did the wipe and what system was wiped.
User avatar
crosscourt
Posts: 11100
Joined: Sun Jan 14, 2018 5:38 pm
Location: Wash DC
Contact:

Re: What hardware are you using?

Post by crosscourt »

Its a great idea and Ive already bounced it off some of my tech friends.
Site Moderator
User avatar
tlmiller
Posts: 4848
Joined: Tue Jan 16, 2018 12:29 pm
Location: AZ, USA

Re: What hardware are you using?

Post by tlmiller »

Code: Select all

#!/bin/bash

#Get serial number/Service Tag of the system:
serial=`dmidecode | grep -A 4 -i 'system information' | awk 'NR==5' | awk '{print $3}'`

#Get credentials and mount drive
echo "We need your domain credentials in order to save the logs"

read -p 'username: ' user
read -sp "password: " userpass

mount -t cifs -o rw,username=$user,password=$userpass,domain=<domain> //<sfa server>/primary/IT/shreds/ /mnt

#Get device to be cleaned:
echo "What is the device label of the drive to clean (do not include /'s or the dev, just the actual block device name ie - sda)"
echo " "

#Show current drives:
lsblk

echo " "

read drivename

touch /mnt/${serial}-${user}.txt
echo "Shred started at $(date)" >> /mnt/${serial}-${user}.txt

#Sanitize the drive, zeroing drive after sanitation to remove traces of sanitization:
shred -vfz -n 3 /dev/${drivename} 2> >(tee /tmp/temp.txt) && grep "0%" /tmp/temp.txt >> /mnt/${serial}-${user}.txt

echo "Shred finished at $(date)" >> /mnt/${serial}-${user}.txt
Finally finished my script yesterday. Took a bit longer than I expected, turns out the shred command doesn't output to stdout, but stderror instead. So had to do a different way of collecting the logs (due to the quantity, it was also decided only to collect the 0,10,20,etc % completion, not every percentage.

Removed my domain and servers information, but otherwise this is the script we're using at work going forward for sanitizing any of the older machiens that weren't encrypted.
User avatar
crosscourt
Posts: 11100
Joined: Sun Jan 14, 2018 5:38 pm
Location: Wash DC
Contact:

Re: What hardware are you using?

Post by crosscourt »

Thanks for posting it.
Site Moderator
User avatar
dai_trying
Posts: 706
Joined: Sun Jan 14, 2018 7:44 pm
Location: UK
Contact:

Re: What hardware are you using?

Post by dai_trying »

A very handy script, although I notice you are not error checking for bad information, so it would be possible to enter wrong information (typo) and the script would continue to run (or at least attempt to)with incorrect data which would only be a problem if the typo also exists as maybe a different machine or device, but as the script runs as root I would definitely check everything.

If it were me I would also put your logfile into a variable (@line 11) to save repeating the creation (ie logfile="/mnt/${serial}-${user}.txt") and then use touch "$logfile" and >>"$logfile" to use it (easier IMHO).
User avatar
tlmiller
Posts: 4848
Joined: Tue Jan 16, 2018 12:29 pm
Location: AZ, USA

Re: What hardware are you using?

Post by tlmiller »

No need for error checking, this is just to show that the machines have been wiped. If someone does something wrong then we just boot up to Ubuntu again and redo it. There's only 3 people that will be running it, so no need to do any error checking on it. I had actually considered it but decided that it wasn't worth adding to it since it's easy to tell when it starts if they gave any incorrect information (ie - username or password it won't mount the network drive, drive to be wiped it won't actually do anything). this as it sets is actually WAY more than I had originally planned as it was requested for more options from my main coworker.
User avatar
crosscourt
Posts: 11100
Joined: Sun Jan 14, 2018 5:38 pm
Location: Wash DC
Contact:

Re: What hardware are you using?

Post by crosscourt »

Many of the hard drive manufactureres offer software doe DOD grade drive erasure. Ive got one from Western Digital that I use at times but honestly dont know if they still offer it,
Site Moderator
Post Reply