Linux Journal - September 2011

the very filesystem you are logged in to. What happens if you overwrite the sshd and shred files while you are running shred and logged in over SSH? More important, what happens when you overwrite the kernel? The main principle that will make this procedure work is the fact that Linux likes to cache files to RAM whenever it can. As long as you can make sure everything you need is stored in RAM, you can overwrite the filesystem as much as you want. The trick is just identifying everything you need to store in RAM.

Always Have a Plan B

So, I mentioned there was no redo to this procedure, but that doesn’t mean you can’t set up some sort of safety net for yourself. Although I knew that once I launched the shred command it would run completely from RAM, what I had to figure out was what commands I would need to run after shred. Even commands like ls won’t work if there’s no filesystem to read. So that I would have some sort of backup plan, I took advantage of the /dev/shm ramdisk that all modern Linux systems make available. This is a directory that any user on the system can write to, and all files will be stored completely in RAM.

Because I wasn’t sure whether commands like echo (which I would need later) would work after I had shredded the hard drive, I copied it to /dev/shm along with any other files I thought I

46 | SEPTEMBER 2011 WWW.LINUXJOURNAL.COM
would need. If you have the space, why
not copy all of /bin, /sbin and /lib if you
can. Finally, I knew I would need access
to the /proc filesystem to power off
the server. I assumed I still would have
access to /proc even if I had overwritten
the root filesystem, but I wasn’t 100%
certain, so just to be safe, I became root
(you can’t assume sudo will work later)
and mounted an extra copy of /proc
under /dev/shm as the root user:

It turns out I ultimately didn’t need any of these precautions, but it doesn’t hurt to be prepared.

It’s Clobbering Time

Now is the point of no return. Just to be safe, I changed to the /dev/shm directory so my current working directory would be on a ramdisk. Then, I unmounted any unnecessary mountpoints (like /home) and ran the shred command below on every nonroot drive on the system. In my case, I used software RAID, so I also took the extra step of hot-removing all but one drive from any RAID array and shredded them separately. Finally, I was left with just my root filesystem stored on /dev/sda, so I took a deep breath and typed the following command: