Securely wipe an entire Linux server with itself
I have remote ssh access and root access. I do not have physical access. I'm not looking for solutions involving booting into anything, I want to do this from what is currently running.
OS is SL6. Is there a way to load everything needed into RAM, and use dd or similar to securely wipe the entire disk? Obviously this will result in a non-functioning box in the end, my intended result.
It seems like this should be possible.
Two more interesting additions:
Be able to ssh in, run screen, run the dd command and detach. Log in a week later once it has finished. :)
Somehow have a progress bar?
Update: I am now going with the chroot option. Currently doing:
mkdir /dev/shm/ramdisk/ && cd ramdisk && mkdir bin lib64 && cd /lib64 && cp ld-linux-x86-64.so.2 libc.so.6 libdl.so.2 libpthread.so.0 librt.so.1 libtinfo.so.5 /dev/shm/ramdisk/lib64 && cd /bin && cp bash dd /dev/shm/ramdisk/bin && cd /dev/shm/ramdisk && chroot .
Which works(!) but I still need /dev/zero and /dev/sda. Any ideas there?
Update 2012-07-20:
mkdir /dev/shm/ramdisk/ && cd /dev/shm/ramdisk && mkdir bin lib64 && cd /lib64 && cp ld-linux-x86-64.so.2 libc.so.6 libdl.so.2 libpthread.so.0 librt.so.1 libtinfo.so.5 /dev/shm/ramdisk/lib64 && cd /bin && cp bash dd /dev/shm/ramdisk/bin && mkdir /dev/shm/ramdisk/dev && cd /dev/shm/ramdisk/dev && cp -a /dev/zero . && cp -a /dev/sda . && cd .. && chroot . dd if=/dev/zero of=/dev/sda bs=1M
Which appears to be doing something, but I would like to have some sort of progress indicator if possible, as well as a way to detach and then establish a new ssh connection later.
Create an image in a ramdisk containing whatever tools you require to nuke the system, then pivot_root
into it, run the tool, away you go. Pivoting out of a full system isn't trivial, but it can be done if you know what you're doing.
i've done it few times executing
dd if=/dev/zero of=/dev/sda
no additional preparations. it worked. system was running fine for days after dd finished [responding to pings, forwarding packets].