Skip to main content

Securely Deleting Encrypted Data on Linux

Hands-On Lab

 

Photo of David  Thomas

David Thomas

Database Training Architect II

Length

00:15:00

Difficulty

Intermediate

In this scenario you are the Systems Administrator for a healthcare company. Your manager has tasked you with logging into the fileserver running CentOS Linux 7.7 and securely deleting some sensitive patient data, ensuring that it cannot be easily recovered. No other files should be altered.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Securely Deleting Encrypted Data on Linux

Introduction

We are the Systems Administrators for a healthcare company. Our manager has tasked us with ensuring that some sensitive patient data is securely deleted, so that it cannot be easily recovered. No other files should be altered.

This patient data exists in /mnt/patient.1. To ensure it is securely deleted, perform the following steps:

  1. Confirm the current patient file is readable.
  2. Fill any free space on the volume to eliminate any file remnants.
  3. Overwrite patient file with random data.
  4. Confirm file was overwritten and remove.
  5. Restore free space.

Logging In

Use the credentials provided on the hands-on lab overview page, and log in as cloud_user.

Confirm File Is Readable

Confirm the size and permissions of the file:

[cloud_user@$host]$ ls -l /mnt/patient.1

Show the contents of the file:

[cloud_user@$host]$ cat /mnt/patient.1

Fill Free Space

We'll use dd here to fill up the free space on the partition. Be sure to double check the path, as this command does no error checking and will overwrite data:

[cloud_user@$host]$ sudo dd if=/dev/urandom of=/mnt/junk status=progress; sync

We can check our work afterward with:

[cloud_user@$host]$ df -h

That will show that /mnt is 100% used.

Overwrite File

The shred command is the simplest method. Specifying -x ensures that the filesize remains unchanged:

[cloud_user@$host]$ sudo shred -x /mnt/patient.1

If the shred command is not available, we can use the following dd command:

[cloud_user@$host]$ sudo dd if=/dev/urandom of=/mnt/patient.1 bs=45 count=1 iflag=fullblock status=progress

Confirm File Was Overwritten and Remove

Show the file's contents:

[cloud_user@$host]$ cat /mnt/patient.1

Once we've confirmed that it contains random data, we can remove it:

[cloud_user@$host]$ sudo rm /mnt/patient.1

Restore Free Space

Now we can remove the junk file:

[cloud_user@$host]$ sudo rm /mnt/junk

Conclusion

We've accomplished the task set before us. The patient.1 file that contained sensitive data is now deleted. Congratulations!