2

I have setup an Ubuntu Server for my university project. Aside from full disk encryption I also intend to use Dafturn Ofris (a Linux deepfreeze) to make file recovery difficult or for any forensics carried out.

Is there a way I could change system settings so that whenever any file is deleted shred is used? I am sure the OS often deletes files during its operations (such as temporary files), which along with the software I am running on my server (which shreds files) should hopefully make a complete mess for any adversaries.

http://linux.about.com/library/cmd/blcmdl1_shred.htm

I am sure this will slow down the server, however if I keep the iteration at 1 pass then hopefully the speed difference should not be too noticeable?

Thank you!

k1308517
  • 121
  • Hm I would not know how to do such a thing. But my main question is why you don't trust the encryption. User flamsmark explained in a different post (http://askubuntu.com/a/58420/414815) that already-deleted files cannot easily be securely overwritten. In other words, you would have to make sure, that every script and program, including the OS, deletes files securely using commands like shred or srm. – Potaito May 31 '16 at 14:38
  • potAito I want the normal delete command to be replaced with shred, if that clarifies? I want it to be impossible to do a normal unsecure delete. – k1308517 May 31 '16 at 14:42
  • 1
    What if you replaced /bin/rm with a different program that securely deletes the files? I'm not sure if that would suffice, meaning if there are other ways to delete files which would not be covered. – Potaito May 31 '16 at 14:49
  • @potAito So long as it uses shred instead of rm it's something... I need a definite answer though. – k1308517 May 31 '16 at 14:55
  • You would need to do the same process with unlink. A large majority of system files would be written to /tmp, so you could create a ramdisk to handle that. I suppose at some point adding all of those together with encryption, while not giving you an absolute... I don't know how it would be possible to recover. –  May 31 '16 at 15:06
  • @bc2946088 With a cold boot attack (https://en.wikipedia.org/wiki/Cold_boot_attack) :) You are right, there probably is no guarantee. At least not if physical access to the machine is a possibility. – Potaito May 31 '16 at 17:02
  • @potAito Look I know what a Cold Boot attack is and I have tried all I can to protect against it. Now we should focus on ensuring all files are securely deleted??? – k1308517 Jun 01 '16 at 08:45
  • @k1308517 I was engaging user bc2946088, not you. No need to be snippy. – Potaito Jun 01 '16 at 09:47
  • @potAito Sorry! – k1308517 Jun 01 '16 at 11:48

0 Answers0