2

I have setup an Ubuntu Server for my university project. Aside from full disk encryption I also intend to use Dafturn Ofris (a Linux deepfreeze) to make file recovery difficult or for any forensics carried out.

Is there a way I could change system settings so that whenever any file is deleted shred is used? I am sure the OS often deletes files during its operations (such as temporary files), which along with the software I am running on my server (which shreds files) should hopefully make a complete mess for any adversaries.

http://linux.about.com/library/cmd/blcmdl1_shred.htm

I am sure this will slow down the server, however if I keep the iteration at 1 pass then hopefully the speed difference should not be too noticeable?

Thank you!

k1308517
  • 121
  • 4
  • Hm I would not know how to do such a thing. But my main question is why you don't trust the encryption. User flamsmark explained in a different post (http://askubuntu.com/a/58420/414815) that already-deleted files cannot easily be securely overwritten. In other words, you would have to make sure, that every script and program, including the OS, deletes files securely using commands like `shred` or `srm`. – Potaito May 31 '16 at 14:38
  • potAito I want the normal delete command to be replaced with shred, if that clarifies? I want it to be impossible to do a normal unsecure delete. – k1308517 May 31 '16 at 14:42
  • 1
    What if you replaced `/bin/rm` with a different program that securely deletes the files? I'm not sure if that would suffice, meaning if there are other ways to delete files which would not be covered. – Potaito May 31 '16 at 14:49
  • @potAito So long as it uses shred instead of rm it's something... I need a definite answer though. – k1308517 May 31 '16 at 14:55
  • You would need to do the same process with unlink. A large majority of system files would be written to /tmp, so you could create a ramdisk to handle that. I suppose at some point adding all of those together with encryption, while not giving you an absolute... I don't know how it would be possible to recover. –  May 31 '16 at 15:06
  • @bc2946088 With a cold boot attack (https://en.wikipedia.org/wiki/Cold_boot_attack) :) You are right, there probably is no guarantee. At least not if physical access to the machine is a possibility. – Potaito May 31 '16 at 17:02
  • @potAito Look I know what a Cold Boot attack is and I have tried all I can to protect against it. Now we should focus on ensuring all files are securely deleted??? – k1308517 Jun 01 '16 at 08:45
  • @k1308517 I was engaging user `bc2946088`, not you. No need to be snippy. – Potaito Jun 01 '16 at 09:47
  • @potAito Sorry! – k1308517 Jun 01 '16 at 11:48

0 Answers0