135 lines
3.3 KiB
Groff
135 lines
3.3 KiB
Groff
.\" This definition swiped from the gcc(1) man page
|
|
.de Sp
|
|
.if n .sp
|
|
.if t .sp 0.4
|
|
..
|
|
.TH SFILL 1
|
|
|
|
.SH NAME
|
|
sfill \- secure free disk and inode space wiper (secure_deletion toolkit)
|
|
|
|
.SH SYNOPSIS
|
|
.B sfill [-f] [-i] [-I] [-l] [-l] [-v] [-z] directory/mountpoint
|
|
|
|
.SH DESCRIPTION
|
|
.I sfill
|
|
is designed to delete data which lies on available diskspace on mediums
|
|
in a secure manner which can not be recovered by thiefs, law enforcement
|
|
or other threats.
|
|
The wipe algorythm is based on the paper "Secure Deletion of Data from
|
|
Magnetic and Solid-State Memory" presented at the 6th Usenix Security
|
|
Symposium by Peter Gutmann, one of the leading civilian cryptographers.
|
|
.PP
|
|
The
|
|
.I secure data deletion
|
|
process of sfill goes like this:
|
|
.PP
|
|
.TP
|
|
.B *
|
|
1 pass with 0xff
|
|
.TP
|
|
.B *
|
|
5 random passes. /dev/urandom is used for a secure RNG if available.
|
|
.TP
|
|
.B *
|
|
27 passes with special values defined by Peter Gutmann.
|
|
.TP
|
|
.B *
|
|
5 random passes. /dev/urandom is used for a secure RNG if available.
|
|
.PP
|
|
afterwards as many temporary files as possible are generated to wipe the
|
|
free inode space. After no more temporary files can be created, they are
|
|
removed and sfill is finnished.
|
|
.PP
|
|
|
|
.SH COMMANDLINE OPTIONS
|
|
.PP
|
|
.TP
|
|
.B \-f
|
|
fast (and insecure mode): no /dev/urandom, no synchronize mode.
|
|
.TP
|
|
.B \-i
|
|
wipe only free inode space, not free disk space
|
|
.TP
|
|
.B \-I
|
|
wipe only free disk space, not free inode space
|
|
.TP
|
|
.B \-l
|
|
lessens the security. Only two passes are written: one mode with 0xff
|
|
and a final mode with random values.
|
|
.TP
|
|
.B \-l
|
|
-l for a second time lessons the security even more: only one random pass
|
|
is written.
|
|
.TP
|
|
.B \-v
|
|
verbose mode
|
|
.TP
|
|
.B \-z
|
|
wipes the last write with zeros instead of random data
|
|
.PP
|
|
.PP
|
|
.B directory/mountpoint
|
|
this is the location of the file created in your filesystem. It should
|
|
lie on the partition you want to write.
|
|
.PP
|
|
|
|
.SH LIMITATIONS
|
|
.TP
|
|
.B FILESYSTEM INTELLIGENCE
|
|
Most filesystems (ext2, ffs, etc.) have several features included to enhance
|
|
performance, which will result in that sfill might not receive all available
|
|
free space. Sad but true. Nothing can be done about that ...
|
|
.TP
|
|
.B NFS
|
|
Beware of NFS. You can't ensure you really completely wiped your data
|
|
from the remote disks. (especially because of caching)
|
|
.TP
|
|
.B Raid
|
|
Raid Systems use stripped disks and have got large caches. It's hard to wipe
|
|
them.
|
|
.TP
|
|
.B swap
|
|
Some of your data might have a copy in your swapspace.
|
|
.I sswap
|
|
is available for this task.
|
|
|
|
.PP
|
|
.SH BUGS
|
|
No bugs. There was never a bug in the secure_deletion package (in contrast
|
|
to my other tools, whew, good luck ;-)
|
|
Send me any that you find. Patches are nice too :)
|
|
|
|
.SH AUTHOR
|
|
.Sp
|
|
van Hauser / THC
|
|
.I <vh@thc.org>
|
|
|
|
.SH DISTRIBUTION
|
|
The newest version of the
|
|
.I secure_deletion package
|
|
can be obtained from
|
|
.I http://www.thc.org
|
|
.Sp
|
|
.I sfill
|
|
and the
|
|
.I secure_deletion package
|
|
is (C) 1997-2003 by van Hauser / THC (vh@thc.org)
|
|
.Sp
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; Version 2.
|
|
.Sp
|
|
This program is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
General Public License for more details.
|
|
|
|
.SH SEE ALSO
|
|
.I srm
|
|
(1),
|
|
.I sswap
|
|
(1),
|
|
.I smem
|
|
(1)
|