I have remote ssh access and root access. I do not have physical access. I'm not looking for solutions involving booting into anything, I want to do this from what is currently running.
OS is SL6. Is there a way to load everything needed into RAM, and use dd or similar to securely wipe the entire disk? Obviously this will result in a non-functioning box in the end, my intended result.
It seems like this should be possible.
Two more interesting additions:
Be able to ssh in, run screen, run the dd command and detach. Log in a week later once it has finished. :)
Somehow have a progress bar?
Update: I am now going with the chroot option. Currently doing:
mkdir /dev/shm/ramdisk/ && cd ramdisk && mkdir bin lib64 && cd /lib64 && cp ld-linux-x86-64.so.2 libc.so.6 libdl.so.2 libpthread.so.0 librt.so.1 libtinfo.so.5 /dev/shm/ramdisk/lib64 && cd /bin && cp bash dd /dev/shm/ramdisk/bin && cd /dev/shm/ramdisk && chroot .
Which works(!) but I still need /dev/zero and /dev/sda. Any ideas there?
Update 2012-07-20:
mkdir /dev/shm/ramdisk/ && cd /dev/shm/ramdisk && mkdir bin lib64 && cd /lib64 && cp ld-linux-x86-64.so.2 libc.so.6 libdl.so.2 libpthread.so.0 librt.so.1 libtinfo.so.5 /dev/shm/ramdisk/lib64 && cd /bin && cp bash dd /dev/shm/ramdisk/bin && mkdir /dev/shm/ramdisk/dev && cd /dev/shm/ramdisk/dev && cp -a /dev/zero . && cp -a /dev/sda . && cd .. && chroot . dd if=/dev/zero of=/dev/sda bs=1M
Which appears to be doing something, but I would like to have some sort of progress indicator if possible, as well as a way to detach and then establish a new ssh connection later.
Create an image in a ramdisk containing whatever tools you require to nuke the system, then
pivot_rootinto it, run the tool, away you go. Pivoting out of a full system isn't trivial, but it can be done if you know what you're doing.i've done it few times executing
no additional preparations. it worked. system was running fine for days after dd finished [responding to pings, forwarding packets].
Suggestion: use wipe rather than dd - it supports multi-pass secure wiping.
Another suggestion: stop as many services and delete as many packages as possible. Delete every piece of data that you don't need, and all of your old log files and data. Fill as much as possible of the resultant free space with a single file, then run wipe on that file. Don't delete that file. That will take care of wiping most of the disk before you make the system unusable.
The chroot ramdisk idea would then be necessary to get you past any dramas with getting back into the box, but you'll probably want to quiesce the system as much as possible before doing the final wipe, because logging and other daemons that write to disk could mean that real data is written to free data blocks while the wipe is happening, before the filesystem structure is fully corrupted.