Date: Sat, 26 Jun 1999 06:45:12 +1000 From: Greg Black <gjb-freebsd@gba.oz.au> To: "Crist J. Clark" <cjclark@home.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Secure Deletion Message-ID: <19990625204513.4139.qmail@alice.gba.oz.au> In-Reply-To: <199906250212.WAA07810@cc942873-a.ewndsr1.nj.home.com> of Thu, 24 Jun 1999 22:12:34 -0400 References: <199906250212.WAA07810@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Problem: A file came onto a FreeBSD system. All traces of this file
> will (probably) need to be destroyed. The error was on someone else's
> part, so we did not find out until this file had
> propagated. There is presently an existing file that needs to be
> destroyed. In addition, there are existing files that had this
> information in them, but have since had the 'offending' part
> removed...
The solution depends on your levels of paranoia. The real
solution involves:
1. delete any offending files, or edit the offending data
out of them
2. dump the filesystems
3. remove the disks and grind them into dust
4. install new disks
5. restore your dumps
6. find all backups made while the data was on the disks
and destroy the backup media
If items 3 and 4 are too extreme for your case, replace them
with:
3. newfs the disks and fill them with 0x55 bytes
4. repeat step 3, using 0xAA then repeat step 3
--
Greg Black -- <gjb@acm.org> or <gjb@computer.org>
Fight censorship in Australia: <http://www.efa.org.au>;
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990625204513.4139.qmail>