I am new to real system administration but have been running Linux servers at my home for years. I haven't cared too much about security because the few servers I maintained at work have always been on the intranet and all of the information stored on the servers was accessible by all employees anyway, so this is my first foray into truly securing a system.
I know quite a bit (or can find it on the Internet) about locking down a system for production use, but I can't seem to find a whole lot of documentation about securely deleting a file on a Linux machine that is using a journaled file system.
From what I have read, due to the journalling process, even using tools such as srm
or shred
leave you vulnerable to data recovery.
So, what is the best method you have found to securely delete files on Linux? Does using LVM make any differences?
Thanks very much!
Edit 1: To add a bit of clarification, the server I want to secure will contain other users' data, so whilst I can delete (or shred) the files, I can't do so with the entire partition as it will contain data still important to other users. I'm not worried about securing the drive when it's time is up; I can stick it in front of a huge magnent and toss it in a volcano if I need to, I'm worried about securing it from remote access. The physical site is fairly secure, although encrypting the drive may still be a good idea.
Edit 2: Edited title to be more descriptive of exactly the problem I am facing.
Best Answer
If you're using ext3, it's quite possible that only the metadata is journaled, this is the default behaviour of ext3. If you check the manual page for shred:
And then, you check your /proc/mounts to see what the mount-flags for your mounted filesystems are.
An example:
On both my /stash and / filesystems, shred should do an adequate job of securely deleting data.