Difference between revisions of "Dd - Destroyer of Disks"
| Line 1: | Line 1: | ||
[[Category:Engineering]] | [[Category:Engineering]] | ||
| − | + | These notes cover useful things you can do with `dd`. | |
| − | This will destroy all data on a drive using `dd`. The downside is that | + | == Securely erase a drive == |
| + | |||
| + | This will destroy all data on a drive using `dd`. The downside is that this is slow. If you just want to throw out a drive then drill a hole through the case into the platters. | ||
<pre> | <pre> | ||
dd if=/dev/random of=/dev/sda bs=1M | dd if=/dev/random of=/dev/sda bs=1M | ||
</pre> | </pre> | ||
| + | |||
| + | === Tinfoil hat paranoids === | ||
| + | |||
| + | I don't want to hear a lot of whining about how this isn't "really" secure. Supposedly the NSA and space aliens can read erased bits on a drive. Maybe <b>they</b> can, but I doubt that even professional forensic security experts can recover data after it has been overwritten with random bits. If your data is so sensitive that the government has to call the NSA or hire space aliens then you don't need my advice. | ||
| + | |||
| + | === One step disk wipe tool === | ||
| + | |||
| + | This is useful if you want to reuse a lot of drives: [http://dban.sourceforge.net/ Darik's Boot and Nuke] | ||
== Erase MBR == | == Erase MBR == | ||
| Line 16: | Line 26: | ||
</pre> | </pre> | ||
| − | == Image a drive over a network with dd and nc == | + | == Image a drive over a network == |
| + | |||
| + | You can image a drive and have it stored directly on a remote server without touching a local disk. Here are two ways to do this. | ||
| + | |||
| + | === Image a drive over a network with `dd` and `ssh` === | ||
| + | |||
| + | I like this method better because this does it all from a single command on the sending side and the traffic is encrypted: | ||
| + | |||
| + | <pre> | ||
| + | dd if=/dev/sda | gzip -c - | ssh user@example.com "dd of=disk_image.gz" | ||
| + | </pre> | ||
| + | |||
| + | === Image a drive over a network with `dd` and `nc` (netcat) === | ||
| + | |||
| + | This example assumes the receiving machine's IP address is 192.168.1.100. I use port 2222 here, but you can use any port. | ||
| + | |||
| + | Start the receiving side first: | ||
| − | |||
<pre> | <pre> | ||
nc -l -p 2222 > disk_image.gz | nc -l -p 2222 > disk_image.gz | ||
</pre> | </pre> | ||
| − | Then start sending: | + | Then start the sending side: |
| + | |||
<pre> | <pre> | ||
dd bs=1M if=/dev/sda | gzip -c - | nc 192.168.1.100 2222 | dd bs=1M if=/dev/sda | gzip -c - | nc 192.168.1.100 2222 | ||
</pre> | </pre> | ||
| − | == | + | === Notes === |
| + | |||
| + | If you are doing this on a live server you will need to unmount the drive or switch to single user mode (reboot and set single for boot option in GRUB) or you can boot from a live CD. If you boot into single user mode, don't forget to manually start the network. I have not done a lot of testing with copying a mounted disk in single user mode. This is not the ideal way, but it seems to work. It's better if the drive is not mounted. | ||
| + | |||
| + | == Show progress status statistics of `dd` == | ||
| + | |||
| + | Operations with `dd` can take a long time. Unfortunately, there is no command-line option to have `dd` print progress, but you can send the `dd` process a USR1 signal to have it print the progress statistics. For example, say you started `dd` and you know its PID is 15045. Example: | ||
| − | |||
<pre> | <pre> | ||
| − | + | kill -USR1 15045 | |
</pre> | </pre> | ||
| − | + | Here is a fancier example this will update every 10 seconds: | |
| − | + | <pre> | |
| + | dd if=/dev/sda | gzip -c - | ssh user@example.com "dd of=disk_image.gz" & | ||
| + | pid=$! | ||
| + | while ps -p $pid > /dev/null; do kill -USR1 $pid; sleep 10; done | ||
| + | </pre> | ||
Revision as of 14:49, 1 April 2008
These notes cover useful things you can do with `dd`.
Contents
Securely erase a drive
This will destroy all data on a drive using `dd`. The downside is that this is slow. If you just want to throw out a drive then drill a hole through the case into the platters.
dd if=/dev/random of=/dev/sda bs=1M
Tinfoil hat paranoids
I don't want to hear a lot of whining about how this isn't "really" secure. Supposedly the NSA and space aliens can read erased bits on a drive. Maybe they can, but I doubt that even professional forensic security experts can recover data after it has been overwritten with random bits. If your data is so sensitive that the government has to call the NSA or hire space aliens then you don't need my advice.
One step disk wipe tool
This is useful if you want to reuse a lot of drives: Darik's Boot and Nuke
Erase MBR
I had Linux with GRUB installed on a machine. I needed to get rid of it and put Windows on the machine. I used a Ghost recovery disk to restore Windows on it, but Ghost didn't restore the MBR. GRUB was still lurking in the Master Boot Record. On boot GRUB would try to start but would error out. Wiping out the MBR fixed the problem. This will wipe out the MBR of a disk (sda in this example):
dd if=/dev/zero of=/dev/sda bs=512 count=1
Image a drive over a network
You can image a drive and have it stored directly on a remote server without touching a local disk. Here are two ways to do this.
Image a drive over a network with `dd` and `ssh`
I like this method better because this does it all from a single command on the sending side and the traffic is encrypted:
dd if=/dev/sda | gzip -c - | ssh user@example.com "dd of=disk_image.gz"
Image a drive over a network with `dd` and `nc` (netcat)
This example assumes the receiving machine's IP address is 192.168.1.100. I use port 2222 here, but you can use any port.
Start the receiving side first:
nc -l -p 2222 > disk_image.gz
Then start the sending side:
dd bs=1M if=/dev/sda | gzip -c - | nc 192.168.1.100 2222
Notes
If you are doing this on a live server you will need to unmount the drive or switch to single user mode (reboot and set single for boot option in GRUB) or you can boot from a live CD. If you boot into single user mode, don't forget to manually start the network. I have not done a lot of testing with copying a mounted disk in single user mode. This is not the ideal way, but it seems to work. It's better if the drive is not mounted.
Show progress status statistics of `dd`
Operations with `dd` can take a long time. Unfortunately, there is no command-line option to have `dd` print progress, but you can send the `dd` process a USR1 signal to have it print the progress statistics. For example, say you started `dd` and you know its PID is 15045. Example:
kill -USR1 15045
Here is a fancier example this will update every 10 seconds:
dd if=/dev/sda | gzip -c - | ssh user@example.com "dd of=disk_image.gz" & pid=$! while ps -p $pid > /dev/null; do kill -USR1 $pid; sleep 10; done
