You are not logged in.
- Topics: Active | Unanswered
#1 2014-11-27 18:06:28
- macaco
- Member
- From: Graz, Austria
- Registered: 2009-03-22
- Posts: 101
Clean HD from once unencrypted files while maintaining OS
I don't know whether this is the right place to post my question...
I have a working Arch running on my laptop and just recently encrypted my /home with ecryptfs. As my /home was unencypted before I would like to remove every trace of the once unencrypted files from my HD. As I invested a lot of time in configuring my beautiful Arch I would like to do so without loosing my system.
I see 2 theoretical possibilities (and don't know how to execute none of them):
1) Make a snapshot of my entire system on an external HD (how do I do that, with a root and a swap partition?), boot my laptop with a live system and do "dd if=/dev/null of /dev/sda bs=4k", and then move the snapshot back to the HD (how do I that). Than do "dd if=/dev/null of /dev/sdb bs=4k" for external HD.
2) Is there any programm which can overwrite the unused space of the HD with zeros or random digits?
I am happy for any further suggestion, links to a HowTo's and the likes.
macaco
Offline
#2 2014-11-27 18:25:12
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,600
- Website
Re: Clean HD from once unencrypted files while maintaining OS
Back up /home somewhere, nuke the partition from orbit as linked on the luks wiki page and fill with zeros. Setup encryption again and restore the backup.
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
#3 2014-11-28 12:10:28
- macaco
- Member
- From: Graz, Austria
- Registered: 2009-03-22
- Posts: 101
Re: Clean HD from once unencrypted files while maintaining OS
Problem is: I have just 2 partition on my laptop. One is / including my /home and the other is SWAP. So I don't want to nuke my partition as hours of Arch configuration would be lost.
Offline
#4 2014-11-28 12:11:55
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,600
- Website
Re: Clean HD from once unencrypted files while maintaining OS
So just apply the advice to / rather than to /home ... you're doing this from a live cd/usb so it really doesn't matter ("nuke from orbit" was a glib implication.)
Last edited by graysky (2014-11-28 14:45:29)
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
#5 2014-11-28 13:40:57
- tomk
- Forum Fellow
- From: Ireland
- Registered: 2004-07-21
- Posts: 9,839
Re: Clean HD from once unencrypted files while maintaining OS
Problem is: I have just 2 partition on my laptop. One is / including my /home and the other is SWAP. So I don't want to nuke my partition as hours of Arch configuration would be lost.
How would anything be lost? Did you miss the bit where he said "back up... and restore"?
Offline
#6 2014-11-28 16:48:10
- frostschutz
- Member
- Registered: 2013-11-15
- Posts: 1,420
Re: Clean HD from once unencrypted files while maintaining OS
You can just overwrite all free space in the filesystem.
truncate -s 1T foobar
shred -n 1 foobar
sync
rm foobarThat writes up to 1TB of random data, pick a larger size in truncate if you have more space than that. The shred should fail with out of space error. (Note that other programs may fail also, so you should have nothing else running while you shred the free space).
Provided that all unwanted files were already deleted, there should be little to no trace left afterwards. (Although it's possible; e.g. a root reserve won't actually let you fill the free space entirely, unless you're running shred as root).
Last edited by frostschutz (2014-11-28 16:50:22)
Offline
#7 2014-11-28 20:17:40
- macaco
- Member
- From: Graz, Austria
- Registered: 2009-03-22
- Posts: 101
Re: Clean HD from once unencrypted files while maintaining OS
macaco wrote:Problem is: I have just 2 partition on my laptop. One is / including my /home and the other is SWAP. So I don't want to nuke my partition as hours of Arch configuration would be lost.
How would anything be lost? Did you miss the bit where he said "back up... and restore"?
Well, how do I backup an entire system? I know how to backup my home. What I need to know in which way I move my system to the HD and than back to the computer, that it just works?
Is a normal "rsync -av / /run/media/user/HD/backup" (or the mount file when in live system) and later "rsync -av /run/media/user/HD/backup /" enough? Just reboot and the system works again? Or should I do it rather with dd? That's what puzzles me.
Offline
#8 2014-11-28 20:28:51
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,600
- Website
Re: Clean HD from once unencrypted files while maintaining OS
I do mine with tar from a live environment. Using rysnc should be fine as well.
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
#9 2014-11-28 20:32:11
- macaco
- Member
- From: Graz, Austria
- Registered: 2009-03-22
- Posts: 101
Re: Clean HD from once unencrypted files while maintaining OS
Last questions before starting: This will preserve my symlinks, hardlinks, atime, ctime and so on?
Last edited by macaco (2014-11-28 20:36:07)
Offline
#10 2014-11-28 20:38:26
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,600
- Website
Re: Clean HD from once unencrypted files while maintaining OS
Using a simple `cd /mnt/oldsystem && tar cf /mnt/backup/system.tar ./` works for me for everything except the permissions on /usr/bin/ping which is easily solved by reinstalling that package. See rsync man page if you wanna go that route.
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline