Securely deleting (shredding) files on CentOS 4.0

There are several solutions available to securely erase a hard disk drive, but I haven’t found all that many tools to securely erase individual files. While reading through the coreutils documentation, I came across a reference to the shred utility. Shred allows you to securely erase files, and has several options to control the secure erase process:

$ shred –help

Usage: shred [OPTIONS] FILE [...]
Overwrite the specified FILE(s) repeatedly, in order to make it harder
for even very expensive hardware probing to recover the data.

Mandatory arguments to long options are mandatory for short options too.
  -f, --force    change permissions to allow writing if necessary
  -n, --iterations=N  Overwrite N times instead of the default (25)
  -s, --size=N   shred this many bytes (suffixes like K, M, G accepted)
  -u, --remove   truncate and remove file after overwriting
  -v, --verbose  show progress
  -x, --exact    do not round file sizes up to the next full block;
                   this is the default for non-regular files
  -z, --zero     add a final overwrite with zeros to hide shredding
  -              shred standard output
      --help     display this help and exit
      --version  output version information and exit

To securely erase the file named foo by writing garbage to the file 10 times, we can run shred with the “-n” (number of interations) option and the file to erase:

$ shred -v -n 10 foo

shred: foo: pass 1/10 (random)...
shred: foo: pass 2/10 (000000)...
shred: foo: pass 3/10 (ffffff)...
shred: foo: pass 4/10 (b6db6d)...
shred: foo: pass 5/10 (555555)...
shred: foo: pass 6/10 (random)...
shred: foo: pass 7/10 (aaaaaa)...
shred: foo: pass 8/10 (492492)...
shred: foo: pass 9/10 (924924)...
shred: foo: pass 10/10 (random)...

The shred utility doesn’t work reliably on log structured and journaled file systems, as noted in the help screen:

CAUTION: Note that shred relies on a very important assumption:
that the filesystem overwrites data in place.  This is the traditional
way to do things, but many modern filesystem designs do not satisfy this
assumption.  The following are examples of filesystems on which shred is
not effective:

* log-structured or journaled filesystems, such as those supplied with
  AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)

* filesystems that write redundant data and carry on even if some writes
  fail, such as RAID-based filesystems

* filesystems that make snapshots, such as Network Appliance's NFS server

* filesystems that cache in temporary locations, such as NFS
  version 3 clients

* compressed filesystems

In addition, file system backups and remote mirrors may contain copies
of the file that cannot be removed, and that will allow a shredded file
to be recovered later.

That said, this is still a nifty utility, and can be useful in some situations.

Disabling access time (atime) updates on ZFS file systems

When running web servers, it is extremely common for website administrators to disable access time updates on file systems that contain content. This alleviates the need for the kernel to update the access time of a file each time it is requested, and less work in the kernel means more cycles are available for serving content.

Prior to the introduction of the Solaris ZFS file system, you could disable access time updates by adding the noatime mount option to the desired entry in /etc/vfstab. Since ZFS stores the file system attributes with the file system, this allows the attributes (e.g., compress content, checksum content, disable atime updates, etc.) to move with the file system. To view the attributes of a ZFS file system, you can run the zfs utility with the “get” option and the file system to retrieve attributes from:

$ zfs get all home/apps

NAME             PROPERTY       VALUE                      SOURCE
home/apps        type           filesystem                 -
home/apps        creation       Sat Jul  8 23:14 2006      -
home/apps        used           170M                       -
home/apps        available      54.9G                      -
home/apps        referenced     170M                       -
home/apps        compressratio  1.00x                      -
home/apps        mounted        yes                        -
home/apps        quota          none                       default
home/apps        reservation    none                       default
home/apps        recordsize     128K                       default
home/apps        mountpoint     /home/apps                 default
home/apps        sharenfs       off                        default
home/apps        checksum       on                         default
home/apps        compression    off                        default
home/apps        atime          on                         default
home/apps        devices        on                         default
home/apps        exec           on                         default
home/apps        readonly       off                        default
home/apps        zoned          off                        default
home/apps        snapdir        hidden                     default
home/apps        aclmode        groupmask                  default
home/apps        aclinherit     secure                     default

As you can see from the output above, there are numerous attributes available. The attribute to control access time updates is “atime,” and it can be switched off with the zfs “set” option:

$ zfs set atime=off home/apps

Once a file system attribute is modified, the change will immediately take effect, no mounting or unmounting required:

$ zfs get all home/apps

NAME             PROPERTY       VALUE                      SOURCE
home/apps        type           filesystem                 -
home/apps        creation       Sat Jul  8 23:14 2006      -
home/apps        used           170M                       -
home/apps        available      54.9G                      -
home/apps        referenced     170M                       -
home/apps        compressratio  1.00x                      -
home/apps        mounted        yes                        -
home/apps        quota          none                       default
home/apps        reservation    none                       default
home/apps        recordsize     128K                       default
home/apps        mountpoint     /home/apps                 default
home/apps        sharenfs       off                        default
home/apps        checksum       on                         default
home/apps        compression    off                        default
home/apps        atime          off                        local
home/apps        devices        on                         default
home/apps        exec           on                         default
home/apps        setuid         on                         default
home/apps        readonly       off                        default
home/apps        zoned          off                        default
home/apps        snapdir        hidden                     default
home/apps        aclmode        groupmask                  default
home/apps        aclinherit     secure                     default

I have only worked with ZFS for two months, and am impressed with that I see so far. Once ZFS has better methods to detect disk failures, the ability to remove devices and expand RAIDZ sets, support for “/,” and the known performance issues are addressed, it will be the final word in Solaris file systems.

PHP security links

While reading up on PHP security, I came across several links that I thought I would pass on:

Security Focus article on securing PHP installations:
http://www.securityfocus.com/infocus/1706

Article on PHP attack vectors and defenses:
http://www.securereality.com.au/studyinscarlet.txt

Bugtraq discussion on PHP security:
http://www.securityfocus.com/archive/1/438417/30/0/threaded

First thoughts of CentOS 4.0

I was recently introduced to CentOS 4.0, which is a Linux distribution built from the source RPMs that comprise Redhat Advanced Server. I am currently running several production services on CentOS 4.0, and am extremely happy with the features it brings to the table. Here are several reasons you might be interested in using CentOS:

1. CentOS 4.0 is free, and has the look and feel of Redhat Advanced Server. If you are used to managing servers running one of the Redhat derivatives, you will feel right at home.

2. CentOS 4.0 uses yum as the default package manager!

3. CentOS mirrors the upstream RPMS provided by Redhat, and offers several additional repositories ( e.g., extras, addons, contribs, centosplus, etc.) to extend the base CentOS installation.

4. The CentOS team will provide security updates for CentOS 4.0 until February 29, 2012.

5. CentOS is supposed (I haven’t tested this yet) to be binary compatible with Redhat Advanced Server. This can lower costs for companies that don’t need true parity between production, QE, test and development servers.

6. Redhat Advanced Server is widely deployed, and there are dozens of places to get free support for it. Since CentOS is identical to Redhat Advanced Server, you can use the Redhat support forums to find answers to your questions.

7. Redhat Advanced Server is running some large websites, and you can be assured that corporate customers are leveraging their support contracts to get problems fixed. These fixes turn up in CentOS 4.0, so you benefit for free.

8. You can use Redhat Global File System 6.1 and Cluster Suite 4.0 with CentOS 4.0.

If you are looking for a commercially supported Linux distribution, CentOS is probably not for you. But if you want to use a distribution that is super reliable and community supported, it might be the right distribution for you.

Viewing package groupings with yum

The Redhat, Fedora and CentOS installer (anaconda) provides a series of graphical or text-based screens to step users through the OS installation process. One of the screens allows the user to pick one or more package groups to install, and optionally allows individual packages to be added and removed. I periodically forget to add groups when I perform interactive installs. Luckily yum understands package groupings, and contains options to update, query, install and remove groups of packages. To view all of the package groupings on a system, yum can be invoked with the “grouplist: option:

$ yum grouplist

Setting up Group Process
Setting up repositories
Installed Groups:
   Administration Tools
   Compatibility Arch Support
   DNS Name Server
   FTP Server
   Mail Server
   MySQL Database
   PostgreSQL Database
   Server Configuration Tools
   Web Server
   Windows File Server
Available Groups:
   AptRPM
   Authoring and Publishing
   Compatibility Arch Development Support
   Development Tools
   Editors
   Engineering and Scientific
   GNOME Desktop Environment
   GNOME Software Development
   Games and Entertainment
   Graphical Internet
   Graphics
   Horde-Apps
   KDE (K Desktop Environment)
   KDE Software Development
   Legacy Network Server
   Legacy Software Development
   Network Servers
   News Server
   Office/Productivity
   Printing Support
   Sound and Video
   System Tools
   Text-based Internet
   X Software Development
   X Window System
   XFCE-4.2
   drbd-heartbeat
Done

If you want to view the dependencies and individual packages that make up a specific group, the group name can be passed to the “groupinfo” option:

$ yum groupinfo Graphics

Setting up Group Process
Setting up repositories

Group: Graphics
 Required Groups:
   Base
   X Window System
 Default Packages:
   xsane-gimp
   ImageMagick
   netpbm-progs
   dia
   gimp-gap
   sane-frontends
   gimp-print-plugin
   gimp-help
   xsane
   gimp-data-extras
   gimp
 Optional Packages
   xfig
   kdegraphics

Yum also has the “groupinstall,” “groupremove” and “groupupdate”options to add, remove and update groups of packages. I digs me some yum.

Verifying DNS and Mail server configurations

If you run DNS and SMTP servers, you probably know how important it is to validate the configurations used by your SMTP relays and DNS servers. Broken configurations can lead to clients not being able to find your website, open mail relays, unroutable mail, and your domain being blackholed by the Internet. Luckily there are three awesome services that can be used to sanity check the DNS and SMTP servers for a domain. The first service is the Mail abuse website, which checks to see if your mail server is acting as an open relay:

Mail abuse website

The second service is DNS report, which validates the DNS server configuration for a specific domain:

DNS server report

The last service is the open SPF website, which allows you to generate SPF (Sender Policy Framework) TXT records for a domain:

OpenSPF website

I use all three services, and can’t begin to describe how useful they are.