HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

Secure Delete for HP-UX?

 
StephanSwap
Occasional Visitor

Secure Delete for HP-UX?

Hey Everyone!
I need some help... I'm running HP-UX v11.11 on PARISC architecture. I am surprised to find that there is not a built in secure delete option with the “rm” command. I need to find a way to write the DoD standard 0xff, 0x00, then 0xff again before deleting the file pointers from the node table. On many Linux flavors “shred” will do this, FreeBSD has a switch “-P” which files are over-written three times, first with the byte pattern 0xff, then 0x00, and then 0xff again, before they are deleted. Even my OpenVMS systems have a “delete /remove” which will do this.

I’m *hoping* that there is a software package supported by HP that can be installed on this version and platform. Found a couple open source packages called, 1) Wipe, & 2) SRM but really don’t want to play with open source for something like this…

If anyone has any ideas or suggestions *please* send’em along I’ll appreciate any input:)
Thanks!
Stephan
11 REPLIES

Re: Secure Delete for HP-UX?

Disk Scrub was just announced today for HP-UX 11i v3 Update 4:
http://www.hp.com/hpinfo/newsroom/press/2009/090417a.html

Unfortunately the details URL isn't working now:
http://www.hp.com/go/hpux11inow

Re: Secure Delete for HP-UX?

Hmm, now it's working. More details:
http://docs.hp.com/en/5992-5804/ch09s05.html
OldSchool
Honored Contributor

Re: Secure Delete for HP-UX?

The problem is you want to do "file-based" overwites...

Most utilities available do entire disks. That appears to be what disk-scrub does.

Also, you should note the exceptions listed in the "shred" command documents. It relies on the filesystem overwriting files "in-place" and enumerates several that don't meet that criteria, incl Reiser, JFS, NFS mounts and so on....

At present, I don't know any package that will reliably do this in *nix
smatador
Honored Contributor

Re: Secure Delete for HP-UX?

Hi,

Disk scrubbing is a new features with 11.31 update 4, but you have 11.11 and as I read you don't want to scrub a disk.
In the past, I have made some search about this features on hpux, me too I do not need to erase a full disk ;)
So for me Shred does not exist on hpux.

Perhaps, it's a good idea the forum to ask HP for such command/features for the next releases.

StephanSwap
Occasional Visitor

Re: Secure Delete for HP-UX?

OldSchool/($k00l) :-} You nailed it - thanks for responses everyone. Still a bit surprising that there isn't a "file based" overwrite. I've explained to management that even though if someone were to gain access to our file systems, and could stop writes and start looking at the pointer tables to piece blocks back together is not an easy task. It's not like utilities for Windows NTFS or FAT32 that you simply buy some $80 software and click next, next, done and it 'finds' data that can be recovered. In U*nix land it's just harder even with pre-built binaries or scripts that are out there.

For other folks reading this, please don't hesitate to reply with ideas or solutions. I would like to keep this thread open for a week or so just in case there is something.

Thanks again everyone, this is great -
Stephan

OldSchool
Honored Contributor

Re: Secure Delete for HP-UX?

smatador said "So for me Shred does not exist on hpux. Perhaps, it's a good idea the forum to ask HP for such command/features for the next releases."

Well, maybe....but

It appears to be part of the GNU CoreUtils, and source should be somewhere, and

as I noted earlier:

"It relies on the filesystem overwriting files "in-place" and enumerates several that don't meet that criteria, incl Reiser, JFS, NFS mounts and so on...."

I read the limitations as being that in the worst case, the original file could reside (unlinked) on disk, while the new* "shred"ed file was also on the disk, unlinked.


The underlying filesystem would determine whether or not this would work successfully. They'd almost have to require that specific types of filesystems be used to implement this....and possible legal ramifications if they claimed a "secure delete" and it didn't (no matter *why* it didn't).

There are hardware encryption devices that sit between the drive(s) and the disk controller that will encrypt / decrypt everything on the disk "on-the-fly", but again, this wouldn't protect against someone who has access to the system, but should handle a case of the drive having been removed. But, again, that's not what the OP was looking for.

Note: SRM is supposed to be runnable on POSIX compliant systems, so it might be a relatively straightforward download / build project
Steven E. Protter
Exalted Contributor

Re: Secure Delete for HP-UX?

Shalom,

Just a note but CDE has a trash can for deletes as well. Probably not DoD standard.

There are plugins to meet this standard. I recall one of my original HP-UX instructors mentioning this as he regailed us with stories of working in nuclear hardened bunkers and such in the middle of nowhere.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
StephanSwap
Occasional Visitor

Re: Secure Delete for HP-UX?

Haha Nice - Nothing like some nuclear stories...

You know what guys, we actually pay for support on these systems, I'm going to open a case with HP Software Support regarding my original question. Even though it's not a `problem call` perse, HP tech support is usually willing to help no matter. I'll post a reply with what they say.

TNX,
Stephan
James R. Ferguson
Acclaimed Contributor

Re: Secure Delete for HP-UX?

Hi Stephan:

While not available for 11.11, there is EVFS (Encrypted Volume and File System). As OldSchool spoke, these are virtual "middle" devices that live between the LVM or VXVM layer and the filesystem. EVFS encrypts and decrypts data written to and read from EVFS volumes. The profuct prevents anyone from reading the physical media without the appropriate authorization.

This might be a suitable solution for you moving forward. It *is* available on 11iv2 and of course, 11iv3.

http://docs.hp.com/en/5992-4678/index.html

Regards!

...JRF...
OldSchool
Honored Contributor

Re: Secure Delete for HP-UX?

JRF: "..these are virtual "middle" devices.."

I've also heard of 3rd party hardware devices that do this as well. They are along the lines of the Decru DataFort (I believe). Never seen / used such, so I won't swear to it or vouch for them..

If you think "srm" will work for you, I'd go for it, but it does have limitations....
Court Campbell
Honored Contributor

Re: Secure Delete for HP-UX?

I use wipe on HPUX. I have never had any issues with it.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"