HPE Community
Operating System - HP-UX
1829312 Members
2608 Online
109989 Solutions
New Discussion

Secure Delete for HP-UX?

 
StephanSwap
New Member

‎04-17-2009 10:51 PM

‎04-17-2009 10:51 PM

Secure Delete for HP-UX?

Hey Everyone!
I need some help... I'm running HP-UX v11.11 on PARISC architecture. I am surprised to find that there is not a built in secure delete option with the “rm” command. I need to find a way to write the DoD standard 0xff, 0x00, then 0xff again before deleting the file pointers from the node table. On many Linux flavors “shred” will do this, FreeBSD has a switch “-P” which files are over-written three times, first with the byte pattern 0xff, then 0x00, and then 0xff again, before they are deleted. Even my OpenVMS systems have a “delete /remove” which will do this.

I’m *hoping* that there is a software package supported by HP that can be installed on this version and platform. Found a couple open source packages called, 1) Wipe, & 2) SRM but really don’t want to play with open source for something like this…

If anyone has any ideas or suggestions *please* send’em along I’ll appreciate any input:)
Thanks!
Stephan
0 Kudos
Reply
11 REPLIES 11
Dennis Handly
Acclaimed Contributor

‎04-18-2009 12:52 AM

‎04-18-2009 12:52 AM

Re: Secure Delete for HP-UX?

Disk Scrub was just announced today for HP-UX 11i v3 Update 4:
http://www.hp.com/hpinfo/newsroom/press/2009/090417a.html

Unfortunately the details URL isn't working now:
http://www.hp.com/go/hpux11inow
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎04-18-2009 12:54 AM

‎04-18-2009 12:54 AM

Re: Secure Delete for HP-UX?

Hmm, now it's working. More details:
http://docs.hp.com/en/5992-5804/ch09s05.html
0 Kudos
Reply
OldSchool
Honored Contributor

‎04-18-2009 08:29 AM

‎04-18-2009 08:29 AM

Re: Secure Delete for HP-UX?

The problem is you want to do "file-based" overwites...

Most utilities available do entire disks. That appears to be what disk-scrub does.

Also, you should note the exceptions listed in the "shred" command documents. It relies on the filesystem overwriting files "in-place" and enumerates several that don't meet that criteria, incl Reiser, JFS, NFS mounts and so on....

At present, I don't know any package that will reliably do this in *nix
0 Kudos
Reply
smatador
Honored Contributor

‎04-18-2009 09:06 AM

‎04-18-2009 09:06 AM

Re: Secure Delete for HP-UX?

Hi,

Disk scrubbing is a new features with 11.31 update 4, but you have 11.11 and as I read you don't want to scrub a disk.
In the past, I have made some search about this features on hpux, me too I do not need to erase a full disk ;)
So for me Shred does not exist on hpux.

Perhaps, it's a good idea the forum to ask HP for such command/features for the next releases.

0 Kudos
Reply
StephanSwap
New Member

‎04-18-2009 10:24 AM

‎04-18-2009 10:24 AM

Re: Secure Delete for HP-UX?

OldSchool/($k00l) :-} You nailed it - thanks for responses everyone. Still a bit surprising that there isn't a "file based" overwrite. I've explained to management that even though if someone were to gain access to our file systems, and could stop writes and start looking at the pointer tables to piece blocks back together is not an easy task. It's not like utilities for Windows NTFS or FAT32 that you simply buy some $80 software and click next, next, done and it 'finds' data that can be recovered. In U*nix land it's just harder even with pre-built binaries or scripts that are out there.

For other folks reading this, please don't hesitate to reply with ideas or solutions. I would like to keep this thread open for a week or so just in case there is something.

Thanks again everyone, this is great -
Stephan

0 Kudos
Reply
OldSchool
Honored Contributor

‎04-19-2009 09:35 AM

‎04-19-2009 09:35 AM

Re: Secure Delete for HP-UX?

smatador said "So for me Shred does not exist on hpux. Perhaps, it's a good idea the forum to ask HP for such command/features for the next releases."

Well, maybe....but

It appears to be part of the GNU CoreUtils, and source should be somewhere, and

as I noted earlier:

"It relies on the filesystem overwriting files "in-place" and enumerates several that don't meet that criteria, incl Reiser, JFS, NFS mounts and so on...."

I read the limitations as being that in the worst case, the original file could reside (unlinked) on disk, while the new* "shred"ed file was also on the disk, unlinked.


The underlying filesystem would determine whether or not this would work successfully. They'd almost have to require that specific types of filesystems be used to implement this....and possible legal ramifications if they claimed a "secure delete" and it didn't (no matter *why* it didn't).

There are hardware encryption devices that sit between the drive(s) and the disk controller that will encrypt / decrypt everything on the disk "on-the-fly", but again, this wouldn't protect against someone who has access to the system, but should handle a case of the drive having been removed. But, again, that's not what the OP was looking for.

Note: SRM is supposed to be runnable on POSIX compliant systems, so it might be a relatively straightforward download / build project
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎04-19-2009 08:15 PM

‎04-19-2009 08:15 PM

Re: Secure Delete for HP-UX?

Shalom,

Just a note but CDE has a trash can for deletes as well. Probably not DoD standard.

There are plugins to meet this standard. I recall one of my original HP-UX instructors mentioning this as he regailed us with stories of working in nuclear hardened bunkers and such in the middle of nowhere.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
StephanSwap
New Member

‎04-19-2009 10:18 PM

‎04-19-2009 10:18 PM

Re: Secure Delete for HP-UX?

Haha Nice - Nothing like some nuclear stories...

You know what guys, we actually pay for support on these systems, I'm going to open a case with HP Software Support regarding my original question. Even though it's not a `problem call` perse, HP tech support is usually willing to help no matter. I'll post a reply with what they say.

TNX,
Stephan
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎04-20-2009 04:32 AM

‎04-20-2009 04:32 AM

Re: Secure Delete for HP-UX?

Hi Stephan:

While not available for 11.11, there is EVFS (Encrypted Volume and File System). As OldSchool spoke, these are virtual "middle" devices that live between the LVM or VXVM layer and the filesystem. EVFS encrypts and decrypts data written to and read from EVFS volumes. The profuct prevents anyone from reading the physical media without the appropriate authorization.

This might be a suitable solution for you moving forward. It *is* available on 11iv2 and of course, 11iv3.

http://docs.hp.com/en/5992-4678/index.html

Regards!

...JRF...
0 Kudos
Reply
OldSchool
Honored Contributor

‎04-20-2009 06:42 AM

‎04-20-2009 06:42 AM

Re: Secure Delete for HP-UX?

JRF: "..these are virtual "middle" devices.."

I've also heard of 3rd party hardware devices that do this as well. They are along the lines of the Decru DataFort (I believe). Never seen / used such, so I won't swear to it or vouch for them..

If you think "srm" will work for you, I'd go for it, but it does have limitations....
0 Kudos
Reply
Court Campbell
Honored Contributor

‎04-20-2009 07:57 AM

‎04-20-2009 07:57 AM

Re: Secure Delete for HP-UX?

I use wipe on HPUX. I have never had any issues with it.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.