Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
scrub(1)							      scrub(1)

NAME
       scrub - write patterns on disk/file

SYNOPSIS
       scrub [OPTIONS] special-file [special-file ...]
       scrub [OPTIONS] file [file ...]
       scrub -X	[OPTIONS] directory

DESCRIPTION
       Scrub  iteratively writes patterns on files or disk devices to make re-
       trieving	the data more difficult.   Scrub  operates  in	one  of	 three
       modes:

       1) The special file corresponding to an entire disk is scrubbed and all
       data  on	it is destroyed.  This mode is selected	if file	is a character
       or block	special	file.  This is the most	effective method.

       2) A regular file is scrubbed and only the data in the  file  (and  op-
       tionally	 its name in the directory entry) is destroyed.	 The file size
       is rounded up to	fill out the last file system block.  This mode	is se-
       lected if file is a regular file.  See CAVEATS below.

       3) directory is created and filled with files until the file system  is
       full,  then the files are scrubbed as in	2). This mode is selected with
       the -X option.  See CAVEATS below.

OPTIONS
       Scrub accepts the following options:

       -v, --version
	      Print scrub version and exit.

       -r, --remove
	      Remove the file after scrubbing.

       -p, --pattern PATTERN
	      Select the patterns to write.  See SCRUB METHODS below.  The de-
	      fault, nnsa, is reasonable for sanitizing	modern PRML/EPRML  en-
	      coded disk devices.

       -b, --blocksize blocksize
	      Perform read(2) and write(2) calls using the specified blocksize
	      (in  bytes).  K, M, or G may be appended to the number to	change
	      the units	to KiBytes, MiBytes, or	 GiBytes,  respectively.   De-
	      fault: 4M.

       -f, --force
	      Scrub  even  if  target contains signature indicating it has al-
	      ready been scrubbed.

       -S, --no-signature
	      Do not write scrub signature.  Later, scrub will not be able  to
	      ascertain	if the disk has	already	been scrubbed.

       -X, --freespace
	      Create  specified	 directory  and	fill it	with files until write
	      returns ENOSPC (file system  full),  then	 scrub	the  files  as
	      usual.   The  size of each file can be set with -s, otherwise it
	      will be the maximum file size creatable given  the  user's  file
	      size limit or 1g if unlimited.

       -D, --dirent newname
	      After scrubbing the file,	scrub its name in the directory	entry,
	      then  rename it to the new name.	The scrub patterns used	on the
	      directory	entry are constrained by the operating system and thus
	      are not compliant	with cited standards.  This option only	 works
	      with a single target.

       -s, --device-size size
	      Override	the device size	(in bytes). Without this option, scrub
	      determines media capacity	using OS-specific ioctl(2) calls.   K,
	      M,  or  G	 may  be appended to the number	to change the units to
	      KiBytes, MiBytes,	or GiBytes, respectively.

       -L, --no-link
	      If file is a symbolic link, do not scrub the  link  target.   Do
	      remove it, however, if --remove is specified.

       -R, --no-hwrand
	      Don't  use  a  hardware  random  number generator	even if	one is
	      available.

       -t, --no-threads
	      Don't generate random data in parallel with I/O.

       -n, --dry-run
	      Do everything but	write to targets.

       -h, --help
	      Print a summary of command line options on stderr.

SCRUB METHODS
       nnsa   4-pass NNSA Policy Letter	NAP-14.1-C (XVI-8) for sanitizing  re-
	      movable and non-removable	hard disks, which requires overwriting
	      all  locations with a pseudorandom pattern twice and then	with a
	      known pattern: random(x2), 0x00, verify.

       dod    4-pass DoD 5220.22-M section 8-306 procedure (d) for  sanitizing
	      removable	and non-removable rigid	disks which requires overwrit-
	      ing  all addressable locations with a character, its complement,
	      a	random character, then verify.	NOTE: scrub performs the  ran-
	      dom  pass	first to make verification easier: random, 0x00, 0xff,
	      verify.

       bsi    9-pass method recommended	by the German Center  of  Security  in
	      Information  Technologies	 (http://www.bsi.bund.de): 0xff, 0xfe,
	      0xfd, 0xfb, 0xf7,	0xef, 0xdf, 0xbf, 0x7f.

       gutmann
	      The canonical 35-pass  sequence  described  in  Gutmann's	 paper
	      cited below.

       schneier
	      7-pass method described by Bruce Schneier	in "Applied Cryptogra-
	      phy" (1996): 0x00, 0xff, random(x5)

       pfitzner7
	      Roy Pfitzner's 7-random-pass method: random(x7).

       pfitzner33
	      Roy Pfitzner's 33-random-pass method: random(x33).

       usarmy US  Army	AR380-19 method: 0x00, 0xff, random.  (Note: identical
	      to DoD 522.22-M section 8-306 procedure (e) for sanitizing  mag-
	      netic core memory).

       fillzero
	      1-pass pattern: 0x00.

       fillff 1-pass pattern: 0xff.

       random 1-pass pattern: random(x1).

       random2
	      2-pass pattern: random(x2).

       old    6-pass  pre-version  1.7	scrub  method: 0x00, 0xff, 0xaa, 0x00,
	      0x55, verify.

       fastold
	      5-pass pattern: 0x00, 0xff, 0xaa,	0x55, verify.

       custom=string
	      1-pass custom pattern.  String may contain C-style numerical es-
	      capes: \nnn (octal) or \xnn (hex).

CAVEATS
       Scrub may be insufficient to thwart heroic efforts to recover  data  in
       an  appropriately  equipped lab.	 If you	need this level	of protection,
       physical	destruction is your best bet.

       The effectiveness of scrubbing regular files through a file system will
       be limited by the OS and	file system.  File systems that	are  known  to
       be problematic are journaled, log structured, copy-on-write, versioned,
       and network file	systems.  If in	doubt, scrub the raw disk device.

       Scrubbing free blocks in	a file system with the -X method is subject to
       the  same  caveats as scrubbing regular files, and in addition, is only
       useful to the extent the	file system allows you to reallocate the  tar-
       get  blocks  as	data blocks in a new file.  If in doubt, scrub the raw
       disk device.

       On MacOS	X HFS file system, scrub attempts to overwrite	a  file's  re-
       source  fork if it exists.  Although MacOS X claims it will support ad-
       ditional	named forks in the future, scrub is only aware of  the	tradi-
       tional data and resource	forks.

       scrub  cannot  access disk blocks that have been	spared out by the disk
       controller.  For	SATA/PATA drives, the  ATA  "security  erase"  command
       built  into  the	drive controller can do	this.  Similarly, the ATA "en-
       hanced security erase" can  erase  data	on  track  edges  and  between
       tracks.	 The  DOS  utility  HDDERASE from the UCSD Center for Magnetic
       Recording Research can issue these commands, as can modern versions  of
       Linux  hdparm.	Unfortunately,	the analogous SCSI command is optional
       according to T-10, and not widely implemented.

EXAMPLES
       To scrub	a raw device /dev/sdf1 with default NNSA patterns:

	      #	scrub /dev/sdf1
	      scrub: using NNSA	NAP-14.1-C patterns
	      scrub: please verify that	device size below is correct!
	      scrub: scrubbing /dev/sdf1 1995650048 bytes (~1GB)
	      scrub: random  |................................................|
	      scrub: random  |................................................|
	      scrub: 0x00    |................................................|
	      scrub: verify  |................................................|

       To scrub	the file /tmp/scrubme with a sequence of 0xff 0xaa bytes:

	      #	scrub -p custom="\xff\xaa" /tmp/scrubme
	      scrub: using Custom single-pass patterns
	      scrub: scrubbing /tmp/scrubme 78319616 bytes (~74MB)
	      scrub: 0xffaa  |................................................|

AUTHOR
       Jim Garlick <garlick@llnl.gov>

       This work was produced at the University	of California, Lawrence	Liver-
       more National Laboratory	under Contract No. W-7405-ENG-48 with the DOE.
       Designated UCRL-CODE-2003-006, scrub is licensed	under terms of the GNU
       General Public License.

SEE ALSO
       DoD 5220.22-M, "National	Industrial Security Program Operating Manual",
       Chapter 8, 01/1995.

       NNSA Policy Letter: NAP-14.1-C, "Clearing, Sanitizing,  and  Destroying
       Information  System  Storage  Media,  Memory Devices, and other Related
       Hardware", 05-02-08, page XVI-8.

       "Secure Deletion	of Data	from Magnetic and Solid-State Memory", by  Pe-
       ter Gutmann, Sixth USENIX Security Symposium, San Jose, CA, July	22-25,
       1996.

       "Gutmann	   Method",    Wikipedia,    http://en.wikipedia.org/wiki/Gut-
       mann_method.

       Darik's boot and	Nuke FAQ: http://dban.sourceforge.net/faq/index.html

       "Tutorial on Disk Drive Data Sanitization", by Gordon  Hugues  and  Tom
       Coughlin,
       http://cmrr.ucsd.edu/people/Hughes/DataSanitizationTutorial.pdf.

       "Guidelines  for	 Media Sanitization", NIST special publication 800-88,
       Kissel et al, September,	2006.

       shred(1), hdparm(8)

								      scrub(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=scrub&sektion=1&manpath=FreeBSD+14.3-RELEASE+and+Ports>

home | help