hirak1977
asked on
Automate Disk format
Hi friends,
I am new to Solaris. I want to write a script to automate the disk erasing process. Instead of issuing, format command and selecting 0....15 disk drives individually , is there any way to write script that detects all attached valid disks and erases them all.
Pl.. help.
thanks!
Hirak
I am new to Solaris. I want to write a script to automate the disk erasing process. Instead of issuing, format command and selecting 0....15 disk drives individually , is there any way to write script that detects all attached valid disks and erases them all.
Pl.. help.
thanks!
Hirak
ASKER
) Overwrite the data so that it can't be easily recovered?
Okay, how good of a "security erase" is needed? Is simply writing zero's or one's sufficient? Or do you need something more sophisticated?
ASKER
If possilbe , want to follow DOD standards meant as secure as possible.
In that case which DOD standard are you wanting to use? 3, 4, or 7 pass security erase?
ASKER
3 is fine. It's very urgent for me. Pl. give me the script if possible.
A reasonable 3 pass process can be done by executing:
dd if=/dev/urandom of=/dev/rdsk/cNtNd0s2
dd if=/dev/zero of=/dev/rdsk/cNtNd0s2
dd if=/dev/urandom of=/dev/rdsk/cNtNd0s2
on each disk since Slice 2 will cover the entire disk assuming standard Solaris partitioning rules were followed.
dd if=/dev/urandom of=/dev/rdsk/cNtNd0s2
dd if=/dev/zero of=/dev/rdsk/cNtNd0s2
dd if=/dev/urandom of=/dev/rdsk/cNtNd0s2
on each disk since Slice 2 will cover the entire disk assuming standard Solaris partitioning rules were followed.
ASKER
I m new to Solaris. Pl. give me the exact script, if possilble.
Thanks!
Thanks!
Assuming that the disks have SCSI ID's 0-6 & 8-15 and they are attached to SCSI controller 1 and each has a standard Sun partition table the contents of the script could be:
#!/bin/sh
for i in 0 1 2 3 4 5 6 8 9 10 11 12 13 14 15; do
dd if=/dev/urandom of=/dev/rdsk/c1t$id0s2
dd if=/dev/zero of=/dev/rdsk/c1t$id0s2
dd if=/dev/urandom of=/dev/rdsk/c1t$id0s2
done
Note that if these disks were part of a DiskSuite volume they may not have a partition table and you'd need to use format to create that on each drive first.
#!/bin/sh
for i in 0 1 2 3 4 5 6 8 9 10 11 12 13 14 15; do
dd if=/dev/urandom of=/dev/rdsk/c1t$id0s2
dd if=/dev/zero of=/dev/rdsk/c1t$id0s2
dd if=/dev/urandom of=/dev/rdsk/c1t$id0s2
done
Note that if these disks were part of a DiskSuite volume they may not have a partition table and you'd need to use format to create that on each drive first.
ASKER
Can we format multiple disks parallely?
ASKER
Your script did not work. :((. It pointed at /urandom , /zero and said, "no such file or directory".
I am just wondering if any way, I can format the attached disks using 3 pass.
Thankks!
hirak
I am just wondering if any way, I can format the attached disks using 3 pass.
Thankks!
hirak
What version of Solaris are you running? /dev/random, /dev/urandom are only standard on later versions of Solaris.
For a /dev/random substitute, you can install prngd from http://sunfreeware.com/
> It pointed at /urandom , /zero and said, "no such file or directory".
If it said that for both it sounds to me like the commands weren't typed in exactly as in the comment. Specifically it sounds like a space crept in between /dev and /urandom. Likewize for /dev/zero
If it said that for both it sounds to me like the commands weren't typed in exactly as in the comment. Specifically it sounds like a space crept in between /dev and /urandom. Likewize for /dev/zero
ASKER
Jlevie,
I got some part of your script working.
#!/bin/sh
for i in 0 1 2 3 4 5 6 8 9 10 11 12 13 14 15; do
dd if=/dev/urandom of=/dev/rdsk/c1t$id0s2
dd if=/dev/zero of=/dev/rdsk/c1t$id0s2
dd if=/dev/urandom of=/dev/rdsk/c1t$id0s2
done
I still have few questions.
I commented 3 and 5th line (with /dev/urandom) and it worked for /dev/zero.
So something is wrong with your line /dev/urandom. it's not working. Plus what's the significance of having for loop
if I write /dev/rdsk/c*. which will eventually clear everything. Am i right?>
Pl. advise.
thanks
Hirak
I got some part of your script working.
#!/bin/sh
for i in 0 1 2 3 4 5 6 8 9 10 11 12 13 14 15; do
dd if=/dev/urandom of=/dev/rdsk/c1t$id0s2
dd if=/dev/zero of=/dev/rdsk/c1t$id0s2
dd if=/dev/urandom of=/dev/rdsk/c1t$id0s2
done
I still have few questions.
I commented 3 and 5th line (with /dev/urandom) and it worked for /dev/zero.
So something is wrong with your line /dev/urandom. it's not working. Plus what's the significance of having for loop
if I write /dev/rdsk/c*. which will eventually clear everything. Am i right?>
Pl. advise.
thanks
Hirak
Since the lines containing /dev/urandom don't work I'll bet you are running Solaris 2.6, which doesn't have support for /dev/random or /dev/urandom.
Since dd will only operate on one "output file" (of=/dev/rdsk=c1t0dos2) at a time we need to for loop to cycle through all of the disks attached to the controller. In the example shown above I assume the disks are attached to SCSI controller 1 and the SCSI ID's for those disks are 0-6 & 8-15. So the first iteration of the loop will do:
dd if=/dev/zero of=/dev/rdsk/c1t0d0s2
the second iteration will do:
dd if=/dev/zero of=/dev/rdsk/c1t1d0s2
and so forth. If the disks aren't on SCSI controller 1 or aren't all on the same controller you'd need a different version of that script.
How sensitive is this data? A single overwrite with zero's may not be sufficient.
Since dd will only operate on one "output file" (of=/dev/rdsk=c1t0dos2) at a time we need to for loop to cycle through all of the disks attached to the controller. In the example shown above I assume the disks are attached to SCSI controller 1 and the SCSI ID's for those disks are 0-6 & 8-15. So the first iteration of the loop will do:
dd if=/dev/zero of=/dev/rdsk/c1t0d0s2
the second iteration will do:
dd if=/dev/zero of=/dev/rdsk/c1t1d0s2
and so forth. If the disks aren't on SCSI controller 1 or aren't all on the same controller you'd need a different version of that script.
How sensitive is this data? A single overwrite with zero's may not be sufficient.
ASKER
Data are very sensitive.
I need to follow Standard DoD 5220.22-M. What's the alternate solution provided the fact that /dev/urandom is not working.
Pl. advise
thanks!
I need to follow Standard DoD 5220.22-M. What's the alternate solution provided the fact that /dev/urandom is not working.
Pl. advise
thanks!
Was this system used in an environment covered by NISPOM requirements and processing data protected by the provisions of an SSP?
Or was the system used for ordinary commercial purposes and simply contained sensitive personal or proprietary data?
What needs to happen to this disks really depends on the answer to those questions. If the system contained data that was required to be protected by the provisions of the NISPOM you are required to follow the approved procedure for disk anitization to the letter. Exactly what that procedure is will depend on the processing level (PL1, PL2, PL3) and what has been defined as the correct procedure in the SSP for that "system".
On the other hand if this data is simply sensitive you can use what ever sanitization you feel comfortable with. That could be a simple as a full overwrite with zeros or something more complicated, like using format's analyze->purge on each disk, or a full DOD sanctioned 7 pass overwrite.
Or was the system used for ordinary commercial purposes and simply contained sensitive personal or proprietary data?
What needs to happen to this disks really depends on the answer to those questions. If the system contained data that was required to be protected by the provisions of the NISPOM you are required to follow the approved procedure for disk anitization to the letter. Exactly what that procedure is will depend on the processing level (PL1, PL2, PL3) and what has been defined as the correct procedure in the SSP for that "system".
On the other hand if this data is simply sensitive you can use what ever sanitization you feel comfortable with. That could be a simple as a full overwrite with zeros or something more complicated, like using format's analyze->purge on each disk, or a full DOD sanctioned 7 pass overwrite.
ASKER
The system will be used for ordinary commercial purposes that contained sensitive data. If I can write random pattern that would be great, provided the fact that zero is working. I tried copying egd, prngd but being non solaris programmer, I am having hard time compiling the code. It would be great, if you can help me with this matter.
I owe you a lot of thanks!
I owe you a lot of thanks!
Okay, it's just a desire for that level of sanitization, not a DOD mandated requirement.
See http://www.cosy.sbg.ac.at/~andi/SUNrand/ for where to get urandom support in various versions of Solaris.
See http://www.cosy.sbg.ac.at/~andi/SUNrand/ for where to get urandom support in various versions of Solaris.
ASKER
Thanks Jlevie,
your scirpt worked. I will give you full points. But got one more questions (last :D)..Can we do multitasking with this script like running one individual for each controller or for each target? I cant run them one at a time. That's just takes way too long.
Pl. advise.
Thanks!
hirak
your scirpt worked. I will give you full points. But got one more questions (last :D)..Can we do multitasking with this script like running one individual for each controller or for each target? I cant run them one at a time. That's just takes way too long.
Pl. advise.
Thanks!
hirak
Other than the I/O load there's no reason not to run multiple dd's, each to a different drive.
ASKER
questions is how?. I have come across one more problem:
I ran the script and it says.
for /urandom (first dd)
write : No space left on device
3877041+0 records in
3877041+0 records out
for /zero (second dd)
write : No space left on device
100945+0 records in
100845+0 records out
for /urandom (third dd)
write : No space left on device
3877041+0 records in
3877041+0 records out
Any idea, why?
I ran the script and it says.
for /urandom (first dd)
write : No space left on device
3877041+0 records in
3877041+0 records out
for /zero (second dd)
write : No space left on device
100945+0 records in
100845+0 records out
for /urandom (third dd)
write : No space left on device
3877041+0 records in
3877041+0 records out
Any idea, why?
That's okay. It is simply saying that it wrote until the device was completely full, which was the whole idea. Since by default dd writes 512 byte blocks, 3877041 should match the disk size in blocks as shown by format.
ASKER
My bad! I pasted wrong block...
See below:
for /urandom (first dd)
write : No space left on device
3877041+0 records in
3877041+0 records out
for /zero (second dd)
write : No space left on device
100945+0 records in
100845+0 records out
for /urandom (third dd)
write : No space left on device
100945+0 records in
100845+0 records out
Look for the number of records written for first dd and third dd. They are diff. And yes sir, how do i execute all 3 of them parallally? I just need to save time.
See below:
for /urandom (first dd)
write : No space left on device
3877041+0 records in
3877041+0 records out
for /zero (second dd)
write : No space left on device
100945+0 records in
100845+0 records out
for /urandom (third dd)
write : No space left on device
100945+0 records in
100845+0 records out
Look for the number of records written for first dd and third dd. They are diff. And yes sir, how do i execute all 3 of them parallally? I just need to save time.
Could I see the script as it exists on your system?
ASKER
#!/bin/sh
for i in 2 10 13; do
dd if=/dev/urandom of=/dev/rdsk/c1t$id0s2
dd if=/dev/zero of=/dev/rdsk/c1t$id0s2
dd if=/dev/urandom of=/dev/rdsk/c1t$id0s2
done
for i in 2 10 13; do
dd if=/dev/urandom of=/dev/rdsk/c1t$id0s2
dd if=/dev/zero of=/dev/rdsk/c1t$id0s2
dd if=/dev/urandom of=/dev/rdsk/c1t$id0s2
done
Your script needs correcting to be:
#!/bin/sh
for i in 0 1 2 3 4 5 6 8 9 10 11 12 13 14 15; do
dd if=/dev/urandom of=/dev/rdsk/c1t${i}d0s2
dd if=/dev/zero of=/dev/rdsk/c1t${i}d0s2
dd if=/dev/urandom of=/dev/rdsk/c1t${i}d0s2
done
You'll see a regular file that you created with your original script called /dev/rdsk/c1d0s2 and this would have filled your filesystem.
That's because your script was trying the iterpolate the variable $id0s2
#!/bin/sh
for i in 0 1 2 3 4 5 6 8 9 10 11 12 13 14 15; do
dd if=/dev/urandom of=/dev/rdsk/c1t${i}d0s2
dd if=/dev/zero of=/dev/rdsk/c1t${i}d0s2
dd if=/dev/urandom of=/dev/rdsk/c1t${i}d0s2
done
You'll see a regular file that you created with your original script called /dev/rdsk/c1d0s2 and this would have filled your filesystem.
That's because your script was trying the iterpolate the variable $id0s2
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
jlevie.
Run the following script on your Solaris 2.6 box
#!/bin/sh
for i in 1 2 3 4 5
do
echo "/dev/rdsk/c1t$id0s2"
done
and if the output isn't
/dev/rdsk/c1t
/dev/rdsk/c1t
/dev/rdsk/c1t
/dev/rdsk/c1t
/dev/rdsk/c1t
I'll eat my hat.
Run the following script on your Solaris 2.6 box
#!/bin/sh
for i in 1 2 3 4 5
do
echo "/dev/rdsk/c1t$id0s2"
done
and if the output isn't
/dev/rdsk/c1t
/dev/rdsk/c1t
/dev/rdsk/c1t
/dev/rdsk/c1t
/dev/rdsk/c1t
I'll eat my hat.
BTW, in my previous post, the regular file created would be /dev/rdsk/c1t not /dev/rdsk/c1d0s2
ASKER
Thanks a lot, for your help. Your script is worked like a charm! I had to modify it though for it to run. One last question, (seriously). If I want to follow DOD standard 4 or 7 pass security erase, what do I need to do?
Thanks!
Hirak
Thanks!
Hirak
Which script were you referring to? There were lots of versions.
I don't know of any freely available tools other that Sun's format->analyze->purge process that will do at least 4 passes on a disk.
Uhhh guys? You can use the DBAN (Deriks Boot and Nuke) Linux Distro which does exactly this. The DOE uses these to secure old hard drives. All you have to do is to boot with the CD.
You have to repartition after, because they're very, very nuked.
But all you have to do is to download it and boot. It's available for booting from floppies or CD. dban.sourceforge.net
--bigdavediode
You have to repartition after, because they're very, very nuked.
But all you have to do is to download it and boot. It's available for booting from floppies or CD. dban.sourceforge.net
--bigdavediode
1) Use format to re-partition the drives?
2) Overwrite the data so that it can't be easily recovered?
3) Create new file systems on existing drive partitions?