How to shred entire directory (tree)

[Marinus]

Hi,

I would like to shred a entire tree.
Is that possible?

If not, is there a good utility like Eraser in Windows to do this?

Thanks!

[smolloy]

What do you mean by shredding a tree?? I take it "rm -rf folder_name" isn't enough??

[mel]

if you mean secure deletion by overwriting it with random bits, then try Wipe (http://wipe.sourceforge.net/). check their main page for technical info.

or you could go see http://www.thefreecountry.com/securi...redelete.shtml and choose from the list of secure delete apps. Wipe is listed there but you might want to go for apps with GUI.

hope this helps, good luck!

[Marinus]

Hi both!

I mean the 'batch' equivalent of shred, as shred only shreds one file at a time (I can use for i .... but that only takes out the files and I would like to select a directory and just click and shred).
Thanks for the wipe link, that will work just fine!

[opentux]

Try this command (below) to shred all the files in a directory tree, and then remove the empty directories.
$>find -type f -execdir shred -u '{}' \;
$>rm -rf *

[Marinus]

Hi,

thanks!

Could you expain these commands, I mean the logic in the sequence of the statements?
Where do you specify the entrypoint of the directory?

Marinus.

[opentux]

Sure. The first command, to find and shred all files, is the more important:
$>find -type f -execdir shred -u '{}' \;
The find command itself is used to find files matching a certain expression, on a certain path. We have ommited the path argument, so find starts the search from the default current working directory. Thus, the command:
$>find . -type f -execdir shred -u '{}' \;
would have had the same effect.
The next argument to find, -type f, tells find to match only regular files (as we can't shred directories). Thus the command:
$>find . -type f
on its own would return a list of all regular files under the current working directory.
The -execdir argument tells find to execute the command following the argument on each file matched (from that file's parent directory). We could alternatively have used the -exec argument, but -execdir is more secure because it changes directories before executing the command.
The remaining arguments are taken as the command to execute, until a terminating ';' character is encountered. We tell find to execute the shred command (with options) on each file matched. The -u option to shred tells it to remove the file after shredding. find replaces the '{}' string with the current file name being processed. Note the braces are quoted to prevent expansion by the shell. Finally, a semi-colon terminates the -execdir command. The ; character is again escaped, this time with a '\', to prevent expansion by the shell.

After executing the first command, all files in the directory tree have been securely shredded and removed, and all that is left is a tree of empty directories. Since the directories themselves contain no sensitive information (they are just a list of names and i-node numbers), they can be safely removed with rm.
I specified using the command
$>rm -rf *
to recursively (-r) remove all the directories without prompt (-f), since I knew all sensitive files to have been securely removed already. But alternatively if you wanted to make doubly sure you weren't unsecurely removing any missed files, you could invoke rmdir on each remaining directory (from the bottom up).

[Marinus]

Hi opentux,

perfect, perfect.

This was one of the few things I had been unable to do from the CLP.

Regards,

Marinus.

[Marinus]

Hi opentux,

my linux kernel (2.4.31) doesn't recognize -execdir, man find gives me -exec as an argument so I'll use that.
Why is it more secure to change directories first?

[jaboua]

To prevent you from with an accident removing / or /home/ or similar