Secure System Retirement

by Harry Hoffman
(hhoffman@ip-solutions.net)

Copyright (C) 2004




Introduction:

Today, computers have become so inexpensive that they are bought in large quantity and replaced in very short periods of time.

Large institutions have, for a long time now, installed their new systems in a completely automated fashion. These installations have utilized technologies such as pxe, dchp, kickstart, jumpstart. They allow for very quick deployment with a minimal amount of human interaction.

Often times the exact opposite is true for retirement of systems. Administrators will manually review and attempt to delete the data residing on the system disks as well as any attached disk arrays. This method of retirement wastes an administrators' time and does not provide an uniform method to ensure that data has been accurately and securely deleted.



System Retirement Method:

By taking advantage of the already existing infrastructure we can automate the retirement of a system without having to redesign our installation procedures. The following things must be in place prior to retiring a system:


When I first started this project I was creating my own custom kernel and initial ramdisk. While this method works very well it is often time comsuming and requires quite a bit of testing for each new release. Then one day I ran across “ Darik's Boot and Nuke” distribution. Since Darik seems to continually update his product I've given up on creating my own and have adapted his to suit my needs.

The following describes the steps necessary to replicate the system retirement model. Begin by downloading the most recent iso version of “Darik's Boot and Nuke” from http://dban.sourceforge.net/. There are only two pieces needed from the iso: the kernel and the initrd. By mounting the iso to a loopback filesystem we can access the bits we need and then discard the original iso.

# mkdir /mnt/{image1,image2}
# mount -o loop dban-version.iso /mnt/image1
# cd /mnt/image1; mount -o loop dban_version.img /mnt/image2


Once the iso is mounted we need to copy the kernel and the initrd to our tftp directory.

# cp /mnt/image2/kernel.bzi /tftpboot/kernel/linux/vmlinuz-dban
# cp /mnt/image2/initrd.gz /tftpboot/kernel/linux/initrd-dban.img


From here we need to create a default pxelinux configuration file for our new kernel. The configuration file will specify to automatically begin the deletion of all data on any attached disks.

The configuration file is found within the pxelinux.cfg subdirectory and is called default-dban. Symbolic links are created to point specific systems to the default-dban file.

# cat /tftpboot/kernel/linux/pxelinux.cfg/default-dban

default linux
label linux
  kernel vmlinuz-dban
  append load_ramdisk=1 initrd=initrd-dban.img root=/dev/ram0 init=/rc quiet 
     nuke="dwipe --autonuke --method gutmann"


Please note that the “append” statement must be on a single line and is only on two lines here for presentation.

In order to have a system set to retire itself automatically we must first make sure it is set to boot from the network. Then we can create a link from hexidecimal equivalent of the system's IP address and link it to our default-dban file.

# gethostip 192.168.2.1
192.168.2.1 192.168.2.1 C0A80201

# ln -s /tftpboot/kernel/linux/pxelinux.cfg/default-dban /tftpboot/kernel/linux/pxelinux.cfg/C0A80201

Now we just need to boot the system and it will begin the process of erasing all of the data on its disks.



Appendix A (You're really paranoid or ... “The man is out to get me”):

Ok, so now that we have our secure deletion system in place how else can it be utilized? Well if you are as paranoid as I am you can do the following:



Todo: