1scrub(1)                             scrub                            scrub(1)
2
3
4

NAME

6       scrub - write patterns on disk/file
7

SYNOPSIS

9       scrub [OPTIONS] special-file
10       scrub [OPTIONS] file
11       scrub -X [OPTIONS] directory
12

DESCRIPTION

14       Scrub  iteratively  writes  patterns  on  files or disk devices to make
15       retrieving the data more difficult.  Scrub operates  in  one  of  three
16       modes:
17
18       1) The special file corresponding to an entire disk is scrubbed and all
19       data on it is destroyed.  This mode is selected if file is a  character
20       or block special file.  This is the most effective method.
21
22       2)  A  regular  file  is  scrubbed  and  only the data in the file (and
23       optionally its name in the directory entry)  is  destroyed.   The  file
24       size  is  rounded up to fill out the last file system block.  This mode
25       is selected if file is a regular file.  See CAVEATS below.
26
27       3) directory is created and filled with files until the file system  is
28       full,  then the files are scrubbed as in 2). This mode is selected with
29       the -X option.  See CAVEATS below.
30
31       Scrub accepts the following options:
32
33       -v, --version
34              Print scrub version and exit.
35
36       -r, --remove
37              Remove the file after scrubbing.
38
39       -p, --pattern nnsa|dod|bsi|old|fastold|gutmann|random|random2
40              Select the patterns to write.  nnsa selects  patterns  compliant
41              with NNSA Policy Letter NAP-14.x; dod selects patterns compliant
42              with DoD 5220.22-M; bsi selects patterns recommended by the Ger‐
43              man    Center    of   Security   in   Information   Technologies
44              (http://www.bsi.bund.de); old selects pre-version 1.7 scrub pat‐
45              terns; and fastold is old without the random pass.  gutmann is a
46              35-pass sequence described in Gutmann's paper cited below.   See
47              STANDARDS  below  for  more  detail.   random is a single random
48              pass.  random2 is two random passes.  Default: nnsa.
49
50       -b, --blocksize blocksize
51              Perform read(2) and write(2) calls using the specified blocksize
52              (in  bytes).  K, M, or G may be appended to the number to change
53              the  units  to  KiBytes,  MiBytes,  or  GiBytes,   respectively.
54              Default: 1M.
55
56       -f, --force
57              Scrub  even  if  target  contains  signature  indicating  it has
58              already been scrubbed.
59
60       -S, --no-signature
61              Do not write scrub signature.  Scrub will not be able to  ascer‐
62              tain if the disk has already been scrubbed.
63
64       -X, --freespace
65              Create  specified  directory  and fill it with files until write
66              returns ENOSPC (file system  full),  then  scrub  the  files  as
67              usual.   The  size of each file can be set with -s, otherwise it
68              will be the maximum file size creatable given  the  user's  file
69              size limit or 1g if umlimited.
70
71       -D, --dirent newname
72              After scrubbing the file, scrub its name in the directory entry,
73              then rename it to the new name.  The scrub patterns used on  the
74              directory entry are constrained by the operating system and thus
75              are not compliant with cited standards.
76
77       -s, --device-size size
78              Override the device size (in bytes). Without this option,  scrub
79              determines  media capacity using OS-specific ioctl(2) calls.  K,
80              M, or G may be appended to the number to  change  the  units  to
81              KiBytes, MiBytes, or GiBytes, respectively.
82
83       -E, --extent-only
84              When  scrubbing regular files, scrub only the file extents. This
85              option is useful in combination  with  large  sparse  files.  If
86              used,  scrub  will  skip  the holes in the sparse file. Use this
87              option with caution, the result may not be compliant with  cited
88              standards  and information about the actual on-disk data alloca‐
89              tion may leak since only the allocated parts will be scrubbed.
90

CAVEATS

92       Scrub may be insufficient to thwart heroic efforts to recover  data  in
93       an appropriately equipped lab.
94
95       Scrub  nnsa  patterns  are  reasonable for sanitizing modern PRML/EPRML
96       encoded disk devices.
97
98       The effectiveness of scrubbing regular files through a file system will
99       be  limited  by the OS and file system.  File systems that are known to
100       be problematic are journaled, log structured, copy-on-write, versioned,
101       and network file systems.  If in doubt, scrub the raw disk device.
102
103       Scrubbing free blocks in a file system with the -X method is subject to
104       the same caveats as scrubbing regular files, and in addition,  is  only
105       useful  to the extent the file system allows you to reallocate the tar‐
106       get blocks as data blocks in a new file.  If in doubt,  scrub  the  raw
107       disk device.
108
109       [MacOS X HFS file system] Scrub attempts to overwrite a file's resource
110       fork if it exists.  Although MacOS  X  will  support  additional  named
111       forks  in  the  future, scrub is only aware of the traditional data and
112       resource forks.
113

STANDARDS

115       The dod scrub sequence is compliant with the  DoD  5220.22-M  procedure
116       for sanitizing removeable and non-removeable rigid disks which requires
117       overwriting all addressable locations with a character, its complement,
118       then  a random character, and verify.  Please refer to the DoD document
119       for additional constraints.
120
121       The nnsa (default) scrub sequence is compliant with a Dec.  2005  draft
122       of  NNSA  Policy  Letter  NAP-14.x (see reference below) for sanitizing
123       removable and non-removable hard disks, which requires overwriting  all
124       locations  with a pseudorandom pattern twice and then with a known pat‐
125       tern.  Please refer to the NNSA document for additional constraints.
126
127       Please consult local authorities regarding your site  policy  for  disk
128       sanitization.
129

AUTHOR

131       Jim Garlick <garlick@llnl.gov>
132
133       This work was produced at the University of California, Lawrence Liver‐
134       more National Laboratory under Contract No. W-7405-ENG-48 with the DOE.
135       Designated UCRL-CODE-2003-006, scrub is licensed under terms of the GNU
136       General Public License.
137

SEE ALSO

139       DoD 5220.22-M, "National Industrial Security Program Operating Manual",
140       Chapter 8, 01/1995.
141
142       NNSA  Policy  Letter:  NAP-14.x,  "Clearing, Sanitizing, and Destroying
143       Information System Storage Media, Memory  Devices,  and  other  Related
144       Hardware", Unpublished Draft, 2005
145
146       "Secure  Deletion  of  Data  from  Magnetic and Solid-State Memory", by
147       Peter Gutmann, Sixth USENIX Security  Symposium,  San  Jose,  CA,  July
148       22-25, 1996.
149
150       "Gutmann     Method",    wikiedia,    http://en.wikipedia.org/wiki/Gut
151       mann_method.
152
153       Darik's boot and Nuke FAQ: http://dban.sourceforge.net/faq/index.html
154
155       shred(1)
156
157
158
159scrub-2.2                         2009-07-29                          scrub(1)
Impressum