# How to remotely wipe out the whole hard disk (including system partition)



## Windlerer (Apr 20, 2015)

I have only remote access some of my servers. What is the best way to wipe out the whole hard disk (including system partition)? I would like to make sure none of my software is left on those remote computers, and there is no need to have those devices working after the cleanup is done.


----------



## tetragir (Apr 22, 2015)

Hi, welcome to the forums.
Do you have access to the servers Out Of Band management console (ex. ILO)? Unfortunately I'm not familiar with the OOB management solutions so this could be a wrong idea, but I can imagine such functions.
Another solution is to boot from a live CD/pendrive, log into that and then wipe the disks.


----------



## tetragir (Apr 22, 2015)

getopt said:


> Hmm, I'm trying to imagine ... how tetragir is *remotely* inserting a CD ... and then is trying with a pendrive after failing with the CD...


Not sure, if you're kidding or not...
Is it impossible to ask someone to insert a pendrive?


----------



## usdmatt (Apr 22, 2015)

Can't see any way to completely wipe a system if you only have remote network access to it. The closest I can think of is to remove all your data but leave the OS running, then write /dev/random to a file on each partition until it fills it up. Doing that a few times *should* do a decent job of overwriting all the space on the disk that was holding your data (although I'm no data removal expert). Unless you really don't want anyone knowing what OS you were running, I can't see why leaving the OS behind should be a problem.

Alternatively, as mentioned, if you can convince someone with physical access to boot off a live CD of something, then quickly configure networking/ssh, you can log in remotely and just wipe the disk with software of your choice.


----------



## gkontos (Apr 22, 2015)

If this is a dedicated server with no IPMI, then you could ask from your host to PXE boot into a Linux or FreeBSD environment. From there, you can erase all data on the disks.


----------



## SirDice (Apr 22, 2015)

If the system is already running this should work: `dd if=/dev/zero of=/dev/da0 bs=1024` (assuming da0 is the disk you want to clear). Make sure to stop all services (except sshd(8) of course) beforehand.  I actually did this once, accidentally, and nuked my whole system that way. It'll keep running as most things have been cached in memory and don't require access to the actual files on disk. However, it will never come up again if you disconnect or reboot.


----------



## wblock@ (Apr 22, 2015)

Yes, but use a larger blocksize to make it go faster.  64K is enough.  Of course, it might not complete, and it will be hard to tell whether it erased everything.

Another way might be to repurpose an unnecessary partition, like a swap partition, putting a bootable utility there and setting the partition boot flags to start it on the next reboot.  The USB image of mfsBSD could do this, although the partition information at the beginning of the image would have to be removed.


----------



## SirDice (Apr 22, 2015)

getopt said:


> Thinking about how to implant the wiping command in a the shutdown script for a last shot, or in the system initialization after booting before  mounting starts?


That might be a good idea, perhaps add it at the end of /etc/rc.shutdown? But there would be no way to tell if it completed or not.


----------



## gkontos (Apr 22, 2015)

SirDice said:


> That might be a good idea, perhaps add it at the end of /etc/rc.shutdown? But there would be no way to tell if it completed or not.


If the system does not come up again it is a positive sign that it worked.


----------



## usdmatt (Apr 22, 2015)

If the system doesn't come up, it's just a sign that you did enough damage to stop it booting (which could be done by just overwriting the first sector or two). You couldn't be certain that all your data was wiped.

The system must read rc.shutdown while at least the root filesystem is still mounted. I don't know if it is run after unmounting or before though. Does anyone know for sure? dd may just write regardless but any ZFS or gpart commands may complain if the disk is still in use.


----------



## Remington (Apr 22, 2015)

You can ask your data center to physically destroy the hard drive if they have the equipment to do it.


----------



## usdmatt (Apr 22, 2015)

Obviously you want to be sure your data is removed, but in reference to the previous post; I work in a data centre and we treat old servers no differently to live servers. The drives are kept secure and are all destroyed by a company that specialise in hard drive destruction. (Unless it's our hardware in which case it may be reused after being fully wiped)


----------



## phoenix (Apr 22, 2015)

Windlerer said:


> I have only remote access some of my servers. What is the best way to wipe out the whole hard disk (including system partition)? I would like to make sure none of my software is left on those remote computers, and there is no need to have those devices working after the cleanup is done.



As tetragir mentioned, the "best" solution would be to:

Have someone at the remote end boot the system off alternate media (LiveCD, USB stick)
Have them log in and configure the network interface
Have them make sure SSH is running
Add a temporary user, if needed (depends on the OS on the CD/USB stick)
Then you can login remotely and wipe the drives in the server

Alternately, you can use a network boot setup like tftp/PXE to achieve the same result.  Basically, boot from a separate disk, in order to wipe the regular disks in the system.


----------



## Windlerer (Apr 24, 2015)

Thanks for all ideas.

As I have remote access only & I'd like to make sure the disk get erased, I'm planning to do this:
- I'll create mfsbsd image (https://www.freebsd.org/doc/en_US.ISO8859-1/articles/remote-install/article.html), and boot device from that
- ssh to the device
- run `dd if=/dev/zero of=/dev/<destination partition>`
- check that the disk was cleaned

Right now I'm having problems to get the device booted with my msfbsd.img: When the kernel is loading I get an error message complaining "Invalid stored block length", kernel inflate failing. I'm now trying to write the image in smaller blocks & see if that helps. If anyone has had similar problems & been able to solve them, let me know.


----------



## wblock@ (Apr 24, 2015)

Just download the mfsBSD USB image from http://mfsbsd.vx.sk/ and remove the boot blocks.  It is the first 16 blocks on an image I have here.  Use mdconfig(8) to mount the whole file and use `gpart show md0` to see the starting block of the first partition.  Then you can copy from there to the end with dd(1), or use mdconfig(8) and gnop(8) to remount the image and skip over those initial blocks.  There is an example at the end of mdconfig(8).

Oh, and for the dd(1): use a 64K or larger blocksize or it will take forever.


----------

