Let’s learn how to install and use the wipe
tool on our UNIX, MacOS X and Linux distros to securely remove files to prevent or at least decrease the possibilities of recovering them for the sake of privacy.
Wipe is a secure file wiping utility. There are some low level issues that must be taken into consideration. One of these is that there must be some sort of write barrier between passes. Wipe uses fdatasync(2) (or fsync(2)) as a write barrier, or if fsync(2) isn’t available, the file is opened with the O_DSYNC or O_SYNC flag. For wipe to be effective, each pass must be completely written. To ensure this, the drive must support some form of a write barrier, write cache flush, or write cache disabling. SCSI supports ordered command tags, has a force media access bit for commands, and write cache can be disable on mode page 8. IDE/ATA drives support write cache flushes and write cache disabling. Unfortunately not all drives actually disable write cache when asked to. Those drives are broken. Write caching should always be disabled, unless your system is battery backed and always powers down cleanly. See this thread from the linux kernel list:
Source: wipe wiki
As usual, become a root or use sudo
whenever is needed with the following commands.
Installation:
wipe
too isn’t installed on most Linux distributions by default. So, let’s check whether or not it’s being installed.; Please see: How to check whether or not a package is installed.
If it wasn’t installed, simply install it:
Such as: Debian / Ubuntu / Linux Mint / Devuan / elementary OS / MX Linux / antiX / deepin / Linux Lite / Zorin OS / LXLE / Peppermint OS / SparkyLinux:
$ apt install wipe
If apt
wasn’t installed by default, then use apt-get
or aptitude
instead.
On Fedora:
$ dnf install wipe
On RedHat 7 / CentOS 7 / Scientific Linux 7:
$ yum install wipe
On RedHat 8+ / CentOS 8+ / Scientific Linux 8+:
$ dnf install wipe
On Mageia:
$ urpmi wipe
On ArchLinux and its its derivatives: (like: Manjaro / KaOS / ArchBang Linux / BlackArch Linux / Parabola GNU/Linux-libre / Chakra GNU/Linux):
$ pacman -S wipe
On Gentoo:
$ emerge app-misc/wipe
On Void Linux: Unfortunately, wipe
is not available in Void Linux repositories.
On Alpine:
$ apk add wipe
On FreeBSD:
To install the pre-compiled package:
$ pkg install wipe
If you prefer to compile it yourself:
Using portmaster
:
$ portmaster -v security/wipe
Or, the traditional way:
$ cd /usr/ports/security/wipe $ make install clean $ rehash
On MacOS X: Unfortunately, wipe
is not available in MacPorts repositories.
Usage:
Then, use the wipe
command to securely remove the files:
$ wipe -ifc FILE-NAME
The meaning of the used flags:
-i
: (informational, verbose mode) This enables reporting to stdout. By default all data is written to stderr.-f
: (force; disable confirmation query) By default wipe will ask for confirmation, indicating the number of regular and special files and directories specified on the command line. You must type “yes” for confirmation, “no” for rejection. You can disable the confirmation query with the-f
(force) option.-c
: (chmod if necessary). If a file or directory which will be wiped has no write permissions set, will do a chmod to set the permission.
To securely remove all files in the current directory:
$ wipe -r *
Note that:
-r
: (recurse into subdirectories) Will allow the removal of the entire directory tree. Symbolic links are not followed.
To securely remove a disk-partition:
$ wipe -kq /dev/sda3
The used flags:
-k
: Keep files: do not unlink the files after they have been overwritten. It comes in handy when you want to wipe a device, while keeping the device special file. This implies-F
.-q
: (quick wipe) If this option is used, wipe will only make (by default) 4 passes on each file, writing random data. See option -Q.
For more information, check the manual:
$ man wipe
Or read it online: wipe(1)