Securely erase hard drive on Ubuntu (unrecoverable shred command)

Did you ever want to securely erase a hard disk on your server so the data is unrecoverable? Maybe you are selling the drive or the computer and want to be sure that no sensitive data can be recovered by a future owner. Ubuntu has a command line tool for just that purpose. If you want to completely erase the drive your system is on, first boot your computer using a Ubuntu LiveCD or the server install disk. Then, from the terminal (located in Applications->Accessories->Terminal if you use the Desktop LiveCD) enter the shred:

sudo shred -vfz -n [times] [your hard drive]

For example, you could type
sudo shred -vfz -n 5 /dev/sda

This would overwrite the data on the drive in /dev/sda with random data in 5 passes – the default is 3. Then it would overwrite the drive one more time with just zeros in a sixth pass. The parameters mean the following (see man shred for more):

v

Verbose output (see everything on screen)

f

Force permission changes (so you can overwrite everything

z

Overwrite with zeros (so it’s extra unrecoverable) in one more pass at the end

Overwriting your data with zeros through shred adds extra security, as does repeating the process a few times. 5 times may be a bit overkill though. Even overwriting it with random data once should be secure enough for most purposes. If you are paranoid about security or have truly sensitive data, you may try a higher number. Keep in mind that this increases the time required dramatically! Even on just a 500 GB hard drive (5400 rpm), a single pass with a final overwrite with zeros can take more a day.

Note: shred can also be used to overwrite individual files. However, this does not work well on modern operating systems for the reasons outlined in man shred.

  • Share/Bookmark

January 30th, 2010Kerberos Comment (1)

Continue Reading

CSS Grid Systems (960 gs and blueprint)

CSS Grid Systems have become the latest Web design trend. While controversial among the HTML purists because grids violate the strict separation between content and presentation through the insertion of CSS classes such as class="grid_4", designers big and small are falling in love with them. Grids certainly streamline, simplify and sometimes even inspire the design process.

While there are many grid systems available today, two have attained particular popularity:

And not much time has passed until they were picked up as base themes for our favorite CMS Drupal:

While we prefer to build our own themes from scratch, these base themes are a good starting point for anyone just starting out with grids and Drupal theming. Note, however, that the Ninesixty theme does not appear to be using the latest version of the 960.gs system files.

We are particularly focused on 960 and a couple of very useful tools have been released. The 960 Gridder bookmarklet allows you to overlay a customizable grid over existing Web sites to either study them or assist you in your own development. If you are just starting to lay out your theme, the 960 Layout System allows you to interactively build a layout by nesting different sized container within either 12 or 16 column grid. The resulting layout can then be save as both HTML and CSS for further development in either Drupal or your system of choice.

  • Share/Bookmark

January 8th, 2010Kerberos Comment (1)

Continue Reading

Preventing Web crawlers from accessing your development site with robots.txt

We recently started a development site for a new project.  Soon, we noticed an Amazon AWS instance accessing URLs deep within our site regularly.  The site was access protected (you need to be logged in to see the pages), so those access attempts failed but were annoying nonetheless.

A bit more digging revealed that this was the Alexa bot trying to crawl our site.  I am not sure how they found it so quickly (we have no incoming links and this was a dev.****.*** subdomain) — they probably analyze DNS entries to find sites more efficiently. I also am not sure how they found the deep URLs (they are not exposed to the public part of the dev site), but Alexa was here nonetheless.

This reminded us that it’s a good idea to prevent access to your development sites using a robots.txt file at the root of your domain with the following content:

User-agent: *
Disallow: /

Of course, this will only keep out legitimate web crawlers spidering your site that actually respect the robots.txt file – but at least you have a few less people to worry about.

  • Share/Bookmark

October 31st, 2009Kerberos Comments (0)

Continue Reading

Linux guide to common server admin commands (mainly Ubuntu)

THIS POST IS STILL BEING COMPLETED IN SOME SECTIONS

I spend part of my time as a system admin for our servers. Since I am fairly new to Linux, I assembled a guide of the most common CLI commands as a reference for myself. I decided to share my command reference guide in case anyone else finds it useful. Since we are mostly focused on Ubuntu 8.04 LTS, this guide is aimed at that operating system, but these common commands should work with other Linux distributions as well. Since Ubuntu does not recommend using the system as root user, most commands require the sudo command to elevate to root privileges. User input is highlighted in blue. Optional input is surrounded by curly brackets like this {optional parameter}.

Users & Groups
Devices
File system
General
Network configuration
Server application configuration

Users & Groups

Edit adduser configuration
sudo nano /etc/adduser.conf
Change default directory mode:
DIR_MODE=0750
This make user directories private. The digits work as follows:
Mode digits: 2 = write only, 4 = read only, 5 = read and execute, 6 = read & write, 7 = read, write & execute
(execute means show listing for directories)
In order, the numbers apply to the owning user first, his group second and everyone else third
Add/create user
sudo adduser -m username
-m adds a user directory under home with all required files
Delete user (and his home directory)
sudo userdel -r username
Change own password
passwd
Change user’s password
sudo passwd username
Edit password security settings
sudo nano /etc/pam.d/common-password
See Ubuntu Guide on setting stricter password control
Add User group
sudo addgroup groupname
Add user to group
sudo adduser username groupname
Remove user from group
sudo deluser username groupname
Show all groups and users in them
cat /etc/group | less
Show list of all users with names
cat /etc/passwd | awk -F: '{print $1,",",$5}' | more
Show groups you are in
groups
Edit sudoers file / add users to sudo list
sudo visudo
under root, add:
username ALL=(ALL) ALL

Devices

Get processor info
cat /proc/cpuinfo
Get detailed system information
sudo lshw
Device messages (peripherals)
dmesg
Combine with | grep message to search for particular messages
Find new external disk after connection (shows recent messages)
dmesg | tail
Display volume information
sudo vgdisplay
List of mounted partitions
mount
Mount a disk
mount /mnt/mountdirectory/
Unmount a disk
umount /mnt/mountdirectory/
sync
See current mount points and used/free space
df -H

See physical volumes
pvdisplay

Show RAID partitioning
cat /proc/mdstat

List of disks and their partitions
sudo fdisk -l

File system

Directory listing with useful info
ls -la
Path to current directory
pwd
Switch to previous directory used
cd -
Create symbolic link (file reference)
ln -s targetpath linkname
Show text file contents
less filename
Number of files in a directory and its subdirectories
ls -1R | wc -l
Edit file in text editor nano (simple)
nano filename
Edit file in text editor vim (powerful)
vim filename
Remove empty directory
rmdir directoryname
Remove directory and all contained files and directories
rm -r directoryname
Find files by name
sudo find / -name *filename* -print
Find files by file owner
sudo find / -user username or userid -print
Securely erase files, partitions or hard drives
sudo shred -vfz -n [times] [your hard drive]
— Read on for more information on shred on Ubuntu

General

Display date, time and time zone
date
Change time zone
sudo dpkg-reconfigure tzdata
Logout
logout
Change file owner
chown owner-username{:groupname} filename
Change permissions
chmod mode-such-as-777 filename
Update time via network time server (one time)
sudo ntpdate timeserver {additional-timeserver...}
Setup daily cron job to update time
sudo nano /etc/cron.daily/ntpdate
enter ntpdate timeserver {additional-timeserver...}
(Don’t forget to save the file)
sudo chmod 755 /etc/cron.daily/ntpdate
(Makes the file executable)
Get APT repository list
sudo nano /etc/apt/sources.list
(For example, uncomment Universe for wider selection)
Clear screen
clear
Show all command aliases
alias
Change command alias
alias name='some command w/ options'
(for example alias ls = 'ls -lah'
(put in .bashrc to save permanently)
Find where is the command located
which command
Find out if a process is running
ps -fa | grep process name
(e.g. apache)
List active processes
sudo ps aux
Reboot
sudo reboot
Shutdown (immediately)
sudo poweroff
See also ‘Shutdown’ versus ‘poweroff’ versus ‘halt’ on Ubuntu server

Network configuration

Server application configuration

  • Share/Bookmark

October 14th, 2009Kerberos Comments (0)

Continue Reading

Useful design tools

Here is a list of some useful design tools:

Typography

In-browser debugging

Besides the obvious reference to Firebug for Firefox, these can be useful:

Color

  • Share/Bookmark

October 1st, 2009Kerberos Comments (0)

Continue Reading

Useful tool: DropBox

A useful tool for programmers, designers and power users alike that I came across the other day (credit goes to Mark Boulton in his booklet Five Simple Steps – A Practical Guide to Designing for the Web) is DropBox.
In their own words, “Put your files into your Dropbox on one computer, and they’ll be instantly available on any of your other computers that you’ve installed Dropbox on (Windows, Mac, and Linux too!) Because a copy of your files are stored on Dropbox’s secure servers, you can also access them from any computer or mobile device using the Dropbox website.”

It’s a simple yet immensely useful tool. Forget about emailing or IMing files around. No more FTP. Setup the dropbox on all the computers you want to share the files and they instantly sync between them, with basic version control (it’s not SVN but should be good for most casual use) and backup (via Amazon S3). It works native in your file browser, just as if it were a local folder. Changes sync in the background automatically — it works pretty quickly. The easiest way to share files that I have found to date.

  • Share/Bookmark

September 30th, 2009Kerberos Comments (0)

Continue Reading