scrub

scrub(1)                             scrub                            scrub(1)



NAME
       scrub - write patterns on disk/file

SYNOPSIS
       scrub [OPTIONS] special-file
       scrub [OPTIONS] file
       scrub -X [OPTIONS] directory

DESCRIPTION
       Scrub iteratively writes patterns on files or disk devices to make
       retrieving the data more difficult.  Scrub operates in one of three
       modes:

       1) The special file corresponding to an entire disk is scrubbed and all
       data on it is destroyed.  This mode is selected if file is a character
       or block special file.  This is the most effective method.

       2) A regular file is scrubbed and only the data in the file (and
       optionally its name in the directory entry) is destroyed.  The file
       size is rounded up to fill out the last file system block.  This mode
       is selected if file is a regular file.  See CAVEATS below.

       3) directory is created and filled with files until the file system is
       full, then the files are scrubbed as in 2). This mode is selected with
       the -X option.  See CAVEATS below.

       Scrub accepts the following options:

       -v, --version
              Print scrub version and exit.

       -r, --remove
              Remove the file after scrubbing.

       -p, --pattern nnsa|dod|bsi|old|fastold|gutmann|random|random2
              Select the patterns to write.  nnsa selects patterns compliant
              with NNSA Policy Letter NAP-14.x; dod selects patterns compliant
              with DoD 5220.22-M; bsi selects patterns recommended by the
              German Center of Security in Information Technologies
              (http://www.bsi.bund.de); old selects pre-version 1.7 scrub
              patterns; and fastold is old without the random pass.  gutmann
              is a 35-pass sequence described in Gutmann's paper cited below.
              See STANDARDS below for more detail.  random is a single random
              pass.  random2 is two random passes.  Default: nnsa.

       -b, --blocksize blocksize
              Perform read(2) and write(2) calls using the specified blocksize
              (in bytes).  K, M, or G may be appended to the number to change
              the units to KiBytes, MiBytes, or GiBytes, respectively.
              Default: 1M.

       -f, --force
              Scrub even if target contains signature indicating it has
              already been scrubbed.

       -S, --no-signature
              Do not write scrub signature.  Scrub will not be able to
              ascertain if the disk has already been scrubbed.

       -X, --freespace
              Create specified directory and fill it with files until write
              returns ENOSPC (file  system full), scrub the files as usual,
              and then remove both files and the directory. The size of each
              file can be set with -s, otherwise it will be the maximum file
              size creatable given the userĂ¢s  file  size  limit  or  1g  if
              umlimited.

       -D, --dirent newname
              After scrubbing the file, scrub its name in the directory entry,
              then rename it to the new name.  The scrub patterns used on the
              directory entry are constrained by the operating system and thus
              are not compliant with cited standards.

       -s, --device-size size
              Override the device size (in bytes). Without this option, scrub
              determines media capacity using OS-specific ioctl(2) calls.  K,
              M, or G may be appended to the number to change the units to
              KiBytes, MiBytes, or GiBytes, respectively.

       -E, --extent-only
              When scrubbing regular files, scrub only the file extents. This
              option is useful in combination with large sparse files. If
              used, scrub will skip the holes in the sparse file. Use this
              option with caution, the result may not be compliant with cited
              standards and information about the actual on-disk data
              allocation may leak since only the allocated parts will be
              scrubbed.

CAVEATS
       Scrub may be insufficient to thwart heroic efforts to recover data in
       an appropriately equipped lab.

       Scrub nnsa patterns are reasonable for sanitizing modern PRML/EPRML
       encoded disk devices.

       The effectiveness of scrubbing regular files through a file system will
       be limited by the OS and file system.  File systems that are known to
       be problematic are journaled, log structured, copy-on-write, versioned,
       and network file systems.  If in doubt, scrub the raw disk device.

       Scrubbing free blocks in a file system with the -X method is subject to
       the same caveats as scrubbing regular files, and in addition, is only
       useful to the extent the file system allows you to reallocate the
       target blocks as data blocks in a new file.  If in doubt, scrub the raw
       disk device.

       [MacOS X HFS file system] Scrub attempts to overwrite a file's resource
       fork if it exists.  Although MacOS X will support additional named
       forks in the future, scrub is only aware of the traditional data and
       resource forks.

STANDARDS
       The dod scrub sequence is compliant with the DoD 5220.22-M procedure
       for sanitizing removeable and non-removeable rigid disks which requires
       overwriting all addressable locations with a character, its complement,
       then a random character, and verify.  Please refer to the DoD document
       for additional constraints.

       The nnsa (default) scrub sequence is compliant with a Dec. 2005 draft
       of NNSA Policy Letter NAP-14.x (see reference below) for sanitizing
       removable and non-removable hard disks, which requires overwriting all
       locations with a pseudorandom pattern twice and then with a known
       pattern.  Please refer to the NNSA document for additional constraints.

       Please consult local authorities regarding your site policy for disk
       sanitization.

AUTHOR
       Jim Garlick <garlick@llnl.gov>

       This work was produced at the University of California, Lawrence
       Livermore National Laboratory under Contract No. W-7405-ENG-48 with the
       DOE.  Designated UCRL-CODE-2003-006, scrub is licensed under terms of
       the GNU General Public License.

SEE ALSO
       DoD 5220.22-M, "National Industrial Security Program Operating Manual",
       Chapter 8, 01/1995.

       NNSA Policy Letter: NAP-14.x, "Clearing, Sanitizing, and Destroying
       Information System Storage Media, Memory Devices, and other Related
       Hardware", Unpublished Draft, 2005

       "Secure Deletion of Data from Magnetic and Solid-State Memory", by
       Peter Gutmann, Sixth USENIX Security Symposium, San Jose, CA, July
       22-25, 1996.

       "Gutmann Method", wikiedia,
       http://en.wikipedia.org/wiki/Gutmann_method.

       Darik's boot and Nuke FAQ: http://dban.sourceforge.net/faq/index.html

       shred(1)



scrub-2.2                         2009-07-29                          scrub(1)