118
Chapter 11
On its own,
shred
will delete the file and overwrite it several times—
by default,
shred
overwrites four times.
Generally, the more times the file is
overwritten, the harder it is to recover, but keep in mind that each overwrite
takes time, so for very large files, shredding may become timeconsuming.
Two useful
options to include are the
-f
option, which changes the per
missions on the files to allow overwriting if a permission change is neces
sary, and the
–n
option, which lets you choose how many times to overwrite
the files. As an example, we’ll shred the log files in
/var/log/auth.log 10
times
using the following command:
kali >
shred -f -n 10 /var/log/auth.log.*
We need the
–f
option to give us permission to shred
auth
files, and we
follow the
–n
option with the desired number of times to overwrite. After
the path
of the file we want to shred, we include the wildcard asterisk so
we’re shredding not just the
auth.log file, but also any logs that have been
created with
logrotate
, such as
auth.log.1,
auth.log.2, and so on.
Now try to open a log file:
kali >
leafpad /var/log/auth.log.1
Once you’ve
shredded a file, you’ll see that the contents are indecipher
able gibberish, as shown in Figure 111.
Figure 11-1: A shredded log file
Now if the security engineer or forensic investigator examines the log
files, they will find nothing of use because none of it is recoverable!