Wiping deleting shredding customer data before returning failed dedicated server hardware to suppliers
Customer data should never leave our control. In very rare cases, we may need to release a dedicated server with data on it to demonstrate hardware failure.
Get approval from your manager before doing such a thing, as it is highly preferred to find a way to ship a clean system instead.
Add to this list if you find more things that should be cleaned. You may not be able to do all of these things depending on the nature of the fault that needs replicating.
The command you will be using is shred and should be installed everywhere. If you're on Windows, you probably have to pay for this kind of basic functionality.
[root@host ~]# shred filename
Unfortunately there is no recursive mode. shred will overwrite the file 25 times by default. On large files, like databases, this may take a while. You could drop the number of iterations a bit, but I recommend taking advantage of the situation, in a similar manner to this. You're a hardworking sysadmin, you deserve a break. http://xkcd.com/303/
Again, this list is not exhaustive. Add to it when you can.
updatedb - run updatedb. This will help you find stuff to shred later
passwords - you can't shred /etc/passwd and friends. change the passwords for all human users, including root. Then use vipw to hand-edit the files. Save passwd to update the timestamp, then you'll be asked to edit shadow. Erase the password hashes so the field is empty. This will allow login without a password, which is no problem.
/home - home is usually bindmounted on /data. When you're in a position to shred /data afterwards, you can just userdel -r username as applicable and then worry later. If not, there'll be some more work. Writing a one-line perl script to traverse a directory tree and run shred is left as an exercise for the reader.
/var/lib/mysql - usually bindmounted to /data as mentioned above. shred the files to be sure, even if you'll be wiping /data
/var/lib/mysqlbackup - see previous
/var/lib/pgsql - see previous
/var/log - it should be safe enough to shred all the log files then bounce the system so they're started afresh
authorized_keys - run locate authorized_keys. shred and remove these files. In fact, delete the .ssh directory in all users' homedirs.
PAM configuration - In /etc/pam.d, clean up the config files to remove our customisations for SSH and FTP (specifically, the references to the accessfiles in /etc/security/xxx_users). Then shred and remove those access files.
iptables - stop the firewall. shred the contents of /etc/filtergen. uninstall filtergen. shred and remove any saved ruleset files, such as /etc/sysconfig/iptables, /etc/network/iptables. chkconfig iptables off
network - ifdown every interface. shred all ifcfg-eth* files in /etc/sysconfig/network-scripts/ except for ifcfg-eth0. rewrite ifcfg-eth0 to use dhcp and remove unneeded lines.
GRUB - edit /boot/grub/grub.conf and manually overwrite the password hash a few times, writing the file out and running sync to force it to the platters. Then edit the file and remove the password line, then sync the disks again.
MySQL - shred the /etc/my.cnf file. uninstall the package and all associated packages you can find. You may need to hunt around to find other remnants, use locate mysql
cfengine - use locate .cfsaved to find stuff that might be lying around on the system. It can all go. cfengine keeps stuff in /var/cfengine. Shred it all, it may require some manual work due to the directory tree. uninstall the package
- fstab - unmount everything you can. You should be able to do everything except the root filesystem, usr, var and swap. Manually overwrite the lines in the fstab with garbage, save, sync, delete the lines, save, sync.
/data - It should be safe enough now to kill this off. Use shred on the block device (/dev/md4, /dev/mapper/hostname-data, etc) directly to wipe it. "This may take a while..." No, it's actually pretty quick, and seems to be limited only by the speed of the disk. Don't do 25 passes, though...
services - find and get rid of all world-facing services. Use the process list to find them. Use the initscripts to stop them. Use chkconfig or update-rc.d to disable them. Remove the packages when possible.
cron - no point running stuff that doesn't need to be. stop and disable cron. Remove cron jobs in /var/spool/cron.
local binaries - check /usr/local/bin/ and /usr/local/sbin/ for stuff that's been installed by us. Clear them out.
swap - can we do it? swapoff, shred the partition then swapon?
SSH - When you no longer need network access (if you're not doing this at the console), you can stop SSH. shred and remove all the files in /etc/ssh/. Uninstall the package/s.