On 4/27/21 5:41 AM, Oliver Leaver-Smith wrote:
Hello misc@
I wonder if anyone could recommend remote wipe software for OpenBSD,
should someone want to start using it in an enterprise setting where
such features are a requirement?
Thanks in advance,
Remote wiping an openbsd system...depends on your company policy, but
there are options. I'm kinda assuming you are looking for an OpenBSD
solution, any wiping system will wipe any supported drives on any
machine.
# dd if=/dev/random of=/dev/rsdXc bs=1m
will clear drive sdX very nicely, and quite quickly compared to other
OSs -- to the point I've often installed OpenBSD remotely, then done
this to clear other OSs from systems. OpenBSD's performance from
its random number generator is fantastic.
IF your policy is a "multi-pass" wiping, I'd suggest doing a few
passes with /dev/random, then following up with /dev/zero, so you can
quickly and easily see if a particular drive has been cleared -- if it
is all zeros, you know you have completed the required number of
passes (it's easy to see zeros, a little harder to determine if data
is "random" or "just not understood".
If a one-pass wipe is sufficient by your company policy, a running
OpenBSD system can wipe itself. Yes, you will get error messages
when the dd is done, but...you don't really care, right?
You can even do the dd thing from a bsd.rd kernel, network booted or
physical media. Many years ago, I found that OpenBSD's full install
had a faster /dev/random (by a large margin) than the bsd.rd
/dev/random. I've got no idea if that's true now.
When tasked with a number of machines to wipe, I've actually made
wipe disks -- built a CD (or other) install media with the startup
scripts set to wipe all drives in the system, unprompted. Boot the
machine off the media, and let it run. Label them carefully and
destroy them when done to prevent very unhappy accidents later!
Nick.
