One of the GNU core utilities is the shred command.
On both Ubuntu and RHEL/Centos it comes in the coreutils package, and even on a minimal install, I suspect you can count on it being there.
# fdisk -l /dev/sda | head -1 Disk /dev/sda: 6 GiB, 6448619520 bytes, 12594960 sectors # shred --iterations=0 --zero --verbose /dev/sda ; sync shred: /dev/sda: pass 1/1 (000000)... shred: /dev/sda: pass 1/1 (000000)...50MiB/6.1GiB 0% shred: /dev/sda: pass 1/1 (000000)...112MiB/6.1GiB 1% shred: /dev/sda: pass 1/1 (000000)...173MiB/6.1GiB 2% [..] shred: /dev/sda: pass 1/1 (000000)...6.0GiB/6.1GiB 99% shred: /dev/sda: pass 1/1 (000000)...6.1GiB/6.1GiB 100%
- the call to fdisk is to make sure it’s the right disk; you can also see disk via its model etc., in /dev/disk/by-id
- the sync after shred ensures the writes are de-cached, if needed (it’s not unusual for me to do a batch of these and power off the machine after each one)
If you don’t specify –iterations=0 (eg: specify =1) then it’ll do a random pass first. By default, it does three random passes .. !
I think the logic (I read somewhere .. the internet is a big place) is that disks with random data on them look suspicious, so zero them out afterwards.
I just zero them out: I consider that sufficient to ‘degauss’ a disk. Anyone who can scrape data off a zeroed out disk (ie .. pick up the faint residual magnetic signature from before) can probably also listen for stray radio waves from computers. Or, man in the middle my internet sessions. In other words: sophisticated adversary; game over.
Other uses ..
Any situation where you want to zero out something; such as cleaning up virtual machine disks to improve compressibility. Though, generally it’s the ’empty’ space that is the target, not the whole disk. So using ‘dd’ to write out a file until the disk fills up is my usual approach. But, shred with –verbose shows you the progress, which is nice.