Security Archives • Page 7 of 14 • Linux Tips

Let’s Shred A Partition

In today’s article, we’re going to shred a partition. What does that mean? It means we’re going to erase the data in a manner that makes it difficult for that data to be recovered. Notice that I didn’t say ‘impossible’? That’s because they’ve got some pretty sweet forensic tools out there and who knows what they can recover.

This will keep your deleted data safe from a common thief or dumpster diver. It’s also not a bad idea to just destroy the drive, perhaps after shredding it, just to be sure. If you’re the enemy of a powerful government, you probably shouldn’t keep data on hard drives unless you’ve secured them very well! This may not help those sorts of people.

The tool we’ll be using is actually called ‘shred’. It’s possibly installed by default, but it’ll be in your default repositories. The command defines itself as:

shred – overwrite a file to hide its contents, and optionally delete it

It further describes itself as:

Overwrite the specified FILE(s) repeatedly, in order to make it harder for even very expensive hardware probing to recover the data.

This is actually a pretty easy article and won’t take much time to go over. There’s just a couple of commands I wanted to cover, and we’ll just showing you how to shred a partition. So, ‘snot all that complicated, nor all that involved. On with the show!

Shred A Partition:

Like many other articles on this site, we’re gonna need an open terminal. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

First, let’s make sure you have shred installed. Enter this command:

shred --version

1	shred --version

If you don’t have shred installed, you’ll need to install it using your package manager. If you are using apt, then it’d look like:

sudo apt install shred

1	sudo apt install shred

Once installed, you need to know which partition you want to shred. For that, you’ll possibly need the following:

lsblk

lsblk

Once you have identified the partition, such as ‘sdb2’, you can shred the partition. To do that, try this command:

sudo shred -v /dev/<partition>

1	sudo shred -v /dev/<partition>

We use the -v for verbose, so it shows us the progress. This command will do the default. It will overwrite the partition three times. You can change that value easily enough. To do so, use a command similar to:

sudo shred -v -n 10 /dev/<partition>

1	sudo shred -v -n 10 /dev/<partition>

The -n lets you pick the number of times it will shred the partition, that is overwrite it with data, and you can pick any number you want. So, change the ’10’ to whatever you want, but be aware that it can take quite a while.

That’s it, really. There’s more that you can do with shred, so check the man page. I’m only covering how to shred a partition in this article.

Closure:

There you have it, another article. This one tells you how to shred a partition. If that’s something you need to do, you now know how to do it. As I mentioned in the first section of this article, it’s not very complicated. It will take some time, so be sure to use the -v option and keep track of what’s going on.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

How To: Protect a file or directory from being deleted or changed by root

The following article is a guest article that will teach you how to protect a file or directory from being deleted or changed – even by root. This is a handy skill to have as you may have files you want to ensure are never changed.

This time, I’m going to do very little editing – but not out of laziness, but because I really don’t seem to need to do much. I really only need to do some formatting changes and we’ll be good.

Note: I forgot to ask the author if they want me to disclose their name. It’s a little late in the day now, as they’re in another time zone entirely, so when they see this they can let me know if they want their name credited/anything linked from it.

Without further ado…

Protect A File Or Directory:

Sometimes we come across files/directories in Linux that we don’t want to be changed. It won’t be long before we realize making a file “read only” through the GUI of our desktop environment doesn’t work the way we want to because the root user is still able to alter that file.

In this article I’m going to show you how to protect ANY file or directory from being deleted or changed even by the root user. For this example I’ll use xorg.conf which is nvidia’s config file.

Files:

In order to make xorg.conf immortal, as I like to call this process, open terminal and type:

sudo chattr +i /etc/X11/xorg.conf

1	sudo chattr +i /etc/X11/xorg.conf

and press enter. To make sure the file has become immutable, which is what the +i stands for, open it as root in your favorite text editor (sudo gedit /etc/X11/xorg.conf). Some text editors will allow you to write new content to the file but they won’t allow you to save the changes because the file is already immutable. Other text editors won’t react to pressing keys and there will be a “read only” string in the title bar next to the file name.

Undoing a file immutable is pretty much the same, with the only difference being that instead of a + you must use a minus symbol:

sudo chattr -i /etc/X11/xorg.conf

1	sudo chattr -i /etc/X11/xorg.conf

Directories:

You can also make a directory immutable or even a set of subdirectories. For this example open your home directory in your favorite file manager, then open terminal and type:

mkdir -p testdir/dir2/

1	mkdir -p testdir/dir2/

Now, here comes a little tricky part that you need to remember for the immutabling of the directories to work: placing a slash after the names tells the shell that dir2 is a directory and not a file. If you type /testdir/dir2, the shell will think dir2 is a file and will return an error.

If you have entered the command correctly, you will see this output:

mkdir: created directory „'testdir'“
mkdir: created directory „'testdir/dir2/'“

1 2	mkdir: created directory „'testdir'“ mkdir: created directory „'testdir/dir2/'“

If you have closed terminal, open it again in your home directory where you just created these two directories and type (exactly the way you see it, with the capital R and V):

sudo chattr -RV +i testdir/

1	sudo chattr -RV +i testdir/

-R stands for “recursive”, meaning it will do the same operation to all subdirectories, including dir2.
-V stands for “verbose” which will display what has been done.

In order to test this, simply select test dir and press Delete to try and delete it. You’ll see an error message which means testdir and the dir2 inside it have both become “immortal” and now nobody can delete them, not even root.

Undoing this is the same command, only instead of +i, you must use -i.

Closure:

And there you have it, a fairly well written article that I didn’t do much to other than some basic formatting. If there’s an error, don’t blame me! Ha! It looks right to me and jives with what I know on the subject, but I did not actually go through and test this. I trust the author to know what they’re talking about.

By the way, if you have a favorite subject and want to write an article, it really is that easy. Up in the upper right, click on the ‘contribute’ and I’ve made it even easier. (Don’t worry if it won’t let you pick a category, it’ll go through – and I still have to pick a category for it anyhow. All that does is save it as a draft for me to work on. It certainly doesn’t publish anything without my intervention. That’d just be silly talk!)

How To: Make A File Executable

Today we’re going to learn something important, that is how to make a file executable. This is something everyone should know how to do. It’s not going to be easy to make this into an article, ’cause it’s really quite easy, but I’ll give it a shot.

One of the important things about Linux is that files have various permissions. You can read, write, and execute a file based on the permissions. This helps keep Linux a bit more secure, because files can’t be executed until you’ve given them permission to do so.

I’ll make this article as straightforward as I can, by trying to give you an example of how this works. We’ll create a file, make it executable, and then run said file. This should serve as a good example, so that you can do so in the future.

You’ll see a bunch of commands in this article. If you’re new, just follow ’em until the end and you’ll hopefully understand what’s going on, and see how to make a file executable. Trust me, this isn’t something all that taxing. I’m sure you can get it!

Make A File Executable:

This article requires an open terminal, like many other articles on this site. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

With your terminal open, let’s create a new file. We’ll do that with:

touch love.sh

1	touch love.sh

Open love.sh for editing with nano by using the following command:

nano love.sh

1	nano love.sh

Enter the following text:

echo "I love Linux Tips!"

1	echo "I love Linux Tips!"

Now, you’ll have to save that. Just press CTRL + X, then Y, and then ENTER. That will save the file with the newly added text.

Now, we’ll make the file executable with the ‘chmod‘ command. That’s done with this command:

chmod +x love.sh

1	chmod +x love.sh

With that done, all you need to do now is execute the file. To do that, you just call the file by name in the terminal. As you’re still in the same directory, you’ll need to use ./ – so your command actually looks like:

./love.sh

./love.sh

With that, you should get a message saying that you love Linux Tips. Aww… Isn’t that sweet of you! We love you too! It was also a fun way to create a file, edit it, make it executable, and then actually executed said file.

Closure:

See? That wasn’t all that hard. I hope that method shows you a little about how to make a file executable. It’s a pretty basic skill that all Linux users should be familiar with. It’s not a very complicated article, but that’s just fine. At least we (hopefully) had some fun with it.

Let’s Upgrade Fedora From The Terminal

Today’s a good day for a short article, like one on how to upgrade Fedora from the terminal. It’s a pretty easy task, yet one I have in my notes. I see no reason to not turn it into a nice, short article. After all, you might not know how to upgrade Fedora from the terminal!

Obviously, you’re going to need Fedora installed for this. Though, technically, I’m sure you could do this if you were trying the live instance of Fedora. I mean, you could…

Anyhow, all operating systems should get updates. If you’re not getting updates, something is wrong. The most obvious ‘wrong’ in this is that you’re using an operating system that’s no longer supported. By doing so, and doing so online, you are not just a risk to yourself – but you’re a risk to other users.

For example, you could be compromised and become a part of a botnet. That’d be bad. So, stay updated – not just for yourself but to be a good member of the community. Use a distro that’s still supported.

Lest you think this is a weird article, I’ve actually also written:

How To: Update Ubuntu From The Terminal

See? ‘Snot the first time we’ve had this sort of article.

Well, let’s get into it. Let’s learn how to …

Upgrade Fedora From The Terminal:

With your terminal open, you can start with a very simple command:

sudo dnf update

1	sudo dnf update

That’s “it”, I guess… Well, no… That’s all you need to do to upgrade your system. If your system requires a reboot, you do that with:

sudo reboot

1	sudo reboot

Now, here’s a little trick…

Let’s say your upgrade screwed something up. You upgraded to a new version of Thunderbird and you want to roll back to a previous version. You can do that without much effort.

sudo dnf history list | grep thunderbird

1	sudo dnf history list \| grep thunderbird

Obviously, change the name of the application to the application you’re having problems with. Well, each upgrade will have a number assigned to it and it’ll show that number when you run the above command. You use that number in this command:

sudo dnf history undo <application_number>

1	sudo dnf history undo <application_number>

That will undo the most recent upgrade to that application, restoring a usable application for you. You can then try it again when the application is next upgraded.

See? It’s a neat little trick with ‘dnf’. Feel free to check the man page, with man dnf, to see what other little gems you can find.

Closure:

See? I told you that it’d be a nice and easy article. This one isn’t difficult – but does have a neat feature not everyone knows about, that is how to rollback upgrades with DNF when you have chosen to upgrade Fedora from the terminal.

Disallow SSH Login For A Specific User

In today’s article, we’re going to learn how to disallow SSH login for a specific user. The reasons you might want to do this should be obvious, so that’ll save some time! Read on to learn how!

I’ve covered SSH in many articles. If you search for “SSH”, you’ll find a bunch of articles covering the subject. I’m not sure why there are so many, but there are. I seem to have a lot of notes on the subject.

Here, this link will help you search for SSH articles.

SSH is “Secure Shell”, a method to login to remote computers so that you can manage them without being their physically. It’s used by systems administrators regularly, without ever needing a GUI to manage their Linux systems.

It’s also used by people like me, too lazy to walk to the other side of the room. I’m literally using SSH to manage stuff on my laptop from here on this desktop as I write this. On top of that, while not logged in right now, I was using SSH to manage a VPS earlier today.

So, SSH isn’t just for professional system administrators and, if you use SSH at home, you might as well know how to secure it. This article will help you secure your system – by learning how to disallow SSH login for a specific user.

Disallow SSH Login For A Specific User:

This article requires an open terminal on (and connection to) the computer you wish to change. That may require you to login to that computer remotely. If you’re on a local device and you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open. Otherwise, SSH into it like a boss.

With your terminal/connection now open, enter the following command:

sudo nano /etc/ssh/sshd_config

1	sudo nano /etc/ssh/sshd_config

Find a place to make a new line and enter the following with some care:

DenyUsers          <username>

1	DenyUsers <username>

Now, this one is a bit picky. Obviously, you substitute <username> with the real name – but in between “DenyUsers” and the username you absolutely MUST press the TAB key. If you try to just use spaces, it will not work! You MUST use the TAB key which will appear to insert spaces for you!

Assuming you’ve done everything correctly, you’ll need to restart SSH for the changes to take effect. You can do that with this command:

sudo systemctl restart ssh

1	sudo systemctl restart ssh

If you were logged into a remote system to make the changes on that system, the above command is gonna log you out and you’ll need to login again. You knew that, but I figure I’ll mention it.

Hmm… If you’re a barbarian that doesn’t use systemd, try this:

sudo service ssh restart

1	sudo service ssh restart

When SSH restarts, the prohibited user will get a “Permission Denied” message when they try to login. Ha! That’ll teach Jerry in accounting from thinking he’s a system admin!

Closure:

Whelp… You have another article. This one has shown you how to disable SSH login for a specific user (Jerry in accounting, who had no business accessing the server anyhow). You’re welcome!