UNIX for Advanced & Expert Users

Hi Friends,

I am looking for a opensource/inbuilt server wipe tools similar to DBAN for the server decommissions.
I have several AIX and Linux machines to decom as part of datacenter shutdowns. But these 'DOESNT' have console access and I need to do the wipe remotely. Can you please suggest me some tools for it. I know the challenge here is the 'no console' part.
As per company standards full OS wipe is required.

Thanks in advance

You can use dd and write zeros on the data disks.
That will leave maybe the OS itself.

AIX also has the diag tool which has the following option:

Code:

       -T taskname
            Fastpath to specific task to run. Current fastpath tasks are the following:
              format
                   Format Media Task

For the OS disks you can try to kill it with dd until your session is dead.

I'd destroy the non-rootvg volume groups first with something like this:-for

Code:

vg in `lsvg |grep -Ev "^rootvg$"`
do
   # List and unmount filesystems
   lsvg -l $vg | grep "/" | while read a b c d e f mnt
   do
      echo $mnt
   done | sort -r | while read mnt        # Reverse sort to ensure sub-directories unmounted first
   do
      umount $mnt
   done

   # List disks and drop VG (forcing LV removal at same time)
   hdlist=
   lsvg -p $vg | grep hdisk | while read hd rest
   do
      hdlist="$hdlist $hd"
   done
   reducevg -f $vg $hdlist
done

This might hit problems if you have sibdirectories from other volume groups mounted under the ones you are trying to work on, but you are then pretty free to work with dd or the diag tools as suggested by Zaxxon. If you need to destroy the rootvg volume group, you will really need the console, from where you could boot from media and then run diag to format that device too or perhaps force a complete overwrite install onto the same disks.

Failing that, you can remove and degauss the disks or get them shredded. There are disposal contractors who will do this for you and you can get certification statements about device destruction with some detailing the serial numbers if you feel you need to go that far.

You then have to consider your backup media that you would use for a DR and destroy that too, else the server could be re-created. Again a disposal company can do this for you.



May I ask why you need to destroy everything and not just reuse the hardware? If you drop the logical volumes, then AIX will only create them empty again if you recreate them, even if you use the same disk blocks, the old data is not really available to you.



Robin

Thanks zaxxon
'dd' was in my mind, but concern was wiping the OS completely and shutting down server after it.

Thanks
Shyam

---------- Post updated at 06:49 PM ---------- Previous update was at 06:44 PM ----------

Thanks Robin. I missed your reply.
So that explains enough.
I may need to destroy as per the company security guidelines. And also these hardwares are out of warranty.

Thanks
Shyam

This sounds difficult to do remotely... Destroying it would mean overwriting data being used, causing it to crash.

In AIX you do not need to wipe the OS completely. If you overwrite the first GB (or thereabouts) of the rootvgs hdisk device(s) with hexadecimal zeroes you will destroy the VGDA and upon reboot the VG will not be recognizable any more by the OS. This will prevent data recovery with "normal" measures offered by the OS, but it will perhaps not prevent specialized laboratories doing some "extreme" data recovery.

You will have to decide if you want to prevent only "normal" people from getting anything or if you need to even fool the NSA (which probably had your data even before you from tapping the wires ;-)) ).

I hope this helps.

bakunin

My suggestion would be to ignore the OS, which people would just buy if they want it that badly, and wipe the client data -- the stuff really meant to be confidential. Not to mention, stuff you can be confident will be wiped without breaking down halfway through. Also, logs. Trashing the hdisks after would be a good parting shot