move alternate erase functions to docs
This commit is contained in:
pedro
parent
56fd404e41
commit
be28ec2a1f
|
|
@ -0,0 +1,112 @@
|
|||
## borrado minimalista
|
||||
|
||||
Un enfoque inicial que teníamos para el borrado de disco son las siguientes funciones, esto lo hemos descartado para usar una herramienta más avanzada en el borrado [usody-sanitize](https://github.com/usody/sanitize/)
|
||||
|
||||
```python
|
||||
## Xavier Functions ##
|
||||
def erase_basic(disk):
|
||||
"""
|
||||
Basic Erasure
|
||||
https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=917935
|
||||
|
||||
Settings for basic data erasure using shred Linux command.
|
||||
A software-based fast non-100%-secured way of erasing data storage.
|
||||
|
||||
Performs 1 pass overwriting one round using all zeros.
|
||||
Compliant with NIST SP-800-8y8.
|
||||
|
||||
In settings appear:
|
||||
|
||||
WB_ERASE = EraseBasic
|
||||
WB_ERASE_STEPS = 1
|
||||
WB_ERASE_LEADING_ZEROS = False
|
||||
|
||||
"""
|
||||
cmd = f'shred -vn 1 /dev/{disk}'
|
||||
return [exec_cmd_erase(cmd)]
|
||||
|
||||
|
||||
def erase_baseline(disk):
|
||||
"""
|
||||
Baseline Secure Erasure
|
||||
Settings for advanced data erasure using badblocks Linux software.
|
||||
A secured-way of erasing data storages, erase hidden areas,
|
||||
checking the erase sector by sector.
|
||||
|
||||
Performs 1 pass overwriting each sector with zeros and a final verification.
|
||||
Compliant with HMG Infosec Standard 5 Baseline.
|
||||
|
||||
In settings appear:
|
||||
|
||||
WB_ERASE = EraseSectors
|
||||
WB_ERASE_STEPS = 1
|
||||
WB_ERASE_LEADING_ZEROS = True
|
||||
|
||||
WB_ERASE_1_METHOD = EraseBasic
|
||||
WB_ERASE_1_STEP_TYPE = 0
|
||||
WB_ERASE_2_METHOD = EraseSectors
|
||||
WB_ERASE_2_STEP_TYPE = 1
|
||||
"""
|
||||
result = []
|
||||
cmd = f'shred -zvn 0 /dev/{disk}'
|
||||
result.append(exec_cmd_erase(cmd))
|
||||
cmd = f'badblocks -st random -w /dev/{disk}'
|
||||
result.append(exec_cmd_erase(cmd))
|
||||
return result
|
||||
|
||||
|
||||
def erase_enhanced(disk):
|
||||
"""
|
||||
Enhanced Secure Erasure
|
||||
Settings for advanced data erasure using badblocks Linux software.
|
||||
A secured-way of erasing data storages, erase hidden areas,
|
||||
checking the erase sector by sector.
|
||||
|
||||
Performs 3 passes overwriting every sector with zeros and ones,
|
||||
and final verification. Compliant with HMG Infosec Standard 5 Enhanced.
|
||||
|
||||
In settings appear:
|
||||
|
||||
WB_ERASE = EraseSectors
|
||||
WB_ERASE_LEADING_ZEROS = True
|
||||
|
||||
WB_ERASE_1_METHOD = EraseBasic
|
||||
WB_ERASE_1_STEP_TYPE = 1
|
||||
WB_ERASE_2_METHOD = EraseBasic
|
||||
WB_ERASE_2_STEP_TYPE = 0
|
||||
WB_ERASE_3_METHOD = EraseSectors
|
||||
WB_ERASE_3_STEP_TYPE = 1
|
||||
"""
|
||||
result = []
|
||||
cmd = f'shred -vn 1 /dev/{disk}'
|
||||
result.append(exec_cmd_erase(cmd))
|
||||
cmd = f'shred -zvn 0 /dev/{disk}'
|
||||
result.append(exec_cmd_erase(cmd))
|
||||
## creo que realmente seria asi (3 pases y una extra poniendo a ceros):
|
||||
# shred -zvn 3 /def/{disk}
|
||||
# tampoco estoy seguro que el badblocks haga un proceso de verificacion.
|
||||
cmd = f'badblocks -st random -w /dev/{disk}'
|
||||
result.append(exec_cmd_erase(cmd))
|
||||
return result
|
||||
|
||||
## End Xavier Functions ##
|
||||
|
||||
## Erase Functions ##
|
||||
|
||||
def ata_secure_erase_null(disk):
|
||||
cmd_baseline = f'hdparm --user-master u --security-erase NULL /dev/{disk}'
|
||||
return [exec_cmd_erase(cmd_baseline)]
|
||||
|
||||
|
||||
def ata_secure_erase_enhanced(disk):
|
||||
cmd_enhanced = f'hdparm --user-master u --security-erase-enhanced /dev/{disk}'
|
||||
return [exec_cmd_erase(cmd_enhanced)]
|
||||
|
||||
|
||||
def nvme_secure_erase(disk):
|
||||
cmd_encrypted = f'nvme format /dev/{disk} --ses=1'
|
||||
return [exec_cmd_erase(cmd_encrypted)]
|
||||
|
||||
|
||||
## End Erase Functions ##
|
||||
```
|
||||
|
|
@ -73,113 +73,7 @@ SNAPSHOT_BASE = {
|
|||
'erase': []
|
||||
}
|
||||
|
||||
|
||||
## Command Functions ##
|
||||
## Erase Functions ##
|
||||
## Xavier Functions ##
|
||||
def erase_basic(disk):
|
||||
"""
|
||||
Basic Erasure
|
||||
https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=917935
|
||||
|
||||
Settings for basic data erasure using shred Linux command.
|
||||
A software-based fast non-100%-secured way of erasing data storage.
|
||||
|
||||
Performs 1 pass overwriting one round using all zeros.
|
||||
Compliant with NIST SP-800-8y8.
|
||||
|
||||
In settings appear:
|
||||
|
||||
WB_ERASE = EraseBasic
|
||||
WB_ERASE_STEPS = 1
|
||||
WB_ERASE_LEADING_ZEROS = False
|
||||
|
||||
"""
|
||||
cmd = f'shred -vn 1 /dev/{disk}'
|
||||
return [exec_cmd_erase(cmd)]
|
||||
|
||||
|
||||
def erase_baseline(disk):
|
||||
"""
|
||||
Baseline Secure Erasure
|
||||
Settings for advanced data erasure using badblocks Linux software.
|
||||
A secured-way of erasing data storages, erase hidden areas,
|
||||
checking the erase sector by sector.
|
||||
|
||||
Performs 1 pass overwriting each sector with zeros and a final verification.
|
||||
Compliant with HMG Infosec Standard 5 Baseline.
|
||||
|
||||
In settings appear:
|
||||
|
||||
WB_ERASE = EraseSectors
|
||||
WB_ERASE_STEPS = 1
|
||||
WB_ERASE_LEADING_ZEROS = True
|
||||
|
||||
WB_ERASE_1_METHOD = EraseBasic
|
||||
WB_ERASE_1_STEP_TYPE = 0
|
||||
WB_ERASE_2_METHOD = EraseSectors
|
||||
WB_ERASE_2_STEP_TYPE = 1
|
||||
"""
|
||||
result = []
|
||||
cmd = f'shred -zvn 0 /dev/{disk}'
|
||||
result.append(exec_cmd_erase(cmd))
|
||||
cmd = f'badblocks -st random -w /dev/{disk}'
|
||||
result.append(exec_cmd_erase(cmd))
|
||||
return result
|
||||
|
||||
|
||||
def erase_enhanced(disk):
|
||||
"""
|
||||
Enhanced Secure Erasure
|
||||
Settings for advanced data erasure using badblocks Linux software.
|
||||
A secured-way of erasing data storages, erase hidden areas,
|
||||
checking the erase sector by sector.
|
||||
|
||||
Performs 3 passes overwriting every sector with zeros and ones,
|
||||
and final verification. Compliant with HMG Infosec Standard 5 Enhanced.
|
||||
|
||||
In settings appear:
|
||||
|
||||
WB_ERASE = EraseSectors
|
||||
WB_ERASE_LEADING_ZEROS = True
|
||||
|
||||
WB_ERASE_1_METHOD = EraseBasic
|
||||
WB_ERASE_1_STEP_TYPE = 1
|
||||
WB_ERASE_2_METHOD = EraseBasic
|
||||
WB_ERASE_2_STEP_TYPE = 0
|
||||
WB_ERASE_3_METHOD = EraseSectors
|
||||
WB_ERASE_3_STEP_TYPE = 1
|
||||
"""
|
||||
result = []
|
||||
cmd = f'shred -vn 1 /dev/{disk}'
|
||||
result.append(exec_cmd_erase(cmd))
|
||||
cmd = f'shred -zvn 0 /dev/{disk}'
|
||||
result.append(exec_cmd_erase(cmd))
|
||||
## creo que realmente seria asi (3 pases y una extra poniendo a ceros):
|
||||
# shred -zvn 3 /def/{disk}
|
||||
# tampoco estoy seguro que el badblocks haga un proceso de verificacion.
|
||||
cmd = f'badblocks -st random -w /dev/{disk}'
|
||||
result.append(exec_cmd_erase(cmd))
|
||||
return result
|
||||
|
||||
## End Xavier Functions ##
|
||||
|
||||
def ata_secure_erase_null(disk):
|
||||
cmd_baseline = f'hdparm --user-master u --security-erase NULL /dev/{disk}'
|
||||
return [exec_cmd_erase(cmd_baseline)]
|
||||
|
||||
|
||||
def ata_secure_erase_enhanced(disk):
|
||||
cmd_enhanced = f'hdparm --user-master u --security-erase-enhanced /dev/{disk}'
|
||||
return [exec_cmd_erase(cmd_enhanced)]
|
||||
|
||||
|
||||
def nvme_secure_erase(disk):
|
||||
cmd_encrypted = f'nvme format /dev/{disk} --ses=1'
|
||||
return [exec_cmd_erase(cmd_encrypted)]
|
||||
|
||||
|
||||
## End Erase Functions ##
|
||||
|
||||
@logs
|
||||
def get_disks():
|
||||
|
|
|
|||
Loading…
Reference in New Issue