From be28ec2a1fd2fac4d5d8c85999a8bf8833e84734 Mon Sep 17 00:00:00 2001 From: pedro Date: Fri, 18 Oct 2024 10:54:45 +0200 Subject: [PATCH] move alternate erase functions to docs --- docs/dev-es.md | 112 ++++++++++++++++++++++++++++++++++++++++++++ workbench-script.py | 106 ----------------------------------------- 2 files changed, 112 insertions(+), 106 deletions(-) create mode 100644 docs/dev-es.md diff --git a/docs/dev-es.md b/docs/dev-es.md new file mode 100644 index 0000000..2383586 --- /dev/null +++ b/docs/dev-es.md @@ -0,0 +1,112 @@ +## borrado minimalista + +Un enfoque inicial que teníamos para el borrado de disco son las siguientes funciones, esto lo hemos descartado para usar una herramienta más avanzada en el borrado [usody-sanitize](https://github.com/usody/sanitize/) + +```python +## Xavier Functions ## +def erase_basic(disk): + """ + Basic Erasure + https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=917935 + + Settings for basic data erasure using shred Linux command. + A software-based fast non-100%-secured way of erasing data storage. + + Performs 1 pass overwriting one round using all zeros. + Compliant with NIST SP-800-8y8. + + In settings appear: + + WB_ERASE = EraseBasic + WB_ERASE_STEPS = 1 + WB_ERASE_LEADING_ZEROS = False + + """ + cmd = f'shred -vn 1 /dev/{disk}' + return [exec_cmd_erase(cmd)] + + +def erase_baseline(disk): + """ + Baseline Secure Erasure + Settings for advanced data erasure using badblocks Linux software. + A secured-way of erasing data storages, erase hidden areas, + checking the erase sector by sector. + + Performs 1 pass overwriting each sector with zeros and a final verification. + Compliant with HMG Infosec Standard 5 Baseline. + + In settings appear: + + WB_ERASE = EraseSectors + WB_ERASE_STEPS = 1 + WB_ERASE_LEADING_ZEROS = True + + WB_ERASE_1_METHOD = EraseBasic + WB_ERASE_1_STEP_TYPE = 0 + WB_ERASE_2_METHOD = EraseSectors + WB_ERASE_2_STEP_TYPE = 1 + """ + result = [] + cmd = f'shred -zvn 0 /dev/{disk}' + result.append(exec_cmd_erase(cmd)) + cmd = f'badblocks -st random -w /dev/{disk}' + result.append(exec_cmd_erase(cmd)) + return result + + +def erase_enhanced(disk): + """ + Enhanced Secure Erasure + Settings for advanced data erasure using badblocks Linux software. + A secured-way of erasing data storages, erase hidden areas, + checking the erase sector by sector. + + Performs 3 passes overwriting every sector with zeros and ones, + and final verification. Compliant with HMG Infosec Standard 5 Enhanced. + + In settings appear: + + WB_ERASE = EraseSectors + WB_ERASE_LEADING_ZEROS = True + + WB_ERASE_1_METHOD = EraseBasic + WB_ERASE_1_STEP_TYPE = 1 + WB_ERASE_2_METHOD = EraseBasic + WB_ERASE_2_STEP_TYPE = 0 + WB_ERASE_3_METHOD = EraseSectors + WB_ERASE_3_STEP_TYPE = 1 + """ + result = [] + cmd = f'shred -vn 1 /dev/{disk}' + result.append(exec_cmd_erase(cmd)) + cmd = f'shred -zvn 0 /dev/{disk}' + result.append(exec_cmd_erase(cmd)) + ## creo que realmente seria asi (3 pases y una extra poniendo a ceros): + # shred -zvn 3 /def/{disk} + # tampoco estoy seguro que el badblocks haga un proceso de verificacion. + cmd = f'badblocks -st random -w /dev/{disk}' + result.append(exec_cmd_erase(cmd)) + return result + +## End Xavier Functions ## + +## Erase Functions ## + +def ata_secure_erase_null(disk): + cmd_baseline = f'hdparm --user-master u --security-erase NULL /dev/{disk}' + return [exec_cmd_erase(cmd_baseline)] + + +def ata_secure_erase_enhanced(disk): + cmd_enhanced = f'hdparm --user-master u --security-erase-enhanced /dev/{disk}' + return [exec_cmd_erase(cmd_enhanced)] + + +def nvme_secure_erase(disk): + cmd_encrypted = f'nvme format /dev/{disk} --ses=1' + return [exec_cmd_erase(cmd_encrypted)] + + +## End Erase Functions ## +``` diff --git a/workbench-script.py b/workbench-script.py index dc9c729..5bd21ec 100644 --- a/workbench-script.py +++ b/workbench-script.py @@ -73,113 +73,7 @@ SNAPSHOT_BASE = { 'erase': [] } - ## Command Functions ## -## Erase Functions ## -## Xavier Functions ## -def erase_basic(disk): - """ - Basic Erasure - https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=917935 - - Settings for basic data erasure using shred Linux command. - A software-based fast non-100%-secured way of erasing data storage. - - Performs 1 pass overwriting one round using all zeros. - Compliant with NIST SP-800-8y8. - - In settings appear: - - WB_ERASE = EraseBasic - WB_ERASE_STEPS = 1 - WB_ERASE_LEADING_ZEROS = False - - """ - cmd = f'shred -vn 1 /dev/{disk}' - return [exec_cmd_erase(cmd)] - - -def erase_baseline(disk): - """ - Baseline Secure Erasure - Settings for advanced data erasure using badblocks Linux software. - A secured-way of erasing data storages, erase hidden areas, - checking the erase sector by sector. - - Performs 1 pass overwriting each sector with zeros and a final verification. - Compliant with HMG Infosec Standard 5 Baseline. - - In settings appear: - - WB_ERASE = EraseSectors - WB_ERASE_STEPS = 1 - WB_ERASE_LEADING_ZEROS = True - - WB_ERASE_1_METHOD = EraseBasic - WB_ERASE_1_STEP_TYPE = 0 - WB_ERASE_2_METHOD = EraseSectors - WB_ERASE_2_STEP_TYPE = 1 - """ - result = [] - cmd = f'shred -zvn 0 /dev/{disk}' - result.append(exec_cmd_erase(cmd)) - cmd = f'badblocks -st random -w /dev/{disk}' - result.append(exec_cmd_erase(cmd)) - return result - - -def erase_enhanced(disk): - """ - Enhanced Secure Erasure - Settings for advanced data erasure using badblocks Linux software. - A secured-way of erasing data storages, erase hidden areas, - checking the erase sector by sector. - - Performs 3 passes overwriting every sector with zeros and ones, - and final verification. Compliant with HMG Infosec Standard 5 Enhanced. - - In settings appear: - - WB_ERASE = EraseSectors - WB_ERASE_LEADING_ZEROS = True - - WB_ERASE_1_METHOD = EraseBasic - WB_ERASE_1_STEP_TYPE = 1 - WB_ERASE_2_METHOD = EraseBasic - WB_ERASE_2_STEP_TYPE = 0 - WB_ERASE_3_METHOD = EraseSectors - WB_ERASE_3_STEP_TYPE = 1 - """ - result = [] - cmd = f'shred -vn 1 /dev/{disk}' - result.append(exec_cmd_erase(cmd)) - cmd = f'shred -zvn 0 /dev/{disk}' - result.append(exec_cmd_erase(cmd)) - ## creo que realmente seria asi (3 pases y una extra poniendo a ceros): - # shred -zvn 3 /def/{disk} - # tampoco estoy seguro que el badblocks haga un proceso de verificacion. - cmd = f'badblocks -st random -w /dev/{disk}' - result.append(exec_cmd_erase(cmd)) - return result - -## End Xavier Functions ## - -def ata_secure_erase_null(disk): - cmd_baseline = f'hdparm --user-master u --security-erase NULL /dev/{disk}' - return [exec_cmd_erase(cmd_baseline)] - - -def ata_secure_erase_enhanced(disk): - cmd_enhanced = f'hdparm --user-master u --security-erase-enhanced /dev/{disk}' - return [exec_cmd_erase(cmd_enhanced)] - - -def nvme_secure_erase(disk): - cmd_encrypted = f'nvme format /dev/{disk} --ses=1' - return [exec_cmd_erase(cmd_encrypted)] - - -## End Erase Functions ## @logs def get_disks():