|-h||Display help screen. Shows options and what they do.|
|-u||usage - shows options|
|-c||shows copywrite information|
|-i||interactive - prompt whether to remove each file explicitly checks file permissions|
|-f||forces file wiping and suppresses permission warnings|
|-r or -R||recursion - traverse subdirectories|
|-s||silent - disable percent reporting and some warnings|
|-V||verbose - shows percentage if file size is above a certain limit (see wipe -h)|
|-v||force verbose - always show percentage|
|-e and -E||on (-e) makes the percentage (only if shown) more accurate by calling fdatasync() before each update off (-E) will be slightly less accurate, but wipe will only call fdatasync() between passes|
|-d and -D||delete (-d) or keep (-D) after wiping|
|-n and -N||delete (-n) or skip (-N) fifos, sockets, sym links, and char devices|
|-k and -K||lock (-k) or dont lock (-K) files during wiping|
|-z||zero-out file - performs a single pass of zeros|
|-Z||perform normal passes - overrides -z|
|-t and -T||enable (-t) or disable (-T) static passes|
|-a and -A||write until out of space (-a) or dont (-A)|
|-o and -O||
write [size] to stdout (-o) or use files (-O)
Since wipe does not have specific support for char devs, like it does for block devs, this is the preferred method of wiping them, such as tape drives; eg, wipe -za -o | buffer > /dev/nst0 It can also be used for block devs; eg wipe -To | dd count=size of=blkdev
You can also use this to create files containing pseudo-random output from the MT PRNG; eg, wipe -To10240 -x1 > prand
For static passes, you must specify a stdout length.
|-B||override block device sector count|
|-S||override block device sector size|
|-C||chunk size - the maximum file buffer size|
sets generic security level
level 0, the PRNG is only seeded once
level 1, the PRNG is seeded once per file
level 2, the PRNG is seeded once per random pass
|-x||enables random passes and optionally, how many random passes to perform - note that this option now sets the number of random passes per wipe loop - in other words, the total number of random passes will be random passes * wipe loops (-p)|
|-X||disable random passes|
|-p||loop passes - perform wipe sequence x times, including random passes|
custom byte - overwrite once with a specific byte
/dev/urandom Wipe uses this character device for a source of entropy /dev/random Wipe falls back to using this if /dev/urandom is not available
If an error occurs, the exit code will be the errno value. An exit code of 2 indicates bad usage.
Wipe does not work on log structured file systems, or any other type of file system or block device that reallocates sectors on write.
Some programs are vulnerable to symlink races. To avoid this problem with wipe, only wipe files in directories that are not writable by untrusted users.
Tapes and other sequential access devices
Choose an appropriate buffer size to match the logic or physical block size of the device. When using the pattern passes, you should disable compression on the drive, and its generally best to so for other passes as well.
For VXA drives, I used mt-st under linux to set the block size to 0 (variable) and turn off compression, and I run wipe with a 64k block size, to match the on-tape formats native block size.
mt-st setblk 0
mt-st compression 0
wipe -C64 /dev/st0
Other file wiping utilities:
Another "wipe" by Berke Durak <email@example.com>
Colin Plumbs <firstname.lastname@example.org> sterilize.
Todd Burgesss <email@example.com> srm is available on sunsite/metalab in
Copyright (C) 1998-2009 Thomas M. Vier, Jr. <firstname.lastname@example.org>
Mersenne Twister PRNG module
Copyright (C) 1997 Makoto Matsumoto and Takuji Nishimura