SYNOPSIS

       scrub [-f] [-p nnsa|dod|bsi] [-X] [-D newname] [-s size] file

DESCRIPTION

       Scrub  iteratively  writes  patterns  on  files or disk devices to make
       retrieving the data more difficult.  Scrub operates  in  one  of  three
       modes:

       1) The special file corresponding to an entire disk is scrubbed and all
       data on it is destroyed.  This mode is selected if file is a  character
       or block special file.  This is the most effective method.

       2)  A  regular  file  is  scrubbed  and  only the data in the file (and
       optionally its name in the directory entry)  is  destroyed.   The  file
       size  is  rounded up to fill out the last file system block.  This mode
       is selected if file is a regular file.  See CAVEATS below.

       3) file is created, expanded  until  the  file  system  is  full,  then
       scrubbed  as  in  2).  This  mode  is selected with the -X option.  See
       CAVEATS below.

       Scrub accepts the following options:

       -p nnsa|dod|bsi|old|fastold
              Select the patterns to write.  nnsa selects  patterns  compliant
              with NNSA Policy Letter NAP-14.x; dod selects patterns compliant
              with DoD 5220.22-M; bsi selects patterns recommended by the Ger-
              man    Center    of   Security   in   Information   Technologies
              (http://www.bsi.bund.de); old selects pre-version 1.7 scrub pat-
              terns;  and  fastold  is old without the random pass.  See STAN-
              DARDS below for more detail.  Default: nnsa.

       -b blocksize
              Perform read(2) and write(2) calls using the specified blocksize
              (in  bytes).  K, M, or G may be appended to the number to change
              the  units  to  KiBytes,  MiBytes,  or  GiBytes,   respectively.
              Default: 1M.

       -f     Scrub  even  if  target  contains  signature  indicating  it has
              already been scrubbed.

       -S     Do not write scrub signature.  Scrub will not be able to  ascer-
              tain if the disk has already been scrubbed.

       -X     Create  specified  regular  file  and keep appending to it until
              write returns ENOSPC (file system full), then scrub it as usual.

       -D newname
              After scrubbing the file, scrub its name in the directory entry,
              then rename it to the new name.  The scrub patterns used on  the
              directory entry are constrained by the operating system and thus
              are not compliant with cited standards.

       program from GNU coreutils does a more  thorough  and  scientific  (but
       more  I/O  intensive)  job  of secure deletion, as described in Guttman
       below.

       Scrub makes no attempt to disable write caching on the disk  device  or
       deal  with  spare  blocks.   RAID  and other more sophisticated storage
       devices may require special handling.

       The effectiveness of scrubbing regular files through a file system will
       be  limited  by the OS and file system.  File systems that are known to
       be problematic are journaled, log structured, copy-on-write, versioned,
       and network file systems.  If in doubt, scrub the raw disk device.

       Scrubbing free blocks in a file system with the -X method is subject to
       the same caveats as scrubbing regular files, and in addition,  is  only
       useful  to the extent the file system allows you to reallocate the tar-
       get blocks as data blocks in a new file.  If in doubt,  scrub  the  raw
       disk device.

       [MacOS X HFS file system] Scrub attempts to overwrite a file's resource
       fork if it exists.  Although MacOS  X  will  support  additional  named
       forks  in  the  future, scrub is only aware of the traditional data and
       resource forks.

STANDARDS

       The dod scrub sequence is compliant with the  DoD  5220.22-M  procedure
       for sanitizing removeable and non-removeable rigid disks which requires
       overwriting all addressable locations with a character, its complement,
       then  a random character, and verify.  Please refer to the DoD document
       for additional constraints.

       The nnsa (default) scrub sequence is compliant with a Dec.  2005  draft
       of  NNSA  Policy  Letter  NAP-14.x (see reference below) for sanitizing
       removable and non-removable hard disks, which requires overwriting  all
       locations  with a pseudorandom pattern twice and then with a known pat-
       tern.  Please refer to the NNSA document for additional constraints.

       Please consult local authorities regarding your site  policy  for  disk
       sanitization.

AUTHOR

       Jim Garlick <garlick@llnl.gov>

       This work was produced at the University of California, Lawrence Liver-
       more National Laboratory under Contract No. W-7405-ENG-48 with the DOE.
       Designated UCRL-CODE-2003-006, scrub is licensed under terms of the GNU
       General Public License.

SEE ALSO

       DoD 5220.22-M, "National Industrial Security Program Operating Manual",
       Chapter 8, 01/1995.

LLNL                              Release 1.7                         SCRUB(1)
Man(1) output converted with man2html