[CentOS-virt] Problem with lvm disks assigned to kvm guests
dennisml at conversis.de
Thu Feb 6 12:11:12 UTC 2014
On 06.02.2014 12:56, Nico Kadel-Garcia wrote:
> On Thu, Feb 6, 2014 at 6:17 AM, Dennis Jacobfeuerborn
> <dennisml at conversis.de> wrote:
>> On 06.02.2014 12:05, C. L. Martinez wrote:
>>> On Thu, Feb 6, 2014 at 11:01 AM, Dennis Jacobfeuerborn
>>> Many thanks Dennis ... Then if I do:
>>> dd if=/dev/zero of=/dev/sdc1 bs=1M (it is a 1TiB disk), will erase all
>>> data and partitions created by the kvm guest??
>> That should work although if you want to be really safe you should
>> probably use /dev/urandom instead of /dev/zero as using random data is a
>> better way to deal with the problem of data remanence:
> To avoid seeing the old partitions or boot loader, you can simply zero
> the partition information. That will avoid the confusion, and it is
> *much, much faster* than zeroing the whole disk.
> dd if=/dev/zero of=/dev/sdc1 count=100
> /dev/urandom take *much* longer.. Also, that article you mention
> merely describes the technique. The *expense* of data recovery from
> something that's been overwritten simply with zeroes or ones is
> hideous, and the results quite poor according to previous analyses
> I've seen. So while thousands of Google articles recommend "for real
> security, use /dev/urandom", it's extremely difficult to find any that
> justify the expense and time.
> If you really feel the need to do military grade scrubbing, use
> "dban", with the source code available at
> http://sourceforge.net/projects/dban/files/dban/dban-2.2.8/.. It's at
> the core of most disk erasure CD's and USB stick tools that I've
If these are private VMs (i.e. security is no concern) then the dd above
is sufficient but then you could just skip this as well and delete the
partitions when installing the new VM.
If these are not private VMs (i.e. for customers) and you use the dd
above then you give the new customer basically access to all the data of
the customer who was previously using this space. In the non-private
case you should always wipe the complete volume and not trade in
security for convenience.
More information about the CentOS-virt