[CentOS-virt] Problem with lvm disks assigned to kvm guests

Thu Feb 6 12:11:12 UTC 2014
Dennis Jacobfeuerborn <dennisml at conversis.de>

On 06.02.2014 12:56, Nico Kadel-Garcia wrote:
> On Thu, Feb 6, 2014 at 6:17 AM, Dennis Jacobfeuerborn
> <dennisml at conversis.de> wrote:
>> On 06.02.2014 12:05, C. L. Martinez wrote:
>>> On Thu, Feb 6, 2014 at 11:01 AM, Dennis Jacobfeuerborn
>>> Many thanks Dennis ... Then if I do:
>>> dd if=/dev/zero of=/dev/sdc1 bs=1M (it is a 1TiB disk), will erase all
>>> data and partitions created by the kvm guest??
>> That should work although if you want to be really safe you should
>> probably use /dev/urandom instead of /dev/zero as using random data is a
>> better way to deal with the problem of data remanence:
>> http://en.wikipedia.org/wiki/Data_remanence#Overwriting
>> Regards,
>>     Dennis
> To avoid seeing the old partitions or boot loader, you can simply zero
> the partition information. That will avoid the confusion, and it is
> *much, much faster* than zeroing the whole disk.
>                dd if=/dev/zero of=/dev/sdc1 count=100
> /dev/urandom take *much* longer.. Also, that article you mention
> merely describes the technique.  The *expense* of data recovery from
> something that's been overwritten simply with zeroes or ones is
> hideous, and the results quite poor according to previous analyses
> I've seen. So while thousands of Google articles recommend "for real
> security, use /dev/urandom", it's extremely difficult to find any that
> justify the expense and time.
> If you really feel the need to do military grade scrubbing, use
> "dban", with the source code available at
> http://sourceforge.net/projects/dban/files/dban/dban-2.2.8/.. It's at
> the core of most disk erasure CD's and  USB stick tools that I've
> seen..

If these are private VMs (i.e. security is no concern) then the dd above 
is sufficient but then you could just skip this as well and delete the 
partitions when installing the new VM.
If these are not private VMs (i.e. for customers) and you use the dd 
above then you give the new customer basically access to all the data of 
the customer who was previously using this space. In the non-private 
case you should always wipe the complete volume and not trade in 
security for convenience.