<span class="z textcut" style="text-align: left; color: rgb(153, 153, 153); text-transform: none; text-indent: 0px; letter-spacing: normal; overflow: hidden; font-family: &quot;Lantinghei SC&quot;, &quot;Helvetica Neue&quot;, &quot;Microsoft YaHei&quot;, 微软雅黑, Arial, STHeiti, &quot;WenQuanYi Micro Hei&quot;, SimSun, sans-serif; font-size: 12px; font-style: normal; font-weight: normal; word-spacing: 0px; float: left; white-space: nowrap; -ms-word-wrap: break-word; -ms-text-overflow: ellipsis; max-width: 60%; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">编译自:[http://www.tecmint.com/permanently-and-securely-delete-files-directories-linux/](http://www.tecmint.com/permanently-and-securely-delete-files-directories-linux/)</span><span class="y" style="text-align: left; color: rgb(153, 153, 153); text-transform: none; text-indent: 0px; letter-spacing: normal; padding-left: 5px; font-family: &quot;Lantinghei SC&quot;, &quot;Helvetica Neue&quot;, &quot;Microsoft YaHei&quot;, 微软雅黑, Arial, STHeiti, &quot;WenQuanYi Micro Hei&quot;, SimSun, sans-serif; font-size: 12px; font-style: normal; font-weight: normal; word-spacing: 0px; float: right; white-space: normal; -ms-word-wrap: break-word; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">作者: Aaron Kili</span>

<span class="z" style="text-align: left; color: rgb(153, 153, 153); text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: &quot;Lantinghei SC&quot;, &quot;Helvetica Neue&quot;, &quot;Microsoft YaHei&quot;, 微软雅黑, Arial, STHeiti, &quot;WenQuanYi Micro Hei&quot;, SimSun, sans-serif; font-size: 12px; font-style: normal; font-weight: normal; word-spacing: 0px; float: left; white-space: normal; -ms-word-wrap: break-word; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">原创:[LCTT](https://linux.cn/lctt/) [https://linux.cn/article-8123-1.html](https://linux.cn/article-8123-1.html)</span><span class="y" style="text-align: left; color: rgb(153, 153, 153); text-transform: none; text-indent: 0px; letter-spacing: normal; padding-left: 5px; font-family: &quot;Lantinghei SC&quot;, &quot;Helvetica Neue&quot;, &quot;Microsoft YaHei&quot;, 微软雅黑, Arial, STHeiti, &quot;WenQuanYi Micro Hei&quot;, SimSun, sans-serif; font-size: 12px; font-style: normal; font-weight: normal; word-spacing: 0px; float: right; white-space: normal; -ms-word-wrap: break-word; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">译者: [geekpi](https://linux.cn/lctt/geekpi)</span>

在大多数情况下,我们习惯于使用 `Delete` 键、垃圾箱或 `rm` 命令[从我们的计算机中删除文件](https://linux.cn/article-7954-1.html),但这不是永久安全地从硬盘中(或任何存储介质)删除文件的方法。

该文件只是对用户隐藏,它驻留在硬盘上的某个地方。它有可能被数据窃贼、执法取证或其它方式来恢复。

假设文件包含密级或机密内容,例如安全系统的用户名和密码,具有必要知识和技能的攻击者可以轻松地[恢复删除文件的副本](https://linux.cn/article-8122-1.html)并访问这些用户凭证(你可以猜测到这种情况的后果)。

在本文中,我们将解释一些命令行工具,用于永久并安全地删除 Linux 中的文件。

###
1、 shred – 覆盖文件来隐藏内容

`shred` 会覆盖文件来隐藏它的内容,并且也可以选择删除它。
  1. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ shred </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">-</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">zvu </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">-</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">n </span><span class="lit" style="color: rgb(51, 135, 204); -ms-word-wrap: break-word;">5</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> passwords</span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">.</span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">list</span>

    在下面的命令中,选项有:

  2. -z - 用零覆盖以隐藏碎片

  3. -v - 显示操作进度
  4. -u - 在覆盖后截断并删除文件
  5. -n - 指定覆盖文件内容的次数(默认值为3)

    shred - overwrite a file to hide its contents

    shred - 覆盖文件来隐藏它的内容

    你可以在 shred 的帮助页中找到更多的用法选项和信息:

  6. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">man</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> shred</span>

###
2、 wipe – 在 Linux 中安全删除文件

`wipe` 命令可以安全地擦除磁盘中的文件,从而不可能[恢复删除的文件或目录内容](https://linux.cn/article-7974-1.html)。

首先,你需要安装 `wipe` 工具,运行以下适当的命令:
  1. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">sudo</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">apt-get</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> install wipe </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">[</span><span class="typ" style="color: rgb(137, 189, 255); -ms-word-wrap: break-word;">Debian</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">及其衍生版]</span>
  2. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">sudo</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">yum</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> install wipe </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">[基于</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="typ" style="color: rgb(137, 189, 255); -ms-word-wrap: break-word;">RedHat</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">的系统]</span>

    下面的命令会销毁 private 目录下的所有文件。

  3. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ wipe </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">-</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">rfi </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">private</span><span class="com" style="color: rgb(174, 174, 174); font-style: italic; -ms-word-wrap: break-word;">/*</span>

    当使用下面的标志时:

  4. -r - 告诉 wipe 递归地擦除子目录

  5. -f - 启用强制删除并禁用确认查询
  6. -i - 显示擦除进度

    Wipe - Securely Erase Files in Linux

    wipe – 在 Linux 中安全擦除文件

    注意:wipe 仅可以在磁性存储上可以可靠地工作,因此对固态磁盘(内存)请使用其他方法。

    阅读 wipe 手册以获取其他使用选项和说明:

  7. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">man</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> wipe</span>

###
3、 Linux 中的安全删除工具集

secure-delete 是一个安全文件删除工具的集合,它包含用于安全删除文件的 `srm`(secure_deletion)工具。

首先,你需要使用以下相关命令安装它:
  1. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">sudo</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">apt-get</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> install secure</span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">-</span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">delete</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">[</span><span class="typ" style="color: rgb(137, 189, 255); -ms-word-wrap: break-word;">Debian</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">及其衍生版]</span>
  2. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">sudo</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">yum</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> install secure</span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">-</span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">delete</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">[基于</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="typ" style="color: rgb(137, 189, 255); -ms-word-wrap: break-word;">RedHat</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">的系统]</span>

    安装完成后,你可以使用 srm 工具在 Linux 中安全地删除文件和目录。

  3. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ srm </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">-</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">vz </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">private</span><span class="com" style="color: rgb(174, 174, 174); font-style: italic; -ms-word-wrap: break-word;">/*</span>

    下面是使用的选项:

  4. -v – 启用 verbose 模式

  5. -z – 用0而不是随机数据来擦除最后的写入

    srm - Securely Delete Files in Linux

    srm – 在 Linux 中安全删除文件

    阅读 srm 手册来获取更多的使用选项和信息:

  6. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">man</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> srm</span>

###
4、 sfill -安全免费的磁盘 / inode 空间擦除器

`sfill` 是 secure-deletetion 工具包的一部分,是一个安全免费的磁盘和 inode 空间擦除器,它以安全的方法删除可用磁盘空间中的文件。 `sfill` 会[检查指定分区上的可用空间](https://linux.cn/article-8024-1.html),并使用来自 `/dev/urandom` 的随机数据填充它。

以下命令将在我的根分区上执行 `sfill`,使用 `-v&#39; 选项启用 verbose 模式:
  1. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">sudo</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> sfill </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">-</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">v </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">/</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">home</span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">/</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">aaronkilik</span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">/</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">tmp</span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">/</span>

    假设你创建了一个单独的分区 /home 来存储正常的系统用户主目录,你可以在该分区上指定一个目录,以便在其上应用 sfill

  2. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">sudo</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> sfill </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">-</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">v </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">/</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">home</span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">/</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">username</span>

    你可以在 sfill 的手册上看到一些限制,你也可以看到额外的使用标志和命令:

  3. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">man</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> sfill</span>

    注意:secure-deletetion 工具包中的另外两个工具(sswapsdmem)与本指南的范围不直接相关,但是,为了将来的使用和传播知识的目的,我们会在下面介绍它们。

###
5、 sswap – 安全 swap 擦除器

它是一个安全的分区擦除器,`sswap` 以安全的方式删除 swap 分区上存在的数据。

警告:请记住在使用 `sswap` 之前卸载 swap 分区! 否则你的系统可能会崩溃!

要找到交换分区(并检查分页和交换设备/文件是否已经使用,请使用 `swapon` 命令),接下来,使用 `swapoff` 命令禁用分页和交换设备/文件(使 swap 分区不可用)。

然后在(关闭的) swap 分区上运行 `sswap` 命令:
  1. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">cat</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">/</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">proc</span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">/</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">swaps </span>
  2. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">swapon</span>
  3. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">sudo</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">swapoff</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">/</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">dev</span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">/</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">sda6</span>
  4. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">sudo</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> sswap </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">/</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">dev</span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">/</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">sda6 </span><span class="com" style="color: rgb(174, 174, 174); font-style: italic; -ms-word-wrap: break-word;">#这个命令要花费一些时间,默认要进行</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="lit" style="color: rgb(51, 135, 204); -ms-word-wrap: break-word;">38</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">遍擦除</span>

    sswap - Secure Swap Wiper

    sswap – 安全 swap 擦除器

    阅读 sswap 的手册来获取更多的选项和信息:

  5. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">man</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> sswap</span>

###
6、 sdmem – 安全内存擦除器

`sdmem` 是一个安全的内存擦除器,其设计目的是以安全的方式删除存储器(RAM)中的数据。

它最初命名为 [smem](https://linux.cn/article-7681-1.html),但是因为在 Debain 系统上存在另一个包 [smem - 报告每个进程和每个用户的内存消耗](https://linux.cn/article-7681-1.html),开发人员决定将它重命名为 `sdmem`。
  1. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">sudo</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> sdmem </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">-</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">f </span><span class="pun" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">-</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">v</span>

    关于更多的使用信息,阅读 sdmen 的手册:

  2. <span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;">$ </span><span class="kwd" style="color: rgb(226, 137, 100); -ms-word-wrap: break-word;">man</span><span class="pln" style="color: rgb(184, 255, 184); -ms-word-wrap: break-word;"> sdmem </span>

    推荐阅读: 在 Linux 系统下使用 PhotoRec & TestDisk 工具来恢复文件

    就是这样了!在本文中,我们查看了一系列可以永久安全地删除 Linux 中的文件的工具。