Securely Delete files - Ubuntu

So recently there was a lot of talk at work about keeping our customer data secure. Each of us was fully responsible for the customer data that we had on disk.

I use Ubuntu 12.04 with a ton of Virtual machines. Here's what I ended up doing to do my bit to keep all our customer data safe.

a) Set a BIOS password - If your laptop gets stolen and someone wants to boot off a USB, this makes it harder. Obviously though, they can just take your hard disk out and plug it into another laptop..

b) Full Disk Encryption - Sure ..they can plug your disk into another machine. If all your data is encrypted (Ubuntu allows you to encrypt data while installing it) and you have a reasonably strong passphrase (Greater than 10 characters + Capital letters, small letters, digits and special characters) it's going to be really hard to try and crack.

c) Do not store any customer data on your laptop - It's hard to do this, but really it's the best way. Let customer data be stored on secure servers inside a server room or datacenter, where it can't be stolen that easily. Some customer data storage though might be unavoidable...

d) Use Truecrypt if you must store Customer data - Whatever data there is on your laptop, encrypt that again using Truecrypt and a strong passphrase. So even if someone cracks your full disk encryption passphrase, all they will find is a Truecrypt file.

e) Securely delete content all the time - Using rm -rf or Shift + Delete is no good, as forensics tools will be able to recover data. Use the secure-delete suite of tools to delete data securely. I added an alias to my rm command so I don't ever accidentally only use 'rm' instead of 'srm'.

alias rm = 'srm -rv'

This overwrites files 38 times before deleting them by default. Each file :D. It's probably overkill. So I'd recommend doing something like srm -rfvl filename (The l does just 2 passes instead of 38) and doing an rm filename at the end of every project.

f) I also plan to read up on the other tools that the secure-delete suite offers and run those to clean up my RAM (Run sdmem -v as root)and fill (Run sfill -v MountPoint as root. You can identify your mount points either by running the mount command, or by running df -kh and looking at the Mounted On column) up all my unused space with random data. This is needed because I've been deleting insecurely for a long time now. As of now, I also plan to never delete from Nautilus because adding commands to the context menus using various guides is proving to be an utter pain.

g) Formatted all my flash drives and created a Truecrypt volume on the only flash drive that I plan to use to store customer data. So even if the flash drive gets lost, the data is still reasonably hard to get at.

Installing Glassfish on Ubuntu 12.04

This is what I needed to do to get the Glassfish application server running on Ubuntu 12.04.

a) Install JRE for Ubuntu 12.04. Download the version applicable for you from the official website.

b) Configure your system to use the JRE you just downloaded. You can do this as follows:

---- First add the version of JRE you downloaded to the list on your system.

sudo update-alternatives --install /usr/bin/java java /bin/java 0

---- Then ensure that all Java programs will use that version.

sudo update-alternatives --config java

c) Install a JAR archiving program. I used Fastjar from the apt repository.


sudo apt-get install fastjar

d) Download the Java EE SDK with Glassfish and JDK from the official website. Make sure you download the version applicable to you.

e) Once the download is complete ensure that the file can be run. If it doesn't have executable permissions, run chmod 755 to make it executable.

f) Run the installer using ./filename and follow the prompts. If you're lucky everything should go well. If you're not it'll hang at the penultimate step, taking forever to create a new domain.

g) The problem apparently is with Glassfish and some funny bug which needs your real hostname to be in the /etc/hosts file. At least that's what fixed it for me. Here is what my /etc/hosts file looks like.

127.0.0.1    javaee    localhost.localdomain    localhost
10.0.2.15    javaee    localhost

Maybe you don't even need the 2nd line. Maybe I'll confirm that some day. Or someone will :)

h) Reboot once (maybe not needed) and run the installer again. All should be good this time round.

i) You can also Cancel the installer if it hangs while creating a domain and create a domain manually using asadmin as follows.
sudo ./asadmin --user admin
asadmin>create-domain
asadmin>start-domain

... and follow the instructions there. Have fun :)

Deleting Virtual Box Snapshots

I've been playing a lot with Virtual Box recently and have been taking a lot of snapshots. So after taking 3 or 4 snapshots; I felt that the first few snapshots weren't needed anymore. So I decided to delete them. So I go to the Snapshots menu in the right pane[for each machine] and try to delete the snapshot from there. That doesn't work; if there are multiple snapshots and invariably gives you an error saying "There are child snapshots etc attached. Can't delete". That's not the exact message; but effectively you can't delete it.

After Googling a bit, I found that you have to first remove the disk from the Virtual Media Manager. Only once this is done, should you remove the disk from the Snapshots menu on your main screen.

So to do this you go to File - Virtual Media Manager and expand the relevant hard disk. There should be a '+' sign next to it. This'll mean that there are snapshots attached to the disk. Now there could be multiple '+' signs in the form of a tree under your main hard disk. All of those correspond to all your snapshots that you've taken over time.

Now we'll assume that you want to retain only the latest snapshot that you've taken. First restore your Virtual Machine's state to the latest snapshot; you can do this using the Snapshots menu in the main window. Now come back to the Virtual Media Manager.

If you click on each and every item in that entire tree; you'll find that only 1 or 2 items are actually 'attached' to your virtual machine. Those are the only ones that you need. The rest of the items will all be in a 'non-attached' state and can be removed. You can just highlight each of them and then remove them. If you're sure that you don't need them [ like me ;)] you can delete them from the Disk as well, when you're prompted to do so. Deleting them from the disk results in the physical snapshot file getting deleted from the Snapshots directory itself. You can find your configuration in the Settings - General - Advanced menu of your virtual machine (when its turned off)

So once your 'Virtual media manager' is 'clean' you can now go to the Snapshots tab; right click and remove all the snapshots you did not want. VirtualBox will do a few merging operations [I do not know what] and eventually leave you with only the current snapshot.

Hope this helps someone who got stuck like I did. I accidentally cleaned out my entire configuration twice before I got things working :)