• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Wiping HD

    Scheduled Pinned Locked Moved
    General
    2
    11
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lostitguy
      last edited by

      What process does FOG use to wipe the HD before deploying the image.

      Surface Wipe
      Full Wipe
      etc

      george1421G 1 Reply Last reply Reply Quote 0
      • george1421G
        george1421 Moderator @lostitguy
        last edited by

        @lostitguy From a data security perspective FOG does not wipe a hard drive before imaging. FOG destroys the partition tables than lays down a new partition table and data onto the disk.

        The term to “wipe a hard drive”, is a specific and intentional action. I might be reading more into your question, but you used a specific trigger phrase.

        For example, lets say you had 100GB of data on a hard drive and you reimage with FOG, and your image is 25GB in size. FOG will destroy the partition table and then download 25GB of data back to the hard drive. The data beyond 25 GB is still really on the disk media, but its not accessible unless you use forensic tools. So this data is not securely erased before reimaging.

        I want to make a point that there is a difference between securely wiping a HD and simply reimaging make it difficult to access the data. If you need to securely wipe a hard drive fog does have tools to do that, or you can use pxe boot to boot into deban if you need a certificate of destruction type wipe.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        1 Reply Last reply Reply Quote 0
        • L
          lostitguy
          last edited by

          Good Evening George,

          Could you explain the other wipe optioms. Or send me a link explaining how it is done.

          george1421G 1 Reply Last reply Reply Quote 0
          • george1421G
            george1421 Moderator @lostitguy
            last edited by

            @lostitguy You must have the target computer registered with FOG. When you do go into the host management page, select the target host of interest and open its profile. On the basic tab at the top there is a wipe disk option.

            When you deploy that task if the target computer has the fog client installed the target will reboot and then once it reboots and connects to the fog iPXE menu it will begin wiping the hard drive.

            If you need something else, please explain.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

            1 Reply Last reply Reply Quote 0
            • L
              lostitguy
              last edited by

              Tgank you for the information is there a way to do it without the fog client. What Im hoping to do is beimg able to select sn image once that image had been selected it would run a dban or dod wipe and oncd the fill wipe was completed it would deploy the imsge.

              george1421G 1 Reply Last reply Reply Quote 0
              • george1421G
                george1421 Moderator @lostitguy
                last edited by

                @lostitguy Sorry about the 20 questions here but I’m trying to dive to an actionable answer.

                Do you specifically need a dod or mil standard wipe or is something like a 3 pass random write work?

                The wipe (dban or fog) and imaging is currently a three step process. Wipe, reboot, Deploy. If you could do that all from the fog ipxe menu would that work?

                Is this a requirement for every system you deploy?

                Will you use FOG in a system builder role (image with FOG then never see the hardware again)?

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                L 1 Reply Last reply Reply Quote 0
                • L
                  lostitguy @george1421
                  last edited by

                  @george1421 The setup would be to meet CMMC standards for wiping a drive. And then deploy the image.

                  1 Reply Last reply Reply Quote 0
                  • L
                    lostitguy
                    last edited by

                    @george1421 Also is there a way to add wipe options to the fog menu to complete the wipe instead of having to register it to fog first and trigger the wipe within the web interface.

                    george1421G 1 Reply Last reply Reply Quote 0
                    • george1421G
                      george1421 Moderator @lostitguy
                      last edited by

                      @lostitguy said in Wiping HD:

                      Also is there a way to add wipe options to the fog menu to complete the wipe instead of having to register

                      Yes there is. I looked into dban and it hasn’t been updated since 2015. So it might have issues with nvme drives (I don’t know, just a guess). If its dban or FOG wipe drive we can call it from the FOG iPXE menu. (this is a bit off topic, but I have a tutorial on how to call different OS installers from the FOG iPXE menu here: https://forums.fogproject.org/topic/10944/using-fog-to-pxe-boot-into-your-favorite-installer-images while the actions will be different its the concept that we will use )

                      If we want to use FOG Wipe to perform the disk cleaning there are three modes.

                      nvme = reformat drive
                      full and normal uses linux shred program, Where full used 3 passes and normal uses 1 pass.
                      fast wipe uses dd to zero out all of the blocks.

                      ref: https://github.com/FOGProject/fos/blob/8abc49dfaa17353411698f81115387a3a4f9743e/Buildroot/board/FOG/FOS/rootfs_overlay/bin/fog.wipe#L17

                      For deban its a little different in that we will use the concepts of the previous link for booting different OS installers. If you download the deban iso we can copy the dban.bzi file from the iso image to the /tftpboot directory on the fog server. Then we would create a custom iPXE FOG menu that would look like this:
                      Menu Item: app.dban
                      Description: DBAN Disk Eraser Tool
                      Parameters:
                      kernel tftp://${fog-ip}/dban.bzi
                      imgargs dban.bzi nuke=“dwipe --autonuke --method dod522022m” silent vga=785
                      boot || goto MENU
                      Menu Show with: All Hosts

                      Again this will be a two step process,

                      1. Wipe the hard drive
                      2. Image the computer using the iPXE Image Deploy menu. You will not need to touch the FOG web ui.

                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                      L 1 Reply Last reply Reply Quote 0
                      • L
                        lostitguy @george1421
                        last edited by

                        @george1421 For fog wipe can i do that from the fog menu or do I need to register and than create a task to wipe

                        george1421G 1 Reply Last reply Reply Quote 0
                        • george1421G
                          george1421 Moderator @lostitguy
                          last edited by george1421

                          @lostitguy We you will need to make up your own fog ipxe menu to specifically call the wipe function.

                          I am not 100% sure I have the stanza right but it should look like this

                          Menu Item: fog.wipeit
                          Description: FOG builtin Disk Eraser Tool
                          Parameters:
                          kernel tftp://${fog-ip}/bzImage
                          initrd tftp://${fog-ip}/init.xz
                          imagargs bzImage initrd=init.xz root=/dev/ram0 rw ramdisk_size=256000 ip=dhcp web=${fog-ip}/fog/ consoleblank=0 loglevel=4 mode=wipe wipemode=full
                          imgfetch init.xz
                          boot ||
                          goto MENU
                          Menu Show with: All Hosts

                          If you ALWAYS want to wipe before a deploy in one step that is also possible but you will need to “hack” the fog deploy script to include the shred command. That is a bit more complicated than creating a fog ipxe menu, but modifying the fog deploy script is not that difficult either. There are just more steps involved.

                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                          1 Reply Last reply Reply Quote 0
                          • 1 / 1
                          • First post
                            Last post

                          151

                          Online

                          12.0k

                          Users

                          17.3k

                          Topics

                          155.2k

                          Posts
                          Copyright © 2012-2024 FOG Project