Complete Re-Install of Centos7

General support questions
Post Reply
dtx1
Posts: 16
Joined: 2021/04/27 04:17:20

Complete Re-Install of Centos7

Post by dtx1 » 2021/04/27 04:23:30

I want to wipe my current install of Centos7 and re-install with the latest version (7.9)

I made the boot USB and went through the re-install process. Work well.

When choosing the drive to install on, I allowed it to reclaim space by selecting 'delete all'.

My question is: Will this process wipe all the previous data from system drive and the related file systems (/boot /boot/efi ...)?

The motivation is to have a clean install after a recent (potential) hacker attack.

thanks!

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Complete Re-Install of Centos7

Post by TrevorH » 2021/04/27 07:17:57

You should select the option to configure your own partitioning and do not tell it to reclaim space. Once in that dialog you can expand the bottom option in the left hand pane to get a list of the current partitions/LVs and highlight each one in turn, then tell it whether or not to format it, where to mount it etc and then press the update button on the right hand side.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

tunk
Posts: 1205
Joined: 2017/02/22 15:08:17

Re: Complete Re-Install of Centos7

Post by tunk » 2021/04/27 12:26:21

I guess it depends on what you mean by "wipe".
On a hard disk, I don't think it first will fill the disk with e.g. zeroes,
and then create partitions and file systems. On a flash disk, a
TRIM command may (or not) be run at some time. To be sure
that everything is overwritten, boot from live media and run this:
dd if=/dev/zero of=/dev/sdX

Edit: Don't think TRIM will wipe the disk. From wikipedia:
"A trim command allows an OS to inform an SSD which blocks of
data are no longer considered in use and can be wiped internally."

MartinR
Posts: 714
Joined: 2015/05/11 07:53:27
Location: UK

Re: Complete Re-Install of Centos7

Post by MartinR » 2021/04/27 13:00:02

There are two levels of wiping. If all you are doing is wanting a clean disk for a new install, then just doing a format and reinstall will make any remaining old data inaccessible.
If, however, you are concerned that the disk has sensitive material and may fall into the hands of bad actors then you need to comprehensively destroy the data. If the disk is no longer wanted the easiest think is to sling it in a bonfire, even the NSA can't read melted aluminium but be aware that environmentalists do not approve of this method. If the disk is to be reused but needs a full wipe, then there are several products available that will do a comprehensive job. This involves multiple passes over the disk writing a variety of different patterns to ensure that old copies of the data cannot be read. Just writing zeros will not stop sophisticated recovery techniques. Look for something that advertises a DoD shredding algorithm. There's a list of products at: https://madestuffeasy.com/best-hard-dri ... -software/, no endorsement intended.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Complete Re-Install of Centos7

Post by TrevorH » 2021/04/27 14:38:51

I read the request the other way around. As in the poster wants to reformat the system portions of the existing setup but retain the data s/he might have on the other portions.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

dtx1
Posts: 16
Joined: 2021/04/27 04:17:20

Re: Complete Re-Install of Centos7

Post by dtx1 » 2021/04/27 22:24:58

The disk in question is committed for the system (/boot, /boot/efi, etc); important data sits on other disks.

So, completely totally 'wiping' it is fine, in this case. but yes, I want to reuse it for the system.

The re-install is motivated by a potential break into the system -- so by 'wipe' I mean removing anything residing on that disk that may cause trouble.

It's unclear to me the best way to do that.

TrevorH: it sounds like you're recommending going the customize partition route during the install as a way to format the drive? And then one will need to allocate the rest of the set up as well -- which takes some thought.

MartinR, tunk, you suggested some good ideas as well.

But will these insure that all the 'bad actors' are gone? And let's say I use something like 'KillDisk', so do I: 1) Log in (Centos is setup now); 2) Run KillDisk on the system drive (with all the boot info and / ), 3) and then reboot from the USB and re-install? Seems like formatting that drive while logged in will be an issue -- ??? Trying to make sure I understand the the whole process.

thanks for the help!

MartinR
Posts: 714
Joined: 2015/05/11 07:53:27
Location: UK

Re: Complete Re-Install of Centos7

Post by MartinR » 2021/04/28 06:33:34

Your last paragraph sounds as though you want to cut off the branch you are sitting on. Most software I've seen relies on the OS being present, which if you wipe the system disk it won't be!

There's a phrase "controlling the paranoia" which applies here. Why are you sure you want to wipe the disk? The normal procedure is to determine what the risk of exposure is and who the attackers are. One extreme is that the disk just contains cooking recipes that you don't want your neighbours to steal, at the other extreme you've got nuclear release codes that NSA, MOSSAD, KGB and BOSS are after. Pretty well all users are near the first example, and should protect accordingly.

In order or increasing severity your options are: do nothing, format, blank, shred, destroy. If I'm installing a new system onto a disk I just let the system handle it. Sure the old data may be there, but it's inaccessible from the filesystem and won't cause any problems for the new system. Next, if you want the comfort blanket, reformat it (but then this is what the installer will do if you alter the partitions). dd and friends allow you to remove any chance that data will be accessible by the system after the rebuild. This should be good enough for most private use. If you've got stuff that is "of interest" to the police or other agencies of the state, then you might need to shred using KillDisk or similar. Finally, if you've got the most sensitive information destruction is the only possibility, but why are you asking here? If you had that level of material you would have a security officer breathing down your neck!

As I said, control the paranoia. Evaluate the risk and just do what's needed, not what a couple of blokes on the internet said you could do. ;)

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Complete Re-Install of Centos7

Post by jlehtone » 2021/04/28 12:35:04

MartinR wrote:
2021/04/28 06:33:34
Your last paragraph sounds as though you want to cut off the branch you are sitting on. Most software I've seen relies on the OS being present, which if you wipe the system disk it won't be!
Indeed.
* If you assume that your system is compromised, then you don't boot with/into it.
* If you boot with the installer USB, then you don't access nor depend on anything on the disk (initially).
You can do three operations with that USB:
a) Mount filesystems from disk to read/write. Rescue. You don't want to do that here.
b) Do operations from command-line (dd, fdisk) without mounting or proceeding with installation
c) Tell the installer to change partitions and format* filesystems.

"KillDisk"-like tools tend to come on bootable media. Like the installer USB, but runs different program.


*I'd rephrase "format" as "initialize metadata of a filesystem".

MartinR
Posts: 714
Joined: 2015/05/11 07:53:27
Location: UK

Re: Complete Re-Install of Centos7

Post by MartinR » 2021/04/28 15:22:03

*I'd rephrase "format" as "initialize metadata of a filesystem".
A very good point. No-one lays down format tracks these days.

Post Reply