Remove sensitive data from Linux hosts (history, logs, config, etc.)

You may run into the case of purging a system and removing sensitive data, e.g. when transferring VM ownership. There are multiple steps with shell history, configuration, home directories and stateful/log data.

Delete shell history

rm $HOME/.bash_history

history -cw

Configuration and Home Directories

In the best base, the host only runs containers and the sensitive credentials are not stored in plain text anywhere. Worst case is to know and purge all locations.

# MySQL client
rm $HOME/.my.cnf

Ensure to verify specific access if this is not managed with Ansible/Puppet.

vim $HOME/.ssh/authorized_keys

sudo visudo

In case of migrating away Lets Encrypt, ensure that the TLS certificates are purged away too.

rm -rf /etc/letsencrypt/*

Containers and Services

Stop all containers and then delete them. The next step is to purge all images. In case you are running a local container registry, ensure to remove this too. Furthermore delete the Docker volumes for persistent data storage, e.g. MySQL data.

docker rm -f $(docker ps -a --format "{{.ID}}")

docker rmi -f $(docker images --format "{{.ID}}")

Purge logs

With logrotate in mind, also include .1 and gzipped archives. Depending on the distribution, it is either /var/log/syslog or /var/log/messages

rm /var/log/auth.log*
echo '' > /var/log/auth.log

rm /var/log/syslog*
echo '' > /var/log/syslog

rm /var/log/dmesg*
echo '' > /var/log/dmesg

rm /var/log/kern.log
echo '' > /var/log/kern.log

cat /dev/null > /var/log/wtmp
cat /dev/null > /var/log/btmp

rm -rf /var/log/nginx/*

Often times there are more locations from application cache files and more. Ensure to keep track of installed apps and only deploy managed apps.

Show Comments