# Evidence Eliminator for Gentoo!

## Fissile

Hey all, I am just wondering is their a prog like "Evidence Eliminator" that windows has, for linux.  I just need something that can delete all the temp files, my cache files along with all the internet history and temperory files permanently also need something that can delete system history (ex. how many times i run a certain file wat prog i use etc..) Also what is the best way to hide certain files on your computer i am not talking about simply adding "." in folder name, some a little more complex if u will.

If their is a build like that in portage plz let me know or if anyone know how i can get one do reply.

Thx,...

----------

## indros

Check out shred. You should already have it,

man shred

----------

## Fissile

Hey thx, i did not know about that, and it seems to be a really nice prog for removing selected file. And i might be a little off track but if gentoo is anything like windows (in this matter) then it only seems reasonable that like windows their is a lot of places where cache/temp/hisotry can be stored.

Is their a somewhat more comprehensive prog for eliminating files like these throughout the hd and not just some selected files?

Thx...

----------

## kashani

Generally speaking in Linux most programs write their temp and whatnot to your home dir becuase *nix has always been multi-user. If you control access to your home dir then other users aren't going to see any of your settings and what not. Pretty much the same thing in Windows these days with 2k and up assuming you've locked things down a bit.

Best solution is to lock down your dir, make all users login separately and keep root to yourself.  :Smile: 

kashani

----------

## TheCoop

mv [file] /dev/null should remove the file pretty effectively

or cat /dev/urandom > [file] to overwrite all the block sectors associated with it with urandom junk

----------

## indros

There is one other place that some stragling files may be and that's in /tmp.  I think that TheCoop's first suggestion will pretty much just remove the file like a simple rm. His second, will indeed do what he said, however, it will continue to the file until it has eaten up all free space on the partition which the file resides. This isn't a large problem as you could then rm the file, and free up all your space.

----------

## jesterspet

A few quick points:

Shred should not be used on journaling file systems.  It leads to filesystem corruption.

Deleting the temp files if mostly covered by logout.  If you have other directories you want included you can add them to ~.logout.  That script file will be executed upon every logout.

For the removal of Internet browser temp files & cookies & such, add their temp directories to .logout & you should be fine.

To remove your history command line history, just add your shells history file to .logout.

As for the history & entries that are held in wtemp, utemp, and your system logs, your on your own.  It can be done, I am not saying how.  I don't condone ever editing those files.  They exist & log for a reason.

As for securing your data, GPG encryption is most likely what you are looking for.  It will encrypt directories or files & uses a web trust , so you can encrypt transmisisons between friends, and digitaly sign them, providing confidentiality, authenticity, and integrety.

----------

## OdinsDream

Would you consider a more secure solution like running a bootable cdrom distribution, like Knoppix?

If you have removeable media (zip drive, floppy, usb mass storage), you can configure Knoppix to load any setting files onto this media, that way you aren't starting from a blank slate every time you boot.

Knoppix also allows you to store settings on this device in a single, encrypted file, unreadable unless decrypted.

So, you boot knoppix, do what you need to do, and use an optional keychain to preserve any settings you feel would be important.

----------

## Fissile

OMG so many questions, this is so informative.

1] What is Knoppix? and is it something like i will need a cdrom to run my comp? and all the config/temp files will be put on that cdrom?

2] jesterspet said "For the removal of Internet browser temp files & cookies & such, add their temp directories to .logout & you should be fine" how do i exactly do this if my browser is mozilla?

3] Can i just empty/del/shred my /tmp directory? or is thier some files in the directory that the system needs?

4] What is GPG encryption? where can I get it?

5] What is iptables? how does a firewall use iptable? Does the Norton Personal Firewall for windows use iptables? do all firewalls have iptables?

Thx,... all your answers are really appreciated and highly anticipated.

----------

## OdinsDream

Knoppix is one of several bootable Linux distributions. By design, it runs entirely from the CDROM, which, as you know, is a read-only medium. Because of this, turning off the computer is enough to wipe anything from a Knoppix usage session.

When you boot the system, Knoppix detects the computer's hardware and launches a KDE session. It comes with over 1 GB worth of software on the CDROM, decompressed as need be. There are web browsers, e-mail clients, cd burning tools, you name it.

The system doesn't affect the harddisk of the computer, nor does it leave any trace that it was ever run. You can safely use a Knoppix disc on a friend's Windows-based computer, or at an Internet Cafe.

If all you want to do is stateless (that is, nothing needs to be saved or remembered) then Knoppix is great for you as-is.

If, however, you're interested in saving files or settings for your browser, anything like that, then you'll need a removeable disk that Knoppix can access. It stores settings on this disk, and optionally encrypts the information. When you boot Knoppix, it will look for this storage, and use your settings if it finds them.

Learn more about Knoppix here:

http://www.knoppix.net

You download an ISO and burn it to a CD. Try it out, it won't affect your system.

For the other stuff, yes, it's safe to remove things in a /tmp directory. It's temporary by design, so removing the files won't harm stuff, unless you remove files, say, while emerging a program. I'm sure you can see why this would be a problem.

iptables is part of what's called netfilter (correct me if I'm wrong on this one). Netfilter is integrated into the linux kernel, and provides services to, you guessed it, filter the network for patterns, matches, stuff like that. "iptables" is the actual name of a command you run to set firewall rules up.  There are guides available to get you started on using it, but you may want to look into a graphical user interface for this program, as it can be quite confusing at times. I haven't looked into the software to do this, though. For a little example, here are the iptables commands that I used when I set up my main computer to share an internet connection with my laptop. My main computer was running netfilter, and was where I ran these iptables commands. It has two network cards, one connected to the internet, the other to the laptop. iptables is useful for many, many other things besides this:

```

iptables -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -i ! eth0 -m state --state NEW -j ACCEPT

iptables -A FORWARD -i eth0 -o eth0 -j REJECT --reject-with icmp-port-unreachable

```

You may want to start thinking of Linux on its own, aside from windows. Norton doesn't use iptables (as far as I know) to do anything in windows. While it's nice to be able to say "oh, this program works kinda like that thing I used in windows," ultimately, the metaphors are going to fall apart, since things are just done differently on the separate systems.

For instance, in windows, a firewall is a piece of software you download, and it's called a firewall. In linux, however, a "firewall" is what your computer becomes after you set up some rules to describe what stuff you want to allow, and what you don't, using a program like netfilter/iptables. Of course, people commonly refer to iptables as a firewall, but don't be mislead, it's only a method to set up rules for your network connection. It can be a firewall, or it can be any other kind of ruleset you decide on.

Search this forum for "firewall builder" and see if you get anything. Also, there are threads in the Documentation, Tips & Tricks forum concerning Encrypted Filesystems. These are used to store files inside a single, large, encrypted file.

----------

## TheCoop

you could do what i have done, have your /tmp mounted as a tmpfs (essentially a ramdisk) so it gets wiped every time you reboot

----------

## jesterspet

 *Fissile wrote:*   

> jesterspet said "For the removal of Internet browser temp files & cookies & such, add their temp directories to .logout & you should be fine" how do i exactly do this if my browser is mozilla?

 

This depends on your instalation & configuration factors.

I have a global enviroment variable set that points all my (my users & my system) tmp directories to /tmp

If you do not have this , you will most likley have a hidden home directory that has all of mozillas' configurations & temp files.  Look for ~/.mozilla, and it should be under there.

After you locate that directory, simply add

```

rm -rf /home/your_username/.mozilla/path/to/temp/directory
```

 to the .logout script.

 *Fissile wrote:*   

> 3] Can i just empty/del/shred my /tmp directory? or is thier some files in the directory that the system needs?

 

I am assuming that you are not root when you attmpt this.

You can remove any file in the temp directory that belongs to you.  If you follow TheCoop's advice and mount /tmp as a tempfs, you should be golden.

 *Fissile wrote:*   

> 4] What is GPG encryption? where can I get it?

 

Please try searching for terms you are not familliar with.  A simple search of the web or these forums would have led you straight to GPG's Website with all the informaiton you desire about what it is, how to get it (aside from emerge gpg), and how to use it.

 *Fissile wrote:*   

> 5] What is iptables? how does a firewall use iptable? Does the Norton Personal Firewall for windows use iptables? do all firewalls have iptables?

 

Judging from your question, my advice is, leave this alone until you get a bit more expierence with linux under your belt.  If you mess these up, you could find yourself without connectivity & no way to ask for help.

The short answers to your questions are, Packet filtering, network addresss [and port] translation (NA[P]T) and other packet mangling.

Depends on configuration.

No

No

----------

## Fissile

Hey thx all for your great advices and huge msges!! Thx for taking the time!...

----------

## linux_girl

sorry to say that fisille but you are suposed to be GURU. And GURU should know those thing.

----------

## pjp

 *linux_girl wrote:*   

> sorry to say that fisille but you are suposed to be GURU. And GURU should know those thing.

 Forum rankings are representative of postcount, not knowledge.

----------

