6

I want to wipe free space in my ubuntu partition and after a search found this sfill software which I installed using

sudo apt install secure-delete

Then I have used this command to wipe free space

$ sudo sfill -v /home
[sudo] password for shan: 
Using /dev/urandom for random input.
Wipe mode is secure (38 special passes)
Wiping now ...
Creating /home/oooooooo.ooo ...

its stuck here for last 20 minutes and I don't know whether sfill is working or not. In my /home partion oooooooo.ooo file has a size of 27.6 MB and stays in this size. How to know the progress of wiping of free space in sfill?

George Udosen
  • 36,677
Eka
  • 2,967
  • 12
  • 38
  • 60

5 Answers5

4

zerofree and sfill

I think it enough for all the needs of ordinary people to overwrite once (and with zeros). You can do it with zerofree

sudo apt install zerofree

sudo zerofree /dev/sdxn

where x is the device letter and n is the partition number (for media devices probably sdb1).

Running sfill with 'wipe mode is secure (38 special passes)' needs 38 times longer time and will wear the drive 38 times more. Moreover is probably a waste of time.

You can use options to make it faster and (maybe) less secure. If I understand the manual correctly, sfill should work like zerofree when using the following options (but I have not tested).

sudo sfill -llz /path-to-mountpoint

or maybe they must be separate

sudo sfill -l -l -z /path-to-mountpoint

but you might as well let it write random data once

sudo sfill -l -l /path-to-mountpoint

I don't know if zerofree or sfill is more efficient (faster), when doing the same thing. (I need not guess here, but if you know, please edit this answer.)

According to the comment by @bodhi.zazen

Data can not be recovered if it is overwritten more than once

so the following command with sfill might be a good option (it overwrites twice),

sudo sfill -l /path-to-mountpoint

man sfill describes the option -l:

-l lessens the security. Only two passes are written: one mode with 0xff and a final mode with random values.

Low level wiping

If you really need this high level of security, it is better to backup or clone the data to another drive and wipe the drive with a special tool, that works on a lower level, for example hdparm or DBAN. It will be much more efficient (much faster).

It is possible to use re-linking between logical addresses and physical memory cells with hdparm. This is a kind of encryption rather than overwriting the whole memory and very efficient. I think the following link can help you use that method,

Re: best way to wipe a drive - with hdparm

After the low level wiping you can either restore the file data to the wiped drive or simply use it on the other drive (if cloned with Clonezilla, which clones used data blocks and skips free blocks).

How to know the progress or at least that something is happening

There is an option for verbose mode, -v. I see that you have already used it. I don't know any other way to make sfill tell you more, and it does not look like you get a progress view.

But if you want to know if the process is still doing something, you can try with iotop

sudo apt install iotop

sudo iotop -o
sudodus
  • 46,324
  • 5
  • 88
  • 152
  • 4
    Data can not be recovered if it is overwritten more than once - The theory Peter Gutmann presented at a 1996 Usenix conference has been debunked - see http://www.nber.org/sys-admin/overwritten-data-guttman.html and https://www.stellarinfo.com/blog/why-it-is-impossible-to-recover-data-from-an-overwritten-hard-drive/ . Note the difference in the second article between deleted, trash, reformatted, and over written. The advice to use a program such as DBAN or similar to perform multiple passes is poor as it causes unnecessary wear on the device and takes much longer. – Panther Oct 03 '17 at 15:48
  • 1
    Thanks for the heads up, @bodhi.zazen. I edited the answer to add a paragraph about using hdparm. Please check that it is correct, and if not, please help me improve it. – sudodus Oct 03 '17 at 17:00
3

I didn't find any way to directly monitor the progress of sfill but I myself found an indirect way to do this. The process for me took many hours I recommend to use small overwriting pass in sfill.

Open two terminals, in the first terminal start sfill

  #wiping free space in root drive
  sudo sfill -v /

Now in the second terminal do these commands

  cd / #move to root direcotry where oooooooo.ooo exists
  watch -n 30 "ls -lah|grep 'ooo'&&df -h|grep 'sdxn'"

watch -n 30 command lets you monitor a specific shell command in a particular interval of time (here 30sec) ls -lah|grep 'ooo' monitors the size of oooooooo.ooo and df -h|grep 'sdxn' monitors the size left in our root drive xn is the partion number. When sfill progress we can see our drive size decreasing gradually and when the available space reaches zero stop the process.

Eka
  • 2,967
  • 12
  • 38
  • 60
2

Just wanted to add my own experience with sfill. This command

sudo sfill -vllz /

took 15d 6+h to wipe a 500GB HDD in an older laptop running a dual core Intel® Celeron(R) N4000 CPU @ 1.10GHz. And mind you, this was supposed to be the "fast option" with a single pass with zeroes only and no randomization. So, DO EXPECT it to take a very long time on legacy hardware.

By the way, zeros are perfectly safe and irreversible. Secure wiping requiring random bits is an urban legend.

Jimmie DD
  • 21
2

You can open a second terminal and use df. Look at the mount point, see how free space is disappearing over time. You won't see a progress bar though.

df -h
SPRBRN
  • 2,315
  • 6
  • 28
  • 35
1

In case anyone is curious about speed. zerofree is at least 100x times faster in my case. I'd guess because the drive is unmounted while it is running.

I'm zeroing out about 1TB of free space to shrink a drive file for a VM, I gave up on

sudo sfill -vllz /data2

after 12+ hours running...

plastic
  • 11