I want to wipe free space in my ubuntu partition and after a search found this sfill software which I installed using
sudo apt install secure-delete
Then I have used this command to wipe free space
$ sudo sfill -v /home
[sudo] password for shan:
Using /dev/urandom for random input.
Wipe mode is secure (38 special passes)
Wiping now ...
Creating /home/oooooooo.ooo ...
its stuck here for last 20 minutes and I don't know whether sfill is working or not. In my /home partion oooooooo.ooo file has a size of 27.6 MB and stays in this size. How to know the progress of wiping of free space in sfill?
zerofreeandsfillI think it enough for all the needs of ordinary people to overwrite once (and with zeros). You can do it with
zerofreewhere x is the device letter and n is the partition number (for media devices probably
sdb1).Running
sfillwith 'wipe mode is secure (38 special passes)' needs 38 times longer time and will wear the drive 38 times more. Moreover is probably a waste of time.You can use options to make it faster and (maybe) less secure. If I understand the manual correctly,
sfillshould work likezerofreewhen using the following options (but I have not tested).or maybe they must be separate
but you might as well let it write random data once
I don't know if
zerofreeorsfillis more efficient (faster), when doing the same thing. (I need not guess here, but if you know, please edit this answer.)According to the comment by @bodhi.zazen
so the following command with
sfillmight be a good option (it overwrites twice),man sfilldescribes the option-l:Low level wiping
If you really need this high level of security, it is better to backup or clone the data to another drive and wipe the drive with a special tool, that works on a lower level, for example
hdparmor DBAN. It will be much more efficient (much faster).It is possible to use re-linking between logical addresses and physical memory cells with
hdparm. This is a kind of encryption rather than overwriting the whole memory and very efficient. I think the following link can help you use that method,Re: best way to wipe a drive - with hdparm
After the low level wiping you can either restore the file data to the wiped drive or simply use it on the other drive (if cloned with Clonezilla, which clones used data blocks and skips free blocks).
How to know the progress or at least that something is happening
There is an option for verbose mode,
-v. I see that you have already used it. I don't know any other way to makesfilltell you more, and it does not look like you get a progress view.But if you want to know if the process is still doing something, you can try with
iotopI didn't find any way to directly monitor the progress of sfill but I myself found an indirect way to do this. The process for me took many hours I recommend to use small overwriting pass in
sfill.Open two terminals, in the first terminal start
sfillNow in the second terminal do these commands
watch -n 30command lets you monitor a specific shell command in a particular interval of time (here 30sec)ls -lah|grep 'ooo'monitors the size ofoooooooo.oooanddf -h|grep 'sdxn'monitors the size left in our root drivexnis the partion number. When sfill progress we can see our drive size decreasing gradually and when the available space reaches zero stop the process.Just wanted to add my own experience with sfill. This command
took 15d 6+h to wipe a 500GB HDD in an older laptop running a dual core Intel® Celeron(R) N4000 CPU @ 1.10GHz. And mind you, this was supposed to be the "fast option" with a single pass with zeroes only and no randomization. So, DO EXPECT it to take a very long time on legacy hardware.
By the way, zeros are perfectly safe and irreversible. Secure wiping requiring random bits is an urban legend.
In case anyone is curious about speed. zerofree is at least 100x times faster in my case. I'd guess because the drive is unmounted while it is running.
I'm zeroing out about 1TB of free space to shrink a drive file for a VM, I gave up on
after 12+ hours running...