How to know the progress of sfill free space wiping process?
I want to wipe free space in my ubuntu partition and after a search found this sfill software which I installed using
sudo apt install secure-delete
Then I have used this command to wipe free space
$ sudo sfill -v /home
[sudo] password for shan:
Using /dev/urandom for random input.
Wipe mode is secure (38 special passes)
Wiping now ...
Creating /home/oooooooo.ooo ...
its stuck here for last 20 minutes and I don't know whether sfill is working or not. In my /home partion oooooooo.ooo file has a size of 27.6 MB and stays in this size. How to know the progress of wiping of free space in sfill?
Solution 1:
zerofree and sfill
I think it enough for all the needs of ordinary people to overwrite once (and with zeros). You can do it with zerofree
sudo apt install zerofree
sudo zerofree /dev/sdxn
where x is the device letter and n is the partition number (for media devices probably sdb1).
Running sfill with 'wipe mode is secure (38 special passes)' needs 38 times longer time and will wear the drive 38 times more. Moreover is probably a waste of time.
You can use options to make it faster and (maybe) less secure. If I understand the manual correctly, sfill should work like zerofree when using the following options (but I have not tested).
sudo sfill -llz /path-to-mountpoint
or maybe they must be separate
sudo sfill -l -l -z /path-to-mountpoint
but you might as well let it write random data once
sudo sfill -l -l /path-to-mountpoint
I don't know if zerofree or sfill is more efficient (faster), when doing the same thing. (I need not guess here, but if you know, please edit this answer.)
According to the comment by @bodhi.zazen
Data can not be recovered if it is overwritten more than once
so the following command with sfill might be a good option (it overwrites twice),
sudo sfill -l /path-to-mountpoint
man sfill describes the option -l:
-llessens the security. Only two passes are written: one mode with 0xff and a final mode with random values.
Low level wiping
If you really need this high level of security, it is better to backup or clone the data to another drive and wipe the drive with a special tool, that works on a lower level, for example hdparm or DBAN. It will be much more efficient (much faster).
It is possible to use re-linking between logical addresses and physical memory cells with hdparm. This is a kind of encryption rather than overwriting the whole memory and very efficient. I think the following link can help you use that method,
Re: best way to wipe a drive - with hdparm
After the low level wiping you can either restore the file data to the wiped drive or simply use it on the other drive (if cloned with Clonezilla, which clones used data blocks and skips free blocks).
How to know the progress or at least that something is happening
There is an option for verbose mode, -v. I see that you have already used it. I don't know any other way to make sfill tell you more, and it does not look like you get a progress view.
But if you want to know if the process is still doing something, you can try with iotop
sudo apt install iotop
sudo iotop -o
Solution 2:
I didn't find any way to directly monitor the progress of sfill but I myself found an indirect way to do this. The process for me took many hours I recommend to use small overwriting pass in sfill.
Open two terminals, in the first terminal start sfill
#wiping free space in root drive
sudo sfill -v /
Now in the second terminal do these commands
cd / #move to root direcotry where oooooooo.ooo exists
watch -n 30 "ls -lah|grep 'ooo'&&df -h|grep 'sdxn'"
watch -n 30 command lets you monitor a specific shell command in a particular interval of time (here 30sec) ls -lah|grep 'ooo' monitors the size of oooooooo.ooo and df -h|grep 'sdxn' monitors the size left in our root drive xn is the partion number. When sfill progress we can see our drive size decreasing gradually and when the available space reaches zero stop the process.