LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   sfill - secure free disk and inode space wiper (http://www.linuxquestions.org/questions/linux-software-2/sfill-secure-free-disk-and-inode-space-wiper-740690/)

john99 07-17-2009 01:36 AM

sfill - secure free disk and inode space wiper
 
Hello

It seems that Icognito does include the sfill tool (a free disk and inode space wiper) :-)


Is it possible to "clean" whole (ext3-) devices/partitions or only folders
(or can this simply be done by defining the mount point) ?



Thank's a lot for any feedback!

John

unSpawn 07-17-2009 06:24 AM

THC's sfill is not specific to Incognito or any other distribution so I moved your thread to the Linux Software forum. As the manual says sfill will wipe either free inode space or free disk space. Compare with for instance Jetico's bcwipe which can wipe out complete block devices, selected files (and recurse into directories), free disk space or file slack space and has a bit more configuration options wrt passes.

irlandes 09-20-2009 10:42 PM

sfill and bcwipe, my experiences
 
Moderators, if this is unacceptable feel free to delete. I just typed it up for CentOs and it is easy for me to paste here as well. More than you wanted to know about sfill and bcwipe. I simply moved the sfill from Kubuntu to CentOs and it runs.



I. I took the file sfill from /usr/bin/sfill in my Kubuntu machine, which I got by sudo apt-get install secure-delete.

I moved it into my CentOs 5.3 machine, also at /usr/bin/sfill using a flash drive, and in su mode, cp to final source.


II. Then, I cloned my emachine, which has several distros on it, to an external HD. I did this with a Puppy Linux live CD, which I booted;

(Of course, I had the USB lead of external HD connected to USB port, and running)

When it booted, I hit F2, then typed: puppy acpi=off pfix=ram

This loads the Puppy distro solely in Ram so it touches nothing.

A few clicks for keyboard, and when it shows Desktop, if you want change resolution.

Then click on the icon which says console. Enter dd if=/dev/sda of=/dev/sdb

These are the names Puppy shows on the Desktop.

Wait 16+ hours. Record message on completion in case you must reinstall it from clone.

In my case, it said:

234441648 +0 records in
234441648 +0 records out

If you need to reinstall from clone, reverse the sdb and sda, and set blocks per man dd to that number recorded.


III. I re-booted into CentOs, which is on hda13.

Open a terminal, to su

type sfill -I -l -l -v /home

This wipes all free space in the partition on which /home is located and only does one pass, filling with random data.

Hit <enter>

It will say creating /home/oooooooo.ooo...

Open another console terminal, type df <enter> Note the usage.

Wait a couple minutes and hit df again, and you can see the partition filling.

On my partition, it was in 1K blocks:

11227664 7839068 used, 2809056 available 74%

It climbed toward 100%. When it said 100% it actually kept going, because the 100% is rounded up, I guess.

When it hit the end, it lets you know it is done. In a minute, the df will show 74% again.

On mine, it took 17 minutes and 14 seconds for one pass.


IV. This does not wipe slack space, the difference between cluster size and file size. Allegedly, this requires a program from http://www.jetico.com/download/ which is BCWipe-1.9-3.i386.rpm

I installed it with: rpm -i BCWipe-1.9-3.i386.rpm

I typed: bcwipe and it gave me the basic nomenclature. There is an option for wiping slack space.

Playing with it, I learned that this command will wipe all slack of unhidden files in the current directory only.

bcwipe -mz -n 60 -S -v *

In the Desktop it reported: Wiped 72KB of file slacks.

Note -n 60 is not needed for -mz since it is single pass.

Changing su console to, or example, /sbin, then run above command wiped 472K of file slacks.

It will not do recursive, only current directory.


Someone on the official forums said this in answer to a question how to clean all slack:

"You can try something like find <path_here> -type f -exec bcwipe -Smd {} \;
Remember, it will be lenghty operation if you have many files there."

I would not trust a command which said "something like" but I bet there is a way if that isn't correct.



So far no system damage noted. But, I sure feel better with a clone.

REMEMBER TO WIPE YOUR EXTERNAL HARD DISK WHEN YOU ARE DONE, IT HAS THE SAME FREE SPACE YOUR HD DID.

ahaveland 02-11-2011 11:29 AM

Quote:

Originally Posted by irlandes (Post 3691147)
Someone on the official forums said this in answer to a question how to clean all slack:

"You can try something like find <path_here> -type f -exec bcwipe -Smd {} \;
Remember, it will be lenghty operation if you have many files there."

I would not trust a command which said "something like" but I bet there is a way if that isn't correct.

Thanks for the info. I just wanted to shrink and gzip a partition so it didn't take up unnecessary space, so after resize2fs, dd, lvresize, pvresize, parted etc, I can confirm that bcwipe works.

This is what I used in each top level dir: (/bin /boot /etc /home /lib /lib64 /root /sbin /usr /var )

for p in /bin /boot /etc /home /lib /lib64 /root /sbin /tmp /usr /var; do
IFS=$'\n'; for i in $(find $p -type d); do
bcwipe -mz -S -v "$i"/*;
done;
done;


It took a good hour or so. I don't think it would be a good idea to run from / and operate on /proc, /sys /dev too.

Crazy that after all these years there still isn't a standard core util to wipe slack and free space.

Andy


All times are GMT -5. The time now is 10:14 PM.