誤刪linux文件恢復
Linux下文件誤刪除,使用extundelete恢復測試過程node
extundelete下載官網地址:https://pkgs.org/download/extundeletec++
- 給虛擬主機添加一塊磁盤,磁盤爲/dev/sdb
[root@localhost bin]# cat /proc/scsi/scsi Attached devices: Host: scsi2 Channel: 00 Id: 00 Lun: 00 Vendor: VMware Model: Virtual disk Rev: 1.0 Type: Direct-Access ANSI SCSI revision: 02 Host: scsi1 Channel: 00 Id: 00 Lun: 00 Vendor: NECVMWar Model: VMware IDE CDR10 Rev: 1.00 Type: CD-ROM ANSI SCSI revision: 05 [root@localhost bin]# echo "scsi add-single-device 2 0 1 0">/proc/scsi/scsi [root@localhost bin]# fdisk -l [root@localhost bin]# fdisk /dev/sdb [root@localhost bin]# partprobe /dev/sdb [root@localhost bin]# mkfs.xfs /dev/sdb1 [root@localhost bin]# mount /dev/sdb1 /mnt/
- 執行誤操做:
[root@localhost mnt]# ls redis-4.0.11 redis-4.0.11.tar.gz [root@localhost mnt]# rm -rf redis-4.0.11*
- 將誤操做所在分區進行只讀保護
若是肯定文件被誤刪,在沒有備份的狀況下請立刻對分區實施寫入保護(預防新的寫入覆蓋誤刪的塊數據,所以權限給只讀):redis
[root@localhost /]# mount -o remount,ro /dev/sdb1 [root@localhost /]# mount -o remount,ro /mnt/
- 安裝部署數據恢復工具extundelete
安裝依賴包app
[root@localhost /]# yum -y install gcc-c++ e2fsprogs.x86_64 e2fsprogs-devel.x86_64
[root@localhost /]# cd /app/soft/
[root@localhost soft]# wget https://nchc.dl.sourceforge.net/project/extundelete/extundelete/0.2.4/extundelete-0.2.4.tar.bz2
[root@localhost soft]# tar -jxvf extundelete-0.2.4.tar.bz2
[root@localhost soft]# cd extundelete-0.2.4
[root@localhost extundelete-0.2.4]# ./configure
Configuring extundelete 0.2.4
Writing generated files to disk
[root@localhost extundelete-0.2.4]# make
make -s all-recursive
Making all in src
extundelete.cc: In function ‘ext2_ino_t find_inode(ext2_filsys, ext2_filsys, ext2_inode*, std::string, int)’:
extundelete.cc:1272:29: warning: narrowing conversion of ‘search_flags’ from ‘int’ to ‘ext2_ino_t {aka unsigned int}’ inside { } [-Wnarrowing]
buf, match_name2, priv, 0};
^
[root@localhost extundelete-0.2.4]# make install
Making install in src
/bin/install -c extundelete '/usr/local/bin'
[root@localhost extundelete-0.2.4]# extundelete -v
extundelete version 0.2.4
libext2fs version 1.42.9
Processor is little endian.
[root@localhost extundelete-0.2.4]# extundelete --help
其中,參數(options)有:
--version, -[vV],顯示軟件版本號。
--help,顯示軟件幫助信息。
--superblock,顯示超級塊信息。
--journal,顯示日誌信息。
--after dtime,時間參數,表示在某段時間以後被刪的文件或目錄。
--before dtime,時間參數,表示在某段時間以前被刪的文件或目錄。
動做(action)有:
--inode ino,顯示節點「ino」的信息。
--block blk,顯示數據塊「blk」的信息。
--restore-inode ino[,ino,...],恢復命令參數,表示恢復節點「ino」的文件,恢復的文件會自動放在當前目錄下的RESTORED_FILES文件夾中,使用節點編號做爲擴展名。
--restore-file 'path',恢復命令參數,表示將恢復指定路徑的文件,並把恢復的文件放在當前目錄下的RECOVERED_FILES目錄中。
--restore-files 'path',恢復命令參數,表示將恢復在路徑中已列出的全部文件。
--restore-all,恢復命令參數,表示將嘗試恢復全部目錄和文件。
-j journal,表示從已經命名的文件中讀取擴展日誌。
-b blocknumber,表示使用以前備份的超級塊來打開文件系統,通常用於查看現有超級塊是否是當前所要的文件。
-B blocksize,經過指定數據塊大小來打開文件系統,通常用於查看已經知道大小的文件。
- 文件恢復
原理:從根節點(inode=2)開始找到被刪除文件的i節點,而後recover i節點。 如下是模擬刪除redis-4.0.11.tar.gz(文件)和redis-4.0.11 (目錄)ide
[root@localhost extundelete-0.2.4]# extundelete /dev/sdb --inode 2 extundelete: Bad magic number in super-block when trying to open filesystem /dev/sdb [root@localhost extundelete-0.2.4]# df -Th /dev/sdb1 Filesystem Type Size Used Avail Use% Mounted on /dev/sdb1 xfs 100G 176K 100G 1% /mnt [root@localhost extundelete-0.2.4]#
不支持xfs文件格式的恢復,實驗中從新格式化成ext4格式測試。工具
[root@localhost /]# extundelete /dev/sdb1 --inode 2 NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 800 groups loaded. Group: 0 Contents of inode 2: 0000 | ed 41 00 00 00 10 00 00 8a 33 0e 5c 3e 34 0e 5c | .A.......3.\>4.\ 0010 | 3e 34 0e 5c 00 00 00 00 00 00 03 00 08 00 00 00 | >4.\............ 0020 | 00 00 08 00 04 00 00 00 0a f3 01 00 04 00 00 00 | ................ 0030 | 00 00 00 00 00 00 00 00 01 00 00 00 2e 24 00 00 | .............$.. 0040 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0050 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0060 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0070 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0080 | 1c 00 00 00 24 de 02 30 24 de 02 30 24 0e 0b d4 | ....$..0$..0$... 0090 | a0 31 0e 5c 00 00 00 00 00 00 00 00 00 00 00 00 | .1.\............ 00a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00b0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00d0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00e0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00f0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ Inode is Allocated File mode: 16877 Low 16 bits of Owner Uid: 0 Size in bytes: 4096 Access time: 1544434570 Creation time: 1544434750 Modification time: 1544434750 Deletion Time: 0 Low 16 bits of Group Id: 0 Links count: 3 Blocks count: 8 File flags: 524288 File version (for NFS): 0 File ACL: 0 Directory ACL: 0 Fragment address: 0 Direct blocks: 127754, 4, 0, 0, 1, 9262, 0, 0, 0, 0, 0, 0 Indirect block: 0 Double indirect block: 0 Triple indirect block: 0 File name | Inode number | Deleted status . 2 .. 2 lost+found 11 redis-4.0.11.tar.gz 12 Deleted redis-4.0.11 5505025 Deleted [root@localhost /]#
恢復過程不要在誤刪分區進行,謹防inode. block塊相互覆蓋測試
恢復文件(可根據文件名進行恢復):.net
[root@localhost /]# extundelete /dev/sdb1 --restore-file redis-4.0.11.tar.gz NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 153 groups loaded. Loading journal descriptors ... 79 descriptors loaded. Successfully restored file redis-4.0.11.tar.gz [root@localhost /]#
恢復目錄(根據目錄名恢復):rest
[root@localhost /]# extundelete /dev/sdb1 --restore-directory redis-4.0.11 NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 153 groups loaded. Loading journal descriptors ... 79 descriptors loaded. Searching for recoverable inodes in directory redis-4.0.11 ... 26 recoverable inodes found. Looking through the directory structure for deleted files ... 5 recoverable inodes still lost. [root@localhost /]#
恢復全部數據日誌
[root@localhost /]# extundelete /dev/sdb1 --restore-all NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 153 groups loaded. Loading journal descriptors ... 79 descriptors loaded. Searching for recoverable inodes in directory / ... 26 recoverable inodes found. Looking through the directory structure for deleted files ... 1 recoverable inodes still lost. [root@localhost /]#
在當前目錄下ECOVERED_FILES的目錄,在目錄裏就能夠看到被誤刪除的文件以及目錄,恢復回來的文件權限可能會變化。extundelete還能夠實現恢復某個時間段的數據。能夠經過「--after」和「--before」參數實現!
相關文章
- 1. Linux-Rhel6 恢復誤刪文件
- 2. Linux之恢復誤刪除文件
- 3. linux系統文件誤刪除恢復
- 4. Linux下誤刪文件恢復
- 5. Linux 誤刪文件恢復方法(debugfs)
- 6. Linux文件誤刪除恢復操做
- 7. linux 下文件誤刪恢復
- 8. 恢復linux下誤刪除的文件
- 9. 恢復GIT誤刪文件
- 10. Eclipse 文件誤刪,恢復
- 更多相關文章...
- • MySQL數據庫恢復(LOAD DATA) - MySQL教程
- • R XML 文件 - R 語言教程
- • Docker容器實戰(七) - 容器眼光下的文件系統
- • SpringBoot中properties文件不能自動提示解決方法
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. Linux-Rhel6 恢復誤刪文件
- 2. Linux之恢復誤刪除文件
- 3. linux系統文件誤刪除恢復
- 4. Linux下誤刪文件恢復
- 5. Linux 誤刪文件恢復方法(debugfs)
- 6. Linux文件誤刪除恢復操做
- 7. linux 下文件誤刪恢復
- 8. 恢復linux下誤刪除的文件
- 9. 恢復GIT誤刪文件
- 10. Eclipse 文件誤刪,恢復