extundelete軟件專門解決意外刪除事件的,有時候不小心 rm -rf * 就可能毀掉有用的數據.因此就出現了這個恢復工具,但這個工具也不是萬能的,刪除數據后一定要停止所以的寫操作.以免Inodes空間被重新分配,那樣的話就永遠恢復不會來拉,只能節哀了...
1.安裝extundelete
yum install gcc gcc-c++ -y yum install e2fs* //安裝extundelete軟件的依賴包 wget http://nchc.dl.sourceforge.net/project/extundelete/extundelete/0.2.4/extundelete-0.2.4.tar.bz2 tar jxvf extundelete-0.2.4.tar.bz2 cd extundelete-0.2.4 ./configure && make && make install 配置臨時環境變量,如果永久則寫到profile #export PATH=$PATH:/usr/local/extundelete/bin
我的服務器是centos6.8,文件系統是ext4,一但文件被刪除,應馬上停止所有寫文件的進程或服務,最好將文件系統掛載文只讀,以免數據文件被破壞無法恢復。開始恢復!
模擬數據刪除及恢復操作.
1.查看掛載詳細信息:
[root@localhost ~]# mount /dev/vda1 on / type ext4 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw) /dev/vdb1 on /data type ext4 (rw,barrier=0) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) # /data目錄對應的數據磁盤為/dev/vdb1,我會再/data目錄進行數據刪除及恢復.
2.構造數據(將local下的目錄拷貝到/data目錄下,將/etc/passwd文件拷貝/data目錄)
[root@localhost ~]#cp /usr/local/ /data/ -rp [root@localhost data]# ls -lh /data total 68K drwxr-xr-x 7 root root 4.0K Aug 23 10:43 aegis drwxr-xr-x 2 root root 4.0K Aug 23 10:58 bin drwxr-xr-x 2 root root 4.0K Sep 23 2011 etc drwxr-xr-x 2 root root 4.0K Sep 23 2011 games drwxr-xr-x 2 root root 4.0K Sep 23 2011 include drwxr-xr-x 2 root root 4.0K Sep 23 2011 lib drwxr-xr-x 2 root root 4.0K Sep 23 2011 lib64 drwxr-xr-x 2 root root 4.0K Sep 23 2011 libexec drwxr-xr-x 2 root root 4.0K Aug 23 15:29 local drwx------ 2 root root 16K Jun 28 14:38 lost+found drwxr-xr-x 2 root root 4.0K Sep 23 2011 sbin drwxr-xr-x 5 root root 4.0K Jun 5 05:32 share drwxr-xr-x 2 root root 4.0K Jun 28 14:38 src drwxr-xr-x 2 root root 4.0K Aug 23 15:21 testdb -rw-r--r-- 1 root root 1188 Aug 23 09:46 passwd
3.模擬數據誤刪除:
[root@localhost ~]# cd /data/ [root@localhost data]# rm -rf *
下面為數據恢復的整個過程了.
4.迅速將/data目錄從讀寫模式恢復為只讀模式. (因為將文件刪除后,僅僅是將文件的inode結點中的扇區指針清零,實際文件還存儲在磁盤上,如果磁盤以讀寫模式掛載,這些已刪除的文件的數據塊就可能被操作系統重新分配出去,在這些數據塊被新的數據覆蓋后,這些數據就真的丟失了,恢復工具也回力無天。所以,以只讀模式掛載磁盤可以盡量降低數據塊中數據被覆蓋的風險,以提高恢復數據成功的比率。)
[root@localhost ~]#mount -r -n -o remount /data [root@localhost ~]#mount -a #掛為只讀后,再寫入的話會提示 [root@localhost ~]#mkdir /data/testdb mkdir: cannot create directory `testdb': Read-only file system
#查看文件或文件夾的inodes
[root@localhost ~]# ls -id /data 2 /data [root@localhost ~]#
#查看塊設備/dev/vdb1的文件詳細信息
[root@localhost ~]# extundelete /dev/vdb1 --inode 2 NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 800 groups loaded. Group: 0 Contents of inode 2: 0000 | ed 41 00 00 00 10 00 00 fa 2e 9d 59 92 32 9d 59 | .A.........Y.2.Y File name | Inode number | Deleted status . 2 .. 2 lost+found 11 Deleted testdb 2097153 Deleted local 2883585 Deleted aegis 2883586 Deleted bin 2888356 Deleted etc 2888353 Deleted games 2888355 Deleted include 2888352 Deleted lib 2888360 Deleted lib64 2888359 Deleted libexec 2888351 Deleted sbin 2888354 Deleted share 2888328 Deleted src 2888358 Deleted passwd 2888357 Deleted [root@localhost ~]#
恢復單個文件:
[root@localhost ~]# extundelete /dev/vdb1 --restore-file passwd NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 800 groups loaded. Loading journal descriptors ... 1292 descriptors loaded. Successfully restored file passwd [root@localhost ~]# ll total 4 drwxr-xr-x 2 root root 4096 Aug 23 16:12 RECOVERED_FILES [root@localhost ~]# cd RECOVERED_FILES/ [root@localhost RECOVERED_FILES]# ll total 4 -rw-r--r-- 1 root root 1188 Aug 23 16:12 passwd [root@localhost RECOVERED_FILES]# #/dev/vdb1對象的掛載目錄為/data
恢復單個目錄:
[root@localhost ~]# extundelete /dev/vdb1 --restore-directory testdb NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 800 groups loaded. Loading journal descriptors ... 1292 descriptors loaded. Searching for recoverable inodes in directory testdb ... 4745 recoverable inodes found. Looking through the directory structure for deleted files ... 4744 recoverable inodes still lost. [root@localhost ~]# cd RECOVERED_FILES/ [root@localhost RECOVERED_FILES]# ll total 4 drwxr-xr-x 2 root root 4096 Aug 23 15:58 testdb [root@localhost RECOVERED_FILES]# cd testdb/ [root@localhost testdb]# ll total 4 -rw-r--r-- 1 root root 1188 Aug 23 15:58 passwd [root@localhost testdb]#
通過extundelete恢復所有誤刪除數據:
[root@localhost ~]# extundelete /dev/vdb1 --restore-all NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 800 groups loaded. Loading journal descriptors ... 1292 descriptors loaded. Searching for recoverable inodes in directory / ... 4745 recoverable inodes found. Looking through the directory structure for deleted files ... 1 recoverable inodes still lost. [root@localhost ~]# cd RECOVERED_FILES/ [root@localhost ~]#ll drwxr-xr-x 5 root root 4096 Aug 23 16:10 local drwxr-xr-x 2 root root 4096 Aug 23 16:10 testdb drwxr-xr-x 7 root root 4096 Aug 23 16:10 aegis drwxr-xr-x 2 root root 4096 Aug 23 16:10 bin drwxr-xr-x 3 root root 4096 Aug 23 16:10 share #有幾個目錄沒有恢復出來,可能是設置只讀模式時inode值已改變造成的.
5.將目錄/data從只讀模式恢復為讀寫模式.
[root@localhost ~]#mount -rw -n -o remount /data [root@localhost ~]#mount -a
6.將恢復的數據從RECOVERED_FILES目錄下拷貝到/data目錄,至此恢復完成,噢耶.
[root@localhost ~]#cp -rp /root/RECOVERED_FILES/testdb /data/
寫這篇是我邊測試邊寫的,數據都是恢復出來然后寫的文檔.希望有用.
恢復實例見參考文檔:
http://ixdba.blog.51cto.com/2895551/1566856/