|
|
Posted on 8/4/2015 8:36:05 PM
|
|
|
|
Linux as an enterprise-level server, data security is crucial, and any valuable data accidentally deleted is intolerable, and may even bring disaster! As a Linux system administrator, you must have the meaning of data protection, not only to do a good job in data backup, but also to have the ability to restore important data after accidentally deleting. Here we will introduce you to an open-source data recovery tool ext3grep, which can recover rm –rf accidentally deleted files
1. The principle of ext3grep:
Using ext3grep to recover files does not depend on any file format, first ext3grep uses the ROOT inode to obtain all the file information in the file system, including existing or deleted files, including the file name, inode number, and then uses the inode combined with the system log to query the block location where the inode is located, including direct and indirect block information, and finally uses the dd command to back up the data information, so as to restore the data!
When you find that the file has been deleted by mistake, the first thing to do is to immediately uninstall the partition where the file is located, or mount the partition in a read-only way, because after the file is deleted, the data in the file is still on the disk, unless the system allocates the block where these data are located, otherwise it will always exist, so for safety, the first thing to do is to uninstall the partition where the file is located,
As for the root partition, you can restart the system, then enter the system in single-user mode and mount the root partition in a read-only manner:
mount –o ro,remount /
2. Install ext3grep
Before installing, first check whether the system has installed e2fsprogs related software, if there is no need to download and install, otherwise an error will be reported when installing ext3greep!
[root@localhost ~]# rpm -qa|grep e2fs
e2fsprogs-devel-1.39-23.el5_5.1
e2fsprogs-libs-1.39-23.el5_5.1
e2fsprogs-1.39-23.el5_5.1
e2fsprogs-libs-1.39-23.el5_5.1
The ext3grep source code package can be downloaded from the Internet:
wget http://code.google.com/p/ext3gre ... 3grep-0.10.2.tar.gz
Unzip, compile, install
tar zxf ext3grep-0.10.2.tar.gz
cd ext3grep-0.10.2
./configure –prefix=/usr/local/ext3grep
make
make install
3. Use ext3grep to recover data deleted by rm – rf
First, we simulate a disk partition to create a virtual device
[root@localhost ~]# mkdir /disk to create a mount point
[root@localhost ~]# mkdir /virtual
[root@localhost ~]# dd if=/dev/zero of=/virtual/disk1 conut=102400
[root@localhost ~]# mkfs -t ext3 /vittual/disk1
[root@localhost ~]# mount -o loop /virtual/disk1 /disk
[root@localhost ~]# echo “this is a ext3grep test,thank you” >/disk/ext3grep-test.txt
Use rm –rf to delete the file you just created
rm –rf /disk/*
Then see to confirm that the file has been deleted
4. Use ext3grep to recover deleted files
Create a directory dedicated to the recovered files
mkdir restore
cd restore
5. The process of recovering files
Execute in the restore directory you just created
View deleted file information
[root@localhost restore]# /usr/local/ext3grep/bin/ext3grep /virtual/disk --ls --inode 2
.-- File type in dir_entry (r=regular file, d=directory, l=symlink)
| .-- D: Deleted ; R: Reallocated
Indx Next | Inode | Deletion time Mode File name
==========+==========+----------------data-from-inode------+-----------+=========
0 1 d 2 drwxr-xr-x .
1 end d 2 drwxr-xr-x ..
2 end d 11 D 1340620814 Mon Jun 25 18:40:14 2012 drwx------ lost+found
3 end r 12 D 1340620814 Mon Jun 25 18:40:14 2012 rrw-r--r-- ext3grep-test.txt
Start recovering
[root@localhost restore]# /usr/local/ext3grep/bin/ext3grep /virtual/disk --restore-file ext3grep-test.txt
Running ext3grep version 0.10.2
WARNING: I don't know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
Number of groups: 7
Minimum / maximum journal block: 16616 / 20729
Loading journal descrip Remove tors... sorting... done
The oldest inode block that is still in the journal, appears to be from 1340620763 = Mon Jun 25 18:39:23 2012
Number of descrip removed tors in journal: 20; min / max sequence numbers: 2 / 5
Writing output to directory RESTORED_FILES/
Loading disk.ext3grep.stage2... done
Restoring ext3grep-test.txt
From the above output, it can be seen that ext3grep-test.txt file has been successfully recovered, and a RESTORED_FILES directory is generated under the current directory, and the recovered file is placed there.
[root@localhost RESTORED_FILES]# ls
ext3grep-test.txt
Summary: Although this tool can recover files deleted by the rm –rf command, as a system administrator, you should have a concept of backing up data in your mind at all times, after all, backup is king!
Attach a beauty sticker.
|
Previous:iQQ uses Java language for cross-platform development, cross-platform QQNext:my97 date control (very powerful, a must for projects about time dates)
|
