- 安装extundelete工具包,用于恢复数据用 [root@centos01 ~]# yum install extundelete -y Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile epel/Metalink | 8.0 kB
- base: mirrors.zju.edu.cn
- epel: mirrors.sohu.com
- extras: mirrors.sohu.com
- updates: mirrors.163.com base | 3.7 kB epel | 4.7 kB epel/primary_db | 6.0 MB extras | 3.4 kB updates | 3.4 kB Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package extundelete.x86_64 0:0.2.4-6.el6 will be inst --> Finished Dependency Resolution
Dependencies Resolved
========================================================== Package Arch Version Repos
========================================================== Installing: extundelete x86_64 0.2.4-6.el6 epel
Transaction Summary
========================================================== Install 1 Package(s)
Total download size: 60 k Installed size: 143 k Downloading Packages: extundelete-0.2.4-6.el6.x86_64.rpm | 60 kB Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : extundelete-0.2.4-6.el6.x86_64 Verifying : extundelete-0.2.4-6.el6.x86_64
Installed: extundelete.x86_64 0:0.2.4-6.el6
Complete!
2.查看extundelete的用法
[root@centos01 ~]# extundelete --help Usage: extundelete [options] [--] device-file Options: --version,-[vV] Print version and exit successfully. --help,Print this help and exit successfully. --superblock Print contents of superblock in addition to the rest. If no action is specified then this option is implied. --journal Show content of journal. --after dtime Only process entries deleted on or after 'dtime'. --before dtime Only process entries deleted before 'dtime'. Actions: --inode ino Show info on inode 'ino'. --block blk Show info on block 'blk'. --restore-inode ino[,ino,...] Restore the file(s) with known inode number 'ino'. The restored files are created in ./RECOVERED_FILES with their inode number as extension (ie,file.12345). --restore-file 'path' Will restore file 'path'. 'path' is relative to root of the partition and does not start with a '/' The restored file is created in the current directory as 'RECOVERED_FILES/path'. --restore-files 'path' Will restore files which are listed in the file 'path'. Each filename should be in the same format as an option to --restore-file,and there should be one per line. --restore-directory 'path' Will restore directory 'path'. 'path' is relative to the root directory of the file system. The restored directory is created in the output directory as 'path'. --restore-all Attempts to restore everything. -j journal Reads an external journal from the named file. -b blocknumber Uses the backup superblock at blocknumber when opening the file system. -B blocksize Uses blocksize as the block size when opening the file system. The number should be the number of bytes. --log 0 Make the program silent. --log filename Logs all messages to filename. --log D1=0,D2=filename Custom control of log messages with comma-separated Examples below: list of options. Dn must be one of info,warn,or --log info,error error. Omission of the '=name' results in messages --log warn=0 with the specified level to be logged to the console. --log error=filename If the parameter is '=0',logging for the specified level will be turned off. If the parameter is '=filename',messages with that level will be written to filename. -o directory Save the recovered files to the named directory. The restored files are created in a directory named 'RECOVERED_FILES/' by default.
3.创建测试数据 [root@centos01 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda2 18G 4.5G 13G 27% / tmpfs 116M 0 116M 0% /dev/shm /dev/sda1 194M 27M 158M 15% /boot /dev/sdb1 6.0G 140M 5.5G 3% /test
[root@centos01 ~]# cp -pr /etc/ssh /test/
[root@centos01 ~]# ls -ltr /test/ total 24 -rw-r--r--. 1 root root 1006 Dec 18 23:12 passwd drwxr-xr-x. 2 root root 4096 Dec 20 23:15 ssh drwx------. 2 root root 16384 Dec 25 19:46 lost+found
[root@centos01 ~]# ls -ltr /test/ssh/ total 156 -rw-------. 1 root root 3879 Sep 1 01:40 sshd_config -rw-r--r--. 1 root root 2047 Sep 1 01:40 ssh_config -rw-------. 1 root root 125811 Sep 1 01:40 moduli -rw-r--r--. 1 root root 627 Dec 7 01:17 ssh_host_key.pub -rw-------. 1 root root 963 Dec 7 01:17 ssh_host_key -rw-r--r--. 1 root root 382 Dec 7 01:17 ssh_host_rsa_key.pub -rw-------. 1 root root 1675 Dec 7 01:17 ssh_host_rsa_key -rw-r--r--. 1 root root 590 Dec 7 01:17 ssh_host_dsa_key.pub -rw-------. 1 root root 672 Dec 7 01:17 ssh_host_dsa_key
[root@centos01 ~]# ls -ltr /test/ total 24 -rw-r--r--. 1 root root 1006 Dec 18 23:12 passwd drwxr-xr-x. 2 root root 4096 Dec 20 23:15 ssh drwx------. 2 root root 16384 Dec 25 19:46 lost+found
[root@centos01 ~]# mkdir /test/cbm.sh
[root@centos01 ~]# echo test > /test/cbm.sh/CBN
[root@centos01 ~]# ls -ltr /test/ total 28 -rw-r--r--. 1 root root 1006 Dec 18 23:12 passwd drwxr-xr-x. 2 root root 4096 Dec 20 23:15 ssh drwx------. 2 root root 16384 Dec 25 19:46 lost+found drwxr-xr-x. 2 root root 4096 Dec 25 22:10 cbm.sh
[root@centos01 ~]# ls -ltrR /test/ /test/: total 28 -rw-r--r--. 1 root root 1006 Dec 18 23:12 passwd drwxr-xr-x. 2 root root 4096 Dec 20 23:15 ssh drwx------. 2 root root 16384 Dec 25 19:46 lost+found drwxr-xr-x. 2 root root 4096 Dec 25 22:10 cbm.sh
/test/ssh: total 156 -rw-------. 1 root root 3879 Sep 1 01:40 sshd_config -rw-r--r--. 1 root root 2047 Sep 1 01:40 ssh_config -rw-------. 1 root root 125811 Sep 1 01:40 moduli -rw-r--r--. 1 root root 627 Dec 7 01:17 ssh_host_key.pub -rw-------. 1 root root 963 Dec 7 01:17 ssh_host_key -rw-r--r--. 1 root root 382 Dec 7 01:17 ssh_host_rsa_key.pub -rw-------. 1 root root 1675 Dec 7 01:17 ssh_host_rsa_key -rw-r--r--. 1 root root 590 Dec 7 01:17 ssh_host_dsa_key.pub -rw-------. 1 root root 672 Dec 7 01:17 ssh_host_dsa_key
/test/lost+found: total 0
/test/cbm.sh: total 4 -rw-r--r--. 1 root root 5 Dec 25 22:10 CBN [root@centos01 ~]# ls -ltr /test/ total 28 -rw-r--r--. 1 root root 1006 Dec 18 23:12 passwd drwxr-xr-x. 2 root root 4096 Dec 20 23:15 ssh drwx------. 2 root root 16384 Dec 25 19:46 lost+found drwxr-xr-x. 2 root root 4096 Dec 25 22:10 cbm.sh
[root@centos01 ~]# md5sum --help Usage: md5sum [OPTION]... [FILE]... Print or check MD5 (128-bit) checksums. With no FILE,or when FILE is -,read standard input.
-b,--binary read in binary mode -c,--check read MD5 sums from the FILEs and check them -t,--text read in text mode (default) Note: There is no difference between binary and text mode option on GNU system.
The following three options are useful only when verifying checksums: --quiet don't print OK for each successfully verified file --status don't output anything,status code shows success -w,--warn warn about improperly formatted checksum lines
--help display this help and exit --version output version information and exit
The sums are computed as described in RFC 1321. When checking,the input should be a former output of this program. The default mode is to print a line with checksum,a character indicating type (*' for binary,
' for text),and name for each FILE.
Report md5sum bugs to bug-coreutils@gnu.org GNU coreutils home page: <http://www.gnu.org/software/coreutils/> General help using GNU software: <http://www.gnu.org/gethelp/> For complete documentation,run: info coreutils 'md5sum invocation'
[root@centos01 ~]# ls -ltr /test/ total 28 -rw-r--r--. 1 root root 1006 Dec 18 23:12 passwd drwxr-xr-x. 2 root root 4096 Dec 20 23:15 ssh drwx------. 2 root root 16384 Dec 25 19:46 lost+found drwxr-xr-x. 2 root root 4096 Dec 25 22:10 cbm.sh
4.先检查几个文件md5校验值,由于后面恢复数据后做对比
[root@centos01 ~]# md5sum /test/passwd 8614b886726a2c67b112e6f624196827 /test/passwd
[root@centos01 ~]# md5sum /test/ssh md5sum: /test/ssh: Is a directory
[root@centos01 ~]# md5sum /test/cbm.sh/CBN d8e8fca2dc0f896fd7cb4cb0031ba249 /test/cbm.sh/CBN
[root@centos01 ~]# cd /test/
5.删除测试数据 [root@centos01 test]# rm -rf *
[root@centos01 test]# ls -ltr total 0 [root@centos01 test]# cd /
[root@centos01 /]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda2 18G 4.5G 13G 27% / tmpfs 116M 0 116M 0% /dev/shm /dev/sda1 194M 27M 158M 15% /boot /dev/sdb1 6.0G 140M 5.5G 3% /test
6.卸载数据所在的分区
[root@centos01 /]# umount /test
[root@centos01 /]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda2 18G 4.5G 13G 27% / tmpfs 116M 0 116M 0% /dev/shm /dev/sda1 194M 27M 158M 15% /boot
7.检查数据所在分区文件的inode值
[root@centos01 /]# extundelete /dev/sdb1 --inode 2 NOTICE: Extended attributes are not restored. Loading filesystem Metadata ... 48 groups loaded. Group: 0 Contents of inode 2: 0000 | ed 41 00 00 00 10 00 00 24 07 41 5a 22 07 41 5a | .A......$.AZ".AZ 0010 | 22 07 41 5a 00 00 00 00 00 00 02 00 08 00 00 00 | ".AZ............ 0020 | 00 00 00 00 07 00 00 00 a1 21 00 00 00 00 00 00 | .........!...... 0030 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0040 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0050 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0060 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0070 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0080 | 1c 00 00 00 bc b8 81 48 bc b8 81 48 e8 ed 3a 72 | .......H...H..:r 0090 | 26 e5 40 5a 00 00 00 00 00 00 00 00 00 00 00 00 | &.@Z............ 00a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00b0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00d0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00e0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00f0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
Inode is Allocated File mode: 16877 Low 16 bits of Owner Uid: 0 Size in bytes: 4096 Access time: 1514211108 Creation time: 1514211106 Modification time: 1514211106 Deletion Time: 0 Low 16 bits of Group Id: 0 Links count: 2 Blocks count: 8 File flags: 0 File version (for NFS): 0 File ACL: 0 Directory ACL: 0 Fragment address: 0 Direct blocks: 8609,0 Indirect block: 0 Double indirect block: 0 Triple indirect block: 0
File name | Inode number | Deleted status . 2 .. 2 lost+found 11 Deleted passwd 12 Deleted ssh 262145 Deleted cbm.sh 8193 Deleted
[root@centos01 /]# pwd / [root@centos01 /]# ls -ltr total 94 drwxr-xr-x. 2 root root 4096 Sep 23 2011 srv drwxr-xr-x. 2 root root 4096 Sep 23 2011 mnt drwxr-xr-x. 2 root root 4096 Sep 23 2011 media drwxr-xr-x. 2 root root 4096 Sep 23 2011 home drwx------. 2 root root 16384 Dec 7 01:01 lost+found drwxr-xr-x. 13 root root 4096 Dec 7 01:07 usr drwxr-xr-x. 17 root root 4096 Dec 7 01:07 var dr-xr-xr-x. 8 root root 4096 Dec 7 01:11 lib dr-xr-xr-x. 5 root root 1024 Dec 7 01:15 boot dr-xr-xr-x. 2 root root 4096 Dec 13 23:13 bin drwxr-xr-x. 10 root root 4096 Dec 13 23:18 cgroup drwxr-xr-x. 3 root root 4096 Dec 18 23:16 thmmedia dr-xr-xr-x. 2 root root 4096 Dec 18 23:22 sbin dr-xr-xr-x. 8 root root 12288 Dec 18 23:31 lib64 dr-xr-x---. 4 root root 4096 Dec 21 18:47 root drwxr-xr-x. 7 root root 4096 Dec 25 19:26 opt drwxr-xr-x. 2 root root 4096 Dec 25 19:47 test dr-xr-xr-x. 94 root root 0 Dec 25 19:48 proc drwxr-xr-x. 13 root root 0 Dec 25 19:48 sys drwxr-xr-x. 7 root root 0 Dec 25 19:48 selinux drwxr-xr-x. 17 root root 3760 Dec 25 19:50 dev drwxrwxrwt. 4 root root 4096 Dec 25 20:32 tmp drwxr-xr-x. 75 root root 4096 Dec 25 22:12 etc
[root@centos01 /]# mkdir /restore
[root@centos01 /]# cd /restore
8.恢复一个文件 [root@centos01 restore]# extundelete /dev/sdb1 --restore-file passwd NOTICE: Extended attributes are not restored. Loading filesystem Metadata ... 48 groups loaded. Loading journal descriptors ... 63 descriptors loaded. Successfully restored file passwd
[root@centos01 restore]# ls -ltr total 4 drwxr-xr-x. 2 root root 4096 Dec 25 22:14 RECOVERED_FILES
[root@centos01 restore]# ls -ltr RECOVERED_FILES total 4 -rw-r--r--. 1 root root 1006 Dec 25 22:14 passwd
[root@centos01 restore]# md5sum RECOVERED_FILES/passwd 8614b886726a2c67b112e6f624196827 RECOVERED_FILES/passwd
10.恢复文件夹
[root@centos01 restore]# extundelete /dev/sdb1 --restore-directory ssh NOTICE: Extended attributes are not restored. Loading filesystem Metadata ... 48 groups loaded. Loading journal descriptors ... 63 descriptors loaded. Searching for recoverable inodes in directory ssh ... 14 recoverable inodes found. Looking through the directory structure for deleted files ... 5 recoverable inodes still lost. [root@centos01 restore]# ls -ltr total 4 drwxr-xr-x. 3 root root 4096 Dec 25 22:16 RECOVERED_FILES [root@centos01 restore]# ls -ltr RECOVERED_FILES/ total 8 -rw-r--r--. 1 root root 1006 Dec 25 22:14 passwd drwxr-xr-x. 2 root root 4096 Dec 25 22:16 ssh
11.所恢复的文件夹里的文件权限有变化,可以自己更正过来 [root@centos01 restore]# ls -ltr RECOVERED_FILES/ssh/ total 156 -rw-r--r--. 1 root root 590 Dec 25 22:16 ssh_host_dsa_key.pub -rw-r--r--. 1 root root 382 Dec 25 22:16 ssh_host_rsa_key.pub -rw-r--r--. 1 root root 1675 Dec 25 22:16 ssh_host_rsa_key -rw-r--r--. 1 root root 627 Dec 25 22:16 ssh_host_key.pub -rw-r--r--. 1 root root 3879 Dec 25 22:16 sshd_config -rw-r--r--. 1 root root 963 Dec 25 22:16 ssh_host_key -rw-r--r--. 1 root root 672 Dec 25 22:16 ssh_host_dsa_key -rw-r--r--. 1 root root 2047 Dec 25 22:16 ssh_config -rw-r--r--. 1 root root 125811 Dec 25 22:16 moduli
[root@centos01 restore]# date Mon Dec 25 22:17:01 CST 2017
12.对比文件权限 [root@centos01 restore]# ls -ltr /etc/ssh/ total 156 -rw-------. 1 root root 3879 Sep 1 01:40 sshd_config -rw-r--r--. 1 root root 2047 Sep 1 01:40 ssh_config -rw-------. 1 root root 125811 Sep 1 01:40 moduli -rw-r--r--. 1 root root 627 Dec 7 01:17 ssh_host_key.pub -rw-------. 1 root root 963 Dec 7 01:17 ssh_host_key -rw-r--r--. 1 root root 382 Dec 7 01:17 ssh_host_rsa_key.pub -rw-------. 1 root root 1675 Dec 7 01:17 ssh_host_rsa_key -rw-r--r--. 1 root root 590 Dec 7 01:17 ssh_host_dsa_key.pub -rw-------. 1 root root 672 Dec 7 01:17 ssh_host_dsa_key
13.一键恢复所有数据 [root@centos01 restore]# extundelete /dev/sdb1 --restore-all NOTICE: Extended attributes are not restored. Loading filesystem Metadata ... 48 groups loaded. Loading journal descriptors ... 63 descriptors loaded. Searching for recoverable inodes in directory / ... 14 recoverable inodes found. Looking through the directory structure for deleted files ... 0 recoverable inodes still lost.
[root@centos01 restore]# ls -ltr total 4 drwxr-xr-x. 4 root root 4096 Dec 25 22:18 RECOVERED_FILES
[root@centos01 restore]# ls -ltr RECOVERED_FILES/ total 16 -rw-r--r--. 1 root root 1006 Dec 25 22:14 passwd -rw-r--r--. 1 root root 1006 Dec 25 22:18 passwd.v1 drwxr-xr-x. 2 root root 4096 Dec 25 22:18 ssh drwxr-xr-x. 2 root root 4096 Dec 25 22:18 cbm.sh
[root@centos01 restore]# ls -ltr RECOVERED_FILES/cbm.sh/ total 4 -rw-r--r--. 1 root root 5 Dec 25 22:18 CBN
[root@centos01 restore]# ls -ltr RECOVERED_FILES/cbm.sh/CBN -rw-r--r--. 1 root root 5 Dec 25 22:18 RECOVERED_FILES/cbm.sh/CBN
[root@centos01 restore]# md5sum RECOVERED_FILES/cbm.sh/CBN d8e8fca2dc0f896fd7cb4cb0031ba249 RECOVERED_FILES/cbm.sh/CBN