- 论坛徽章:
- 0
|
本次实验在RedHat 5上进行
一、检查配置
所需的相关库
[root@localhost ~]# rpm -qa |grep e2fsprogs
e2fsprogs-libs-1.39-8.el5
e2fsprogs-1.39-8.el5
e2fsprogs-devel-1.39-8.el5
必须要有e2fsprogs-libs,不然在后面ext3grep的安装会有问题。
分区情况:
[root@offsite ~]# df -h
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/VolGroup00-LogVol00
6.7G 2.7G 3.7G 43% /
/dev/sda1 99M 11M 83M 12% /boot
tmpfs 252M 0 252M 0% /dev/shm
[root@offsite ~]#
二、安装软件
需要软件
ext3grep-0.6.0.tar.gz
[root@offsite ~]# cd /root/src
[root@offsite src]# ls
ext3grep-0.6.0.tar.gz
[root@offsite src]# tar -zxvf ext3grep-0.6.0.tar.gz
ext3grep-0.6.0/
ext3grep-0.6.0/config.guess
ext3grep-0.6.0/LICENSE.GPL2
ext3grep-0.6.0/INSTALL
.........
.........
ext3grep-0.6.0/src/sys.h.in
ext3grep-0.6.0/missing
ext3grep-0.6.0/configure.ac
[root@offsite src]#
[root@offsite ext3grep-0.6.0]# ./configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether to enable maintainer-specific portions of Makefiles... no
checking for gcc... gcc
checking for C compiler default output file name... a.out
.......
.......
config.status: creating src/Makefile
config.status: creating config.h
config.status: executing depfiles commands
[root@offsite ext3grep-0.6.0]#
[root@offsite ext3grep-0.6.0]# make install
Making install in src
make[1]: Entering directory `/root/src/ext3grep-0.6.0/src'
g++ -Iempty.pch.h -DHAVE_CONFIG_H -I. -I.. -g -DDEBUG -DUSE_MMAP=1 -include pch.h \
.........
.........
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/root/src/ext3grep-0.6.0'
make[1]: Leaving directory `/root/src/ext3grep-0.6.0'
[root@offsite ext3grep-0.6.0]#
[root@offsite ext3grep-0.6.0]# ext3grep
Running ext3grep version 0.6.0
No action specified; implying --superblock.
Usage: ext3grep [options] [--] device-file
Options:
........
........
--restore-all As --restore-file but attempts to restore everything.
The use of --after is highly recommended because the
attempt to restore very old files will only result in
them being hard linked to a more recently deleted file
and as such polute the output.
--show-hardlinks Show all inodes that are shared by two or more files.
三、创建一张模拟分区
[root@offsite data1]# dd if=/dev/zero of=disk1 bs=1024 count=2048000
2048000+0 records in
2048000+0 records out
2097152000 bytes (2.1 GB) copied, 65.1846 seconds, 32.2 MB/s
[root@offsite data1]# mkfs.ext3 disk1
mke2fs 1.39 (29-May-2006)
disk1 is not a block special device.
Proceed anyway? (y,n) y
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
256000 inodes, 512000 blocks
25600 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=524288000
16 block groups
32768 blocks per group, 32768 fragments per group
16000 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 34 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
[root@offsite data1]#
[root@offsite data1]# mkdir -p /dfs/a
[root@offsite data1]# mount -o loop /data1/disk1 /dfs/a/
[root@offsite data1]# ls -l
鎬昏? 2050004
-rw-r--r-- 1 root root 2097152000 07-07 17:26 disk1
[root@offsite data1]#
[root@offsite src]# df -h
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/VolGroup00-LogVol00
6.7G 4.7G 1.7G 75% /
/dev/sda1 99M 11M 83M 12% /boot
tmpfs 252M 0 252M 0% /dev/shm
/data1/disk1 2.0G 35M 1.8G 2% /dfs/a
[root@offsite src]#
四、拷贝一个子目录和一个执行文件到模拟目录
[root@offsite data1]# cp /bin/ls /dfs/a/
[root@offsite data1]# cp -rf /bin/ /dfs/a
[root@offsite src]# ls -al /dfs/a
总计 124
drwxr-xr-x 4 root root 4096 07-07 17:35 .
drwxr-xr-x 3 root root 4096 07-07 17:26 ..
drwxr-xr-x 2 root root 4096 07-07 17:35 bin
drwx------ 2 root root 16384 07-07 17:26 lost+found
-rwxr-xr-x 1 root root 93560 07-07 17:35 ls
五、删除上面拷贝ls文件和bin目录下面的zcat
[root@offsite ~]# rm /dfs/a/ls
rm:是否删除 一般文件 “/dfs/a/ls”? y
[root@offsite ~]#
[root@offsite ~]# rm /dfs/a/bin/zcat
rm:是否删除 一般文件 “/dfs/a/bin/zcat”? y
[root@offsite ~]#
[root@offsite ~]# ls -la /dfs/a/ls /dfs/a/bin/zcat
ls: /dfs/a/ls: 没有那个文件或目录
ls: /dfs/a/bin/zcat: 没有那个文件或目录
[root@offsite ~]#
六、恢复删除的ls文件和bin目录下的zcat
1、首先必须umount掉误删除数据的分区:
[root@offsite ~]# umount /data1/disk1
[root@offsite ~]# df -h
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/VolGroup00-LogVol00
6.7G 4.7G 1.7G 75% /
/dev/sda1 99M 11M 83M 12% /boot
tmpfs 252M 0 252M 0% /dev/shm
[root@offsite ~]#
2、确认卸载,然后使用ext3grep来恢复。
[root@offsite ~]# ext3grep /data1/disk1 --ls --inode 2 ---这里会创建扫描分区
Running ext3grep version 0.6.0
Number of groups: 16
Loading group metadata... done
Minimum / maximum journal block: 634 / 8836
Loading journal descriptors... sorting... done
Number of descriptors in journal: 78; min / max sequence numbers: 2 / 12
Inode is Allocated
Finding all blocks that might be directories.
D: block containing directory start, d: block containing more directory entries.
Each plus represents a directory start that references the same inode as a directory start that we found previously.
Searching group 0: DD+D+++
Searching group 1: +
Searching group 2:
Searching group 3:
Searching group 4:
Searching group 5:
Searching group 6:
Searching group 7:
Searching group 8:
Searching group 9:
Searching group 10:
Searching group 11:
Searching group 12:
Searching group 13:
Searching group 14:
Searching group 15:
Writing analysis so far to 'disk1.ext3grep.stage1'. Delete that file if you want to do this stage again.
Result of stage one:
3 inodes are referenced by one or more directory blocks, 3 of those inodes are still allocated.
2 inodes are referenced by more than one directory block, 2 of those inodes are still allocated.
0 blocks contain an extended directory.
Result of stage two:
3 of those inodes could be resolved because they are still allocated.
All directory inodes are accounted for!
Writing analysis so far to 'disk1.ext3grep.stage2'. Delete that file if you want to do this stage again.
The first block of the directory is 628.
Inode 2 is directory "".
Directory block 628:
.-- File type in dir_entry (r=regular file, d=directory, l=symlink)
| .-- D: Deleted ; R: Reallocated
Indx Next | Inode | Deletion time Mode File name
==========+==========+----------------data-from-inode------+-----------+=========
0 1 d 2 drwxr-xr-x .
1 2 d 2 drwxr-xr-x ..
2 4 d 11 drwx------ lost+found
3 4 r 12 D 1246959476 Tue Jul 7 17:37:56 2009 rrwxr-xr-x ls
4 end d 16001 drwxr-xr-x bin
[root@offsite ~]#
[root@offsite ~]# ext3grep /data1/disk1 --ls --inode 2
Running ext3grep version 0.6.0
Number of groups: 16
Loading group metadata... done
Minimum / maximum journal block: 634 / 8836
Loading journal descriptors... sorting... done
Number of descriptors in journal: 78; min / max sequence numbers: 2 / 12
Inode is Allocated
Loading disk1.ext3grep.stage2... done
The first block of the directory is 628.
Inode 2 is directory "".
Directory block 628:
.-- File type in dir_entry (r=regular file, d=directory, l=symlink)
| .-- D: Deleted ; R: Reallocated
Indx Next | Inode | Deletion time Mode File name
==========+==========+----------------data-from-inode------+-----------+=========
0 1 d 2 drwxr-xr-x .
1 2 d 2 drwxr-xr-x ..
2 4 d 11 drwx------ lost+found
3 4 r 12 D 1246959476 Tue Jul 7 17:37:56 2009 rrwxr-xr-x ls
4 end d 16001 drwxr-xr-x bin
[root@offsite ~]# ext3grep /data1/disk1 --restore-file ls ---开始恢复ls文件到/root/RESTORED_FILES/目录下
Running ext3grep version 0.6.0
Number of groups: 16
Minimum / maximum journal block: 634 / 8836
Loading journal descriptors... sorting... done
Number of descriptors in journal: 78; min / max sequence numbers: 2 / 12
Writing output to directory RESTORED_FILES/
Loading disk1.ext3grep.stage2... done
Restoring ls
[root@offsite ~]#
[root@offsite ~]# ext3grep /data1/disk1 --restore-file bin/ls ---开始恢复/bin/ls文件到/root/RESTORED_FILES/目录下
Running ext3grep version 0.6.0
Number of groups: 16
Minimum / maximum journal block: 634 / 8836
Loading journal descriptors... sorting... done
Number of descriptors in journal: 78; min / max sequence numbers: 2 / 12
Loading disk1.ext3grep.stage2... done
Restoring bin/ls
[root@offsite ~]# ls -la RESTORED_FILES/
总计 112
drwxr-xr-x 3 root root 4096 07-07 17:45 .
drwxr-x--- 21 root root 4096 07-07 17:44 ..
drwxr-xr-x 2 root root 4096 07-07 17:45 bin
-rwxr-xr-x 1 root root 93560 07-07 17:35 ls
[root@offsite ~]#
[root@offsite ~]# ext3grep /data1/disk1 --restore-file bin/zcat ---开始恢复/bin/zcat文件到/root/RESTORED_FILES/目录下
Running ext3grep version 0.6.0
Number of groups: 16
Minimum / maximum journal block: 634 / 8836
Loading journal descriptors... sorting... done
Number of descriptors in journal: 78; min / max sequence numbers: 2 / 12
Loading disk1.ext3grep.stage2... done
Restoring bin/zcat
[root@offsite ~]# ls -la RESTORED_FILES/bin/
总计 172
drwxr-xr-x 2 root root 4096 07-07 17:46 .
drwxr-xr-x 3 root root 4096 07-07 17:45 ..
-rwxr-xr-x 1 root root 93560 07-07 17:35 ls
-rwxr-xr-x 1 root root 62136 07-07 17:35 zcat
结果被删除的ls,zcat两个文件被还原到了
/root/RESTORED_FILES目录下
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u3/93765/showart_2030055.html |
|
免费注册
发表于 2009-08-17 17:10