Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux data recovery software efficiently practical application extundelete     - Help you to see Linux system architecture type 5 Common Commands (Linux)

- Linux usage in echo (Linux)

- Automated Password Generator: Linux under a special password generator (Linux)

- PostgreSQL use pgpool achieve high availability (Database)

- Github Getting Started Basic Course (Linux)

- Linux Security and Optimization (Linux)

- Linux RPM (Linux)

- Why you should choose Python Programming (Programming)

- JVM garbage collector and memory allocation strategy (Programming)

- Using BBED repair ORA-01190 error (Database)

- Introduction and MongoDB CRUD (Database)

- Oracle Data Pump Example (Database)

- C language programming entry - Common operators (Programming)

- Java, on the dfile.encoding Systemproperty (Programming)

- Linux monitoring tools introduced series --smem (Server)

- Linux static library generated Guide (Programming)

- Using Vagrant to build multi-platform environment (Server)

- How to find an IP address through the command line (Linux)

- lack of SWAP space during installation of Oracle (Database)

- React Getting Started Tutorial (Linux)

 
         
  Linux data recovery software efficiently practical application extundelete
     
  Add Date : 2018-11-21      
         
         
         
  As an operation and maintenance personnel, to ensure data security is a fundamental duty, so when maintenance of the system, to be cautious, but sometimes there is the case of accidentally deleted data will appear at this time to change how quickly and efficiently restore data it? In this article we will introduce several commonly used Linux system data recovery tool.

First, how to use the "rm -rf" command

In Linux systems, the command "rm -rf" You can delete any data directly from the hard disk and without any prompting, while under Linux nor Windows Recycle Bin under similar functionality means that data after deleting by conventional means can not be restored, so use this command to be very careful. Using the rm command, more secure method is to command parameters into the back, so there is a reminder of the role. In fact, there is a way, and that is something that will be removed by the mv command to move to the / tmp directory under the system, and then write a script to perform cleanup operations on a regular basis, this can reduce the risk of accidentally deleted data to a certain extent.

In fact, the best way is to do a backup to ensure data security, backup, although not a panacea, but no backup is absolutely not acceptable. Any data recovery tool has certain limitations, we can not guarantee complete recovery of all data, so the backup as the core, the data recovery tool is a guideline as an auxiliary operation and maintenance personnel must adhere to.

Two, extundelete similarities with ext3grep

Under Linux, the open source based data recovery tool There are many common are debugfs, R-Linux, ext3grep, extundelete and other, more commonly used ext3grep and extundelete, restore the principles of these two tools is basically the same, only more powerful extundelete This paper focuses on the use of extundelete.

Three, extundelete recovery principle

Before introducing the use extundelete to recover data, a brief introduction of knowledge about the inode. In Linux can be viewed with "ls -id" command to a file or directory inode value, such as viewing inode value of the root directory, you can enter:

[Root @ cloud1 ~] # ls -id /

2 /

inode can be seen, the root is 2.

When utilizing extundelete restore files does not depend on a specific file format, the first extundelete will (usually two directory inode) to obtain information about all files in the current file system through the inode file system information, including the existence and already deleted files This information includes the file name and inode. Then use the inode information inode combined log to query the position where the block, including direct blocks, indirect blocks, and other information. Finally dd command information back out to restore the data files.

Fourth, the installation extundelete

extundelete's official website is http://extundelete.sourceforge.net/, its current stable release is extundelete-0.2.4. Before installing extundelete need to install e2fsprogs and e2fsprogs-libs two dependencies.

e2fsprogs e2fsprogs-libs and installation is very simple, not described here. Here is extundelete compiler installation process:

[Root @ cloud1 app] #tar jxvf extundelete-0.2.4.tar.bz2

[Root @ cloud1 app] #cd extundelete-0.2.4

[Root @ cloud1 extundelete-0.2.4] #. / Configure

[Root @ cloud1 extundelete-0.2.4] #make

[Root @ cloud1 extundelete-0.2.4] #make install


After a successful installation extundelete, it will generate a extundelete executable file in the system. extundelete very simple to use, the reader can "extundelete --help" to get to use this software.

Five, extundelete Detailed description

Extundelete After the installation is complete, you can perform data recovery operations, and this section details the meanings extundelete each parameter. extundelete used as follows:

extundelete --help

Format:

extundelete [options] [action] device-file

Wherein the parameters (options) are:

--version, - [vV], display the software version number.

--help, display software help.

--superblock, display the superblock information.

--journal, display the log information.

--after dtime, time parameters, indicating that after a certain period of time deleted files or directories.

--before dtime, time parameters, represents a period of time before being deleted files or directories.

Action (action) are:

--inode ino, display node "ino" information.

--block blk, display data block "blk" information.

--restore-inode ino [, ino, ...], restore command parameters, it indicates that the recovery node "ino" files, file recovery will be automatically placed in the current directory RESTORED_FILES file folder, use the node number as the extension .

--restore-file 'path', restore command parameters specified path that will restore the file, and the file recovery RECOVERED_FILES placed under the current directory.

--restore-files 'path', the restore command parameters, it said it would resume listed in the path of all the files.

--restore-all, restore command parameters, it said it will try to recover all the directories and files.

-j journal, indicates reading extension logs from the named file.

-b blocknumber, represents superblock backup before use to open the file system, generally used to view existing super block is not currently desired files.

-B Blocksize, that the use of the data block size to open the file system, generally used for viewing already know the size of the file.

Six combat: extundelete recovery process data

After the data has been accidentally deleted, the first time to do is to uninstall deleted data resides disk or disk partition, if the system root partition was accidentally deleted data, you need to enter the single-user system, and the root partition mounted read-only. The reason is very simple, because the file will be deleted, just the inode node file sector pointer is cleared, the actual file is also stored on disk, if the disk is mounted read-write mode, these deleted data blocks of a file can be reassigned out of the operating system, after which data blocks are new data coverage, these data really lost, but also back to power recovery tool-free days. Therefore, in order to mount the disk read-only mode can minimize the risk of data in the data block is covered in order to improve the success rate of data recovery.

6.1 restore individual files extundelete

1. Analog data accidentally deleted Environment

Before presenting recover data extundelete, we first have to simulate a data accidentally deleted environment, here we ext3 file system, for example, under the ext4 file system recovery with this exactly the same way. Simple simulation procedure is as follows:

[Root @ cloud1 ~] #mkdir / data

[Root @ cloud1 ~] # mkfs.ext3 / dev / sdc1

[Root @ cloud1 ~] #mount / dev / sdc1 / data

[Root @ cloud1 ~] # cp / etc / passwd / data

[Root @ cloud1 ~] # cp -r /app/ganglia-3.4.0 / data

[Root @ cloud1 ~] # mkdir / data / test

[Root @ cloud1 ~] # echo "extundelete test"> /data/test/mytest.txt

[Root @ cloud1 ~] #cd / data

[Root @ cloud1 data] # md5sum passwd

0715baf8f17a6c51be63b1c5c0fbe8c5 passwd

[Root @ cloud1 data] # md5sum test / mytest.txt

eb42e4b3f953ce00e78e11bf50652a80 test / mytest.txt

[Root @ cloud1 data] # rm -rf / data / *

2. Uninstall disk partition

After the data is accidentally deleted, immediately you need to do is to uninstall this partition:

[Root @ cloud1 data] #cd / mnt

[Root @ cloud1 mnt] # umount / data

3. Query recoverable data

By extundelete command to query / dev / sdc1 partition recoverable data:

[Root @ cloud1 /] # extundelete / dev / sdc1 --inode 2

......

File name | Inode number | Deleted status

. 2

.. 2

lost + found 11 Deleted

passwd 49153 Deleted

test 425985 Deleted

ganglia-3.4.0 245761 Deleted


According to the above output, the state is marked as Deleted deleted files or directories. You can also see the value of each deleted inode file, then you can restore files.

4. Restore individual files

Run the following command to begin to restore files:

[Root @ cloud1 /] # extundelete / dev / sdc1 --restore-file passwd

Loading filesystem metadata ... 40 groups loaded.

Loading journal descriptors ... 54 descriptors loaded.

Successfully restored file passwd

[Root @ cloud1 /] # cd RECOVERED_FILES /

[Root @ cloud1 RECOVERED_FILES] # ls

passwd

[Root @ cloud1 RECOVERED_FILES] # md5sum passwd

0715baf8f17a6c51be63b1c5c0fbe8c5 passwd


extundelete restore a single file parameter is "--restore-file", to note here is, "- restore-file" is specified after the file recovery path, the path is a relative path to the file. Relative paths are relative to the original file storage path in terms of, for example, the original file is stored in the path / data / passwd, then back to the parameters specified directly passwd file, if the original file is stored in the path / data / test / mytest.txt, then back through the parameter "test / mytest.txt" can be specified.

After the file recovery is successful, extundelete default command creates a directory under RECOVERED_FILES Run the current directory, which is used to store the recovered file, execute the command extundelete current directory must be writable.

According to the above output via the command md5sum validation, verification code exactly as before, indicating a successful file recovery.

6.2 by extundelete restore a single directory

In addition to supporting extundelete restore individual files, but also support the restoration of a single directory, when you need to restore the directory, you can restore all data in the specified directory via "--restore-directory" option.

Continue under simulated operating environment above accidentally deleted data, and now want to restore ganglia-3.4.0 file / data directory folder, as follows:

[Root @ cloud1 mnt] # extundelete / dev / sdc1 --restore-directory /ganglia-3.4.0

Loading filesystem metadata ... 40 groups loaded.

Loading journal descriptors ... 247 descriptors loaded.

Searching for recoverable inodes in directory /ganglia-3.4.0 ...

781 recoverable inodes found.

Looking through the directory structure for deleted files ...

4 recoverable inodes still lost.

[Root @ cloud1 mnt] # ls

RECOVERED_FILES

[Root @ cloud1 mnt] # cd RECOVERED_FILES /

[Root @ cloud1 RECOVERED_FILES] # ls

ganglia-3.4.0

Before you can see the deleted directory ganglia-3.4.0 has been successfully restored into the directory examination revealed: All file contents and size are normal.

6.3 recover all accidentally deleted data extundelete

When the data needs to be recovered more, one by one specified file or directory will be a very arduous and time-consuming job, but, extundelete consideration to this point where you can "--restore-all" option to restore all delete files or folders.

Still under simulated operating environment above accidentally deleted data, now you want to restore all data, operation under / data directory as follows:

[Root @ cloud1 mnt] # extundelete / dev / sdc1 --restore-all

Loading filesystem metadata ... 40 groups loaded.

Loading journal descriptors ... 247 descriptors loaded.

Searching for recoverable inodes in directory / ...

781 recoverable inodes found.

Looking through the directory structure for deleted files ...

0 recoverable inodes still lost.

[Root @ cloud1 mnt] # ls

RECOVERED_FILES

[Root @ cloud1 mnt] # cd RECOVERED_FILES /

[Root @ cloud1 RECOVERED_FILES] # ls

ganglia-3.4.0 passwd test

[Root @ cloud1 RECOVERED_FILES] # du -sh / mnt / RECOVERED_FILES / *

15M /mnt/RECOVERED_FILES/ganglia-3.4.0

4.0K / mnt / RECOVERED_FILES / passwd

8.0K / mnt / RECOVERED_FILES / test


You can see all data fully recovered.

6.4 recover data for a period of time by extundelete

Sometimes removed large amount of data, many of which data are useless, we need to restore only one part of the data, at this time, if all the data recovery approach is not only time consuming, but also a waste of resources, in this case, next, we need to use another kind of recovery mechanisms selectively restore, extundelete provided "-after" "and" --before "parameter, you can specify a period of time, and then restore only this time period.

Below through a simple example that describes how to recover under a certain time period.

We first assume that at / data directory has just created a compressed file ganglia-3.4.0.tar.gz, and then delete this file, then uninstall / data partition, recover files begin within one hour, as follows:

[Root @ cloud1 ~] #cd / data /

[Root @ cloud1 data] # cp /app/ganglia-3.4.0.tar.gz / data

[Root @ cloud1 data] # date +% s

1379150309

[Root @ cloud1 data] # rm -rf ganglia-3.4.0.tar.gz

[Root @ cloud1 data] # cd / mnt

[Root @ cloud1 mnt] # umount / data

[Root @ cloud1 mnt] # date +% s

1379150340

[Root @ cloud1 mnt] # extundelete --after 1379146740 --restore-all / dev / sdc1

Only show and process deleted entries if they are deleted on or after 1379146740 and before 9223372036854775807.

Loading filesystem metadata ... 40 groups loaded.

Loading journal descriptors ... 247 descriptors loaded.

Searching for recoverable inodes in directory / ...

779 recoverable inodes found.

[Root @ cloud1 mnt] # cd RECOVERED_FILES /

[Root @ cloud1 RECOVERED_FILES] # ls

ganglia-3.4.0.tar.gz


You can see, just delete the file has been successfully restored, in the / data directory, there are many deleted files but did not recover, and this is "--after" result parameter control, because the next / data directory all other files It is deleted the day before, and we recover the file is deleted within an hour, and this is no other reason to restore deleted files.

During this operation, you need to pay attention to is "--after" after the parameter with time is the total number of seconds. Starting time is "1970-01-01 00:00:00 UTC", the current time into the total number of seconds by "date +% s" command can be, because the data is restored within an hour, so "1379146740 "this value is through" 1379150340 "minus" 60 * 60 = 3600 "obtained.
     
         
         
         
  More:      
 
- To install Scribus 1.4.4 under ubuntu (Linux)
- Oracle Bug caused by the collection of AWR Snapshot fault (Database)
- VSFTPD Security (Linux)
- Linux keyboard recording script (Linux)
- C ++ Object Model Comments (Programming)
- Android View event delivery (Programming)
- Oracle 12C with multi-column index (Database)
- How to make GRub instead of the default Ubuntu software center (Linux)
- Linux excellent text editor (Markdown, LaTeX, MathJax) (Linux)
- Linux firewall settings instance (Linux)
- Java data structures - order linear form of table ArrayList (Programming)
- Java implementation chain store binary tree (Programming)
- Linux system started to learn: how to view the Linux thread of a process (Linux)
- Do not find ifconfig eth0 and IP address under CentOS6.5 (Linux)
- Ubuntu 10.04 to Ubuntu 10.10 Upgrade (Linux)
- Understand ASP.NET 5 running the command: DNVM, DNX, and DNU (Server)
- Oracle database online redo logs are several methods of recovery of deleted (Database)
- ELKstack log analysis platform (Server)
- Wireless LAN security solutions (Linux)
- How to install and use the Snort in Ubuntu 15.04 (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.