欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

linux環(huán)境下恢復(fù)rm誤刪的文件方法

 更新時間:2021年11月30日 09:36:17   作者:AlbertS  
大家好,本篇文章主要講的是linux環(huán)境下恢復(fù)rm誤刪的文件方法,感興趣的同學(xué)趕快來看一看吧,對你有幫助的話記得收藏一下哦

前言

一提到在 linux 環(huán)境下刪除文件,那絕對離不開 sudo rm -rf /* 這個梗,每次看到這個命令,我都想到一幅惡搞的圖片:

rm

這個『清理垃圾』的說明真是解釋的“恰到好處”,據(jù)說有小白在論壇問問題,被人開玩笑的回復(fù)了 sudo rm -rf /* 這個命令,結(jié)果問題就解決了,人也拜拜了~

從刪庫到跑路,一天一個入獄小技巧,所以我們一定要謹(jǐn)慎使用 rm -rf 命令,這相當(dāng)于我們在 Windows 上使用 Shift+Delete 組合,文件不會放到回收站中,而是直接永久刪除了,在 Linux 中執(zhí)行 rm 命令就相當(dāng)于永久刪除。

雖說 sudo rm -rf /* 危險無比,但是我們很少會直接這樣寫,但是 rm 命令還是經(jīng)常用的,這不就在前幾天,辛辛苦苦寫的Shell腳本就被我直接 rm -rf 刪掉了,幸虧我之前將內(nèi)容打印到了控制臺,否則整個腳本就白寫了。

rm之后還有救嗎

盡管 rm 命令表示永久刪除,但是不代表文件就一定找不回來,只是找回的幾率有大有小。其實(shí)刪除命令只是在文件節(jié)點(diǎn)中作刪除標(biāo)記,并不真正清除文件內(nèi)容,如果刪除后馬上進(jìn)行恢復(fù),那么成功的概率還是很大的,但是如果其他用戶一直在用這臺機(jī)器,或者有一些寫盤操作的進(jìn)程一直在執(zhí)行,那么這部分?jǐn)?shù)據(jù)可能很快就會被覆蓋。這時基本上就無法恢復(fù)該文件了。

使用foremost找回文件

foremost 是一個基于文件頭和尾部信息以及文件的內(nèi)建數(shù)據(jù)結(jié)構(gòu)恢復(fù)文件的命令行工具,接下來是安裝和恢復(fù)的步驟:

安裝 foremost

CentOS系統(tǒng)直接運(yùn)行 sudo yum install https://forensics.cert.org/centos/cert/7/x86_64//foremost-1.5.7-13.1.el7.x86_64.rpm -y 命令就可以完成

如果是Ubuntu系統(tǒng)請嘗試命令:sudo apt install foremost

[root@VM-0-3-centos ~]# sudo yum install https://forensics.cert.org/centos/cert/7/x86_64//foremost-1.5.7-13.1.el7.x86_64.rpm -y
Loaded plugins: fastestmirror, langpacks
Repository epel is listed more than once in the configuration
foremost-1.5.7-13.1.el7.x86_64.rpm                                                     |  46 kB  00:00:01
Examining /var/tmp/yum-root-XJIfxM/foremost-1.5.7-13.1.el7.x86_64.rpm: foremost-1.5.7-13.1.el7.x86_64
Marking /var/tmp/yum-root-XJIfxM/foremost-1.5.7-13.1.el7.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package foremost.x86_64 0:1.5.7-13.1.el7 will be installed
--> Finished Dependency Resolution
epel/7/x86_64                                                                          | 4.7 kB  00:00:00
epel/7/x86_64/group_gz                                                                 |  96 kB  00:00:00
epel/7/x86_64/updateinfo                                                               | 1.0 MB  00:00:00
epel/7/x86_64/primary_db                                                               | 7.0 MB  00:00:01
extras/7/x86_64                                                                        | 2.9 kB  00:00:00
extras/7/x86_64/primary_db                                                             | 243 kB  00:00:00
os/7/x86_64                                                                            | 3.6 kB  00:00:00
updates/7/x86_64                                                                       | 2.9 kB  00:00:00
updates/7/x86_64/primary_db                                                            |  12 MB  00:00:01

Dependencies Resolved

=====================================================================================================================
 Package                    Arch                 Version                 Repository                           Size
=====================================================================================================================
Installing:
 foremost                  x86_64           1.5.7-13.1.el7           /foremost-1.5.7-13.1.el7.x86_64          85 k

Transaction Summary
=====================================================================================================================
Install  1 Package

Total size: 85 k
Installed size: 85 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : foremost-1.5.7-13.1.el7.x86_64                                                1/1
  Verifying  : foremost-1.5.7-13.1.el7.x86_64                                                1/1

Installed:
  foremost.x86_64 0:1.5.7-13.1.el7

Complete!
[root@VM-0-3-centos ~]#

創(chuàng)建一個測試文件

[root@VM-0-3-centos ~]# echo "this is a important file">important.txt
[root@VM-0-3-centos ~]# pwd
/root
[root@VM-0-3-centos ~]# ls
connecttendis.sh  important.txt  restore  tarlist  tendis  test.iso
[root@VM-0-3-centos ~]# mkdir -p /tmp/restore

刪除文件后嘗試還原

[root@VM-0-3-centos ~]# rm important.txt
[root@VM-0-3-centos ~]# foremost -i /dev/vda1 -o /tmp/restore/
Processing: /dev/vda1
|***********Segmentation fault

執(zhí)行幾分鐘之后崩潰,恢復(fù)失敗,打開目錄查看發(fā)現(xiàn):

[root@VM-0-3-centos ~]# ls /tmp/restore/
audit.txt  bmp  doc   exe  htm  jpg  mov  mpg  pdf  ppt   rar  sdw  sxc  sxw  wav  xls   zip
avi        dll  docx  gif  jar  mbd  mp4  ole  png  pptx  rif  sx   sxi  vis  wmv  xlsx

看來與需要恢復(fù)的文件類型有關(guān),換臺機(jī)器再換一個png文件試試,先找一個showball.png測試文件,然后確認(rèn)分區(qū) /dev/vda1

[root@VM-0-3-centos ~]# df
Filesystem     1K-blocks    Used Available Use% Mounted on
devtmpfs          930496       0    930496   0% /dev
tmpfs             941004      24    940980   1% /dev/shm
tmpfs             941004     508    940496   1% /run
tmpfs             941004       0    941004   0% /sys/fs/cgroup
/dev/vda1       51473868 6458344  42692404  14% /
/dev/loop0        361650  361650         0 100% /mnt/iso
tmpfs             188204       0    188204   0% /run/user/0
[root@VM-0-3-centos ~]# pwd
/root
[root@VM-0-3-centos ~]# ls
restore  showball.png

刪除png文件后嘗試恢復(fù),進(jìn)度條結(jié)束后即可進(jìn)入指定的目錄 /root/restore/ 查看

[root@VM-0-3-centos ~]# rm showball.png
rm: remove regular file ‘showball.png'? y
[root@VM-0-3-centos ~]# pwd
/root
[root@VM-0-3-centos ~]# foremost -t png -i /dev/vda1 -o /root/restore/
Processing: /dev/vda1
|*********************************************************************************************|

在指定目錄下會有一個 audit.txt 統(tǒng)計(jì)文件和一個類型文件夾 png

[root@VM-0-3-centos ~]# ll restore/
total 40
-rw-r--r-- 1 root root 24548 Nov 27 22:57 audit.txt
drwxr-xr-- 2 root root 16384 Nov 27 22:56 png
[root@VM-0-3-centos ~]# cd restore/
[root@VM-0-3-centos restore]# ll png
total 43764
-rw-r--r-- 1 root root    3500 Nov 27 22:53 00367400.png
-rw-r--r-- 1 root root    3578 Nov 27 22:53 00367408.png
-rw-r--r-- 1 root root    3445 Nov 27 22:53 00367416.png
-rw-r--r-- 1 root root     368 Nov 27 22:53 00367432.png
-rw-r--r-- 1 root root     363 Nov 27 22:53 00367456.png
-rw-r--r-- 1 root root     392 Nov 27 22:53 00367464.png
-rw-r--r-- 1 root root     199 Nov 27 22:53 00367616.png
...

png目錄下的文件名都是一些編號,與原來刪除的文件完全不一樣了,需要根據(jù) audit.txt 文件確認(rèn),打開文件確認(rèn)一下:

[root@VM-0-3-centos restore]# head audit.txt
Foremost version 1.5.7 by Jesse Kornblum, Kris Kendall, and Nick Mikus
Audit File

Foremost started at Sat Nov 27 22:53:48 2021
Invocation: foremost -t png -i /dev/vda1 -o /root/restore/
Output directory: /root/restore
Configuration file: /etc/foremost.conf
------------------------------------------------------------------
File: /dev/vda1
Start: Sat Nov 27 22:53:48 2021
[root@VM-0-3-centos restore]# head -n 20 audit.txt
Foremost version 1.5.7 by Jesse Kornblum, Kris Kendall, and Nick Mikus
Audit File

Foremost started at Sat Nov 27 22:53:48 2021
Invocation: foremost -t png -i /dev/vda1 -o /root/restore/
Output directory: /root/restore
Configuration file: /etc/foremost.conf
------------------------------------------------------------------
File: /dev/vda1
Start: Sat Nov 27 22:53:48 2021
Length: 49 GB (53686025728 bytes)

Num  Name (bs=512)         Size  File Offset     Comment

0:  00367400.png           3 KB       188108800       (16 x 16)
1:  00367408.png           3 KB       188112896       (16 x 16)
2:  00367416.png           3 KB       188116992       (16 x 16)
3:  00367432.png          368 B       188125184       (16 x 16)
4:  00367456.png          363 B       188137472       (16 x 16)
5:  00367464.png          392 B       188141568       (16 x 16)
...

audit.txt 文件中記錄著恢復(fù)文件的簡要信息,這需要你知道原來刪除文件的相關(guān)信息,不然就只能一個個打開查看了,我是通過分辨率查找的

[root@VM-0-3-centos restore]# grep "1217" audit.txt
116:    12888200.png          40 KB      6598758400       (1217 x 690)
360:    38088960.png          40 KB      19501547520      (1217 x 690)

根據(jù)過濾出的信息把 12888200.png 打開發(fā)現(xiàn)就是自己“誤刪”的文件這就恢復(fù)好了

使用extundelete找回文件

extundelete 支持ext3、ext4文件系統(tǒng)下的文件恢復(fù),使用 cat /etc/fstab 可以在linux環(huán)境下查看文件系統(tǒng)類型

[root@VM-0-3-centos ~]# cat /etc/fstab
UUID=21dbe030-aa71-4b3a-8610-3b942dd447fa            /                    ext4       noatime,acl,user_xattr 1 1
proc                 /proc                proc       defaults              0 0
sysfs                /sys                 sysfs      noauto                0 0
debugfs              /sys/kernel/debug    debugfs    noauto                0 0
devpts               /dev/pts             devpts     mode=0620,gid=5       0 0
[root@VM-0-3-centos ~]#

安裝依賴文件

[root@VM-0-3-centos ~]# yum install e2fsprogs-devel
Loaded plugins: fastestmirror, langpacks
Repository epel is listed more than once in the configuration
Determining fastest mirrors
epel                                                                                  | 4.7 kB  00:00:00
extras                                                                                | 2.9 kB  00:00:00
os                                                                                    | 3.6 kB  00:00:00
updates                                                                               | 2.9 kB  00:00:00
(1/2): epel/7/x86_64/updateinfo                                                       | 1.0 MB  00:00:00
(2/2): epel/7/x86_64/primary_db                                                       | 7.0 MB  00:00:01
Resolving Dependencies
--> Running transaction check
---> Package e2fsprogs-devel.x86_64 0:1.42.9-19.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================
 Package                 Arch                     Version                       Repository          Size
===============================================================================================================
Installing:
 e2fsprogs-devel        x86_64                    1.42.9-19.el7                     os              73 k

Transaction Summary
===============================================================================================================
Install  1 Package

Total download size: 73 k
Installed size: 162 k
Is this ok [y/d/N]: y
Downloading packages:
e2fsprogs-devel-1.42.9-19.el7.x86_64.rpm                                              |  73 kB  00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : e2fsprogs-devel-1.42.9-19.el7.x86_64                                  1/1
  Verifying  : e2fsprogs-devel-1.42.9-19.el7.x86_64                                  1/1

Installed:
  e2fsprogs-devel.x86_64 0:1.42.9-19.el7

Complete!
[root@VM-0-3-centos ~]#

下載extundelete源碼

[root@VM-0-3-centos ~]# wget https://src.fedoraproject.org/repo/pkgs/extundelete/extundelete-0.2.4.tar.bz2/77e626ad31433680c0a222069295d2ca/extundelete-0.2.4.tar.bz2
--2021-11-28 18:36:15--  https://src.fedoraproject.org/repo/pkgs/extundelete/extundelete-0.2.4.tar.bz2/77e626ad31433680c0a222069295d2ca/extundelete-0.2.4.tar.bz2
Resolving src.fedoraproject.org (src.fedoraproject.org)... 38.145.60.20, 38.145.60.21
Connecting to src.fedoraproject.org (src.fedoraproject.org)|38.145.60.20|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 108472 (106K) [application/x-bzip2]
Saving to: ‘extundelete-0.2.4.tar.bz2'

100%[============================================================================>] 108,472     33.5KB/s   in 3.2s

2021-11-28 18:36:20 (33.5 KB/s) - ‘extundelete-0.2.4.tar.bz2' saved [108472/108472]

[root@VM-0-3-centos ~]# ls
extundelete-0.2.4.tar.bz2

解壓extundelete源碼

[root@VM-0-3-centos ~]# tar -jxvf extundelete-0.2.4.tar.bz2
extundelete-0.2.4/
extundelete-0.2.4/acinclude.m4
extundelete-0.2.4/missing
extundelete-0.2.4/autogen.sh
extundelete-0.2.4/aclocal.m4
extundelete-0.2.4/configure
extundelete-0.2.4/LICENSE
extundelete-0.2.4/README
extundelete-0.2.4/install-sh
extundelete-0.2.4/config.h.in
extundelete-0.2.4/src/
extundelete-0.2.4/src/extundelete.cc
extundelete-0.2.4/src/block.h
extundelete-0.2.4/src/kernel-jbd.h
extundelete-0.2.4/src/insertionops.cc
extundelete-0.2.4/src/block.c
extundelete-0.2.4/src/cli.cc
extundelete-0.2.4/src/extundelete-priv.h
extundelete-0.2.4/src/extundelete.h
extundelete-0.2.4/src/jfs_compat.h
extundelete-0.2.4/src/Makefile.in
extundelete-0.2.4/src/Makefile.am
extundelete-0.2.4/configure.ac
extundelete-0.2.4/depcomp
extundelete-0.2.4/Makefile.in
extundelete-0.2.4/Makefile.am
[root@VM-0-3-centos ~]# cd extundelete-0.2.4/
[root@VM-0-3-centos extundelete-0.2.4]# ls
acinclude.m4  aclocal.m4  autogen.sh   config.h.in  configure  configure.ac  depcomp
install-sh    LICENSE     Makefile.am  Makefile.in  missing    README        src
[root@VM-0-3-centos extundelete-0.2.4]#

編譯xtundelete源碼安裝

[root@VM-0-3-centos extundelete-0.2.4]# ./configure --prefix=/usr/local/extundelete && make && make install
Configuring extundelete 0.2.4
Writing generated files to disk
make -s all-recursive
Making all in src
extundelete.cc: In function ‘ext2_ino_t find_inode(ext2_filsys, ext2_filsys, ext2_inode*, std::string, int)':
extundelete.cc:1272:29: warning: narrowing conversion of ‘search_flags' from ‘int' to ‘ext2_ino_t {aka unsigned int}' inside { } [-Wnarrowing]
    buf, match_name2, priv, 0};
                             ^
Making install in src
  /usr/bin/install -c extundelete '/usr/local/extundelete/bin'
[root@VM-0-3-centos extundelete-0.2.4]# which extundelete
/usr/bin/which: no extundelete in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[root@VM-0-3-centos extundelete-0.2.4]# ll /usr/local/extundelete/bin/
total 1296
-rwxr-xr-x 1 root root 1323360 Nov 28 18:45 extundelete

如果在這一步報錯 configure: error: C++ compiler cannot create executables,可以運(yùn)行 yum -y install gcc-c++ 命令安裝編譯環(huán)境

準(zhǔn)備測試文件

[root@VM-0-3-centos examples]# df -T
Filesystem     Type     1K-blocks    Used Available Use% Mounted on
devtmpfs       devtmpfs    930496       0    930496   0% /dev
tmpfs          tmpfs       941004      24    940980   1% /dev/shm
tmpfs          tmpfs       941004     508    940496   1% /run
tmpfs          tmpfs       941004       0    941004   0% /sys/fs/cgroup
/dev/vda1      ext4      51473868 6465732  42685016  14% /
/dev/loop0     iso9660     361650  361650         0 100% /mnt/iso
tmpfs          tmpfs       188204       0    188204   0% /run/user/0
[root@VM-0-3-centos examples]# cp ../extundelete-0.2.4.tar.bz2 .
[root@VM-0-3-centos examples]# ls
extundelete-0.2.4.tar.bz2

查詢文件的inode信息

我們選擇剛剛下載的extundelete源碼包作為“誤刪”的文件,先查看一下信息,-li 可以在第一列查看文件的inode信息,examples文件夾的inode值為1311798:

[root@VM-0-3-centos ~]# ls examples/
extundelete-0.2.4.tar.bz2
[root@VM-0-3-centos ~]# ls -li
total 361676
1311798 drwxr-xr-x 2 root root      4096 Nov 28 20:28 examples
1310761 drwxr-xr-x 3 1000 1000      4096 Nov 28 18:45 extundelete-0.2.4
 918157 drwxr-xr-x 2 root root      4096 Feb 28  2021 tarlist
 396057 -rw-r--r-- 1 root root 370329600 Feb 27  2021 test.iso

刪除測試文件,并用查詢信息

[root@VM-0-3-centos ~]# cd examples/
[root@VM-0-3-centos examples]# ls
extundelete-0.2.4.tar.bz2
[root@VM-0-3-centos examples]# rm extundelete-0.2.4.tar.bz2 -f
[root@VM-0-3-centos examples]# ls
[root@VM-0-3-centos examples]# /usr/local/extundelete/bin/extundelete /dev/vda1 --inode 1311798
NOTICE: Extended attributes are not restored.
WARNING: EXT3_FEATURE_INCOMPAT_RECOVER is set.
The partition should be unmounted to undelete any files without further data loss.
If the partition is not currently mounted, this message indicates
it was improperly unmounted, and you should run fsck before continuing.
If you decide to continue, extundelete may overwrite some of the deleted
files and make recovering those files impossible.  You should unmount the
file system and check it with fsck before using extundelete.
Would you like to continue? (y/n)
y
Loading filesystem metadata ... 400 groups loaded.
Group: 160
Contents of inode 1311798:
0000 | ed 41 00 00 00 10 00 00 7a 62 a3 61 1b 7a a3 61 | .A......zb.a.z.a
0010 | 1b 7a a3 61 00 00 00 00 00 00 02 00 08 00 00 00 | .z.a............
0020 | 00 00 08 00 0b 00 00 00 0a f3 01 00 04 00 00 00 | ................
0030 | 00 00 00 00 00 00 00 00 01 00 00 00 79 20 50 00 | ............y P.
0040 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0050 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0060 | 00 00 00 00 7c 63 ab ad 00 00 00 00 00 00 00 00 | ....|c..........
0070 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0080 | 1c 00 00 00 80 da 0d a3 80 da 0d a3 94 24 04 08 | .............$..
0090 | 7a 62 a3 61 94 24 04 08 00 00 00 00 00 00 00 00 | zb.a.$..........
00a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00b0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00d0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00e0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00f0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

Inode is Allocated
File mode: 16877
Low 16 bits of Owner Uid: 0
Size in bytes: 4096
Access time: 1638097530
Creation time: 1638103579
Modification time: 1638103579
Deletion Time: 0
Low 16 bits of Group Id: 0
Links count: 2
Blocks count: 8
File flags: 524288
File version (for NFS): 2913690492
File ACL: 0
Directory ACL: 0
Fragment address: 0
Direct blocks: 127754, 4, 0, 0, 1, 5251193, 0, 0, 0, 0, 0, 0
Indirect block: 0
Double indirect block: 0
Triple indirect block: 0

File name                                       | Inode number | Deleted status
.                                                 1311798
..                                                393219
extundelete-0.2.4.tar.bz2                         396764         Deleted
conftest.err                                      1311833        Deleted
[root@VM-0-3-centos examples]#

我們發(fā)現(xiàn) extundelete-0.2.4.tar.bz2 文件的狀態(tài)為 Deleted

使用extundelete恢復(fù)文件

[root@VM-0-3-centos ~]# /usr/local/extundelete/bin/extundelete /dev/vda1 --restore-directory /tmp
NOTICE: Extended attributes are not restored.
WARNING: EXT3_FEATURE_INCOMPAT_RECOVER is set.
The partition should be unmounted to undelete any files without further data loss.
If the partition is not currently mounted, this message indicates
it was improperly unmounted, and you should run fsck before continuing.
If you decide to continue, extundelete may overwrite some of the deleted
files and make recovering those files impossible.  You should unmount the
file system and check it with fsck before using extundelete.
Would you like to continue? (y/n)
y
Loading filesystem metadata ... 400 groups loaded.
Loading journal descriptors ... 31842 descriptors loaded.
*** Error in `/usr/local/extundelete/bin/extundelete': double free or corruption (!prev): 0x00000000014d6020 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x81299)[0x7f5c08190299]
/usr/local/extundelete/bin/extundelete[0x40cdcb]
/usr/local/extundelete/bin/extundelete[0x40fee6]
/usr/local/extundelete/bin/extundelete[0x4045b4]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f5c08131555]
/usr/local/extundelete/bin/extundelete[0x404aef]
======= Memory map: ========
00400000-0041c000 r-xp 00000000 fd:01 1311942                            /usr/local/extundelete/bin/extundelete
0061c000-0061d000 r--p 0001c000 fd:01 1311942                            /usr/local/extundelete/bin/extundelete
0061d000-0061e000 rw-p 0001d000 fd:01 1311942                            /usr/local/extundelete/bin/extundelete
0061e000-0061f000 rw-p 00000000 00:00 0
014c6000-0176e000 rw-p 00000000 00:00 0                                  [heap]
7f5c00000000-7f5c00021000 rw-p 00000000 00:00 0
7f5c00021000-7f5c04000000 ---p 00000000 00:00 0
7f5c07ca1000-7f5c07ef3000 rw-p 00000000 00:00 0
7f5c07ef3000-7f5c07f0a000 r-xp 00000000 fd:01 265649                     /usr/lib64/libpthread-2.17.so
7f5c07f0a000-7f5c08109000 ---p 00017000 fd:01 265649                     /usr/lib64/libpthread-2.17.so
7f5c08109000-7f5c0810a000 r--p 00016000 fd:01 265649                     /usr/lib64/libpthread-2.17.so
7f5c0810a000-7f5c0810b000 rw-p 00017000 fd:01 265649                     /usr/lib64/libpthread-2.17.so
7f5c0810b000-7f5c0810f000 rw-p 00000000 00:00 0
7f5c0810f000-7f5c082d2000 r-xp 00000000 fd:01 265623                     /usr/lib64/libc-2.17.so
7f5c082d2000-7f5c084d2000 ---p 001c3000 fd:01 265623                     /usr/lib64/libc-2.17.so
7f5c084d2000-7f5c084d6000 r--p 001c3000 fd:01 265623                     /usr/lib64/libc-2.17.so
7f5c084d6000-7f5c084d8000 rw-p 001c7000 fd:01 265623                     /usr/lib64/libc-2.17.so
7f5c084d8000-7f5c084dd000 rw-p 00000000 00:00 0
7f5c084dd000-7f5c084f2000 r-xp 00000000 fd:01 291206                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f5c084f2000-7f5c086f1000 ---p 00015000 fd:01 291206                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f5c086f1000-7f5c086f2000 r--p 00014000 fd:01 291206                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f5c086f2000-7f5c086f3000 rw-p 00015000 fd:01 291206                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f5c086f3000-7f5c087f4000 r-xp 00000000 fd:01 287349                     /usr/lib64/libm-2.17.so
7f5c087f4000-7f5c089f3000 ---p 00101000 fd:01 287349                     /usr/lib64/libm-2.17.so
7f5c089f3000-7f5c089f4000 r--p 00100000 fd:01 287349                     /usr/lib64/libm-2.17.so
7f5c089f4000-7f5c089f5000 rw-p 00101000 fd:01 287349                     /usr/lib64/libm-2.17.so
7f5c089f5000-7f5c08ade000 r-xp 00000000 fd:01 266798                     /usr/lib64/libstdc++.so.6.0.19
7f5c08ade000-7f5c08cde000 ---p 000e9000 fd:01 266798                     /usr/lib64/libstdc++.so.6.0.19
7f5c08cde000-7f5c08ce6000 r--p 000e9000 fd:01 266798                     /usr/lib64/libstdc++.so.6.0.19
7f5c08ce6000-7f5c08ce8000 rw-p 000f1000 fd:01 266798                     /usr/lib64/libstdc++.so.6.0.19
7f5c08ce8000-7f5c08cfd000 rw-p 00000000 00:00 0
7f5c08cfd000-7f5c08d3f000 r-xp 00000000 fd:01 267873                     /usr/lib64/libext2fs.so.2.4
7f5c08d3f000-7f5c08f3f000 ---p 00042000 fd:01 267873                     /usr/lib64/libext2fs.so.2.4
7f5c08f3f000-7f5c08f40000 r--p 00042000 fd:01 267873                     /usr/lib64/libext2fs.so.2.4
7f5c08f40000-7f5c08f42000 rw-p 00043000 fd:01 267873                     /usr/lib64/libext2fs.so.2.4
7f5c08f42000-7f5c08f45000 r-xp 00000000 fd:01 265948                     /usr/lib64/libcom_err.so.2.1
7f5c08f45000-7f5c09144000 ---p 00003000 fd:01 265948                     /usr/lib64/libcom_err.so.2.1
7f5c09144000-7f5c09145000 r--p 00002000 fd:01 265948                     /usr/lib64/libcom_err.so.2.1
7f5c09145000-7f5c09146000 rw-p 00003000 fd:01 265948                     /usr/lib64/libcom_err.so.2.1
7f5c09146000-7f5c09168000 r-xp 00000000 fd:01 265614                     /usr/lib64/ld-2.17.so
7f5c092b1000-7f5c0935d000 rw-p 00000000 00:00 0
7f5c09363000-7f5c09367000 rw-p 00000000 00:00 0
7f5c09367000-7f5c09368000 r--p 00021000 fd:01 265614                     /usr/lib64/ld-2.17.so
7f5c09368000-7f5c09369000 rw-p 00022000 fd:01 265614                     /usr/lib64/ld-2.17.so
7f5c09369000-7f5c0936a000 rw-p 00000000 00:00 0
7ffe581db000-7ffe581fc000 rw-p 00000000 00:00 0                          [stack]
7ffe581fc000-7ffe581fe000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted
[root@VM-0-3-centos ~]#

恢復(fù)失敗,此路不通?。?!

有其他人成功了,但是我測試失敗,釋放內(nèi)存崩潰,有大神給說一下怎么改源碼嗎?此處存疑,后續(xù)再測,先記錄一下常用參數(shù)。

查詢inode文件狀態(tài):/usr/local/extundelete/bin/extundelete /dev/vda1 --inode 1311798

恢復(fù)指定節(jié)點(diǎn)數(shù)據(jù):/usr/local/extundelete/bin/extundelete /dev/vda1 --restore-inode 1311798

恢復(fù)單個文件:/usr/local/extundelete/bin/extundelete /dev/vda1 --restore-file root/examples/extundelete-0.2.4.tar.bz2

恢復(fù)一個目錄:/usr/local/extundelete/bin/extundelete /dev/vda1 --restore-files root/examples

恢復(fù)所有文件:/usr/local/extundelete/bin/extundelete /dev/vda1 --restore-all

預(yù)防誤刪引發(fā)的事故

定義別名,提示刪除

定義別名 alias rm='rm -i', 在刪除文件前會出現(xiàn)一個提示,使用 -i 選項(xiàng)來需要逐個確認(rèn)要刪除的文件,只有用戶輸入 y 才會將文件刪除,但是這種做法在加上 -f 選項(xiàng)之后會失效。

禁用rm,使用mv代替

在系統(tǒng)中不允許直接使用rm命令直接刪除文件,需要mv文件到指定的回收目錄 /.delete,然后配合一個定時任務(wù),每周清空/.delete下文件,相當(dāng)于手動創(chuàng)建了一個回收站。

總結(jié)

使用foremost恢復(fù)時的目標(biāo)目錄最好是另外一個磁盤中的目錄,把文件恢復(fù)到被刪除文件所在的磁盤中很可能會在恢復(fù)前覆蓋被誤刪的文件

sodu 的全稱目前有 substitute user dosuper user do 兩種說法,使用sudo通常是行駛超級用戶的權(quán)限,但有時也可以其他普通用戶,所以翻譯成 substitute user do 代替其他用戶來做更準(zhǔn)確一點(diǎn)

foremost 支持的文件系統(tǒng)比較多,其中包括 ext2、 ext3 、vfat、NTFS、ufs、jfs 等,但是只能恢復(fù)特定格式的文件,而 extundelete 只支持ext3、ext4文件系統(tǒng),不過可恢復(fù)的文件類型很多。

除了本文中總結(jié)的這兩款不怎么好用的恢復(fù)軟件,還有 testdisk 和 photorec 可以用來恢復(fù),后續(xù)可以嘗試一下數(shù)據(jù)無價,請謹(jǐn)慎刪除,可參考別名方法或禁用 rm -rf 來減少事故的發(fā)生

到此這篇關(guān)于linux環(huán)境下恢復(fù)rm誤刪的文件方法的文章就介紹到這了,更多相關(guān)linux恢復(fù)rm誤刪的文件內(nèi)容請搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家!

相關(guān)文章

  • 使用命令行檢測Ubuntu版本方法

    使用命令行檢測Ubuntu版本方法

    在本篇文章中小編給大家整理了關(guān)于使用命令行檢測Ubuntu版本方法和相關(guān)代碼,有興趣的朋友們學(xué)習(xí)下。
    2019-03-03
  • Linux下查看Nginx是否啟動問題

    Linux下查看Nginx是否啟動問題

    這篇文章主要介紹了Linux下查看Nginx是否啟動問題,具有很好的參考價值,希望對大家有所幫助,如有錯誤或未考慮完全的地方,望不吝賜教
    2024-01-01
  • CentOS環(huán)境使用NFS遠(yuǎn)程目錄掛載過程介紹

    CentOS環(huán)境使用NFS遠(yuǎn)程目錄掛載過程介紹

    大家好,本篇文章主要講的是CentOS環(huán)境使用NFS遠(yuǎn)程目錄掛載過程介紹,感興趣的同學(xué)快來看一看,對你有幫助的話記得收藏一下哦
    2021-11-11
  • 讓Apache Shiro保護(hù)你的應(yīng)用

    讓Apache Shiro保護(hù)你的應(yīng)用

    本文介紹的Apache Shiro,是一個不同尋常的Java安全框架,為保護(hù)應(yīng)用提供了簡單而強(qiáng)大的方法。本文還解釋了Apache Shiro的項(xiàng)目目標(biāo)、架構(gòu)理念以及如何使用Shiro為應(yīng)用安全保駕護(hù)航
    2014-10-10
  • 關(guān)于linux服務(wù)器hosts文件配置詳解

    關(guān)于linux服務(wù)器hosts文件配置詳解

    在本篇文章里小編給大家整理的是關(guān)于linux服務(wù)器hosts文件配置問題,需要的朋友們可以學(xué)習(xí)參考下。
    2020-02-02
  • Linux中scp命令的使用

    Linux中scp命令的使用

    這篇文章主要介紹了Linux中scp命令的使用,具有很好的參考價值,希望對大家有所幫助,如有錯誤或未考慮完全的地方,望不吝賜教
    2023-12-12
  • PHP中的.htaccess偽靜態(tài)文件

    PHP中的.htaccess偽靜態(tài)文件

    htaccess是apache的偽靜態(tài)文件了不過普通人不熟悉linux不熟悉apache,可能都用慣了iis,可是又不懂偽靜態(tài)規(guī)則,現(xiàn)在項(xiàng)目就只提供了這么一個.htaccess文件,真叫人苦惱。方案來了徹底解決你的苦惱讓偽靜態(tài)妥妥的windows7,windows8,windows8.1,windows2008-2012都行。
    2016-05-05
  • Unix/Linux fork隱藏的開銷

    Unix/Linux fork隱藏的開銷

    本文通過介紹Unix、fork的由來及早期狀態(tài),展開其隱藏的開銷,對此感興趣的小伙伴不要錯過奧
    2021-08-08
  • apache下ab.exe使用介紹

    apache下ab.exe使用介紹

    這篇文章主要介紹了apache下ab.exe使用方法,需要的朋友可以參考下
    2014-03-03
  • Linux netstat命令詳細(xì)解析

    Linux netstat命令詳細(xì)解析

    以下是對Linux中的netstat命令進(jìn)行了詳細(xì)的介紹,需要的朋友可以過來參考下
    2013-08-08

最新評論