【前言】
ext3grep 是一个开源的ext3文件系统反删除工具,在ext3grep出现之前,数据被删除后,通过常规手段恢复基本上不可能的,虽然debugfs命令可以对ext2文件系统做一些恢复,但对ext3文件系统就不能无力了。ext3是一个日志文件系统,ext3grep正是通过分析ext3文件系统的日志信息来恢复被删除的文件和数据
【安装软件】
1)安装前的准备工作
安装前的系统环境检查
rpm -qa | grep e2fs
e2fsprogs-1.42.9-10.el7.x86_64
e2fsprogs-libs-1.42.9-10.el7.x86_64
检查的时候缺少e2fsprogs-devel ,直接使用yum安装即可
yum install -y e2fsprogs-devel
再次做安装前的环境检查
rpm -qa|grep e2fs
e2fsprogs-1.42.9-19.el7.x86_64
e2fsprogs-libs-1.42.9-19.el7.x86_64
e2fsprogs-devel-1.42.9-19.el7.x86_64
2)官网下载安装包
https://code.google.com/archive/p/ext3grep/downloads
3)实际安装操作
A、将下载好的 ext3grep-0.10.2.tar.gz 传到服务器上 /root 家目录
B、解压软件包
tar zxvf ext3grep-0.10.2.tar.gz
C、进入目录
cd /root/ext3grep-0.10.2
D、环境配置
./configure
checking for a BSD-compatible install… /usr/bin/install -c
checking whether build environment is sane… yes
checking for a thread-safe mkdir -p… /usr/bin/mkdir -p
checking for gawk… gawk
checking whether make sets $(MAKE)… yes
checking whether to enable maintainer-specific portions of Makefiles… no
checking for gcc… no
checking for cc… no
checking for cl.exe… no
configure: error: in `/root/ext3grep-0.10.2′:
configure: error: no acceptable C compiler found in $PATH
See `config.log’ for more details.
【安装编译软件】
yum install -y gcc-c++
再次进行 环境配置
checking for a BSD-compatible install… /usr/bin/install -c
checking whether build environment is sane… yes
checking for a thread-safe mkdir -p… /usr/bin/mkdir -p
checking for gawk… gawk
checking whether make sets $(MAKE)… yes
checking whether to enable maintainer-specific portions of Makefiles… no
checking for gcc… gcc
checking whether the C compiler works… yes
checking for C compiler default output file name… a.out
checking for suffix of executables…
checking whether we are cross compiling… no
checking for suffix of object files… o
checking whether we are using the GNU C compiler… yes
checking whether gcc accepts -g… yes
checking for gcc option to accept ISO C89… none needed
checking for style of include used by make… GNU
checking dependency style of gcc… pch
checking for g++… g++
checking whether we are using the GNU C++ compiler… yes
checking whether g++ accepts -g… yes
checking dependency style of g++… pch
checking how to run the C++ preprocessor… g++ -E
checking how to run the C preprocessor… gcc -E
checking for grep that handles long lines and -e… /usr/bin/grep
checking for egrep… /usr/bin/grep -E
checking for ANSI C header files… yes
checking for sys/types.h… yes
checking for sys/stat.h… yes
checking for stdlib.h… yes
checking for string.h… yes
checking for memory.h… yes
checking for strings.h… yes
checking for inttypes.h… yes
checking for stdint.h… yes
checking for unistd.h… yes
checking whether byte ordering is bigendian… no
checking build system type… x86_64-unknown-linux-gnu
checking host system type… x86_64-unknown-linux-gnu
checking for compiler with PCH support… yes
checking for special C compiler options needed for large files… no
checking for _FILE_OFFSET_BITS value needed for large files… no
checking ext2fs/ext2_fs.h usability… yes
checking ext2fs/ext2_fs.h presence… yes
checking for ext2fs/ext2_fs.h… yes
checking ext2fs/ext2fs.h usability… yes
checking ext2fs/ext2fs.h presence… yes
checking for ext2fs/ext2fs.h… yes
configure: creating ./config.status
config.status: creating src/timestamp-sys.h
config.status: creating sys.h
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating config.h
config.status: executing depfiles commands
F、进行make预编译
make
make all-recursive
make[1]: Entering directory `/root/ext3grep-0.10.2′
Making all in src
make[2]: Entering directory `/root/ext3grep-0.10.2/src’
g++ -Iempty.pch.h -DHAVE_CONFIG_H -I. -I.. -g -O2 -DUSE_MMAP=1 -I/usr/include/ext2fs -I/usr/include/et
-c -o pch.h.gch/6145d4709c827f9d2a94d7691c87ab4e ./pch-source.h
In file included from ./pch-source.h:43:0:
./ext3.h: In member function ‘__u32 Inode::reserved2() const’:
./ext3.h:113:42: error: ‘i_reserved2’ was not declared in this scope
__u32 reserved2(void) const { return i_reserved2; }
./ext3.h: In member function ‘void Inode::set_reserved2(__u32)’:
./ext3.h:115:37: error: ‘i_reserved2’ was not declared in this scope
void set_reserved2(__u32 val) { i_reserved2 = val; }
make[2]: *** [pch.h.gch/6145d4709c827f9d2a94d7691c87ab4e] Error 1
make[2]: Leaving directory `/root/ext3grep-0.10.2/src’
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/ext3grep-0.10.2′
make: *** [all] Error 2
备份并编辑文件:
cd /root/ext3grep-0.10.2
cp src/ext3.h ./
vi src/ext3.h
第1处添加内容:绿色部分,前面的行号去掉后添加
21 // You should have received a copy of the GNU General Public License
22 // along with this program. If not, see <http://www.gnu.org/licenses/>.
23
24 #ifndef EXT3_H
25 #define EXT3_H
26
27 // this trickery needs to happen before ext2_fs is included so
28 // bail out if it has already been included by another path
29 #ifdef _LINUX_EXT2_FS_H
30 #error please include this file before any other includes of ext2fs/ext2_fs.h
31 #endif
32
33 // some versions of the ext2 headers call this s_frags_per_group and some
34 // call it s_clusters_per_group, define one to the other so our code works
35 // with both
36 #define s_clusters_per_group s_frags_per_group
37
第2处添加内容:绿色部分,前面的行号去掉后添加
121 __u32 faddr(void) const { return i_faddr; }
122 __u16 uid_high(void) const { return i_uid_high; }
123 __u16 gid_high(void) const { return i_gid_high; }
124 #ifndef i_reseved2
125 //i_reseved2 has been split into two fields in recent
126 //versions of the headers, luckilly we can still access
127 //it in one peice through the hurd side of the union
128 #define i_reserved2 osd2.hurd2.h_i_author
129 #endif
130 __u32 reserved2(void) const { return i_reserved2; }
131 void set_reserved2(__u32 val) { i_reserved2 = val; }
添加后,wq 保存
再次预编译 make
make install
make[3]: Entering directory `/root/ext3grep-0.10.2/src’
test -z “/usr/local/bin” || /usr/bin/mkdir -p “/usr/local/bin”
/usr/bin/install -c ext3grep ‘/usr/local/bin’
make[3]: Nothing to be done for `install-data-am’.
make[3]: Leaving directory `/root/ext3grep-0.10.2/src’
make[2]: Leaving directory `/root/ext3grep-0.10.2/src’
make[1]: Leaving directory `/root/ext3grep-0.10.2/src’
Making install in .
make[1]: Entering directory `/root/ext3grep-0.10.2′
make[2]: Entering directory `/root/ext3grep-0.10.2′
make[2]: Nothing to be done for `install-exec-am’.
make[2]: Nothing to be done for `install-data-am’.
make[2]: Leaving directory `/root/ext3grep-0.10.2′
make[1]: Leaving directory `/root/ext3grep-0.10.2′
G、检验是否安装成功
cd /root/ext3grep-0.10.2/src
./ext3grep -v
Running ext3grep version 0.10.2
ext3grep v0.10.2, Copyright (C) 2008 Carlo Wood.
ext3grep comes with ABSOLUTELY NO WARRANTY;
This program is free software; your freedom to use, change
and distribute this program is protected by the GPL.
默认的ext3grep命令放在/usr/local/bin目录下,请通过“ext3grep –help”获取详细使用帮助
【模拟误删除】
1)创建、挂载和删除测试文件
一块用来测试的盘 /dev/sdb
mkdir -v /test
mkfs.ext3 /dev/sdb
mount /dev/sdb /test
lsblk
df -hT
cp -r /root/ext3grep-0.10.2 /test/
ll /test/
rm -rf /test/*
ll /test/
2)查询需要恢复的数据信息
ext3grep /dev/sdb –ls –inode 2
扫描当前文件系统下所有的信息,包括存在的和已删除的文件,其中含有D标识的就是文件已被删除。通过以下命令可以获取文件要恢复的路径信息
ext3grep /dev/sdb –dump-names
3)恢复被删除的数据
ext3格式的文件系统下,如果用rm -rf 删除之后,恢复的基本步骤
恢复单个文件(文件名)
ext3grep /dev/sdb –restore-file ext3grep.txt
恢复单个文件(通过 “–restore-inode” 对应inode值即可恢复)
ext3grep /dev/sdb –restore-inode 12
恢复单文件夹
ext3grep /dev/sdb –restore-file lost+found
恢复所有文件
ext3grep /dev/sdb –restore-all
注明:“–restore-all”参数将指定存储设备中可以恢复的文件都恢复出来并放到了“RESTORED_FILES”目录中,“–restore-all”参数对恢复大量数据文件时非常有用
4)查看是否恢复成功,在当前目录会生成一个目录“RESTORED_FILES”
cd RESTORED_FILES/
重新挂载分区并将恢复的文件和目录移动到原来的目录中,到此数据恢复完成
mount /dev/sdb /test/
mv * /test/
至此,删除的所有文件就被恢复了
写在最后:
神话是人生的隐喻,每个人身上,都隐藏着自己独特的英雄力量(神话学大师 坎贝尔)
你每天学习一点点,每天只进步1%,一年以后你的水平值是多少呢?
37.78(1.01×365=37.78)
相信概率,不要相信运气,在过程中提升概率
《礼记·中庸》:凡事豫则立,不豫则废。言前定则不跲,事前定则不困,行前定则不疚,道前定则不穷
转载请注明:XAMPP中文组官网 » Linux文件系统ext3时,误删除文件(rm -rf)用ext3grep工具恢复操作