Article Directory
1. Overview of inode and block
1.1 inode
1.1.1 Understanding of inode
- Each inode has a number, and the operating system uses the inode number to identify different files
- File name is not applicable in linux system, but the inode number is used to identify the file
- For users, the file name is just another name for the inode number for easy identification
1.1.2 The role of inode
- Meta-information used to store data, as meta-information refers to some attributes and characteristics of the data.
- This area for storing file meta-information is called inode (index node), also called i-node. Therefore, a file must occupy one inode, but at least one block.
- The inode does not contain the file name, the file name is stored in the directory
- View the inode number of the file: ls -i [file name] or stat [file name]
1.1.3 Inode contains the meta information of the file
- File size
- UID of the owner of the file
- GID of the file
- File read, write and execute permissions
- File timestamp
1.1.4 Inode number
When a user opens a file by file name, the process in the system is:
- The system finds the inode number corresponding to this file name
- Get inode information by inode number
- According to the inode information, find the block where the file data is located and read the data
1.1.5 Inode size
Inodes also consume hard disk space
. The size of each inode is generally 128 bytes or 256 bytes
. Determine the total number of inodes when formatting the file system.
Use the df -i command to view the total number of inodes and the number of inodes used in each hard disk partition.
1.1.6 Special role of inode
Due to the separation of the inode number and the file, some Unix/Linux systems have the following phenomena:
- When the file contains special characters, the file may not be deleted normally, you can delete the file directly by deleting the inode number
- When moving or renaming a file, only the file name is changed without affecting the inode number
- After opening a file, the system uses the inode number to identify the file, regardless of the file name
1.1.7 Experiment of exhaustion of inode nodes
First, the experiment needs to choose a disk partition with less space
df -i 挂载点 ## 查看挂载点的inode使用情况
vi kill.sh ## 进入文件编辑
#! /bin/bash
i=1
while [ $i -le 120 ] ## 120为inode剩余可用节点
do
touch /sdb1/file$i ## 创建feil文件
let i++
done
./kill.sh
df -i
rm -rf file* ## 删除刚才无用的节点,恢复磁盘空间
1.2 Three main time attributes of Linux system files
- ctime (change time) last time the file or directory (attribute) was changed
- atime (access time) last time the file or directory was accessed
- mtime (modify time) last time the file or directory (content) was modified
1.3 block
- Files are stored on the hard disk, the smallest storage unit of the hard disk is "sector", each sector stores 512 bytes
- Block (block): 8 consecutive sectors form a block, that is, the size is 4KB, which is the smallest unit for storing files
2. Recover accidentally deleted files
2.1 Recover XFS type files
This experiment requires CentOS7 operating environment. That is, the file recovery operation performed after the files a, b, c, and d in the disk /dev/sdb1 mounted in the /data directory were deleted by mistake.
xfsdump -f /opt/dump-sdb1 /dev/sdb1 ## 使用xfsdump备份需要备份的文件
xfsdump -I ## 查看操作
rm -rf /data/* ## 实验进行误删除操作
xfsrestore -f /opt/dump_sdb1 /data ## 文件恢复
2.1.1 XFSdump usage restrictions
- Only the mounted file system can be backed up
- Must use root authority to operate
- Only XFS file system can be backed up
- The data after backup can only be parsed by xfsrestore
- Cannot backup two systems with the same UUID
2.2 Recover EXT type files
This experiment requires CentOS6 operating environment.
yum -y install e2fsprogs-devel e2fspprogs-libs gcc gcc-c++ make ## 安装操作环境
tar -jxvf extundelete-0.2.4.tar.bz2 ## 解压缩
cd extundelete-0.2.4
./configure --prefix= /usr/local/extundelete && make && make install
extundelete /dev/sdb1 ## 对文件备份
extundelete /dev/sdb1 --inode 2 ## 查看文件备份的结果
rm -rf a b ## 误删除操作
umount /data ## 卸载挂载点,防止其他用户修改文件,对文件造成无法恢复的操作
extundelete /dev/sdb1 --restore-all ## 恢复文件
mount /dev/sdb1 /data ## 重新挂载
cd RECOVERED_FILES/ ## 文件中 有恢复的文件
mv a b /data ## 移动到原文件中
Three, log files
3.1 Log function
- Used to record various events that occur during the operation of the system and programs
- By reading the log, it is helpful to diagnose and solve system failures
3.2 Classification of log files
- Kernel and system logs are
managed uniformly by the system service rsyslog, and the log format is basically similar - User log
Record system user login and logout related information - Program log
A log file independently managed by various applications, the record format is not uniform
3.3 Introduction to main log files
Log type | Storage address |
---|---|
Kernel and public message log | ./var/log/messages |
Scheduled task log | ./var/log/cron |
Scheduled task log | ./var/log/dmesg |
Mail system log | ./var/log/maillog |
User login log (recent login) | ./var/log/lastlog |
Login log (security) | ./var/log/secure |
Login log (login, logout, shutdown, etc. faults) | ./var/log/wtmp |
Login log (failed, wrong login attempt) | ./var/log/btmp |
Login log (issues related to each user currently logged in) | ./var/log/utmp |
3.4 Log message level
Log level | display | Explanation | result |
---|---|---|---|
0 | EMERG | urgent | Will cause the host system to be unavailable |
1 | ALERT | caveat | Problems that must be resolved immediately |
2 | CRIT | serious | More serious situation |
3 | ERR | error | Run error |
4 | WARNING | remind | Events that may affect system functions |
5 | NOTICE | note | Generally does not affect the system, but it is worth noting |
6 | INFO | information | General information |
7 | DEBUG | debugging | Program or system debugging information |
3.5 Analysis tools
Analysis options
users、who、w、last、lastb
analyzing tool
Text viewing, grep filter retrieval, Webmin management suite viewing
awk, sed and other text filtering, formatting editing tools
Webalizer, Awstats and other special log analysis tools
Independent management by the corresponding application
service | program |
---|---|
Web service | /var/log/httpd access_log、error_log |
Agency Service | /var/log/squid access.log、cache.log |
Ftp service | / var / log / xferlog |
Log management strategy
- Timely backup and archive
- Delayed log retention period
- Control log access time The
log may contain various sensitive information, such as account, password, etc. - Centralized management of logs
Send server log files to a unified log file server to
facilitate the unified collection, sorting and analysis of
log information. Prevent accidental loss of log information, malicious tampering or deletion