- 误操作/实验故意破坏系统重要文件,如何修复系统;系统起来不时使用光盘引导,启动系统故障排除模式
1)光盘引导系统启动
2)选择故障排除
3)救援系统
4)
5)
6)
注意: 此模式下原本系统的根下的目录均被挂载至/mnt/sysimage/目录下
示例1:删除许多命令依赖的共享库文件
ldd - 可查询文件依赖的共享库文件
[root@centos6 ~]#ldd `which --skip-alias ls`
linux-vdso.so.1 => (0x00007ffc4dcc3000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003435a00000)
librt.so.1 => /lib64/librt.so.1 (0x0000003434a00000)
libcap.so.2 => /lib64/libcap.so.2 (0x000000343ae00000)
libacl.so.1 => /lib64/libacl.so.1 (0x000000343f200000)
libc.so.6 => /lib64/libc.so.6 (0x0000003434200000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000003433e00000)
/lib64/ld-linux-x86-64.so.2 (0x0000561d3c42d000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003434600000)
libattr.so.1 => /lib64/libattr.so.1 (0x000000343ea00000)
目前实验删/lib64/libc.so.6这个库吧
~]# mv /lib64/libc.so.6 .
或者删除 ~]# rm -f /lib64/libc.so.6
~]# reboot
reboot: error while loading shared libraries: libc.so.6:
cannot open shared object file: No such file or directory
~]# ls
ls: error while loading shared libraries: libc.so.6: cannot
open shared object file: No such file or directory
此时可以看见由于/lib64/libc.so.6是一个很基础的共享库,许多命令均依赖它
系统此时已处于瘫痪状态!
进入故障排除,救援系统中:
ln -s lib-2.17.so /mnt/sysimage/lib64/libc.so.6
注意:软链接时:源应该使用相对路径,这时相对的是目录生成的路径
事先查看了一下此共享库的信息,删除也能修复
~]# ll /lib64/libc.so.6
lrwxrwxrwx. 1 root root 12 Jul 17 16:53 /lib64/libc.so.6 -> libc-2.17.so
可见/lib64/libc.so.6 是/lib64/libc-2.17.so的软链接
注意:
在删除/lib64/libc.so.6时再通过软链接生成此文件时需要注意,在救援模式下整个根被挂载至/mnt/sysimage/目录下,如果使用绝对路径软链接生成/lib64/libc.so.6是不行的,因为重启时路径发生了变化~~链接时源路径应该采用相对路径!!
注意: 软链接的源一般使用相对路径,源的相对路径是相对于软连接生成的位置,并非当前目录!!!
示例2:破坏系统引导所在的硬盘的分区表(即此分区中boot loader 有数据)但只破坏分区表
1、备份MBR中分区表的64个字节
[root@localhost ~]# dd if=/dev/sdb of=/data/MBR.bak bs=1 count=64 skip=446
64+0 records in skip表示跳过源(if=设备)前446字节
64+0 records out
64 bytes (64 B) copied, 0.000885729 s, 72.3 kB/s
查看
[root@localhost ~]# hexdump -C /data/MBR.bak
00000000 00 20 21 00 83 aa 28 82 00 08 00 00 00 00 20 00 |. !...(....... .|
00000010 00 aa 29 82 05 15 79 9c 00 08 20 00 00 00 40 01 |..)...y... ...@.|
00000020 00 15 7a 9c 8e a0 82 1e 00 08 60 01 00 00 20 00 |..z.......`... .|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
查看/dev/sdb分区前512字节:
[root@localhost ~]# hexdump -C -n 512 /dev/sdb -v
.......(部分省略) (备份的括号内的数据)
000001c0 21 00 83 aa 28 82 00 08 00 00 00 00 20 00(00 aa |!...(....... ...|
000001d0 29 82 05 15 79 9c 00 08 20 00 00 00 40 01 00 15 |)...y... ...@...|
000001e0 7a 9c 8e a0 82 1e 00 08 60 01 00 00 20 00 00 00 |z.......`... ...|
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00)55 aa |..............U.|
破坏:
[root@localhost ~]# dd if=/dev/zero of=/dev/sdb bs=1 count=64 seek=446
64+0 records in seek表示跳过目标(of=设备)前446字节
64+0 records out
64 bytes (64 B) copied, 0.00417756 s, 15.3 kB/s
查看破坏:
[root@localhost ~]# hexdump -C -n 512 /dev/sdb -v
...部分省略...括号内的数据被破坏
000001b0 00 00 00 00 00 00 00 00 14 44 0c 00 00 00(00 00 |.........D......|
000001c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00)55 aa |..............U.|
查看分区信息:
分区表信息被破坏,即使数据仍在磁盘也坏造成数据丢失。MBR分区方式默认未备份分区信息
[root@localhost ~]# parted /dev/sdb print
Model: VMware, VMware Virtual S (scsi)
Disk /dev/sdb: 21.5GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
修复:
[root@localhost ~]# dd if=/data/MBR.bak of=/dev/sdb bs=1 count=64 seek=446
64+0 records in
64+0 records out
64 bytes (64 B) copied, 0.00331543 s, 19.3 kB/s
将分区信息恢复,磁盘恢复之前的状态
[root@localhost ~]# parted /dev/sdb print
Model: VMware, VMware Virtual S (scsi)
Disk /dev/sdb: 21.5GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos -- MBR的分区方式
Disk Flags:
Number Start End Size Type File system Flags
1 1049kB 1075MB 1074MB primary
2 1075MB 11.8GB 10.7GB extended
5 1076MB 2150MB 1074MB logical