1. Show the top 10 processes consuming memory/cpu
Copy Code code as follows:
PS aux | Sort-nk +4 | Tail
PS aux | Sort-nk +3 | Tail
2. View process
Arrange by memory from large to small
Copy Code code as follows:
PS-E-O "%c:%p:%z:%a" |sort-k5-nr
3. By CPU utilization from large to small arrangement
Copy Code code as follows:
PS-E-O "%c:%p:%z:%a" |sort-nr
3. View the number of concurrent requests for Apache and its TCP connection status
Copy Code code as follows:
Netstat-n | awk '/^tcp/{++s[$NF]} end {for (a in S) print A, s[a]} '
4. Find the processes that occupy the most disk IO
Copy Code code as follows:
Wget-c http://linux.web.psi.ch/dist/scientific/5/gfa/all/dstat-0.6.7-1.rf.noarch.rpm
Dstat-m topio-d-M Topbio
5. Find out your most commonly used 10 commands and the number of times (or to access the most IP number)
Copy Code code as follows:
Sed-e ' s/| /\n/g ' ~/.bash_history |cut-d '-F 1 | Sort | uniq-c | Sort-nr | Head
6. The 10th field in the log indicates the connection time and the average connection time
Copy Code code as follows:
Cat Access_log |grep "connect CBP" |awk ' begin{sum=0;count=0;} {sum+=$10;count++;} end{printf ("sum=%d,count=%d,avg=%f\n", Sum,count,
Sum/count)} '
7.lsof command
Lsof Abc.txt shows the process of opening file Abc.txt
Lsof-i: 22 Know what program 22 port is running now
LSOF-C ABC shows the files that the ABC process now opens
Lsof-p 12 See which files are open for process number 12
8.rsync command (requires only one day's compressed file to be synchronized, and the remote directory remains consistent with the local directory)
Copy Code code as follows:
/usr/bin/rsync-azvr–password-file=/etc/rsync.secrets ' Find. -name "* $yesterday. Gz"-type F ' storage@192.168.2.23::logbackup/13.21/
9. Rename the *.sh file in the catalogue to *. Sh
Copy Code code as follows:
Find. -name "*.sh" | Sed ' s/\ (. *\) \.sh/mv \1.sh/' |sh
Find. -name "*.sh" | Sed ' s/\ (. *\) \.SH/MV & \1.sh/' |sh (same effect as above)
10.SSH Execute remote program and display it locally
Copy Code code as follows:
Ssh-n-L Zouyunhao 192.168.2.14 "Ls-al/home/zouyunhao"
11.shell segment Annotation
Copy Code code as follows:
:<< ' echo hello,world! '
12. See if the network card is physically connected
Copy Code code as follows:
13. See what the Linux system or MySQL error code means, such as viewing the 13 error code means:
Copy Code code as follows:
14. Delete 0-byte files
Copy Code code as follows:
Find-type f-size 0-exec rm-rf {} \;
15.1. How to kill the MySQL process:
Copy Code code as follows:
PS aux|grep mysql|grep-v Grep|awk ' {print $} ' |xargs kill-9
(Learn about the use of awk)
Pgrep MySQL |xargs kill-9
Killall-term mysqld
Kill-9 ' Cat/usr/local/apache2/logs/httpd.pid '
Try to check process PID
16. Show the service that is running level 3 not open:
Copy Code code as follows:
ls/etc/rc3.d/s* |cut-c 15-
(Learn about Cut's purpose, intercept data)
17. How to display multiple messages in the writing shell with EOF
Copy Code code as follows:
Cat << EOF
+--------------------------------------------------------------+
| = = = Welcome to tunoff services = = |
+--------------------------------------------------------------+
Eof
18. Take IP Address:
Copy Code code as follows:
Ifconfig eth0|sed-n ' 2p ' |awk ' {print $} ' |cut-c 6-30
Or:
Ifconfig eth0 |grep "inet addr:" |awk ' {print $} ' |cut-c 6-
Or
Ifconfig | grep ' inet addr: ' | Grep-v ' 127.0.0.1 ' | Cut-d:-f2 | awk ' {print '} '
Or:
Ifconfig eth0 | Sed-n '/inet/{s/.*addr://;s/*//;p} '
Perl implements the method of obtaining IP:
ifconfig-a | Perl-ne ' if (m/^\s*inet (?: Addr:)? [\d.] +). *?cast/) {print QQ ($1\n); exit 0;} '
19. Size of Memory:
Copy Code code as follows:
Free-m |grep "Mem" | awk ' {print $} '
CPU Load # CAT/PROC/LOADAVG
Check that the top three output values exceed 4 times times the system logic CPU.
CPU Load #mpstat 1 1
Check if%idle is low (for example, less than 5%)
22 Memory Space # FREE
Check free value is too low can also use # Cat/proc/meminfo
Swap Space # Free
Check to see if the swap used value is too high if the swap used is too high, check for frequent swap actions:
Copy Code code as follows:
See if Si and so values are larger
24 Disk Space # Df-h
Check if zoning usage (use%) is too high (e.g. over 90%) If a partition is found to be nearly exhausted, you can go to the mount point of the partition to locate the file or directory that occupies the most space by using the command:
Copy Code code as follows:
# Du-cks * | Sort-rn | Head-n 10
25 disk I/O load # iostat-x 1 2
Check I/O usage (%util) is over 100%
26 Network Load # Sar-n DEV
Check network traffic (rxbyt/s, txbyt/s) is too high
24 Network error # Netstat-i
Check for network errors (drop FIFO colls carrier) can also be ordered: # Cat/proc/net/dev
25 Number of Network Connections # Netstat-an | Grep-e "^ (TCP)" | Cut-c 68-| Sort | uniq-c | Sort-n
26 Process Total # PS aux | Wc-l
Check if the number of processes is normal (for example, more than 250)
27 Number of processes to run # vmwtat 1 5
The column gives the number of running processes, checking to see if they exceed 4 times times the system logic CPU
28 Process # top-id 1
Observe if an exception process appears
29 Network status Check DNS, gateways, etc. can be properly connected
30 Users # who | Wc-l
Check if there are too many logged in users (for example, more than 50) can also use the command: # uptime
31 System Log # Cat/var/log/rflogview/*errors
Check for unusual error records to search for exception keywords, such as:
Copy Code code as follows:
# grep-i Error/var/log/messages
# grep-i Fail/var/log/messages
# egrep-i ' Error|warn '/var/log/messages View system exceptions
32 Core Log # DMESG
Check for abnormal error logging
34 Number of open files # Lsof | Wc-l
Check whether the total number of open files is too large
35 Days Log # Logwatch? Print configuration/etc/log.d/logwatch.conf, set Mailto to its own email address, start mail Service (SendMail or postfix), so you can receive a daily journal report.
The default Logwatch only reports yesterday's logs, and you can get all the log analysis results with the # Logwatch print range all.
You can get more specific log analysis results (not just error logs) with # Logwatch print Detail high.
36. Kill 80-Port-related processes
Copy Code code as follows:
Lsof-i: 80|grep-v "PID" |awk ' {print ' Kill-9 ", $} ' |sh
37. Clear Zombie process.
Copy Code code as follows:
Ps-eal | awk ' {if ($ = = ' Z ') {print $}} ' | Kill-9
38.tcpdump grab bag, used to prevent 80-port from being attacked can analyze data.
Copy Code code as follows:
# tcpdump-c 10000-i eth0-n DST port >/root/pkts
39. Then check the number of IP repeats and small to large sort of note "-t\ +0" in the middle of two spaces
Copy Code code as follows:
# less Pkts | awk {' printf $ \ n '} | cut-d-F 1-4 | Sort | uniq-c | awk {' printf ' "$ \ n '} | Sort-n-t\ +0
40. See how many php-cgi processes are active
Copy Code code as follows:
NETSTAT-ANP | grep php-cgi | grep ^tcp | Wc-l
41. Using Iptables to respond to simple attacks
Copy Code code as follows:
Netstat-an | Grep-v LISTEN | awk ' {print $} ' |grep-v 127.0.0.1|grep-v native ip|sed ' s/::ffff://g ' |awk ' BEGIN {fs= ': '} {num[$1]++} end { m) if (num>8) {print i}} ' |grep ' [0-9]\{1,3\}\. [0-9]\{1,3\}\. [0-9]\{1,3\}\. [0-9]\{1,3\} ' | xargs-i[] Iptables-i input-s []-j DROP
Num>8 part of the set value for the threshold, this sentence will automatically be found in the Netstat-an from the same IP over a certain number of connections from the inclusion of the prohibited range. Kizhong native IP to the IP address of your server
42. How do I know which CPU a process is running on?
Copy Code code as follows:
43. The statistics in the var directory file with M as the size, listed in the form of a list.
Copy Code code as follows:
Find/var-type F | Xargs Ls-s | Sort-rn | awk ' {size=$1/1024; printf ("%dMb%s\n", size,$2);} ' | Head
Find files with files larger than 100M in the Var directory and count the number of files
Copy Code code as follows:
Find/var-size +100m-type F | Tee File_list | Wc-l
Sed Find and replace content
Copy Code code as follows:
Sed-i "s/varnish/ltcache/g" ' grep ' Via '-rl/usr/local/src/varnish-2.0.4 '
Sed-i "s/x-varnish/x-ltcache/g" ' grep ' x-varnish '-rl/usr/local/src/varnish-2.0.4 '
45. The size of the file under the statistics directory (printed by M)
Copy Code code as follows:
Du $--max-depth=1 | Sort-n|awk ' {printf '%7.2fm---->%s\n ', $1/1024,$2} ' |sed ' s:/.*/\ ([^/]\{1,\}\) $:\1:g '
46. Implementation of several relevant statistics on CND
Count the number of directories in a directory
Copy Code code as follows:
Count the number of files in a directory
Copy Code code as follows:
Count the total number of files in a directory
Copy Code code as follows:
Find./-type F-print | Wc-l
Count all subdirectories in a directory
Copy Code code as follows:
Find./-type D-print | Wc-l
To count the size of a type of file:
Copy Code code as follows:
Find./-name "*.jpg"-exec wc-c {} \;|awk ' {print} ' |awk ' {A+=$1}end{print A} '
47. Remove the first column (e.g. line number code)
Copy Code code as follows:
awk ' {for (i=2;i<=nf;i++) if (i!=nf) {printf $i '}else{print $i}} ' list
48. View the total memory consumed by php-cgi:
Copy Code code as follows:
total=0; For i in ' ps-c php-cgi-o rss= '; Do total=$ (($total + $i)); Done echo "php-cgi Memory usage: $total KB"
49 See what processes are currently available; View the files that the process opens:
Copy Code code as follows:
50. Statistics the frequency of each word appearing, and sorting
Copy Code code as follows:
awk ' {arr[$1]+=1}end{for (i in arr) {print arr ' \ t "i}} ' filename | Sort-r
51. List the current folder directory size to g,m,k display.
Copy Code code as follows:
Du-b--max-depth 1 | Sort-nr | Perl-pe ' s{([0-9]+)}{sprintf "%.1f%s", $1>=2**30? ($1/2**30, "G"): $1>=2**20? ($1/2**20, "M"): $1>=2**10? ($1/2**10, "K"): ($, "")}e '
Shaw Answer: DU-HS $ (du-sk./' ls-f |grep/' |sort-nr |awk ' {print $NF} ')
Can also be achieved, but not particularly perfect. But it's good to remember.
52. Empty Linux Buffer cache
Copy Code code as follows:
Sync && echo 3 >/proc/sys/vm/drop_caches
53. Convert current directory file name to lowercase
Copy Code code as follows:
For i in *; Do mv "$i" "$ (echo $i |tr-A-Z)"; Done
53. Several ways to eliminate the ^m in vim
1) Dos2uninx filename
2) sed-e ' s/^m//' filename
3 Vim: S/^M//GC
4) Col-bx < Dosfile > NewFile
5) tr-s "\ n" "\ n" < file > NewFile
54. Clear all ARP Caches
Copy Code code as follows:
Arp-n|awk '/^[1-9]/{print ' arp-d ' $} ' |sh
55. Bind the ARP address of a known machine
Copy Code code as follows:
Cat/proc/net/arp | awk ' {print ' ' $} ' |sort-t-n +3-4 >/etc/ethers
of Perl
Copy Code code as follows:
Perl-ne ' m/^ ([^#][^\s=]+) \s* (=.*|) /&& printf ("%-35s%s\n", $, $) '/etc/my.cnf
55. View the IP and attack times of an SSH brute force attack
Copy Code code as follows:
Grep-o ' [0-9]\{1,3\}\. [0-9]\{1,3\}\. [0-9]\{1,3\}\. [0-9]\{1,3\} '/var/log/secure | Sort | Uniq-c
