Eight weeks three lessons rsync syncs through services, Linux system logs, screen tools

Rsync is synchronized by service
Through the service of the way first we have to open a service, its architecture is the CS architecture. Client and service side. The server opens a service, rsync service, and listens on a port, defaults to 873, and the port can be customized. After the service is turned on, the client can communicate through the 873 port and the server.
It has a command format of two "::".
Example: Rsync-av test1/192.168.133.130::module/dir/
Before starting the service, we want to edit the configuration file, the default path for the configuration file is/etc/rsyncd.conf.
Starting mode for rsync--daemon

First we start its service, here is a sample of rsyncd.conf
port=873 (Specify a port, or you can customize the port)
Log file=/var/log/rsync.log (specify log file)
PID file=/var/run/rsyncd.pid (Specify PID file)
address=192.168.133.130 (Specify the listening IP, if not write, listen so there is IP, we can also write multiple IP)
[Test] (Specify block name)
Path=/root/rsync (Specify data storage path)
Use Chroot=true (security parameter, if the file does not sync, then change the parameter to False)
Max Connections=4 (maximum number of connections, assuming a lot of servers, we can define the number of connections)
Read Only=no (whether read-only, if the system is changed to TRUE, this parameter is when the server writes the data, if the server is defined as read-only, it will not be written in.) ）
List=true (lists all the modules on the remote server and does not list if you change to false.) The command that lists the module name is
rsync--port= port name IP. This is a security option that can easily be attacked if the module name is exposed. ）
Uid=root (specifies which user to transfer the file as it is transferred)
Gid=root (specifies which user to transfer the file as it is transferred)
Auth users=test (Specify the user name to use when transferring)
Secrets file=/etc/rsyncd.passwd (Specifies the password file. Edit this file with VI to open, its format is user name: password. Then change the permission of this asking price to 600. In the synchronization of both the IP before the user name, run and enter the user password. However, if you go to the shell script, this will be very cumbersome, we also have a way to define a password file on the client, only write a password, the permission to change to 600. At this time, when synchronizing the parameters--passwd= the path of the client file plus file name. Example: Rsync-avl [email protected]::test/test1//tmp/test8/--password-file=/etc/pass.txt)
The hosts allow=192.168.133.132 (definition allows those IP synchronization. If it is more than one IP, it is separated by a space, you can also write the IP segment. ）
Copy it to the configuration file.
If we re-set the port, we will restart the service. and specify the port at the same time as the synchronization.
Example: RSYNC-AVPL--port "Port number"

Then we start the service
[Email protected] 111]# rsync--daemon
And then we'll see if he's starting a success.
[[Email protected] 111]# PS Aux|grep rsync
Root 1101 0.0 0.0 112676 984 pts/0 r+ 20:37 0:00 grep--color=auto rsync
Then we'll look at the port he's listening to.
[Email protected] ~]# NETSTAT-LNTP
Active Internet connections (only servers)
Proto recv-q send-q Local address Foreign address State Pid/program Name
TCP 0 0 0.0.0.0:22 0.0.0.0: LISTEN 796/sshd
TCP 0 0 127.0.0.1:25 0.0.0.0: LISTEN 880/master
TCP 0 0 192.168.1.106:873 0.0.0.0: LISTEN 1141/rsync
TCP6 0 0:: : $::: LISTEN 796/sshd
TCP6 0 0:: 1:25:::* LISTEN 880/master
We see the port for monitoring is 873, and we also set him a listening IP, if not write listening IP, he is bound 0.0.0.0 all IP.

Now we've got the server, and then we start running the command.
[Email protected] tmp]# Rsync-av/tmp/aming.txt 192.168.1.106::test/aming-02.txt
This time the colon followed by the name of the module, the module is in the configuration file with "", the module name represents the path is our set of Path=/root/rsync, so the backup file is placed in the/root/rsync this path.

However, an error occurred after executing the command.
[Email protected] tmp]# Rsync-av/tmp/aming.txt 192.168.1.106::test/aming-02.txt
rsync:failed to connect to 192.168.1.106 (192.168.1.106): No route to host (113)
Rsync error:error in Socket IO (code ten) at CLIENTSERVER.C (122) [sender=3.0.9]
There is no route to the remote machine.
The first consideration of this problem is the connectivity of the network.
[[email protected] tmp]# Ping 192.168.1.106
PING 192.168.1.106 (192.168.1.106) bytes of data.
Bytes from 192.168.1.106:icmp_seq=1 ttl=64 time=0.690 ms
Bytes from 192.168.1.106:icmp_seq=2 ttl=64 time=0.439 ms
^c
---192.168.1.106 ping statistics---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
RTT Min/avg/max/mdev = 0.439/0.564/0.690/0.127 ms
The network can ping through.

Then look at the port
[[Email protected] tmp]# telnet 192.168.1.106 873
Trying 192.168.1.106 ...
Telnet:connect to address 192.168.1.106:no route to host
Discovery ports are different, this is the case, the first thing we need to consider is iptables.

Let's take a look at iptables first.
[Email protected] tmp]# IPTABLES-LNV
iptables v1.4.21:unknown option "Iptables"
Try ' iptables-h ' or ' iptables--help ' for more information.
[Email protected] tmp]# IPTABLES-NVL
Chain INPUT (Policy ACCEPT 0 packets, 0 bytes) (omitted below)
The discovery is really due to the iptables cause.

And then we're going to stop FIREWALLD.
[Email protected] tmp]# IPTABLES-LNV
Chain INPUT (Policy ACCEPT 0 packets, 0 bytes)
Pkts bytes Target prot opt in Out source destination

Chain FORWARD (Policy ACCEPT 0 packets, 0 bytes)
Pkts bytes Target prot opt in Out source destination

Chain OUTPUT (Policy ACCEPT 0 packets, 0 bytes)
Pkts bytes Target prot opt in Out source destination
So we'll stop.

And then we'll go to another machine and see
[Email protected] ~]# IPTABLES-NVL
Chain INPUT (Policy ACCEPT 0 packets, 0 bytes)
Pkts bytes Target prot opt in Out source destination
3223 285K ACCEPT All – 0.0.0.0/0 0.0.0.0/0 State related,established
2 168 ACCEPT ICMP-- 0.0.0.0/0 0.0.0.0/0
2608 ACCEPT All-Lo 0.0.0.0/0 0.0.0.0/0
2 ACCEPT TCP-- 0.0.0.0/0 0.0.0.0/0 State NEW TCP dpt:22
2476 2089K REJECT All-- * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (Policy ACCEPT 0 packets, 0 bytes)
Pkts bytes Target prot opt in Out source destination
0 0 REJECT All-- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (Policy ACCEPT 2969 packets, 341K bytes)
Pkts bytes Target prot opt in Out source destination
The iptables of this device is also turned on, so we have to turn it off.
Then go back to just the device to see if the port is unobstructed.
[[Email protected] tmp]# telnet 192.168.1.106 873
Trying 192.168.1.106 ...
Connected to 192.168.1.106.
Escape character is ' ^] '.
@RSYNCD: 30.0
At this point, the port is already in the pass. Press CTRL + "on exit and enter quit to quit.

Then run the rsync-av/tmp/aming.txt 192.168.1.106::test/aming-02.txt command.
[Email protected] tmp]# Rsync-av/tmp/aming.txt 192.168.1.106::test/aming-02.txt
Password:
Here we need to enter the password, this is because we have to edit the configuration file when the definition of a, auth users=test and Secrets file=/etc/rsyncd.passwd, which is used to define the password. We can add a # to the two lines to comment off it.

And then we're running this command.
[Email protected] tmp]# Rsync-avp/tmp/aming.txt 192.168.1.106::test/aming-02.txt
Sending incremental file list
Aming.txt
1159 100% 0.00kb/s 0:00:00 (xfer#1, TO-CHECK=0/1)

Sent 1232 bytes received bytes 2518.00 bytes/sec
Total size was 1159 speedup is 0.92
So that we can be successful in sync. If we find it useful later::, he is using the rsyncd.conf.

Then we go to another device to see if the file passed through.
[Email protected] tmp]# Ls/tmp/rsync
Aming-02.txt
has been synchronized.

In turn, we can also pull this file out of the machine.
[Email protected] tmp]# RSYNC-AVP 192.168.1.106::test/aming-02.txt/tmp/123.txt
Receiving incremental file list
Aming-02.txt
1159 100% 1.11mb/s 0:00:00 (xfer#1, TO-CHECK=0/1)

Sent bytes received 1266 bytes 2622.00 bytes/sec
Total size was 1159 speedup is 0.88
Also succeeded.

Linux system logs
The log records every day of the system's data. So we should go to the first time to check our system log when we have a problem, there are many important logs in the Linux system.

1./var/log/messages: System Total Log, a lot of information is recorded in this file. Unless a service has a separate log defined. This log will be written every day, and will be very large over time. So the system has a log cutting mechanism, the logs will grow to a certain level after the automatic cutting.
[Email protected] ~]# ls/var/log/messages*
/var/log/messages/var/log/messages-20180305/var/log/messages-20180311/var/log/messages-20180320/var/log/ messages-20180328
We can see that these logs are followed by a number of dates, which proves that it was cut by date, and that's how he did it?
Logrotate, he is used to cut logs, in order to prevent the log unlimited increase. Its configuration file is/etc/logrotate.conf.

[Email protected] ~]# cat/etc/logrotate.conf

See "Mans logrotate" for detailsrotate log files weekly

Weekly (cut by week)

Keep 4 weeks worth of backlogs

Rotate 4 (Reserved 4)

Create new (empty) log files after rotating old ones

Create (creates a new file)

Use date as a suffix of the rotated file

Dateext (suffix ext rep date)
The following ellipsis

DMESG command
A log listed in the system's hardware, which is stored in memory, is not a file. If there is a problem with our hard drive or NIC, he will record it here. In addition to looking at/var/log/messages, we also run this command to see hardware failures and errors. The-c parameter clears the content, but the content is added automatically after the restart.

/var/log/dmesg
This is a log file, he is the log system boot, and the DMESG command is not related.

Last command, called the file/var/log/wtmp
Used to view the correct login history, he is a binary file that cannot be viewed by cat and can only be viewed with last.

LASTB command to view the user who failed the login, the corresponding file is/var/log/btmp/var/log/secure
He is the log that logs the login failure. He is also a binary file and cannot be viewed by cat.

/var/log/secure Security Log
He logs log-in related, Pam-related, and so on. If someone has hacked our device, it will also be recorded in this file.

Screen tool
Virtual Terminal. For example, we run a script that runs for a long time, and he outputs something, which means it can't be interrupted halfway.
There are two ways to solve, the first is to put in the background to execute, with command nohup+ execute COMMAND + log +& symbol. Even if the terminal is disconnected, he still executes in the background. While solving the problem of preventing task interruption, there is no way to see the task output in real time, after all he is in the background.
Another way is to put the task in this terminal, and then we exit before we put this screen in the background, with Tiaogan.

Screen directly enter into the virtual terminal

Ctral a combo key and press D to exit the virtual terminal, but not the end

Screen-ls viewing the virtual terminal list

Screen-r ID into the specified terminal

Screen-s (custom name)

Eight weeks three lessons rsync syncs through services, Linux system logs, screen tools