Linux (2)

Alias usage in the previous section, when viewing the files in the current directory, I said a ll command. in the reply, it said that it is ls-l life... information & nbsp; | & nbsp; Security & nbsp; | & nbsp; alias usage in the previous section, when viewing files in the current directory, I said a ll command, according to the reply, it is the alias of the ls-l command, not all linux have. Alias. as the name implies, two different names refer to one person, and two different commands have the same effect. Now, you must want to know the aliases in your system. [Root @ localhost ~] # Alias cp = 'CP-I 'alias l. = 'ls-d. * -- color = tty 'Alias ll = 'ls-l -- color = tty 'Alias ls = 'ls -- color = tty 'Alias mv = 'MV-I 'alias rm =' rm-I 'Alias vi = 'vim 'alias which = 'Alias |/usr/bin/which -- tty-only -- read-alias -- show-dot -- show-tilde' define aliases, if I use copy in dos instead of cp, I can define a copy alias for cp. [Root @ localhost ~] # Alias copy = cp assigns the cp command function to copy [root @ localhost ~] # Alias drm = "rm-rf" defines a drm alias using the "rm-rf" command. [Root @ localhost ~] # Unalias copy Cancelling the alias vim/vi editor should be the focus. There are many things about vi, and it seems that there have been several books dedicated to vi. Some cool people use this program to make it super fast. Most of us will use it. vim/vi is a powerful screen text editor, the most common text editor on linux and UNIX, it is used to create, edit, and display text files. Vim/vi has no menu and only commands. Www.2cto.com for ease of operation, we copy a file with content for operation. [Root @ localhost test] # Copy the/etc/services. test file to the current directory. Vim is an enhanced version of vi. when many users are familiar with using vi to edit files [root @ localhost test] # vim services. test:

Three modes of conversion: input a, I, o enter insert mode press ESC enter command mode input: (colon) if a command error occurs in edit mode, the system returns the command mode. In fact, we only need to remember that after vi enters the file, it can be edited by pressing the I key. After editing, press Esc to exit the editing mode. Three exit steps are required.: Q indicates exit (when the file is not changed): q! Do not save and exit (when the file changes): wq to save and exit vim/vi specific operations to understand the following commands, help us quickly edit and use the vi command mode: in command mode, the arrow keys are used to move the cursor position for text editing, the following lists the common operation commands and their meanings. the top, bottom, left, right-click Disk, and h, j, k, and l keys all move the cursor. $ ------------ Move to the end of the row 0 (0) ----- move to the beginning of the line H ---------- move to the top of the screen M ---------- move to the center of the screen L ---------- move to the bottom of the screen gg --------- to the first line of the file G -------- To the end of the file PageDn ----- move a page up move one page d + direction key ----- delete text dd ----- delete the entire line pp ----- copy the entire line r ----- modify the character S of the cursor ----- delete the column where the cursor is located, and enter the input mode insert mode: you can run the following command to change from "command mode" to "insert mode" a ------------ append text A ------------ at the end of the line I --------------- insert text I ------------- in front of the cursor this row begins to insert text o ------------ insert a new line O ----------- insert a new line ESC under the cursor -- ------ Exit the "Insert mode" Editing mode: The editing mode mainly provides some auxiliary functions for text editing, such as string search, replacement, and file saving.: Q ----- end the Vi program. if the file has been modified, First Save the file: q! ----- Force exit Vi program: wq ----- save modification and exit program: set nu ----- make the line number before each line of the text: set nonu ------ cancel the line number before each line: n ------------ to the n line www.2cto.com linux boot process parsing this part is theoretical knowledge, interested in understanding with me. The linux boot process is what the startup sequence is like and what services linux has started for us. System guiding process:

BIOS self-check start GRUB/LILO load kernel execute init process initialize BIOS self-check through the/etc/inittab file after the computer is powered on the power first BIOS self-check, that is, perform the so-called POST (Power On SelfTest), and then read the "boot block" from the hard disk, floppy disk, or CDROM according to the boot sequence set in the BIOS ". In PC, boot Linux starts from the BIOS address 0xFFFF0. The first step of BIOS is power-on self-check (POST ). POST checks the hardware. The second step of BIOS is to enumerate and initialize the local device. Given the different usage of BIOS functions, BIOS consists of two parts: POST code and runtime service. After the POST is completed, it is cleared from the memory, but the service is still kept in the memory during the BIOS runtime, which can be used by the target operating system. To boot an operating system, the BIOS searches active and bootable devices in the order defined by the CMOS settings during runtime. The boot device can be a floppy disk, a CD-ROM, a partition on the hard disk, a device on the network, or even a USB flash memory. Generally, Linux boot is from the hard disk. The primary boot record (MBR) contains the primary boot loader. MBR is a 512-byte sector located in the first sector of the disk (0-way, 0-way, 1-sector ). When the MBR is loaded into RAM, the BIOS will hand over the control to the MBR. Use the following command to extract MBR information from www.2cto.com to view MBR content: # dd if =/dev/hda of = mbr. bin bs = 512 count = 1 # od-xa mbr. the bin dd command needs to be run as the root user. it reads the content of the first 512 bytes from/dev/hda (the first IDE disk) and writes it to mbr. bin file. The od command prints the contents of the binary file in hexadecimal format and ASCII format. Start GRUB/lilo grub and LILO are both boot loaders. In the simplest way, the boot loader will guide the operating system. When the machine directs its operating system, the BIOS reads the first 512 bytes (known as the master boot record (MBR) on the boot media )). In a single MBR, only one operating system boot record can be stored. Therefore, when multiple operating systems are required, problems may occur. Therefore, more flexible boot loader is required. The comparison between GRUB and LILO is described in the beginning of this article. all boot loaders work in a similar way to achieve a common purpose. However, there are many differences between LILO and GRUB: * LILO does not have an interactive command interface, but GRUB does. * LILO does not support network boot, but GRUB does. * LILO physically stores information about the operating system locations that can be booted in MBR. If you have modified the LILO configuration file, you must rewrite the first-stage boot loader of LILO to MBR. Compared with GRUB, this is a more dangerous option, because wrong configuration of MBR may make the system unable to boot. If GRUB is used, if the configuration file is incorrectly configured, it is only forwarded to the GRUB command line interface by default. Security Tips: for security, anyone who can access the boot disk/CD only needs to use grub without security settings. conf or lilo. conf to bypass all the security measures mentioned in this article. Especially when GRUB is used, it is a serious security vulnerability because it can be guided to the single-user mode. One easy way to solve this problem is to disable boot through CD and floppy disk in the BIOS of the machine, and ensure that a password is set for the BIOS so that others cannot modify these settings. When the kernel image is loaded to the memory, the kernel stage begins. The kernel image is not an executable kernel, but a compressed kernel image. Generally, it is a zImage (compressed image, smaller than kB) or a bzImage (larger compressed image, larger than kB). it is compressed using zlib in advance. In front of this kernel image is a routine that implements a small amount of hardware settings, decompress the kernel contained in the kernel image, and then put it into the high-end memory, if an initial RAM disk image exists, it will be moved to the memory and marked for future use. The routine then calls the kernel and starts the kernel boot process. Manual guidance in GRUB is in the GRUB command line. we can use the initrd image to guide a specific kernel. the method is as follows: [root @ localhost hzh] # vi/etc/grub. conf to view grub. conf configuration file grub> kernel/bzImage-2.6.14.2 [Linux-bzImage, setup = 0x1400, size = 0x29672e] www.2cto.com grub> initrd/initrd-2.6.14.2.img [Linux-initrd @ 0x5f13000, 0xcc199 bytes] grub> boot Uncompressing Linux... OK, booting the kernel. if you do not know the name of the kernel to boot, you only need to use the slash (/) and press the Tab key. GRUB displays the list of kernel and initrd images. Executing the init process is the starting point of all processes in the system. after the kernel completes the kernel boot, it loads the init Program in the current thread (process) space. its process number is 1. The init process is the initiator and controller of all processes. In any Unix-based system (such as Linux), the init Process ID (PID) is always 1. If there is a problem with init, the rest of the system will collapse. The init process has two functions. The first role is to play the role of ending the parent process. Because the init process will never be terminated, the system can always be sure of its existence and take it as a reference when necessary. If a process is terminated before the end of all its child processes, the init must be used as a reference. At this time, all child processes that have lost their parent processes will use init as their parent processes. Run the ps-af command to list the processes whose Parent Process ID (PPID) is 1. The second role of init is to run the corresponding program when entering a specific Runlevel to manage various running levels. This function is defined by the/etc/inittab file. Initializing init through the/etc/inittab file is to execute the corresponding script based on/etc/inittab for system initialization, such as setting the keyboard, font, loading the module, setting the network, and so on. For RedhatLinux, the execution sequence is:/etc/rc. d/rc. sysinit # The first script executed by init/etc/rc. d/rc. sysinit mainly performs the same initialization in each running mode, including setting the initial $ PATH variable. Configure the network. Enable swap for the virtual memory. Set the host name of the system. Check the root file system for necessary repairs. Check the quota of the root file system. Www.2cto.com is the quota for users and groups opened by the root file system. Reload the root file system in read/write mode. Clear the mounted file system table/etc/mtab. Input the root file system to mtab. Prepare the system for loading modules. Find related files of the module. Check the file system for necessary repairs. Load all other file systems. Clear several/etc files:/etc/mtab,/etc/fastboot, and/etc/nologin. Delete the lock file of UUCP. Delete outdated subsystem files. Delete an obsolete pid file. Set the system clock. Enable switch. Initialize the serial port. Load the module. /Etc/rc. d/rcX. d/[KS] terminate services starting with "K" and start services starting with "S. For each running level, there is a corresponding sub-directory in the/etc/rc. d sub-directory. The sub-directories at the running level are named as rcX. d. X indicates the number at the running level. For example, all the command script programs of running level 3 are saved in the/etc/rc. d/rc3.d subdirectory. In the sub-directories of each running level, the/etc/rc is created. d/init. d sub-directory command script program symbolic links, however, these symbolic links do not use the command script program in/etc/rc. d/init. the original name in the d sub-directory. If the command script program is used to start a service, its symbolic link name starts with the letter S. If the command script program is used to close a service, the name of the symbolic link starts with K. In many cases, the execution sequence of these script programs is very important. If you do not configure the network interface first, you cannot use DNS to resolve the host name! In order to arrange their execution sequence, a two-digit character is followed by the letter S or K, and a small value is followed by a large value. For example,/etc/rc. d/rc3.d/S50inet will be executed before/etc/rc. d/rc3.d/S55named. Stored in/etc/rc. d/init. the command script programs in the d sub-directory and on the symbolic link are real practitioners who have completed the operations to start or stop various services. When/etc/rc. d/rc runs through each specific sub-directory of the running level, it calls each command script program for execution in order of numbers. It first runs the command script program with the letter K headers, and then runs the command script program with the letter S headers. The Stop parameter is passed for the command script program that starts with letters K. Similarly, the Start parameter is passed for the command script program that starts with letters S. Run/etc/ec. d/rc. in localRedhat Linux, the operating modes 2, 3, and 5 put/etc/rc. d/rc. local is the last in the initialization script, so you can add some commands that need to be executed before logging on to this file. In the days when the Linux system is maintained, the system administrator must modify the script for starting or shutting down the system. If the modification takes effect only when boot is started, and the modification is not significant, you can simply edit the/etc/rc. d/rc. local script. This command script program is executed at the last step of the boot process. Run the/bin/login program. The login program prompts the user to enter the account and password, encode the code, and confirm that the password is correct. if the two are consistent, the user initializes the environment, and give control to shell, that is, wait for the user to log on. The Linux startup process ends many times. It is not particularly important for new users to modify the hardware and software time of the local machine. the software (system time) is well modified, and the hardware (CMOS time) I don't know how to modify the time. If you are not interested, you can ignore it. Www.2cto.com [root @ localhost hzh] # date view the software clock of the local machine [root @ localhost hzh] # hwclock view the hardware clock of the local machine [root @ localhost hzh] # hwclock -- help -- set the rtc to the time given with -- date -- hctosys set the system time from the hardware clock -- systohc set the hardware clock to the current system time if there is a time error, you can use the preceding command to modify the configuration. [Root @ localhost hzh] # hwclock -- hctosys sets the system time to correspond to the hardware time. [Root @ localhost hzh] # hwclock -- systohc sets the hardware Time to correspond to the system time. If both times are incorrect, we can set the time [root @ localhost hzh] # hwclock -- set -- data = "month/day/year hour: minute: Second" by the attacker