Some interview questions for Linux

Question 1, sometimes we find the file properties in a directory is very messy, some are 777, some 755, some 644, for security purposes, use Xargs and exec to modify all the file permissions in the current directory to 644, please give the shell command?

Answer:

Find./-type F |xargs chmod 644

Find./-type f-exec chmod 644 {} \;

Question 2, with tcpdump Sniffer 80 port The largest number of access to the top 5 IP, assume that the external network card is eth0, please write the full command?

Answer: tcpdump-i ETH0-TNN DST Port 80-c 1000 | Awk-f "." ' {print $ '. $ "." $ "." $4} ' | Sort | uniq-c | Sort-nr |head-5

3. After using the Vmstat command, what do you see in the columns R, B, Si, so, bi, Bo, respectively?

Answer:

R indicates the number of processes running and waiting for CPU time slices

b indicates the number of processes waiting for the resource, such as waiting for I/O, memory, etc.

Si indicates the amount of memory entered by the swap area

So the number of memory into the swap area

The amount of data that bi reads from a block device (read disk)

The amount of data that Bo writes from a block device (write disk)

Question 4, sometimes we add crontab scheduled task, but to the point of time does not execute, how do you find the reason?

Answer:

1. Check whether the file has executable permissions

2, check whether the Crond service is started, need root boot

3. Check environment variables

4. View Log tail-f/var/log/cron

5. What happens when a network encounters an attack, and what are the common attacks?

A class is a CC attack, the symptoms are, there are fixed some IP frequent access to the site, which can be judged by viewing the access log, the website traffic increases, the server load increases, the access speed becomes slow. The workaround is to analyze the access log and find the first few IP addresses with a large number of accesses, sealed off with iptables, but this method is not perfect because the IP of the attack source is not necessarily true. Another way is to analyze the referer of the attack source according to the access log, often the referer of the attack is the same, so we can now access them according to Referer.

Another type of attack is a DDoS attack, the most common and most effective of this attack is UDP flood attack, encountered this attack, most of the time is helpless, need to use the computer room hardware security facilities to defend. So how do you judge this attack? Very direct performance is your website can not open, bandwidth running slow, server login is not on, if you can board the server, you could use TCPDUMP-NN grab packet will find a lot of UDP packets, and very frequent. Using the Iptables tool to seal the IP is useless. Traffic is not good, you can use a hardware firewall to prevent a lot of single traffic, they will directly attack the target IP, the IP of the business is sealed off, so as to ensure the closure of a business, to ensure that other business normal use.

Some interview questions for Linux