Common Operation Dimension Command

1 Delete 0-byte files
Find-type f-size 0-exec rm-rf {} \;

2 Viewing processes
Arrange by memory from large to small
PS-E-O "%c:%p:%z:%a" |sort-k5-nr

3 by CPU utilization from large to small arrangement
PS-E-O "%c:%p:%z:%a" |sort-nr

4 Print the URL in the cache
Grep-r-a jpg/data/cache/* | Strings | grep "http:" |awk-f ' http: ' {print ' http: ' $} '

5 View the number of concurrent requests for HTTP and their TCP connection status:
Netstat-n | awk '/^tcp/{++s[$NF]} end {for (a in S) print A, s[a]} '

6 sed-i '/root/s/no/yes/'/etc/ssh/sshd_config sed in this text a row of root, matching the root row, replace No to Yes.

7 How to kill the MySQL process:
PS aux|grep mysql|grep-v Grep|awk ' {print $} ' |xargs kill-9 (learn about the use of awk)
Pgrep MySQL |xargs kill-9
Killall-term mysqld
Kill-9 ' cat/usr/local/apache2/logs/httpd.pid ' try killing process PID

8 shows the service that is running level 3 not open:
ls/etc/rc3.d/s* |cut-c 15-(learn from Cut's purpose, intercept data)

9 How to display multiple messages in the writing shell with EOF
Cat << EOF
+--------------------------------------------------------------+
| = = = Welcome to tunoff services = = |
+--------------------------------------------------------------+
Eof

For the clever use of (for example, to build a soft link to MySQL)
Cd/usr/local/mysql/bin
For i in *
Do ln/usr/local/mysql/bin/$i/usr/bin/$i
Done

11 IP Address:
Ifconfig eth0 |grep "inet addr:" |awk ' {print $} ' |cut-c 6-or

Ifconfig | grep ' inet addr: ' | Grep-v ' 127.0.0.1 ' | Cut-d:-f2 | awk ' {print '} '

12 Size of Memory:
Free-m |grep "Mem" | awk ' {print $} '

13
netstat-an-t | grep ": 80" | grep established | awk ' {printf '%s%s\n ', $5,$6} ' | Sort

14 View the number of concurrent requests for Apache and its TCP connection status:
Netstat-n | awk '/^tcp/{++s[$NF]} end {for (a in S) print A, s[a]} '

15 because colleagues want to count the server below all the jpg file size, wrote a shell to him to statistics. Originally used Xargs, but he dealt with a part of the sum of a number of ..., the following command can be solved.
Find/-name *.jpg-exec wc-c {} \;|awk ' {print '} ' |awk ' {A+=$1}end{print A} '

The number of CPUs (multiple Cpu,cat/proc/cpuinfo |grep-c processor) More, the lower the system load, the more requests can be processed per second.

-------------------------------------------------------------------------------
CPU Load # CAT/PROC/LOADAVG
Check that the top three output values exceed 4 times times the system logic CPU.

CPU Load #mpstat 1 1
Check if%idle is low (for example, less than 5%)

19 Memory Space # FREE
Check free value is too low can also use # Cat/proc/meminfo

Free Space #
Check to see if the swap used value is too high if the swap used is too high, check for frequent swap actions:
# vmstat 1 5
See if Si and so values are larger

21 Disk Space # Df-h
Check if zoning usage (use%) is too high (e.g. over 90%) If a partition is found to be nearly exhausted, you can go to the mount point of the partition to locate the file or directory that occupies the most space by using the command:
# Du-cks * | Sort-rn | Head-n 10

22 disk I/O load # iostat-x 1 2
Check I/O usage (%util) is over 100%

23 Network Load # Sar-n DEV
Check network traffic (rxbyt/s, txbyt/s) is too high

24 Network error # Netstat-i
Check for network errors (drop FIFO colls carrier) can also be ordered: # Cat/proc/net/dev

25 Number of Network Connections # Netstat-an | Grep-e "^ (TCP)" | Cut-c 68-| Sort | uniq-c | Sort-n

26 Process Total # PS aux | Wc-l
Check if the number of processes is normal (for example, more than 250)

27 Number of processes to run # vmwtat 1 5
The column gives the number of running processes, checking to see if they exceed 4 times times the system logic CPU

28 Process # top-id 1
Observe if an exception process appears

29 Network status Check DNS, gateways, etc. can be properly connected

30 Users # who | Wc-l
Check if there are too many logged in users (for example, more than 50) can also use the command: # uptime

31 System Log # Cat/var/log/rflogview/*errors
Check for unusual error records to search for exception keywords, such as:
# grep-i Error/var/log/messages
# grep-i Fail/var/log/messages
# egrep-i ' Error|warn '/var/log/messages View system exceptions
32 Core Log # DMESG
Check for abnormal error logging

33 System Time # Date
Check that the system time is correct

34 Number of open files # Lsof | Wc-l
Check whether the total number of open files is too large

35 Days Log # Logwatch–print configuration/etc/log.d/logwatch.conf, set Mailto to its own email address, start mail Service (SendMail or postfix), so you can receive a daily journal report.
The default Logwatch only reports yesterday's logs, and all log analysis results can be obtained with the # Logwatch–print–range all.
You can use # Logwatch–print–detail to get more specific log analysis results (not just error logs).

36 Kill 80-Port related processes
Lsof-i: 80|grep-v "PID" |awk ' {print ' Kill-9 ", $} ' |sh

37 Clear Zombie process.
Ps-eal | awk ' {if ($ = = ' Z ') {print $}} ' | Kill-9

Tcpdump grab bag, used to prevent 80 port from being attacked can analyze data.
# tcpdump-c 10000-i eth0-n DST port >/root/pkts

39 and then check the number of IP repeats and from small to large sort note that "-t\ +0" in the middle of two spaces
# less Pkts | awk {' printf $ \ n '} | cut-d-F 1-4 | Sort | uniq-c | awk {' printf ' "$ \ n '} | Sort-n-t\ +0

40 See how many php-cgi processes are active
NETSTAT-ANP | grep php-cgi | grep ^tcp | Wc-l

41 using Iptables to respond to simple attacks
Netstat-an | Grep-v LISTEN | awk ' {print $} ' |grep-v 127.0.0.1|grep-v native ip|sed ' s/::ffff://g ' |awk ' BEGIN {fs= ': '} {num[$1]++} end { m) if (num>8) {print i}} ' |grep ' [0-9]\{1,3\}\. [0-9]\{1,3\}\. [0-9]\{1,3\}\.  [0-9]\{1,3\} ' | xargs-i[] Iptables-i input-s []-j DROP

Num>8 part of the set value for the threshold, this sentence will automatically be found in the Netstat-an from the same IP over a certain number of connections from the inclusion of the prohibited range. Change native IP to your server's IP address

Selective deletion of certain lines:
# Delete all blank lines (similar to ' grep '. ') "）
awk NF
awk '/./'

# Delete a repeating row (simulate "uniq")
awk ' a!~ $; {a=$0} '

# delete duplicate, noncontiguous rows
awk '! a[$0]++ ' # Most concise
awk '! ($ in a) {a[$0];p rint} ' # most effective

To query the system state's instruction set:

Cat file name one screen view file contents
More file name Paging view file contents
Less file name control paging view the contents of a document

Grep-l-R String path displays the file name containing the string
Grep-l-R string path displays file names that do not contain strings

Lsof-p process Number (for example: Lsof-p 2428) View the files that the process opens
Lsof Abc.txt shows the process of opening file Abc.txt
Lsof-i: 22 Show 22 Ports What program is running now
Lsof-c NSD shows the file that the NSD process is now open

Nohup Program & Run the program in the background, exit login, do not end the program

Strace-f-f-o outfile <cmd> Detailed display of running information for the program

Arping IP address to check the network card address based on IP
NMBLOOKUP-A IP address according to IP check computer name

Linux Delete files for special file names

Assuming that the Linux system has a file named "-ee", if we want to operate it, for example, to delete it, in accordance with the general deletion method in the command line to enter the Rm-ee command, the interface will prompt us is "invalid option" (invalid option), originally due to the first word of the filename identifier "-", Linux to the file name as an option, we can use the "-" symbol to solve this problem, enter the "Rm--ee" command to successfully delete the name "-ee" file. If you have other special characters, you can add a "" symbol before the special character, or enclose the entire file name in double quotes.
For example, there is a--exclude file under the/usr/lcoal/directory, by command
RM----Exclude
Delete this file

A word Quick Find Php Trojan method
Find./-name "*.php"-type f-print0|xargs-0 egrep "phpspy|c99sh|milw0rm|eval\ (base64_decode|eval\ (gzinflate\ _decode|eval\ (gzinflate\ str_rot13\ (BASE64_DECODE|SPIDER_BC) "|awk-f: ' {print $} ' |sort|uniq

How to delete duplicate rows and keep the order unchanged.
awk ' {if (!seen[$0]++) {print $}} ' $file _path
Perl-lne ' Print unless $seen {$_}++ ' $file _path