Daily management __linux of Linux operation and maintenance-linux system

Monitoring System Status –w, Vmstat
Command W, uptime
System load averages number of processes active during a unit time period
View the number of CPUs and the number of cores
Vmstat 1
Vmstat 1 10
Vmstat the meaning of each indicator:
R: The number of processes running and waiting for CPU time slices, which means that the CPU is not enough if it is longer than the number of server CPUs;
B: The number of processes waiting for resources, such as waiting for I/O, memory, etc., if the value of this column is longer than 1, you need to pay attention to the
Si: The amount of memory entered by the Exchange zone;
So: The amount of memory entering the swap area;
BI: The amount of data read from a block device (read disk);
Bo: The amount of data written from a block device (write disk);
WA: Represents the percentage of CPU time consumed by I/O waiting.

Monitoring System Status –top
Used to dynamically monitor the system resources of the process, changing every 3 seconds.
RES This is the memory size of the process, and%mem is the percentage of memory used. In top state, press SHIFT + M to sort by memory usage size. The use status of each CPU can be listed by the number ' 1 '.
TOP-BN1 it represents the use of non dynamic print system resources and can be used in shell scripts

Monitoring System Status –sar
Without this command, use Yum install-y sysstat
Network card traffic Sar-n Dev, sar-n Dev 1 10
Sar-n dev-f/var/log/sa/sa24
View Historical Load Sar-q
View disk read/write Sar-b

Free view of system memory usage
Free is shown in K-M in m units g in G
MEM (total): Memory totals; MEM (used): memory already allocated; Mem (free): unallocated memory; MEM (buffers): Buffers;mem (cached) systems allocated but not used, but not used cache
Buffers/cache (used): The actual use of buffers and cache total, but also the actual use of memory; Buffers/cache (free): unused buffers with cache and unallocated memory, This is the system's current actual available memory
Buffers is about to be written to disk, cache is read from disk

PS View System process
PS aux/ps-elf
PID: The ID of the process, this ID is useful, in Linux kernel management process is to rely on PID to identify and manage a certain process, such as I want to terminate a course, the ' kill process pid ' sometimes can not kill, you need to add a-9 option for KILL-9 process PID
STAT: Indicates the state of the process, the process state is divided into the following
D a process that cannot be interrupted (usually IO)
R Running Processes
S has interrupted the process, most of the process in the system is this state
T has stopped or paused the process, if we are running a command such as sleep 10 if we click Ctrl-z to let him pause, then we use PS to view it will show t this state
X already dead process (this never happens)
Z zombie process, can't kill, killing the garbage process, accounting for the system a small point of resources, but it does not matter. If it's too much, there's a problem.
< high-priority process
N Low-priority process
L is locked in memory paging
S main process
L multithreading process in the foreground

Netstat View network conditions
NETSTAT-LNP View the current system open ports and sockets
Netstat-an View all connections to the current system

Linux Grab Kit

tcpdump system with grab Bag tool
Tcpdump-nn-i eth0 TCP and host 192.168.0.1 and port 80
Tcpdump-nn-vs0 TCP and Port not 22-c 100-w 1.cap
Wireshark can also install Yum install-y under Linux Wireshark
Grab Packet Analysis HTTP request: Tshark-n-T a-r http.request-t fields-e "Frame.time"-E "ip.src"-E "http.host"-E "Http.request.method"-E "Http.request.uri"

Selinux
Configuration file/etc/selinux/config Three forms: enforcing, permissive, disabled selinux=disabled
Setenforce 0/1 getenforce Yum install-y libselinux-utils

Netfilter–iptables
Iptables-nvl View rule
iptables-f clear current rule
Iptables-z counter clear 0
Service Iptables Save The rule file saved by the save rule is:/etc/sysconfig/iptables
Service iptables Stop can pause the firewall, but after rebooting it reads/etc/sysconfig/iptables and starts the firewall. In addition, even if we stop the firewall, but once we add any rule, it will also open the
iptables-t specified table name, the default is not plus-T is the filter table
Filter This table is mainly used to filter the package, is the system preset table, built three chain input, Output and forward. Input is used for packets entering the local machine, output is for the packets that are sent from the machine, and forward is used for packages that are not native to the machine. The main use of
NAT is network address translation, and there are three chains. The role of the prerouting chain is to change its destination address when the package has just arrived at the firewall, if necessary. The output chain changes the destination address of the locally generated package. The postrouting chain changes its source address before the package is about to leave the firewall. The
mangle table is primarily used to mark packets and then to manipulate which packages according to the tag. This watch is hardly used.

Iptables Rule Related:
View Rules Iptables-t NAT-NVL
Purge Rule iptables-t nat-f
Add/Remove Rule iptables-a/-d input-s 10.72.11.12-p tcp–sport 1234-d 10.72.137.159–dport DROP
Insert Rule iptables-i input-s 1.1.1.1-j Drop/accept/reject
Iptables-nvl–line-numbers view rule with ID number
iptables-d INPUT 1 Deletes the corresponding rule according to the ID number of the rule
Iptables-p INPUT DROP is used to set the default rule, the default is ACCEPT, once the DROP is set, only iptables-p ACCEPT can be used to revert to the original state, and the-f argument cannot be used

Instance:
For the filter table, preset policy input chain drop, two other chain accept, then open 22 ports for 192.168.0.0/24, 80 ports for all segments, and 21 ports for all network segments. The script is as follows: !/bin/bash

ipt= "/sbin/iptables"
Ipt−f; Ipt-f; Ipt-p INPUT DROP;
ipt−poutputaccept; Ipt-p OUTPUT ACCEPT; Ipt-p FORWARD ACCEPT;
Ipt−ainput−s192.168.0.0/24−ptcp–dport22−jaccept ipt-a input-s 192.168.0.0/24-p tcp–dport 22-j ACCEPT ipt-a input-p Tcp–dport 80-j ACCEPT
$ipt-A input-p tcp–dport 21-j ACCEPT
The ICMP package has the common application, this machine ping is outside the net, the outside network Ping does not pass the native iptables-i input-p icmp–icmp-type 8-j DROP

NAT Table Application:
Routers are implemented using the Iptables NAT principle
Suppose you have two Nic eth0 and eth1 on your machine, where eth0 IP is 192.168.10.11,eth1 IP is 172.16.10.11. Eth0 connected Intnet But eth1 no connection, now there is another machine (172.16.10.12) and eth1 is interoperable, then how to set up also can make connection eth1 the machine can connect intnet?
echo "1" >/proc/sys/net/ipv4/ip_forward
Iptables-t nat-a postrouting-s 172.16.10.0/24-o eth0-j Masquerade

Iptables rule backup and restore:
Service Iptables Save this will be saved to/etc/sysconfig/iptables
Iptables-save > Myipt.rule The firewall rules can be saved to the specified file
Iptables-restore < Myipt.rule This allows you to restore the specified rules Linux System Task Scheduler
/etc/crontab Cron's main configuration file, you can define path
The cron format is as follows: . —————-minutes (0-59) |. ————-hours (0-23) | |. ———-Day (1-31) | | | . ——-month (1-12 ) | | | | | ----Zhou (0-6) (Sunday =0 or 7) | | | | * * * * user-name command to be executed

Cron is also a service, so you need to start the service before it takes effect: service Crond start; Service Crond Status

Linux system service Management
Tools NTSYSV similar to graphical interface management tools, if the command does not use Yum install-y NTSYSV installation
Common services: Crond, iptables, Network, sshd, Syslog, Irqbalance, SendMail, Microcode_ctl
Chkconfig–list
Chkconfig–add/del ServiceName
Chkconfig–level [345] ServiceName On/off

Linux System Log
/var/log/messages Core System log files
Archive a log weekly messages-20130901
/etc/logrotate.conf
Messages is generated by the syslogd daemon, and if this service is stopped, the system will not produce/var/log/messages
/var/log/wtmp View user logon history last
/var/log/btmp LASTB View Invalid login history
/var/log/maillog
/var/log/secure
Dmesg
/var/log/dmesg

EXEC and Xargs
exec and find use simultaneously
Finds files that are more than 10 days from the current directory creation and deletes: find. -mtime +10-exec rm-rf {} \;
Batch change filename: Find./*-exec mv {} {}_bak \;
Xargs is used behind the pipe symbol.
Find. -mtime +10 |xargs RM-RF
ls-d./* |xargs-n1-i{} MV {} {}_bak
Xargs can turn multiple lines into one line of cat 1.txt|xargs

Screen Tools Introduction
Screen is equivalent to a virtual terminal, it will not quit because of network interruption, each login can access the screen
How to: Enter the screen command directly
Screen-ls View the screen already open
Ctrl +a and then press D to exit the screen session, just exit and not end. At the end, enter Ctrl +d or enter exit
After exiting, you will want to log on to a screen session again, using Sreen-r Screenid if only one screen is directly screen-r
Screen-s aming; login words screen-r aming

Learn to use the Curl command
Curl is the Linux system command line for simple test Web Access tools, several common options you have to master
Curl-xip:port www.baidu.com #-X can specify IP and port, omit write hosts, convenient and practical
Curl-iv http://www.qq.com #-I can skip the contents of the access, display only the status code, V can show the detailed process
Curl-u User:password http://123.com #-u can specify user name and password
Curl Http://study.lishiming.net/index.html-O #可以下载, you can also use the-O custom name Curl-o index2.htmlhttp://study.lishiming.net/ Index.html

Several network-related commands
Ping
Telnet Www.lishiming.net 80
Traceroute www.baidu.com
Dig @8.8.8.8 study.lishiming.net
Nc-z-w2 www.baidu.com 1-1024 #-W2 indicates 2s timeout port Here you can write only one port, or you can write a range. When you use the NC scan port, you must add-Z or the result will not appear. In addition, if you want to display the ports that are not open, you can add a-V

Rsync Tools use
rsync command format
rsync [OPTION] ... SRC DEST
rsync [OPTION] ... SRC [User@]host:dest
rsync [OPTION] ... [user@] HOST:SRC DEST
rsync [OPTION] ... [user@] HOST::SRC DEST
rsync [OPTION] ... SRC [user@]host::D EST

Rsync Common Options
-a archive mode, which means that files are transferred recursively and all properties are equivalent to-rlptgod, and the-a option can be followed by a –no-option that closes one of the-rlptgod, such as-a–no-l Equivalent to the-rptgod
-R subdirectory in recursive mode, mainly for the directory, if a separate file does not need to add-r, but the transport is the directory must add-r option
-V To print some information, such as speed, number of files, such as
-l retention Soft link
-L treat soft links as normal files, if there is a soft link file in src, then add this option to copy the soft link to the target file to DST
-p to keep file permissions
-O to keep the file owner
-G to keep file group information
-D to maintain device files Information
-T Keep file time information
–delete Delete files that are not in the DST src
–exclude=pattern specifies that files that do not need to be transferred are excluded, followed by the name of the equal sign, and can be in Universal character mode (such as *.txt)
–pro Gress in the process of synchronization can see the synchronization of the state of the process, such as statistics to synchronize the number of files, synchronized file transfer speed, and so on
-u plus this option will be more than SRC and new files out of DST, will not overwrite
the most commonly used-a-v–delete– Exclude

rsync Options Tutorial
Rsync-av dir1/dir2/# where the dir2/directory can not exist, remember to sync the directory must be at the end of the Add/
-A will copy the soft connection to the past, and sometimes we want to copy the source file. It's time to use a-l
Rsync-avl test1/test2/
The effect of the-u option is to ignore the file if the target file is newer than the source file
Touch Test2/1.txt; Rsync-avu test1/test2/
Rsync-av–delete test1/test2/#这样会把test2/directory removed from files more than the test1/directory
Rsync-a–exclude= "2.txt" test1/test2/#在同步的过程中, will ignore 2.txt this file
Rsync-a–progress–exclude= ". txt" test1/test2/#–progress displays the details of the synchronization process, and the wildcard character can be used after –exclude

rsync application Instance-SSH mode
Rsync-avl test1/www@192.168.0.101:/tmp/test2/
Rsync-avl 192.168.0.101:/tmp/test2/./test3/
Because you need to enter a password so it is not appropriate to write to the script, but you can create a secret key pair, so that two machines have a trust relationship without entering a password
If the SSH port is not 22, then it needs to be written in this form: Rsync-av "–rsh=ssh-p Port"/dir1/192.168.0.101:/tmp/dir2/

Rsync application-Background service mode
Configuration file/etc/rsyncd.conf, which reads as follows: port=873 #监听端口默认为873, or it can be another port

Log File=/var/log/rsync.log #指定日志
PID file=/var/run/rsyncd.pid #指定pid address=192.168.0.10 #可以定义绑定的ip

The above section is the Global configuration section, and the following are the settings within the module
[Test] #为模块名, customizing
Path=/root/rsync # Specifies which directory the module corresponds to
Use Chroot=true #是否限定在该目录下, the default is true, and when there is a soft connection, you need to change to Fasle
Max Connections=4 # Specifies the maximum number of clients that can be connected
Read Only=no #是否为只读
List=true #是否可以列出模块名
Uid=root #以哪个用户的身份来传输
Gid=root #以哪个组的身份来传输
Auth users=test #指定验证用户名, you can not set
Secrets file=/etc/rsyncd.passwd #指定密码文件, if you set the authentication user, this item must be set
Hosts allow=192.168.0.101 #设置可以允许访问的主机, can be a network segment
The content format of the password file/etc/rsyncd.passwd is: Username:password
The command to start the service is: Rsync–daemon
The default is to use the/etc/rsyncd.conf configuration file, or you can specify a profile rsync–daemon–config=/etc/rsyncd2.conf
The options you can use are: rsync–daemon–help