LESSON-13 Linux system daily management 2

Content Summary: 1. Linux Grab Kit Tcpdump system comes with grab bag tool Tcpdump-nn-i eth0 TCP and host 192.168.0.1 and port 80 Tcpdump-nn-vs0 TCP and Port not 22-c 100-w 1.cap Wireshark can also install Yum install-y under Linux Wireshark Packet Capture parsing HTTP request: Tshark-n-T a-r http.request-t fields-e "Frame.time"-E "ip.src"-E "http.host"-E "Http.request.method"-E "Http.request.uri" 2. Selinux Configuration file/etc/selinux/config Three forms: enforcing, permissive, disabled selinux=disabled Setenforce 0/1 getenforce Yum install-y libselinux-utils 3. NetFilter--Iptables Reference: http://www.cnblogs.com/bangerlee/archive/2013/02/27/2935422.html Two pictures: IPTABLES-NVL Viewing rules Iptables-f clears the current rule Iptables-z Counter Zeroing The rule file saved by the service iptables save rule is:/etc/sysconfig/iptables Service iptables Stop can pause the firewall, but it will read/etc/sysconfig/iptables to start the firewall after the reboot, and even if we stop the firewall, it will open once we add any rule. IPTABLES-T Specifies the table name, which is the filter table by default without-t Filter This table is mainly used for filtering packets, is a system preset table with built-in three chainsINPUT, output, and forward。 Input acts on the package that enters the machine; the output acts on the packet sent by the machine; forward acts on packets that are not related to the machine. NAT is primarily useful for network address translation, port mapping, there are also three chains.preroutingThe role of a chain is to change the destination address of a package just as it arrives at the firewall, if necessary.OUTPUTThe chain changes the destination address of the locally generated package.postroutingThe chain changes its source address before the package leaves the firewall. mangleIt is primarily used to modify the TOS (Type of service, type of services), TTL (Time tolive, lifetime) value of the packet, and to set the mark mark for the packet to implement QoS (Quality of service, QoS) adjustment and Policy routing, due to the need for the appropriate routingapplications are not widely available. Five chains:prerouting, postrouting, INPUT, OUTPUT, FORWARD Raw sets a flag on the message that determines whether the packet is handled by the state tracking mechanismOnly two chains:OUTPUT, prerouting Iptables Rule Related: View Rules Iptables-t NAT-NVL Purge Rule iptables-t nat-f Add/Remove Rule iptables-a/-d input-s 10.72.11.12-p tcp--sport 1234-d 10.72.137.159--dport 80-j DROP Insert Rule iptables-i input-s 1.1.1.1-j Drop/accept/reject IPTABLES-NVL--line-numbers view rule with ID number iptables-d INPUT 1 Deletes the corresponding rule based on the ID number of the rule Iptables-p INPUT DROP is used to set the default rule, which is accept by default, and once set to drop, only iptables-p ACCEPT can be used to revert to the original state, not the-f parameter Instance: For the filter table, the default policy input chain drop, the other two chain accept, then open 22 for 192.168.0.0/24, 80 ports for all network segments, open 21 ports for all network segments. The script is as follows: #! /bin/bash ipt= "/sbin/iptables" $ipt-F; $ipt-P INPUT DROP; $ipt-P OUTPUT ACCEPT; $ipt-P FORWARD ACCEPT; $ipt-A input-s 192.168.0.0/24-p TCP--dport 22-j ACCEPT $ipt-A input-p TCP--dport 80-j ACCEPT $ipt-A input-p TCP--dport 21-j ACCEPT ICMP packet has a common application, native ping out of the network, the external ping does not pass native iptables-i input-p ICMP--icmp-type 8-j DROP NAT Table Application: Routers are implemented using the Iptables NAT principle Suppose you have two NICs on your machine eth0 and eth1, where eth0 IP is 192.168.10.11,eth1 IP is 172.16.10.11. Eth0 Connected Intnet But eth1 is not connected, now there is another machine (172.16.10.12) and eth1 is interoperability, then how to set up to allow the connection eth1 this machine can connect intnet? echo "1" >/proc/sys/net/ipv4/ip_forward Iptables-t nat-a postrouting-s 172.16.10.0/24-o eth0-j Masquerade Regular backup and recovery: Service Iptables Save this will be saved to/etc/sysconfig/iptables Iptables-save > Myipt.rule can save firewall rules to the specified file Iptables-restore < Myipt.rule so you can restore the specified rule 4. Linux System Task Scheduler /etc/crontab Cron master configuration file, you can define path The cron format is as follows: #.----------------minutes (0-59) # | .-------------hours (0-23) # |  | .----------Day (1-31) # |  |  | .-------Month (1-12) # |  |  |  | .----Week (0-6) (Sunday =0 or 7) # |  |  |  | | # * * * * * * user-name command to be executed Cron is also a service, so you need to start the service to be effective: service Crond start; Service Crond Status Task Schedule Exercises: Clear/var/log/slow.log This file every 1:20 A.M. Execute "/bin/sh/usr/local/sbin/backup.sh" every Sunday 3 o'clock 14th # 4:10 per month to execute "/bin/sh/usr/local/sbin/backup_month.sh" Perform "Ntpdate time.windows.com" every 8 hours 1 points per day, 12 points, 18 points to execute "/bin/sh/usr/local/sbin/test.sh" "/bin/sh/usr/local/sbin/test2.sh" is executed from 9 to 18 every day.

LESSON-13 Linux system daily management 2