Log
The role of the log:
1. Solving the system problems
2. Troubleshooting Network Services
3. Record Past Events
/var/log///log File save location
Cron//Record recurring task schedule
DMESG//boot core detection information
Lastlog//System all the last login information
Maillog//Mail exchange
Messages//System error message
Secure//Design the program to enter the system account password
WTMP//account information of the correct login system
BTMP//Error Login System account information
/var/log/httpd/ //different network services will be saved in their own log directory
/var/log/samba/
Log type
1.ASCII type
2.data type
Last//view wtmp log file
LASTB//View btmp log file
Services required for logging
RSYSLOGD//mainly responsible for recording the information and kernel information of the system when it is written to the log, the main service of log
Logrotate//main responsible for log polling
Rhel5 version before log service SYSLOGD service, rhel6 after RSYSLOGD service
Rsyslog
What services what level is recorded in which file
Configuration file:/etc/rsyslog.conf
/etc/rsyslog.d/*
/etc/rsyslog.conf
# # # RULES # #
Option action (options and actions are split with TAB tab "tab")
Options: Facilities and levels (facilities and levels with "." (different options are split with ";")
*.info;mail.none;authpriv.none;cron.none/var/log/messages
Facilities
AUTHPRIV//authentication system, asking the user and password
Cron//Recurring Scheduled Tasks
Daemon//Daemon Program
Kern//Kernel information
Mail/email system
LPR//Printer
News//Press System
User//local user application information
UUCP//UUCP Subsystem Information,
LOCAL0-7//local type information
Man Syslog//view Help, with level instructions inside
Level
0-7
0 Emerg//Basic to crash
1 alert//The problem is quite serious, more serious than the tipping point
2 Crit//critical point, this error is already serious.
3 Err//Critical error message
4 waining//Warning
5 Notice//NOTE: Non-error status reporting, but should be handled specifically; more attention is needed than the info level
6 Info//Advisory Information
7 Debug/Debug Error
None//With this level of type immortality information does not need to be sent out
. XXX: Indicates information that is greater than this level
. =XXX: Represents information equal to this level
.! XXX: Indicates level information outside of this level
Action
/filename The log file, the absolute path indicates the file name, and the log information for the option is saved in the document. This file must be established beforehand
@host remote host; The @ sign can be either an IP address or a domain name or host name
Username,username sent to the specified user, the user must be logged in.
- All users, users must be logged in.
Cases:
1. Save in a normal file or device file
. /var/log/file.log//Record to normal file
. /dev/pts/0//Record to device file
2. Forwarding to a remote host
. @192.168.0.1//forwarding to the 192.168.0.1 514 (default) port using the UDP protocol
. @@192.168.1.1:10514//forwarding to the 192.168.1.1 10514 (default) port using the TCP protocol
3. Send to User (must be online to receive)
. Root//Send to User root
. Root,student,redhat//Send to a specified number of users
. //Send to all users
4. Ignore, Discard
Local3. ~//Ignore All levels of logs for all LOCAL3 types
5. Execute the Script
local3.* ^/tmp/shell.sh//"^" followed by the absolute path of the executable script or program
Service
Rhel6
Service Rsyslog restart//Restart services
Rhel7
Systemctl Restart Rsyslog//Restart Service
Note: If the log configuration file is modified, you need to restart the service to make it effective
Logrotate//Polling of logs
/etc/logrotate.conf//Polling master configuration file
/etc/logrotate.d/*
Vim/etc/logrotate.conf
Log file {
Rules
}
Parameters and Options
Daily Daily Polling
Weekly Weekly Polling
Monthly Monthly Polling
Rotate keep Several time-stamped files
Create a new file (you can specify permissions, owner, owning group)
Dateext old files End with time
SIZE Specifies sizes
Logrotate-vf/etc/logrotate.conf
Summarize
The role of logs
Main configuration file for log
Location of the log
Type of log
Polling function of logs
Main configuration file for log polling
Scheduled Tasks
One-time Scheduled tasks
Recurring Scheduled Tasks
One-time Scheduled tasks
ATD//Services for one-time scheduled tasks
Command
At Date//create one-time scheduled task
at> instructions//what commands to execute
At><eot>//ctrl+d to submit the scheduled task
AT-L//Query one-time scheduled tasks
at-d ID//Delete a one-time scheduled task
At-c ID//query for details of a scheduled task
A file is generated when a scheduled task is generated
Save in the/var/spool/at/directory, delete the file inside is equivalent to delete the scheduled task
Blacklist of one-time scheduled tasks
Vim/etc/at.deny
Note: One row of a user name
Recurring Scheduled Tasks
Vim/etc/crontab//configuration file for recurring scheduled tasks
Shell=/bin/bash//command using the Bash command interpreter
Path=/sbin:/bin:/usr/sbin:/usr/bin//If the absolute path command is not used to search from these directories
Mailto=root//If there is a problem with recurring scheduled tasks, send mail to root
Continuous time Use "-"
Intermittent time use ","
*/5 if it's in minute Dan, it's every 5 minutes.
Cache directory/var/spool/cron/has a file with the same name as the creator
Root has the right to create recurring scheduled tasks for anyone
CRONTAB-E//Edit Recurring Scheduled Tasks
-L//view
-u username//Use other user actions (root)
-r//Clear all recurring Scheduled tasks
Crontab-u student-e//Edit recurring Scheduled tasks for student users
/etc/cron.deny//Blacklist of recurring Scheduled tasks
Practice:
Every Monday to Friday 9 o'clock in the morning and 13 o'clock in the afternoon, count how many users in the current system are logged in and append the results to/tmp/wc.txt
See how many current processes are available every two hours and append results to/tmp/ps.txt
Kernel
Modularity of the kernel
UNAME-A//View all current kernel versions
Kernel modules
/lib/modules/2.6.32-431.el6.x86_64/kernel///Module storage location
module files usually end with ". Ko"
/LIB/MODULES/2.6.32-431.EL6.X86_64/MODULES.DEP//record dependencies between modules
Depmod//Update module Dependencies command
View
Lsmod//View all currently loaded modules
Modinfo//View detailed information for a module
Load
Insmod module location//Load a module (cannot resolve dependencies)
RMMOD Module name//unload a module
-f//force unload, whether or not the module is in use
Modprobe//Can load modules, automatically resolve dependencies
-r//unload module, but like Yum will be the corresponding dependencies are all uninstalled, with caution!!!
-f//Force load
-C//view
Kernel parameters
Switches for managing system functions
Cat/proc/sys/net/ipv4/icmp_echo_ignore_all//The kernel parameter management ignores all ping packets
vim/etc/sysctl.conf//Permanent in effect a kernel parameter is written in the configuration file
SYSCTL-P//Let kernel parameters take effect immediately
Mount
Mount//View mount information mount
Df-h//View mount information
1. Standard format
MOUNT-T file System type mount source mount point
-O//mount with options
RO//Read Only
RW//Read/write
Remount//re-mount
Loop//Local
2. Non-standard format
Mount Mount Source Mount point
Note: Mount points are best for empty directories
If the mount point is a non-empty directory, after the mount is complete, the original data of the directory disappears (temporarily unavailable), and the original data of the directory is restored when the uninstallation occurs.
Do not unload the directory when uninstalling
Umount mount point//unload the mount point
Application of Mount
1. Mount large files, in disguise, can control the space used by the directory (disk quotas)
1) Create a large file
2) format large files MKFS.EXT4 file name//format a file
3) Mount
2. Mount the image file
3. Mount the remote directory
Mount IP Address:/content mount point
4. Multi-level directory quick access
Mount--bind old directory new directory
Vim/etc/fstab//Want to permanently take effect mount the write information in the configuration file
6 fields
1. Mount Source
2. Mount point
3. File system type
4. Option (If the empty option uses "defaults")
5. Whether a backup is required (0 means No 1 means yes)
6. Whether detection is required (0 means no 0 represents yes and has a priority, the smaller the number the higher the priority)
MOUNT-A//After modification, use this command to take effect immediately or restart the computer
Boot START process
1. Hardware boot
MBR: Master boot Record
Bootloader Boot program: Win NTBLR; rhel6 Grub; Rhel7 grub2
DTP: Partitioned Tables
55AA: Checksum
2. Software Startup
RunLevel 0//is to have init close all processes and terminate the system (shutdown)
RunLevel 1//Used to transfer the system to single-user mode for emergency rescue of the system, single-user mode only Administrator (root) can enter
RunLevel 2//allow the use of multi-user mode (incomplete), does not support file sharing and other functions, generally rarely used
RunLevel 3//True multi-user mode (full), is the default mode for most servers
RunLevel 4//generally not used by the system, users can design their own system and self-state and apply it (custom)
RunLevel 5//graphical interface, using X Windows terminal
RunLevel 6//is to have init close all processes and reboot the system (reboot)
Rhel6
To change the root password using single-user mode
Grub----> "E" for editing-----> select kernel and then press "E" to edit-----> enter "1" at the End (spaces and 1)
----"Enter"-----Press "B" to enter single-user mode------Enter "passwd" To change the password-----exit
Vim/boot/grub/grub.conf
Default=0//Default GRUB Menu
TIMEOUT=30//Auto-entry system after default time 30
Splashimage= (hd0,0)/grub/splash.xpm.gz//grub menu background picture
Hiddenmenu//The Grub menu is not displayed by default
Password--MD5 $1$UWQM4/$8H/VGDOXDLF3NUVOOAOS40//The Grub menu is encrypted on the password above the description information
Title Windows 7//Description information
Password--md5 $1$ogrm4/$5dqmc.gvxazmvkhigsgwl///In the password below the description information, a password is required to enter the system
Root (hd0,0)//boot as root (/)
kernel/vmlinuz-2.6.32-431.el6.x86_64//load kernel, drive, HDD partition, language format encoding, etc.
INITRD/INITRAMFS-2.6.32-431.EL6.X86_64.IMG//Enable virtual file system
Grub-md5-crypt//command to generate an encrypted password
Rhel6
Chkconfig service name on/off//Set the service to boot
Chkconfig--list//Check the status of whether the service is powered up
Chkconfig--level sshd off//when booting levels 3 and 5 do not start sshd
Rhel7
1.stage1 and Stage2 file names vary
Stage1 into/boot/grub2/i386-pc/boot.img.
Stage2 into/boot/grub2/i386-pc/core.img.
Partition naming in 2.GRUB2 version of GRUB.CFG configuration file has changed
(hd0,0) changed to ' HD0,MSDOS1 '
3. Change the location of the master profile for the boot menu appearance
/etc/default/grub
4. You can regenerate the configuration file or update the configuration file by command Grub2-mkconfig-o/boot/grub2/grub.cfg
- Init becomes SYSTEMD
6./etc/inittab into the documentation
Start level
Systemctl Get-default//View the default boot level
Systemctl Set-default Boot level name//Set Startup level
Example: Systemctl set-default multi-user.target//Set boot level to 3 levels
Boot level corresponding configuration file/lib/systemd/system/<target Name>.target
Vim/usr/lib/systemd/system/multi-user.target//View level 3 configuration files
Allowisolate=yes//Whether this level can be temporarily switched on, after the modification is complete, reboot takes effect
Start the service
Whether the service starts up and is divided into various services
Systemctl status sshd//View the state of the SSHD service
Sshd.service-openssh Server Daemon
loaded:loaded (/usr/lib/systemd/system/sshd.service; disabled)//represents whether the boot is on or off, the disabled representative turns off the Enable representative.
Active:active (running) since Wed 2016-12-07 21:24:35 EST; 5h 3min ago//Current service's running status
Set up a service to start on boot
Systemctl Enable service name//Set boot start
Systemctl Disabled Service Name//set Boot not boot
Systemctl isolate Rescue.target//temporary switch to rescue mode, Rescue.target rescue mode name
RHEL7 Change Password
The first way
1. Find the line where linux16 started, delete from the back, delete to the first root, append rd.break at the end, and press Ctrl-x to restart to enter single mode
2.mount-o Remount,rw/sysroot
3.chroot/sysroot
4.passwd
5.touch/.autorelabel
6.exit
7.exit
The second way
1. Locate the line where linux16 started, find the RO in this row and change the RO to "RW init=/sysroot/bin/sh", then press Ctrl-x to restart to enter single mode
2.chroot/sysroot
3.passwd
4.touch/.autorelabel
5.ctrl+alt+del
Rhel7 to encrypt the Grub2 menu
Vim/etc/grub.d/40_custom
Set superusers= ' root '
Password Root 123
After configuration is complete
Grub2-mkconfig-o/boot/grub2/grub.cfg//Update the master configuration file
The above is plaintext encryption, the user name can be arbitrary (can be the system does not have users)
Ciphertext encryption
GRUB2-MKPASSWD-PBKDF2//Generate an encrypted password, note that the encrypted password is taken after the
Vim/etc/grub.d/40_custom
Set superusers= ' root '
PASSWORD_PBKDF2 Root grub.pbkdf2.sha512.10000.0862d41b5f0bbf76090c2bdb710
After configuration is complete
Grub2-mkconfig-o/boot/grub2/grub.cfg//Update the master configuration file
SELinux
SELinux belongs to a privilege
/etc/selinux/config
Getenforce//View the status of SELinux
Setenforce 1 or 0//set SELinux status
SELinux limits Two areas
1. Boolean values
2. Security context
1. Boolean values
Getsebool-a//View Boolean values for all current restrictions
Setsebool-p Boolean name on or Off/adjust Boolean value
Example: Setsebool-p Samba_share_nfs on//Adjust Boolean value
2. Security context
The security context of the principal (process) and the target must be consistent for smooth access
View security Context
Ls-z
-RW-------. Root root System_u:object_r:admin_home_t:s0 anaconda-ks.cfg
system_u:object_r:admin_home_t//Security context
Identity: Role: Type
PS-EFZ | grep httpd//View topic security context
Unconfined_u:system_r:httpd_t:s0 Apache 1951 1944 0 10:35? 00:00:00/usr/sbin/httpd
Modifying the security context
1.CHCON-T type file for security context
Example: Chcon-t httpd_t/var/www/html/index.html
2.restorecon file or directory//sync security context
-r//recursive modification
-V//Display procedure
SELinux Log Analysis Tool
Yum install-y setroubleshoot-server//If you do not have the following command, secure this package
Sealert-a/var/log/audit/audit.log//Use the SELinux Log Analysis tool to analyze the log and analyze the solution
Linux Basics (vi)