Linux Basics (vi)

Log

The role of the log:
1. Solving the system problems
2. Troubleshooting Network Services
3. Record Past Events

/var/log///log File save location
Cron//Record recurring task schedule
DMESG//boot core detection information
Lastlog//System all the last login information
Maillog//Mail exchange
Messages//System error message
Secure//Design the program to enter the system account password
WTMP//account information of the correct login system
BTMP//Error Login System account information

/var/log/httpd/ //different network services will be saved in their own log directory
/var/log/samba/
Log type
1.ASCII type

2.data type
Last//view wtmp log file
LASTB//View btmp log file

Services required for logging
RSYSLOGD//mainly responsible for recording the information and kernel information of the system when it is written to the log, the main service of log
Logrotate//main responsible for log polling

Rhel5 version before log service SYSLOGD service, rhel6 after RSYSLOGD service

Rsyslog
What services what level is recorded in which file
Configuration file:/etc/rsyslog.conf
/etc/rsyslog.d/*

/etc/rsyslog.conf

# # # RULES # #
Option action (options and actions are split with TAB tab "tab")

Options: Facilities and levels (facilities and levels with "." (different options are split with ";")
*.info;mail.none;authpriv.none;cron.none/var/log/messages

Facilities
AUTHPRIV//authentication system, asking the user and password
Cron//Recurring Scheduled Tasks
Daemon//Daemon Program
Kern//Kernel information
Mail/email system
LPR//Printer
News//Press System
User//local user application information
UUCP//UUCP Subsystem Information,
LOCAL0-7//local type information

Man Syslog//view Help, with level instructions inside
Level
0-7
0 Emerg//Basic to crash
1 alert//The problem is quite serious, more serious than the tipping point
2 Crit//critical point, this error is already serious.
3 Err//Critical error message
4 waining//Warning
5 Notice//NOTE: Non-error status reporting, but should be handled specifically; more attention is needed than the info level
6 Info//Advisory Information
7 Debug/Debug Error

None//With this level of type immortality information does not need to be sent out
. XXX: Indicates information that is greater than this level
. =XXX: Represents information equal to this level
.! XXX: Indicates level information outside of this level

Action
/filename The log file, the absolute path indicates the file name, and the log information for the option is saved in the document. This file must be established beforehand
@host remote host; The @ sign can be either an IP address or a domain name or host name
Username,username sent to the specified user, the user must be logged in.

• All users, users must be logged in.

Cases:
1. Save in a normal file or device file
. /var/log/file.log//Record to normal file
. /dev/pts/0//Record to device file
2. Forwarding to a remote host
. @192.168.0.1//forwarding to the 192.168.0.1 514 (default) port using the UDP protocol
. @@192.168.1.1:10514//forwarding to the 192.168.1.1 10514 (default) port using the TCP protocol
3. Send to User (must be online to receive)
. Root//Send to User root
. Root,student,redhat//Send to a specified number of users
. //Send to all users
4. Ignore, Discard
Local3. ~//Ignore All levels of logs for all LOCAL3 types
5. Execute the Script
local3.* ^/tmp/shell.sh//"^" followed by the absolute path of the executable script or program

Service
Rhel6
Service Rsyslog restart//Restart services
Rhel7
Systemctl Restart Rsyslog//Restart Service

Note: If the log configuration file is modified, you need to restart the service to make it effective

Logrotate//Polling of logs

/etc/logrotate.conf//Polling master configuration file
/etc/logrotate.d/*

Vim/etc/logrotate.conf

Log file {
Rules
}

Parameters and Options
Daily Daily Polling
Weekly Weekly Polling
Monthly Monthly Polling
Rotate keep Several time-stamped files
Create a new file (you can specify permissions, owner, owning group)
Dateext old files End with time
SIZE Specifies sizes

Logrotate-vf/etc/logrotate.conf

Summarize
The role of logs
Main configuration file for log
Location of the log
Type of log
Polling function of logs
Main configuration file for log polling

Scheduled Tasks
One-time Scheduled tasks
Recurring Scheduled Tasks

One-time Scheduled tasks
ATD//Services for one-time scheduled tasks

Command
At Date//create one-time scheduled task
at> instructions//what commands to execute
At><eot>//ctrl+d to submit the scheduled task

AT-L//Query one-time scheduled tasks
at-d ID//Delete a one-time scheduled task
At-c ID//query for details of a scheduled task

A file is generated when a scheduled task is generated
Save in the/var/spool/at/directory, delete the file inside is equivalent to delete the scheduled task

Blacklist of one-time scheduled tasks
Vim/etc/at.deny
Note: One row of a user name

Recurring Scheduled Tasks
Vim/etc/crontab//configuration file for recurring scheduled tasks

Shell=/bin/bash//command using the Bash command interpreter
Path=/sbin:/bin:/usr/sbin:/usr/bin//If the absolute path command is not used to search from these directories
Mailto=root//If there is a problem with recurring scheduled tasks, send mail to root

Continuous time Use "-"
Intermittent time use ","
*/5 if it's in minute Dan, it's every 5 minutes.

Cache directory/var/spool/cron/has a file with the same name as the creator
Root has the right to create recurring scheduled tasks for anyone

CRONTAB-E//Edit Recurring Scheduled Tasks
-L//view
-u username//Use other user actions (root)
-r//Clear all recurring Scheduled tasks

Crontab-u student-e//Edit recurring Scheduled tasks for student users

/etc/cron.deny//Blacklist of recurring Scheduled tasks

Practice:
Every Monday to Friday 9 o'clock in the morning and 13 o'clock in the afternoon, count how many users in the current system are logged in and append the results to/tmp/wc.txt
See how many current processes are available every two hours and append results to/tmp/ps.txt

Kernel
Modularity of the kernel

UNAME-A//View all current kernel versions

Kernel modules
/lib/modules/2.6.32-431.el6.x86_64/kernel///Module storage location
module files usually end with ". Ko"

/LIB/MODULES/2.6.32-431.EL6.X86_64/MODULES.DEP//record dependencies between modules

Depmod//Update module Dependencies command

View
Lsmod//View all currently loaded modules
Modinfo//View detailed information for a module

Load
Insmod module location//Load a module (cannot resolve dependencies)

RMMOD Module name//unload a module
-f//force unload, whether or not the module is in use

Modprobe//Can load modules, automatically resolve dependencies
-r//unload module, but like Yum will be the corresponding dependencies are all uninstalled, with caution!!!
-f//Force load
-C//view

Kernel parameters
Switches for managing system functions

Cat/proc/sys/net/ipv4/icmp_echo_ignore_all//The kernel parameter management ignores all ping packets

vim/etc/sysctl.conf//Permanent in effect a kernel parameter is written in the configuration file

SYSCTL-P//Let kernel parameters take effect immediately

Mount

Mount//View mount information mount
Df-h//View mount information
1. Standard format
MOUNT-T file System type mount source mount point
-O//mount with options
RO//Read Only
RW//Read/write
Remount//re-mount
Loop//Local

2. Non-standard format
Mount Mount Source Mount point

Note: Mount points are best for empty directories
If the mount point is a non-empty directory, after the mount is complete, the original data of the directory disappears (temporarily unavailable), and the original data of the directory is restored when the uninstallation occurs.
Do not unload the directory when uninstalling

Umount mount point//unload the mount point

Application of Mount
1. Mount large files, in disguise, can control the space used by the directory (disk quotas)
1) Create a large file
2) format large files MKFS.EXT4 file name//format a file
3) Mount

2. Mount the image file

3. Mount the remote directory
Mount IP Address:/content mount point

4. Multi-level directory quick access
Mount--bind old directory new directory
Vim/etc/fstab//Want to permanently take effect mount the write information in the configuration file

6 fields
1. Mount Source
2. Mount point
3. File system type
4. Option (If the empty option uses "defaults")
5. Whether a backup is required (0 means No 1 means yes)
6. Whether detection is required (0 means no 0 represents yes and has a priority, the smaller the number the higher the priority)

MOUNT-A//After modification, use this command to take effect immediately or restart the computer

Boot START process
1. Hardware boot
MBR: Master boot Record
Bootloader Boot program: Win NTBLR; rhel6 Grub; Rhel7 grub2
DTP: Partitioned Tables
55AA: Checksum

2. Software Startup

RunLevel 0//is to have init close all processes and terminate the system (shutdown)
RunLevel 1//Used to transfer the system to single-user mode for emergency rescue of the system, single-user mode only Administrator (root) can enter
RunLevel 2//allow the use of multi-user mode (incomplete), does not support file sharing and other functions, generally rarely used
RunLevel 3//True multi-user mode (full), is the default mode for most servers
RunLevel 4//generally not used by the system, users can design their own system and self-state and apply it (custom)
RunLevel 5//graphical interface, using X Windows terminal
RunLevel 6//is to have init close all processes and reboot the system (reboot)

Rhel6
To change the root password using single-user mode
Grub----> "E" for editing-----> select kernel and then press "E" to edit-----> enter "1" at the End (spaces and 1)
----"Enter"-----Press "B" to enter single-user mode------Enter "passwd" To change the password-----exit

Vim/boot/grub/grub.conf
Default=0//Default GRUB Menu
TIMEOUT=30//Auto-entry system after default time 30
Splashimage= (hd0,0)/grub/splash.xpm.gz//grub menu background picture
Hiddenmenu//The Grub menu is not displayed by default
Password--MD5 $1$UWQM4/$8H/VGDOXDLF3NUVOOAOS40//The Grub menu is encrypted on the password above the description information
Title Windows 7//Description information
Password--md5 $1$ogrm4/$5dqmc.gvxazmvkhigsgwl///In the password below the description information, a password is required to enter the system
Root (hd0,0)//boot as root (/)
kernel/vmlinuz-2.6.32-431.el6.x86_64//load kernel, drive, HDD partition, language format encoding, etc.
INITRD/INITRAMFS-2.6.32-431.EL6.X86_64.IMG//Enable virtual file system

Grub-md5-crypt//command to generate an encrypted password

Rhel6

Chkconfig service name on/off//Set the service to boot
Chkconfig--list//Check the status of whether the service is powered up
Chkconfig--level sshd off//when booting levels 3 and 5 do not start sshd

Rhel7
1.stage1 and Stage2 file names vary
Stage1 into/boot/grub2/i386-pc/boot.img.
Stage2 into/boot/grub2/i386-pc/core.img.

Partition naming in 2.GRUB2 version of GRUB.CFG configuration file has changed
(hd0,0) changed to ' HD0,MSDOS1 '

3. Change the location of the master profile for the boot menu appearance
/etc/default/grub

4. You can regenerate the configuration file or update the configuration file by command Grub2-mkconfig-o/boot/grub2/grub.cfg

5. Init becomes SYSTEMD

6./etc/inittab into the documentation

Start level
Systemctl Get-default//View the default boot level
Systemctl Set-default Boot level name//Set Startup level
Example: Systemctl set-default multi-user.target//Set boot level to 3 levels

Boot level corresponding configuration file/lib/systemd/system/<target Name>.target

Vim/usr/lib/systemd/system/multi-user.target//View level 3 configuration files
Allowisolate=yes//Whether this level can be temporarily switched on, after the modification is complete, reboot takes effect

Start the service
Whether the service starts up and is divided into various services
Systemctl status sshd//View the state of the SSHD service
Sshd.service-openssh Server Daemon
loaded:loaded (/usr/lib/systemd/system/sshd.service; disabled)//represents whether the boot is on or off, the disabled representative turns off the Enable representative.
Active:active (running) since Wed 2016-12-07 21:24:35 EST; 5h 3min ago//Current service's running status

Set up a service to start on boot
Systemctl Enable service name//Set boot start
Systemctl Disabled Service Name//set Boot not boot

Systemctl isolate Rescue.target//temporary switch to rescue mode, Rescue.target rescue mode name

RHEL7 Change Password
The first way
1. Find the line where linux16 started, delete from the back, delete to the first root, append rd.break at the end, and press Ctrl-x to restart to enter single mode
2.mount-o Remount,rw/sysroot
3.chroot/sysroot
4.passwd
5.touch/.autorelabel
6.exit
7.exit

The second way
1. Locate the line where linux16 started, find the RO in this row and change the RO to "RW init=/sysroot/bin/sh", then press Ctrl-x to restart to enter single mode
2.chroot/sysroot
3.passwd
4.touch/.autorelabel
5.ctrl+alt+del

Rhel7 to encrypt the Grub2 menu

Vim/etc/grub.d/40_custom
Set superusers= ' root '
Password Root 123
After configuration is complete
Grub2-mkconfig-o/boot/grub2/grub.cfg//Update the master configuration file
The above is plaintext encryption, the user name can be arbitrary (can be the system does not have users)

Ciphertext encryption
GRUB2-MKPASSWD-PBKDF2//Generate an encrypted password, note that the encrypted password is taken after the
Vim/etc/grub.d/40_custom
Set superusers= ' root '
PASSWORD_PBKDF2 Root grub.pbkdf2.sha512.10000.0862d41b5f0bbf76090c2bdb710
After configuration is complete
Grub2-mkconfig-o/boot/grub2/grub.cfg//Update the master configuration file

SELinux

SELinux belongs to a privilege

/etc/selinux/config

Getenforce//View the status of SELinux

Setenforce 1 or 0//set SELinux status

SELinux limits Two areas
1. Boolean values
2. Security context

1. Boolean values
Getsebool-a//View Boolean values for all current restrictions
Setsebool-p Boolean name on or Off/adjust Boolean value
Example: Setsebool-p Samba_share_nfs on//Adjust Boolean value

2. Security context
The security context of the principal (process) and the target must be consistent for smooth access

View security Context
Ls-z
-RW-------. Root root System_u:object_r:admin_home_t:s0 anaconda-ks.cfg

system_u:object_r:admin_home_t//Security context
Identity: Role: Type

PS-EFZ | grep httpd//View topic security context
Unconfined_u:system_r:httpd_t:s0 Apache 1951 1944 0 10:35? 00:00:00/usr/sbin/httpd

Modifying the security context
1.CHCON-T type file for security context
Example: Chcon-t httpd_t/var/www/html/index.html

2.restorecon file or directory//sync security context
-r//recursive modification
-V//Display procedure

SELinux Log Analysis Tool
Yum install-y setroubleshoot-server//If you do not have the following command, secure this package

Sealert-a/var/log/audit/audit.log//Use the SELinux Log Analysis tool to analyze the log and analyze the solution

Linux Basics (vi)