Linux (iv) Implementation of some other services

First, the firewall

The firewall controls the "Out and in" network access behavior according to the configuration file/etc/sysconfig/iptables. There are four policy tables for behavior configuration policies

1. Basic Essential Skills
View firewall status Service iptables status
Turn on Firewall service iptables start
Turn off Firewall service iptables stop
Turn off firewall boot chkconfig iptables off
Set the firewall to start Chkconfig iptables on

2. Expand your knowledge

(1) List iptables rules Iptables-l–n
Lists iptables rules and displays the rule number IPTABLES-L-n--line-numbers
(2) List iptables Nat Table rule (default is filter table) iptables-l-n-t NAT
(3) Clear the default rule (note that default is the filter table if you want to add-t NAT to the NAT table operation)
#清除所有规则 iptables-f
#重启 iptables Discovery rule still exists because the service iptables is not saved restart
#保存配置 Service Iptables Save
(4) Disable SSH login (if the server is in the room, be careful) iptables-a input-p TCP--dport 22-j DROP

#删除规则 iptables-d input-p TCP--dport 22-j DROP
Add an INPUT rule Open 80 port iptables-i input-p TCP--dport 80-j ACCEPT
Second, httpd service

1. Check if the HTTPD service on this machine is on or off--status-all | grep httpd

2. Open httpd service httpd start to ensure success, check again

3. Check if the HTTPD service is open successfully

Cd/var/www/html
VI huangbo.html Writing a string

In the Windows system, open the browser, enter in the URL address field: http://192.168.123.202/huangbo.html See if you can see the string that we added to the file, and if we can see it, it proves the installation was successful.
Third, System Management

1. Mount the external device (can mount the disc, hard disk, tape, CD image file, etc.)

(1) Mount Optical Drive

Create a directory to mount: Mkdir/mnt/cdrom
Mount the device/dev/cdrom to the mount point (/mnt/cdrom): Mount-t iso9660-o ro/dev/cdrom/mnt/cdrom/
(2) Mount disc image file (. iso file)

We prepare an image file: Centos-6.7-x86_64-bin-dvd1.iso
Then prepare a mount directory: Mkdir/mnt/centos
Mount-t Iso9660-o Loop/root/centos-6.7-x86_64-bin-dvd1.iso/mnt/centos
Note: The mounted resource is invalidated after a reboot and needs to be re-mounted. To mount it automatically, you can set the mount information to the/etc/fstab configuration file, as follows:

(3) Uninstall command Umount/mount/cdrom

2, the size of the statistics folder or file

Storage space View Df-h

Counts the size of all subdirectories and files under the specified path du-sh/mnt/cdrom/packages
3. System service Management

Service--status-all # View all background service processes for the system
Service sshd Status # View the status of the specified background service process
Service sshd Stop # Stop
Service sshd Start # starts
Service sshd Restart # restart

Chkconfig httpd on # # Let the httpd service boot from start
Chkconfig httpd off # # Let httpd service boot not self-starter

Chkconfig--list | grep httpd to see if httpd is added to power on (3 and 5 are on, then boot)

Iv. Process Management

Top # # Display or Manage programs in execution
Free # # Shows memory usage
Ps-ef | grep httpd # # reports the current system's process status
Kill-9 2358 # # kills a process that specifies a process number

We use grep in the process of querying the time will also query out, the following are two kinds of detection and Bouchard out of the comparison:

Five, ssh password-free login

1. SSH concept

SSH is the abbreviation of Secure Shell (Secure Shell Protocol), simply said, SSH is only a network protocol, used for encryption between computers, many FTP, pop and telnet are inherently unsafe, because they send passwords and data in plaintext on the network, with ulterior motives It is very easy for people to intercept these passwords and data. While SSH
is a protocol designed to provide security for remote logon sessions and other network services.
SSH is made up of client and server software.
The server is a daemon (sshd) that runs in the background and responds to connection requests from the client. The client includes SSH programs and other applications such as SCP (remote copy), slogin (remote login), SFTP (Secure file transfer), etc.

2. SSH authentication mechanism

From the client side, SSH provides two levels of security validation.
First level (password-based security authentication) you can log on to the remote host as long as you know your account and password.
Second level (key-based security validation)
You need to rely on the key, which means you have to create a pair of keys for yourself and place the public key on the server you need to access. If you are connecting to an SSH server, the client software makes a request to the server requesting security verification with your key. After the server receives the request, look for your home directory on the server first.
Public key, and then compare it to the public key you sent over. If the two keys are consistent, the server encrypts the "Challenge" (challenge) with a public key and sends it to the client software. After the client software receives a "challenge", it can use your private key to decrypt it and send it to the server.

3. Configure SSH authentication mechanism

The first method:

If a wants to log in B

To operate on a:
(1) First generate a key pair, using the command: Ssh-keygen or ssh-keygen-t RSA
The above one is its shorthand form, the prompt to enter information when you do not enter anything, directly enter three times OK after the above command completes, it will generate so two files, where id_rsa.pub is the public key
(2) Place A own public key into the authorization list file Authorized_keys cat id_rsa.pub > Authorized_keys or CP id_rsa.pub Authorized_keys
(3) Send the resulting authorized_keys to the corresponding folder of machine B
Scp-r Authorized_keys [email protected]: $PWD or scp-r authorized_keys [email protected]:/root/.ssh/
This is a remote copy command, which means to copy the Authorized_keys to the 192.168.123.202 machine directory
(4) so that our machine a can access to machine B. Authentication method using command: SSH 192.168.123.202
A key point of understanding: A sends the public key to B, not B can access a, but a can access B, so any machine wants to be able to access other machines, then sends its own public key content to the other machine's authorized _keys go, remember, is append, not cover
Liu, Crontab
1. Command function

With the crontab command, we can execute specified system instructions or shell script scripts at a fixed interval of time. The units of the time interval can be any combination of minutes, hours, days, months, weeks, and more. This command works well for periodic log analysis or data backup.
2, Installation Crontab

Yum Install Crontabs
Service Operation Instructions:
Service Crond Start # # Startup Services
Service Crond Stop # # # Shutdown Services
Service Crond Restart # # Restart Services
Service Crond Reload # # Reload Configuration
# # View Crontab Service Status:
Service Crond Status
# # Manual Start crontab Service:
Service Crond Start
# # to see if the Crontab service is set to boot, execute the command:
Chkconfig--list
# # Join Boot auto start:
Chkconfig--level Crond on

3. Command format

crontab [-u user] File
crontab [-u user] [-e |-l |-r]
Parameter description:
-u User: Used to set a user's crontab service, for example, "-u ixdba" means to set IXDBA user's crontab service, this parameter is usually run by the root user.
File:file is the name of the command file, which indicates that file is the Crontab task list and loaded into crontab.
-E: Edits the contents of a user's crontab file. If you do not specify a user, the crontab file for the current user is edited.
-L: Displays the contents of a user's crontab file, or displays the contents of the current user's crontab file if no user is specified.
-R: Deletes a scheduled task configuration, removes a user's crontab file from the/var/spool/cron directory, and deletes the current user's crontab file by default if no user is specified.
-I: Give a confirmation prompt when deleting a user's crontab file.
command example:
crontab file [-u user] # # replaces the current crontab with the specified files.
Must master:
crontab-l [-u user] # # Lists the user's current crontab.
CRONTAB-E [-u user] # # Edit User's current crontab.

4, Configuration instructions:

Basic format:
* * * * * command
Time-sharing Weekly command
The 1th column represents minutes 1~59 per minute with * or */1
The 2nd column represents the hour 0~23 (0 means 0 points) 7-9 means: between 8 and 10 points.
The 3rd column represents the date 1~31
The 4th column represents the month 1~12
5th Column Identification Number Week 0~6 (0 = Sunday)
6th List of commands to run

5. Configuration Example

*/1 * * * * Date >>/root/date.txt The above example indicates that a date command is executed every minute
* * * * * * * * */USR/LOCAL/ETC/RC.D/HTTPD Restart the above example indicates that 21:30 restarts Apache per night
4 1,10,22 * */USR/LOCAL/ETC/RC.D/HTTPD Restart above example 4:45 restart Apache per month for 1, 10, 22nd
1 * * 6,0/USR/LOCAL/ETC/RC.D/HTTPD Restart the above example shows that 1:10 restarts Apache per Saturday, Sunday
0,30 18-23 * * */USR/LOCAL/ETC/RC.D/HTTPD Restart the above example shows that the Apache is restarted every 30 minutes from 18:00 to 23:00 every day
0 * * 6/USR/LOCAL/ETC/RC.D/HTTPD Restart the above example indicates that each Saturday's 11:00AM restarts Apache
* */1 * * * */USR/LOCAL/ETC/RC.D/HTTPD Restart the above example restart Apache every hour
* 23-7/1 * * * * */USR/LOCAL/ETC/RC.D/HTTPD Restart above example 11 o'clock to 7 a.m., every hour to restart Apache.
0 4 * mon-wed/usr/local/etc/rc.d/httpd Restart above example 4th per month with 11 points from Monday to Wednesday restart Apache
0 4 1 Jan */usr/local/etc/rc.d/httpd Restart above example 4 points on January 1 restart Apache

Linux (iv) Implementation of some other services