Linux Learning: Archiving, backup, process, network-related commands usage collation

Compression

Tar archive command, no compression function
TAR-CF output.tar file1 file2 file3 folder1 ... #参数-c means the file is created and-F represents the specified file.
TAR-CF output.tar *.txt #归档所有. txt file
TAR-RVF File.tar new_file.txt #向归档文件file. Tar to append a file.
TAR-TF File.tar #列出归档文件中的内容
TAR-XF File.tar #参数-X indicates the extraction of a file or folder. Extract content to the current folder
TAR-XF file.tar-c/data/test #参数-C means extracting files to the specified directory
TAR-XVF File.tar file3 File6 #提取指定的几个文件, ignoring other files
Tar-af File.tar File2.tar #合并多个归档文件
TAR-TVF File.tar #查看合并归档文件是否成功
TAR-UVVF File.tar #查看归档文件中某个特定文件的时间戳
TAR-DF file.tar file1 file2 ... #比较归档文件中的文件与系统中的同名文件是否有差别. -D print out the difference.
Tar-f file.tar--delete file1 file2 ... #使用--delete option to delete the specified file from the archive file
Tar--delete--file file.tar file1 file2 ... #同上
TAR-CF File.tar *--exclude "*.txt" #排除归档中所有. txt file
TAR-CF File.tar *-x list.txt #排除归档中所有在list the files listed in. txt.
TAR-CF File.tar *--exclude "*.txt"--totals #选项--totals to print out the total archive bytes after the archive is complete
TAR-CZVVF file.tar.gz file1 file2 ... #创建经由gzip压缩过的归档文件
TAR-CAVVF file.tar.gz file1 file2 ... #同上

gzip filename #压缩文件. Delete the original file and generate filename.gz
Gzip-l test.txt.gz #列出压缩文件的属性信息
Gunzip filename.gz #解压文件. Remove filename.gz and generate an uncompressed form of filename.gz

Zip file.zip file #压缩file文件, generate File.zip compressed files, do not delete the original file after compression
Zip-r file.zip folder File #对目录和文件进行递归操作
Contents of Zip file.zip-u newfile #更新file. zip
zip-d file.zip test.txt Delete files in #从压缩文件file. zip test.txt
Unzip File.zip #解压缩文件, the original compressed file will not be deleted after decompression
Unzip-l File.zip #只列出文件中的内容

Remote replication backup:
Rsync (Ubuntu installation related package: sudo apt-get install rsync)
Rsync-av source_path Destination_path #以递归方式将源目录复制到目的端,-a means archiving, and-V means printing details and progress in stdout
Rsync-av source_path [email protected]:p ath #将本地的目录递归赋值到远程主机上例如: rsync-av/data/test [Email protected]:/home/backup
Rsync-avz source Destination #参数-Z means data compression is used during network transfer
rsync-av/home/test//home/backups #复制test目录中的内容到目的端
Rsync-av/home/test/home/backups #在目的端创建backups目录并将源端 The/home/test directory to this directory.
rsync-av/home/test/home/backups/#将源端/home/test content to an existing directory backups
rsync-avz/home/code/mnt/backup/--exclude "*.txt" #选项--exclude exclude files that do not need to be updated
rsync-avz/home/code/mnt/backup/--exclude-from/data/filelist.txt #选项--exclude-from exclude files that are listed in the file filelist.txt.
Rsync-avz source Destination--delete #选项--delete indicates that the destination end files that are not already present on the source side are deleted when the archive is replicated.
rsync-pa-i–size-only–delete–timeout=300 Remote_ip:/home/ubuntu/backup #使用ssh方式同步远程数据到本地目录

Scp:secure copy
SCP [email protected]:/data/log.zip/data/test   #通过ssh将远程文件拷贝回本地
Scp-r [email  protected]:/data/test/data/test   #通过ssh将远程目录递归拷贝回本地/data/test directory
scp/data/test.tar.gz [email  Protected]:/data/test   #通过ssh将本地文件拷贝到远程主机
scp-p 4588 [email protected]:/data/test.sh/data/test   #选项-p Specifies that the port will copy the remote host file locally
Additional parameters option:
-1 Force SCP command using protocol SSH1
-2 Force SCP command using protocol SSH2
-4 Force SCP command to use IPV4 addressing
-6 Forcing the SCP command to use only IPV6 addressing
-B uses batch mode (no transmission password or phrase is queried during transfer)
-C allows compression. (Pass the-c flag to SSH to turn on compression)
-P retains the original file's modification time, access time, and access rights.
-Q does not display the transfer progress bar.
-R recursively replicates the entire directory. The output is displayed in
-v verbose mode. SCP and SSH (1) will display debugging information for the entire process. This information is used to debug connections, authentication, and configuration issues.
-C cipher encrypts the data transfer with cipher, and this option is passed directly to SSH.
-F ssh_config Specifies an alternative SSH configuration file that is passed directly to SSH. The
-I identity_file the key file that is used when transferring from the specified file, and this parameter is passed directly to SSH. The
-L limit limits the bandwidth that users can use, in kbit/s.
-O ssh_option If you are accustomed to using parameter passing in Ssh_config (5),
-p port Note is uppercase P, port is the port number specified for data transfer
-s program specifies the procedure used to encrypt the transfer. This program must be able to understand the options for SSH (1).

----------------------------------------------------------------
Regular remote automatic incremental backup scripts, using Crontab for automatic execution
#!/bin/bash
Find/-mtime 0! -type d >/tmp/backup_list 2>/dev/null #找出当天修改的非目录文件, results redirected to/tmp/backup_list file
Cd/tmp
Filename= ' data ' +%f "' #得到当天日期并赋值给变量
Tar-t backup_list ZCVF ${filename}.back.tar.gz #以给定文件名归档并压缩文件
#将备份文件上传到远程服务器上
Ftp-n<<-alist
Open 192.168.12.12 6789
User Xst 123456
Binary #设定以二进制方式传输文件
Cd/home/xst/backup #进入远程服务器的备份目录
LCD/TMP #进入当前计算机中的/tmp directory
Put *.back.tar.gz #推送到远程服务器
Bye
Alist
Rm-f ${filename}.back.tar.gz
Exit 0
----------------------------------------------------------------

Process:

PS #查看进程信息
Ps-a #查看当前有哪些进程
Ps-f #参数-F to display more columns
Ps-e #显示系统所有进程信息
Ps-ax #同上
Ps-ef #显示比较完整的进程信息. or Ps-ax or PS-AXF.
Ps-eo "%c:%p:%z:%a" |sort-k5-nr #按内存从大到小排列进程
Ps-eo "%c:%p:%z:%a" |sort-nr #按cpu利用率从大到小排列进程
Ps-eal | awk ' {if ($ = = "Z") {print $4}} ' | sudo kill-9 #清除僵死进程

Kill-l #打印出信号数和信号名称
Kill-s SIGNAL PID #向指定进程发送信号, SIGNAL either for the signal number or for the signal name, as follows:
SIGHUP 1: Suspend detection of a control process or terminal
SIGINT 2: Send this signal when CTRL + C is pressed
SIGKILL 9: For forced kill process
SIGTERM 15: Default for terminating processes
SIGTSTP 20: Send this signal when CTRL + Z is pressed
Kill-s SIGKILL PID #杀死PID对应的进程
Kill-9 pid #同上, kill pid corresponding process
Killall-9 gedit #通过进程名称杀死进程

Internet:

Top #查看内存, CPU, the state between processes.
Htop #在top的基础上更好显示 (perform sudo apt-get install htop installation)
Free #查看当前的内存使用情况
Pstree #查看当前进程树
Lsof file #查看哪个进程打开了文件file
sudo lsof-i: #查看22端口现在运行什么程序
sudo lsof-c vim #查看vim进行现在打开的文件

Ifconfig Ens33 | Egrep-o "inet addr:[^]*" | Grep-o "[0-9.] * "#提取本地ens33网卡的IP地址
Ifconfig ens33 hw ether 00:cc:bf:5a:aa:dd #设置MAC地址, hardware address spoofing at the software level
Ifconfig ens33 192.168.0.12 netmask 255.255.252.0 #设置IP地址的子网掩码
Ifconfig ens33 192.168.0.12 #设置网卡ens33的ip地址

cat/etc/resolv.conf #查看DNS
Echo nameserver 8.8.8.8 >>/etc/resolve.conf #追加DNS: 8.8.8.8 to/etc/ Resolve.conf in the DNS address file. 　　
Host google.com #列出域名所有的IP地址
nslookup google.com #查询DNS相关的细节信息以及名字解析
Route or netstat-rn or sudo route-n #查看路由表信息
Ping Address #检查某个主机是否可以到达 address can be IP, domain name, and hostname
Ping address-c 5     #选项-C 5 to limit the number of ECHO packets sent Volume is 5, 5 times automatically stops sending

Arping IP #根据IP查网卡地址
Nmblookup-a IP #根据IP查电脑名
Arp-a | awk ' {print $4} ' #查看当前网卡的物理地址
sudo ifconfig eth0:0 1.2.3.4 netmask 255.255.255.0 #同一个网卡增加第二个IP地址
Echo ' Blacklist ipv6 ' | sudo tee/etc/modprobe.d/blacklist-ipv6 #屏蔽IPV6
sudo netstat-atnp #察看当前网络连接状况以及程序
Whois test.com #查看域名的注册备案情况
Tracepath test.com #查看到某一个域名的路由情况:
Netstat-na|grep:80|awk ' {print $} ' |awk-f: ' {print '} ' |sort|uniq-c|sort-r-n #统计80端口的连接并排序
Netstat-n | awk '/^tcp/{++s[$NF]} END {for (a in S) print A, S[a]} ' #查看网络连接状态
Netstat-na|grep Established|awk ' {print $} ' |awk-f: ' {print '} ' |sort|uniq-c|sort-r-n #统计当前IP连接的个数
Nc-zv localhost 1-65535 #查看当前系统所有的监听端口
W3m-dump_head http://www.xxx.com #查看HTTP头
W3m-no-cookie-dump www.123cha.com|grep-o ' [0-9]\{1,3\}\. [0-9]\{1,3\}\. [0-9]\{1,3\}\. [0-9]\{1,3\} ' #查看当前外网的IP地址
sudo apt-get install rkhunter; Rkhunter–checkall #检查本地是否存在安全隐患

----------------------------------------------------------------------
Intrusion Reporting tool with Auth.log file as input
filename:check.sh
#!/bin/bash
Authlog=/var/log/auth.log
if [[-N $]];
Then
Authlog=$1
echo Using Log file: $AUTHLOG
Fi
Log=/tmp/valid.$$.log
Grep-v "Invalid" $AUTHLOG > $Log
users=$ (grep "Failed password" $LOG | awk ' {print $ (NF-5)} ' | SORT | UNIQ)
PRINTF "%-5s|%-10s|%-10s|%-13s|%-33s|%s\n" "sr#" "User" "attempts" "IP address" "host_mapping" "Time range"
ucount=0;
Ip_list= "$ (egrep-o" [0-9]+\.[ 0-9]+\. [0-9]+\. [0-9]+] $LOG | Sort | Uniq) "
For IP in $ip _list;
Do
grep $ip $LOG >/tmp/temp.$$.log
For the user in $users;
Do
grep $user/tmp/temp.$$.log >/tmp/$$.log
Cut-c-16/tmp/$$.log > $$.time
tstart=$ (head-1 $$.time);
start=$ (date-d "$tstart" "+%s");
tend=$ (Tail-l $$.time);
end=$ (date-d "$tend" "+%s")
limit=$ (($end-$start))
If [$limit-GT 120];
Then
Let ucount++;
ip=$ (egrep-o "[0-9]+\.[ 0-9]+\. [0-9]+\. [0-9]+ "/tmp/$$.log | HEAD-1);
Time_range= "$start-$tend"
attempts=$ (CAT/TMP/$$.LOG|WC-L);
host=$ (Host $IP | awk ' {print $NF} ')
printf "%-5s|%-10s|%-10s|%-10s|%-33s|%-s\n" "$ucount" "$user" "$ATTEMPTS" "$IP" "$HOST" "$TIME _range";
Fi
Done
Done
Rm/tmp/valid.$$.log/tmp/$$.log $$.time/tmp/temp.$$.log 2>/dev/null
-------------------------------------------------------------------------------

Linux Learning: Archiving, backup, process, network-related commands usage collation