1 Delete 0-byte files
Find-type f-size 0-exec rm-rf {} \;
2 Viewing processes
Sort by memory from large to small
PS-E-O "%c:%p:%z:%a" |sort-k5-nr
3 Rank by CPU utilization from large to small
PS-E-O "%c:%p:%z:%a" |sort-nr
4 Print the URL that says cache
Grep-r-a jpg/data/cache/* | Strings | grep "http:" |awk-f ' http: ' {print ' http: ' $ ';} '
5 View the number of concurrent requests for HTTP and their TCP connection status:
Netstat-n | awk '/^tcp/{++s[$NF]} END {for (a in S) print A, s[a]} '
6 sed-i '/root/s/no/yes/'/etc/ssh/sshd_config sed the root line in this article, match the root line and replace no with Yes.
7 How to kill the MySQL process:
PS aux|grep mysql|grep-v Grep|awk ' {print $} ' |xargs kill-9 (learn about the use of awk)
Pgrep MySQL |xargs kill-9
Killall-term mysqld
Kill-9 ' Cat/usr/local/apache2/logs/httpd.pid ' try the process PID
8 Display Services running Level 3 Open:
ls/etc/rc3.d/s* |cut-c 15-(Learn the purpose of cut, intercept data)
9 How to display multiple messages in the writing shell, with EOF
Cat << EOF
+--------------------------------------------------------------+
| = = = Welcome to tunoff services = = = |
+--------------------------------------------------------------+
Eof
For the ingenious use of (such as to build a soft link to MySQL)
Cd/usr/local/mysql/bin
For i in *
Do ln/usr/local/mysql/bin/$i/usr/bin/$i
Done
11 Take IP Address:
Ifconfig eth0 |grep "inet addr:" |awk ' {print $} ' |cut-c 6-or
Ifconfig | grep ' inet addr: ' | Grep-v ' 127.0.0.1 ' | Cut-d:-f2 | awk ' {print '} '
12 Size of Memory:
Free-m |grep "Mem" | awk ' {print $} '
13
netstat-an-t | grep ": 80" | grep established | awk ' {printf '%s%s\n ", $5,$6} ' | Sort
14 View the number of concurrent requests for Apache and its TCP connection status:
Netstat-n | awk '/^tcp/{++s[$NF]} END {for (a in S) print A, s[a]} '
15 because colleagues want to count the server under all the JPG file size, wrote a shell for him to count. The original was implemented with Xargs, but he dealt with a part at a time, there are many sums ...., the following command will solve.
Find/-name *.jpg-exec wc-c {} \;|awk ' {print $} ' |awk ' {A+=$1}end{print A} '
The greater the number of CPUs (multiple Cpu,cat/proc/cpuinfo |grep-c processor), the lower the system load, the more requests can be processed per second.
-------------------------------------------------------------------------------
CPU Load # CAT/PROC/LOADAVG
Check whether the first three output values exceed 4 times times the system logical CPU.
CPU Load #mpstat 1 1
Check if the%idle is too low (for example, less than 5%)
19 Memory Space # FREE
Check if the free value is too low to use # Cat/proc/meminfo
Swap Space # Free
Check if the swap used value is too high if the swap used value is too high, further check if the swap action is frequent:
# vmstat 1 5
See if Si and so values are large
21 Disk Space # Df-h
Check if partition usage (use%) is too high (for example, more than 90%) If a partition space is found to be nearly exhausted, you can go to the mount point of the partition and use the following command to find the file or directory that occupies the most space:
# Du-cks * | Sort-rn | Head-n 10
22 disk I/O payload # iostat-x 1 2
Check I/O utilization (%util) is more than 100%
23 Network Load # Sar-n DEV
Check if network traffic (RXBYT/S, txbyt/s) is too high
24 Network error # Netstat-i
Check for a network error (drop FIFO colls carrier) can also be used with the command: # Cat/proc/net/dev
25 Number of Network Connections # Netstat-an | Grep-e "^ (TCP)" | Cut-c 68-| Sort | uniq-c | Sort-n
26 Total Processes # PS aux | Wc-l
Check if the number of processes is normal (for example, more than 250)
27 Number of running processes # vmwtat 1 5
Column gives the number of running processes to check if they exceed 4 times times the system logical CPU
28 Process # top-id 1
See if any abnormal processes are present
29 Network status Check whether DNS, gateway, etc. can be connected properly
30 Users # who | Wc-l
Check if the logged in user is too many (for example, more than 50) can also use the command: # uptime
31 System Log # Cat/var/log/rflogview/*errors
Check for abnormal error records or search for some exception keywords, for example:
# grep-i Error/var/log/messages
# grep-i Fail/var/log/messages
# egrep-i ' Error|warn '/var/log/messages View system exceptions
32 Core Log # DMESG
Check for abnormal error logging
33 System Time # Date
Check system time is correct
34 Number of open files # Lsof | Wc-l
Check that the total number of open files is too large
35 Days Log # Logwatch–print configuration/etc/log.d/logwatch.conf, set Mailto to its own email address, start the mail service (SendMail or postfix), so that you can receive daily journal reports.
The default Logwatch only reports yesterday's log, and you can use # Logwatch–print–range all to get all the log analysis results.
You can use # Logwatch–print–detail high to get more specific log analysis results (not just error logs).
36 Kill 80 Port-related processes
Lsof-i: 80|grep-v "PID" |awk ' {print ' kill-9 ', $ $} ' |sh
37 Clear Zombie process.
Ps-eal | awk ' {if ($ = = "Z") {print $4}} ' | Kill-9
The tcpdump clutch is designed to prevent data from being analyzed when 80 ports are attacked.
# tcpdump-c 10000-i eth0-n DST port >/root/pkts
39 then check the number of repetitions of the IP and order from small to large note that the middle of "-t\ +0" is two spaces
# less Pkts | awk {' printf $ ' \ n '} | Cut-d.-F 1-4 | Sort | uniq-c | awk {' printf $ ' "" $ "\ n"} | Sort-n-t\ +0
40 See how many active php-cgi processes
NETSTAT-ANP | grep php-cgi | grep ^tcp | Wc-l
41 using Iptables to respond to simple attacks
Netstat-an | Grep-v LISTEN | awk ' {print $} ' |grep-v 127.0.0.1|grep-v native ip|sed ' s/::ffff://g ' |awk ' BEGIN {fs= ': '} {num[$1]++} END {for (I in Nu m) if (num>8) {print i}} ' |grep ' [0-9]\{1,3\}\. [0-9]\{1,3\}\. [0-9]\{1,3\}\. [0-9]\{1,3\} ' | xargs-i[] Iptables-i input-s []-j DROP
Num>8 partial setpoint is the threshold value, this sentence will automatically be found in the Netstat-an from the same IP over a certain amount of connection to the prohibited range. Change the IP address of your server to the native IP
Selectively delete some rows:
# Delete all blank lines (similar to "grep". ")
awk NF
awk '/./'
# Delete repeated consecutive rows (simulate "uniq")
awk ' a!~; {a=$0} '
# Delete duplicate, non-contiguous rows
awk '! a[$0]++ ' # The most concise
awk '! ($ A) {a[$0];p rint} ' # most effective
Instruction set for querying system state:
Cat filename One screen view file contents
More filename Paging View file contents
Less file name controllable paging view files contents
Grep-l-R String path displays the file name that contains the string
Grep-l-R string path displays a file name that does not contain a string
Lsof-p Process Number (example: Lsof-p 2428) View the files that the process opened
Lsof Abc.txt shows the process of opening the file Abc.txt
Lsof-i: 22 shows what program the 22 port is running now
Lsof-c NSD Show NSD process now open file
Nohup Program & Run the program in the background, after exiting the login, does not end the program
Strace-f-f-o outfile <cmd> Detailed display of program operation information
Arping IP address according to IP check network card address
Nmblookup-a IP Address Check the computer name according to IP
Linux Delete files with special file names
Suppose a Linux system has a file called "-ee", if we want to operate it, for example, to delete it, follow the general removal method on the command line to enter the Rm-ee command, the interface will prompt us is "invalid option" (invalid option), originally because of the name of the first word identifier "-", Linux has the file name as an option, we can use the "–" symbol to solve the problem, enter the "Rm--ee" command to successfully delete the file named "-ee". If it is a special character, you can add a "" symbol before the special character, or enclose the entire file name in double quotation marks.
For example, there is a--exclude file under the/usr/lcoal/directory, through the command
RM----Exclude
Delete this file
A quick way to find a PHP trojan
Find./-name "*.php"-type f-print0|xargs-0 egrep "(Phpspy|c99sh|milw0rm|eval\ (Base64_decode|eval\ (gzinflate\ (base64 _decode|eval\ (Gzinflate\ (str_rot13\ (BASE64_DECODE|SPIDER_BC) "|awk-f: ' {print $} ' |sort|uniq
How do I delete duplicate rows and keep them in the same order?
awk ' {if (!seen[$0]++) {print $;} ' $file _path
Perl-lne ' Print unless $seen {$_}++ ' $file _path
Linux Operations related command collection