Linux System Engineer Interview questions: 1. View the maximum value (command) of the current single shared memory segment of the Linux system Ipcs-m ipcs-a 2. What command to query the server port for the specified IP address test instructions should be nmap and Nbtscan command to sweep it. What commands are used in 3.crontab to define the priority level of a program execution Nice/renice: Process Execution Priority concept: Process priority: The system allocates CPU time according to process priority, and higher priority processes get more CPU usage time to improve speed and reduce total execution time. Process priority range: 20 to 19 highest level:-20 Lowest: 19 The system administrator has the right to set the process priority to 1 to-20, while normal users can only set 0 to 19. The default level for process runs is 0. The process executed with NICE has a default level of 10 (that is, nice <程序名> , when no rating is specified). Format: Nice <程序名> Nice- <等级> <程序名> such as: (Command post plus & for future runs) VI & priority level 0, default level. Nice VI & Priority Level 10, the default level when you use nice to execute programs. NICE-50 VI & Priority 19,-indicates the option, level 50 exceeds the minimum level of 19, so the system is performed at level 19. NICE-18 VI & Priority level 18. Nice--50 VI & priority level-20, option value is-50, above the highest level-20, so the system is executed at level 20. Nice--18 VI & priority level-18. You can see the execution of the above commands through PS-L (note the difference between the NI values of each VI process). To readjust the priority of the executing process: Adjusts the level of the specified PID process Renice <等级> Attention: <等级> is a parameter, not an option, without a prefix-number. Adjusts the level of all processes for a specified user Renice <等级> <用户名1> <用户名2> ... Adjusts the level of all processes for all users of the specified group Renice <等级> -G <组名1> 4. How to let the history command display the specific time histtimeformat= "%y-%m-%d%h:%m:%s" expect Histtimeformat will be restored after reboot, Can write/etc/profile5. View the mail queue for the currently specified user of the Linux system MAILQ command prints two types of lists: The MAILQ command lists the message queues as follows: Mail queue (1 request)---QID------size-- -----q-time-----------sender/recipient-----AA02508 3 Thu Dec 10:01 root (User unknown) bad_usermailq-v The command lists the message queues as follows: Mail queue (1 request)---QID------Size---priority----q-time-----sender/recipient--aa02508 3 1005 Dec 17 10:01 root (User unknown) bad_user6. View the library file currently loaded by the Linux system Lsof7.ext3 file system how to recover RM command Delete file (1). A brief introduction to the structure of the Ext3 file system in the Ext3 file system used by Linux, files are stored in blocks, by default the size of each block is 1K, and different blocks are differentiated by block numbers. Each file also has a node that contains information such as file owner, read-write permission, file type, and so on. For a file that is less than 12 blocks, the block number of the file data block is stored directly in the node. If the file is larger than 12 blocks, then the node stores the block number of an indirect block after the 12 block number, in the block corresponding to the indirect block number, the block number that stores 256 file blocks (each block number in Ext2fs occupies 4 bytes, so that the block number stored in a block is 1024/4=256). If there is a larger file, there will also be a level two indirect block and a level three indirect block in the node. (2). Recover deleted files by mistake most Linux distributions provide a DEBUGFS tool that can be used to edit the Ext3 file system. However, there is still work to be done before using this tool. First, re-mount the partition where the deleted file was mistakenly read-only. Use the following command: (assuming that the file is in the/usr partition) Mount-r-n-o remount/usr-r is read-only, and-n means not writing/etc/mtab, if it is to recover files on/etc, add this parameter. If the system says XXX partion busy, you can use the Fuser command to see which processes are using the files on this partition: Fuser-v-m/usr If there are no important processes, use the following command to stop them: fuser-k-v-m/usr then you can re-mount these file systems. 。 If all the files are installed uniformly in a large/partition, you can enter single-user mode at the boot prompt with Linux, and try to minimize the chances of the system process writing data to the hard disk, or simply hang the hard disk on another machine. In addition, the recovered data should not be written to/above, to avoid destroying the useful data. If there are dos/windows on the machine, you can write to these partitions: Mount-r-n/dev/hda1/mnt/had then you can execute DEBUGFS: (assuming Linux is/dev/hda5) #debugfs/dev/hda5 The Debugfs prompt Debugfs: Use the Lsdel command to list the information for many deleted files: Debugfs:lsdel debugfs:2692 deleted inodes found. Inode Owner Mode Size Blocks time deleted 164821 0 100600 8192 1/1 Sun May 13 19:22:46 2001 ..... ....... ....... ....... ..... ..... ..... ..... ..... ..... ..... ............ ........... ...... 36137 0 100644 4 1/1 Tue Apr 10:11:15 2001 196829 0 100644 149500 38/38 Mon May v 13:52:04 2001 Debugfs: There are a lot of files listed (here Found 2,692), the first field is the file node number, the second field is the file owner, the third field is read and write permissions, followed by the file size, the number of blocks, delete time. Then you can judge what we need based on file size and deletion date. Like we're going to restore the node is 196829 files: You can first look at the file data status: Debugfs:stat inode:196829 type:regular mode:0644 flags:0x0 version:1 user:0 group:0 size:149500 File acl:0 Directory acl:0 links:0 blockcount:38 fragment:address:0 Number:0 size:0 ctime:0x31a9a574--Mon May 13:52:04 2001 ATIME:0X31A21DD1--Tue may 20:47:29 2001 MTIME:0X313BF 4d7--Tue Mar 5 08:01:27 2001 dtime:0x31a9a574--Mon May 13:52:04 2001 blocks:594810 594811 594814 594815 594816 59 4817 ..... ..... ..... ..... ................ Total:38 can then recover the file with the dump command: Debugfs:dump/mnt/hda/01.sav This restores the file. Exit Debugfs:debugfs:quit Another method is to manually edit Inode:debugfs:mi Mode [0100644] User ID [0] Group ID [0] Size [149500] Creation time [0x 31A9A574] Modification time [0x31a9a574] Access time [0x31a21dd1] deletion time [0x31a9a574] 0 Link count [0] 1 Block coun t [+] file flags [0x0] Reserved1 [0] file ACL [0] Directory ACL [0] Fragment address [0] Fragment number [0] Fragment siz e [0] Direct Block #0 [594810] ..... ..... ................ Triple Indirect Block [0] Each time a line of information is displayed for editing after using the MI instruction, the other lines can be confirmed directly by the carriage return, the deletion is changed to 0 (not deleted), Link count is changed to 1. After the change, exit Debugfs:debugfs:quit and then use fsck to check the/DEV/HDA5 FSCK/DEV/HDA5 program will say to find the lost data block, put in lost+found inside. 8. View the driver version of a hardware for the current system. For example, Nic Dmidecode9. What three types of DNS servers have master-slave cache 10.apache Directory access authentication Implementation stepsHTPASSWD-C/Catalogue Useralias/Table of Contents 11. Use the tcpdump to monitor the host IP for the 192.168.1.1,TCP port 80 data, write the corresponding command tcpdump TCP port-host HTPASSWD 192.168.1.1 12. Brief introduction of IDs function and implementation principle intrusion detection, the device is placed behind the first route that Intelnet comes in. All packets entering the route are detected and alarms if there is an exception. 13. Use SED to modify Test.txt's 23 line test to tset;sed ' 23s/test/tset/g ' test.txt
Linux pen question
