Linux System Management Common management commands

1. Loop through the current directory all file names contain html.php files
[Org/tag/root ">root@yu1u.org/]# find. | grep "html.php"

2. Loop through the current directory all file names contain html.php files and delete
[root@yu1u.org/]# Find. | grep "html.php" | Xargs RM-RF

3. Iterate through the files in the current directory that contain hacker characters in all files with the suffix. htm name.
[root@yu1u.org/]# grep ' hacker ' find. | grep. htm '

4. Loop traversal to find all files in the current directory with a suffix of. htm and file contents containing hacker characters The the_old_string is replaced with the_new_string in bulk.
[root@yu1u.org/]# sed-i ' s/the_old_string/the_new_string/g ' grep hacker-rl. '

5. Find files in the/www/webroot/directory with HTML file type and do batch compression
[root@yu1u.org/]# find/www/webroot/-name "*.html"-type f-exec gzip {};

6. Find the site root directory/var/webroot all up to now modified PHP files,-name "*.php" to find all PHP files-time-10 to the current 10 days
[root@yu1u.org/]# find/var/webroot-name "*.php"-mtime-10

7. Find the PHP Trojan is likely to appear in the keyword eval, shell_exec, PassThru, Popen,system
[root@yu1u.org/]# find/var/webroot-name "*.php" | Xargs grep Eval|more

8. Find the current TCP/IP link state, the state is EST (some attack characteristics, when the EST state a lot of times, the server load will be particularly large), and in descending order, showing the top 100 links
[Root@yu1u.org/]# Netstat-an | Grep-i ":" |grep "EST" | awk ' {print $} ' |cut-d:-F 1
| Sort | uniq-c | Sort-nr | awk ' {if ($ >) {print $}} '

9. Turn off unwanted services
[root@yu1u.org/]# for SERVICES in ABRTD acpid auditd Avahi-daemon cpuspeed
Haldaemon mdmonitor Messagebus udev-post; Do Chkconfig
${services} off; Done

10. Use Tcpdump to sniff the 80-port access to see who is the tallest
[root@yu1u.org/]# tcpdump-i ETH0-TNN DST Port 80-c 1000 | Awk-f "."
' {print $. ' $ "." $ "." $} ' sort | uniq-c | Sort-nr |head-20

11. See which process consumes the most memory
[root@yu1u.org/]# Ps-aux|sort-k5nr|awk ' begin{print ' PID VSZ '}{print $2,$5} ' |awk ' nr<3′

12. View 80 ports total number of links
[Root@yu1u.org/]# Netstat-nat | Grep-i "80" | Wc-l

13. View the maximum number of 80 port connections 20 IP
[root@yu1u.org/]# netstat-anlp|grep 80|grep Tcp|awk ' {print $} ' |awk-f: ' {print $} '
|sort|uniq-c|sort-nr|head-n20

14. Use Tcpdump to sniff the 80-port access to see who is the tallest
[root@yu1u.org/]# tcpdump-i ETH0-TNN DST Port 80-c 1000 | Awk-f "."
' {print $. ' $ "." $ "." $} ' sort | uniq-c | Sort-nr |head-20

15. Find more Time_wait connections
[root@yu1u.org/]# netstat-n|grep Time_wait|awk ' {print $} ' |sort|uniq-c|sort-rn|head-n20

16. Find more SYN connections
[Root@yu1u.org/]# Netstat-an | grep SYN | awk ' {print $} ' | Awk-f: ' {print $} ' |
Sort | uniq-c | Sort-nr | More

17. To sort the connected IP by number of connections
[Root@yu1u.org/]# Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sort | uniq-c | Sort-n

18. View TCP Connection Status
[root@yu1u.org/]# netstat-nat |awk ' {print $} ' |sort|uniq-c|sort-rn
[Root@yu1u.org/]# netstat-n | awk '/^tcp/{++s[$NF]}; End {for (a in S) print A, s[a]} '
[Root@yu1u.org/]# netstat-n | awk '/^tcp/{++state[$NF]}; End {for (key)
Print key, "T", State[key]} '
[Root@yu1u.org/]# netstat-n | awk '/^tcp/{++arr[$NF]}; End {to (k in arr) print K, "T", arr[k]} '
[root@yu1u.org/]# netstat-n |awk '/^tcp/{print $NF} ' |sort|uniq-c|sort-rn

[Root@yu1u.org/]# netstat-ant | awk ' {print $NF} ' | Grep-v ' [A-z] ' | Sort | Uniq-c