Routine System Management for CentOS O & M

Routine System Management for CentOS O & M

1. w uptime is the same, mainly because the number after load average should not be greater than the number of cpu

2. vmstat 1 10 display 10 times every 1 second

3. top dynamic shift + m memory Priority 1 Display cpu top-bn1 static

4. sar: (yum install-y sysstat)

1) sar-n DEV 1 10 view network card Traffic

2) view cpu load using sar-q

3) sar-n DEV-f/var/log/sa * view the network card traffic for a day

4) view disk I/o in sar-B 1 (unit: Block)

5. xargs: find./type f | xargs-I cp {}/tmp/1234/

(View the files copied from the last 100 days to the/home/1234 directory and add the. bak suffix to these files)

Find.-mtime + 100 | xargs-I cp {}. bak/home/1234

Ls *. txt | xargs-n1-I cp {}/home/{} _ bak

6. free (which can be followed by-k-m-g) the actual remaining memory is the size of the free column in the second row.

7. ps aux <=> top

1) S = sleeping process Ss indicates the main process "+" indicates the process at the front end

2) R = running

8. netstat

1) netstat-lnp: check which ports are enabled by the System

2) netstat-an: check which ip addresses are connected to the system.

9. wireshark in windwons tcpdump

1) tcpdump-nn-vs0

2) tcpdump-nn-I eth0 tcp and host 192.168.0.1 and port 22

3) tcpdump-nn-vs0-c 100-w 1.cap: capture 100 packages and write them to the 1. cap file.

10. wireshark (yum install-y wireshark)

1 ). tshark-n-t a-R http. request-T fields-e "frame. time "-e" ip. src "-e" http. host "-e" http. request. method "-e" http. request. uri"

11. selinux

1) setenforce 0 temporary relationship

2) permanently disable selinux in/etc/selinux/config and change selinux = to disabled.

12. iptables

1) iptables-F clear rules

2) view iptables-nvL rules

3) iptables-Z clears the data by 0

4) Disable iptables by using service iptables stop

5) iptables-nvL -- line-number sorts rules

Iptables-d input/OUTPUT n: Delete the number of rules. n indicates a number.

6) iptables-p input drop disables all packages.

7) after iptalbes-I INPUT-p icmp -- icmp-type 8-j DROP is added to this rule, you cannot ping yourself outside, and you can only ping the outside;

8) backup and recovery:

Iptables-save> 1.ipt backup

Iptalbes-restore <1.ept recovery

13. chkconfig

1) view system services in chkconfig -- list

2) chkconfig-crond off

3) chkconfig -- level 345 crond off

4) chkconfig -- add crond to the System Service

5) chkconfig -- del crond: delete crond from System Service

14. ntsysv

15. log

1)/var/log/messages core log

2)/var/log/secure security related (login, adding users, groups, etc. Ssh)

3)/var/log/maillog

4)/var/log/wtmp and last Association

5)/var/log/dmesg and hardware information

6)

/Etc/logrotate. conf

16. screen

Directly enter screen and then enter various commands to be executed. Press Ctrl + a + d to continue running even if the terminal is closed, screen-ls; screen-r id: Enter the screen session

17. rsync Data Backup Tool

1) rsync-av files 1.1.1.1:/usr/local/src/file // copy the file

2) rsync-arv directory 1.1.1.1:/usr/local/directory name //-r copy directory

3) rsync-avL/usr/local/php/192.168.79.145:/home/php // Add-L to synchronize soft links in php, in addition, files in soft links are synchronized. That is to say, soft links synchronized to the target server are changed to real files, but their names have changed;

4) rsync-av-delete/usr/local/bin/192.168.79.145:/hom/bin // Add-delect, delete files not found on the source server of the target server (use with caution !!)

5) rsync-a --excludemo-2.txt "test1/test2 // The file 2.txt will be omitted during the synchronization process.

6) Copy rsync via ssh

Rsync-avL test1/www@192.168.0.101:/tmp/test2/
Rsync-avL 192.168.0.101:/tmp/test2/./test3/

Both of the above are transmitted through port 22. If it is not through port 22, you need to specify:

Rsync-avL-e "ssh-P port" www@192.168.0.101:/tmp/test2

18. When two linux systems are built with trust, ssh does not require a password:

After ssh-keygen //, press enter to generate the/root/. ssh/id_rsa and/root/. ssh/id_rsa.pub private keys and public keys.

Put/root /. copy the content in ssh/id_rsa.pub to the target server. If you use ssh to connect to the www user on the target server, set/root /. copy the content in ssh/id_rsa.pub to/home/www/on the target server /. ssh/authorized. in keys, this directory and file need to be manually created. Then use the ssh www@192.168.79.45 no longer need to enter the password;

19. last

The last command is used to view the historical information of Linux logon. The account name, logon terminal, logon Client ip address, and logon date are displayed from left to right;

Last head

20. scheduled tasks for crontab linux

Crontab-e is used to edit scheduled tasks.

-U indicates the user. If this parameter is not set, it indicates the current user;

-L list all scheduled tasks

-R: delete a scheduled task.

21. nmap network scanning and sniffing tools

Nmap ip

Namp-sP 192.168.1.0/24-n

22. mount an iso Image

Mount/dev/cdrom/mnt

Mount-o loop xxxxx. iso/mnt

23. Special permission management

Suid sgid sticky corresponds to the first three (u), the middle three (g), and the last three (o) of the File Permission respectively)

1) suid only applies to file Syntax: chmod u + s file or chmod 4755

Display: rws or rwS s indicates that the user has the permission of x. S does not have the permission of x.

2) sgid acts on the directory. The files created under this directory will inherit the permissions of the "Group" of the upper-level directory;

Chmod g + s directory or chmod 2755 directory

Display: rws or rwS s have the x permission. S does not have the x permission.

3) sticky acts on the directory. After being used, only the user or root user can delete the files created in this directory;

Chmod o + t directory or chmod 1755

Display: rwt or rwT t has the x permission. T does not have the x permission.