The essential interview essence of Linux operation and maintenance job

Source: Internet
Author: User
Tags clear screen dedicated server domain name server domain server node server rabbitmq haproxy nginx load balancing

1. What is operation and maintenance? What is Game ops?
1) operation and maintenance refers to the large-scale organization has established a good network hardware and software to maintain, is to ensure that the business of the line and operation of the normal.
In the course of his operation, he was maintained, he assembled the network, system, database, development, security, monitoring in a technology.
Operation and maintenance also includes many kinds, there is DBA operation, website operation and maintenance, virtual operation and maintenance, monitoring operation and maintenance, game operation and so on.

2) Game operation and division, divided into development operations, application operations (business operations) and system operation and maintenance.
Development operation and maintenance: is to the application operations and maintenance tools and operation and maintenance platform.
Application operations: is to the business on-line, maintenance and troubleshooting, with the development of operations developed tools to the business on-line, maintenance, troubleshooting.
System operation and Maintenance: is to provide operational infrastructure for the application operations, such as: system, network, monitoring, hardware and so on.

Summary: The operation and maintenance of the devops and operational systems provide support for the "tools" and "infrastructure" of the application operations.
Development operations, application operations and systems operations their work is interlocking.

2, in the work, operation and maintenance personnel often need to deal with operators, what is the operator to do what work?
Game operation to do a thing in addition to coordination work, but also need to communicate with the platform, to open the service time, open the number of services, user guidance, activities and other plans.

3, now give you 300 servers, how do you manage them?
How to manage 300 servers:
1) Set up a springboard, login with a unified account, easy to security and login considerations.
2) using salt, ansiable, puppet Unified management of the unified scheduling and configuration of the system.
3) Establish a simple server system, configuration, application of the CMDB information management. Easy access to various information records on each server.

4. Brief introduction to the working principle and characteristics of three kinds of working modes of RAID0 RAID1 RAID5
RAID, the hard disk can be integrated into a large disk, you can also partition on large disks, put data;
There is also a large function, multiple disks can be put together with redundancy (backup);
There are many methods of RAID consolidation, commonly used: 0 1 5 10.

RAID 0, can be a disk and n disk combination;
Its advantages read and write fast, is the best in raid;
Cons: No redundancy, a piece of bad data is all gone.

RAID 1, only 2 pieces of disk, the size of the disk can be different, whichever is smaller;
10g+10g only 10G, the other to do backup. It has 100% redundancy, disadvantage: waste of resources, high cost.

RAID 5, 3 disk, capacity calculation 10* (n-1), loss of a disk;
Features, read and write performance in general, reading a little better, write bad.

Redundancy from good to bad: RAID1 RAID10 RAID 5 RAID0
Performance from Good to Bad: RAID0 RAID10 RAID5 RAID1
Cost from low to High: RAID0 RAID5 RAID1 RAID10

Single server: Very important disk not many, system disk, RAID1;
Database server: Main Library: RAID10 from library RAID5\RAID0 (for maintenance costs, RAID10);
Web server, if there is not too much data, raid5,raid0 (Flixbox);
There are more than one, monitoring, Application server, RAID0 RAID5.

Depending on the storage and access requirements of the data, we will match the corresponding RAID level.

5, LVS, Nginx, haproxy What is the difference? How do you choose in your work?
LVS: is based on four-layer forwarding
HAproxy: is based on four-tier and seven-tier forwarding, is a professional proxy server
Nginx: is a Web server, cache server, but also reverse proxy server, can do seven-tier forwarding

The difference: LVS is based on the four-layer forwarding, so can only do port forwarding;
The URL-based, directory-based forwarding LVS does not work.

Job Selection:
Haproxy and Nginx because can do seven layer of forwarding, so the URL and directory forwarding can do;
In a very large amount of concurrency when we have to choose LVs, like small and medium-sized companies, the amount of concurrency is not so large;
Choose Haproxy or Nginx foot has, because Haproxy by is a professional proxy server;
Configuration is simple, so small and medium enterprises recommend the use of Haproxy.

6, Squid, Varinsh and nginx What is the difference between work how do you choose?
Squid, Varinsh and Nginx are proxy servers

What is a proxy server:
Can be used as a user to access the public network, and can be access to the data cache to the server local, and so on the next time the user access the same resources, the proxy server directly from the local response to the user, when the local did not, I go to access the public network, I receive your request, I first in my own local cache to find, If I have a local cache, I will reply to you directly from my local cache, and if I do not find the cached data that you want to access locally, then the proxy server would instead have you access the public network.

1) Nginx is the reverse proxy/web server, with the plug-in can do this sideline, but it does not support many features, can only cache static files.
2) from these functions. Varnish and squid are professional cache services, and nginx These are third-party modules to complete.
3) The technology advantage of varnish itself is higher than squid, it uses the Visual page cache technology. In the use of memory, varnish than squid has an advantage, performance than squid high. There is also a powerful management port through the varnish, you can use regular expressions to quickly and bulk clear part of the cache it is a memory cache, the speed is first-class, but the memory cache also limits its capacity, cache pages and pictures are generally very good.
4) Squid's advantage lies in the complete huge cache technical data, and a lot of application production environment.

Choice of work:
To do the cache service, we must choose the professional cache service, prefer squid or varnish.

7. What is the difference between Tomcat and resin, and how do you choose to work?
The difference: Tomcat user number, can refer to many documents, resin fewer users, can consider less documents, the main difference is that Tomcat is the standard Java container, but the performance is worse than resin, but the stability and Java program compatibility, should be better than resin.

Work choice: Now large companies are using resin, the pursuit of performance, and small and medium-sized companies are using Tomcat, the pursuit of stability and program compatibility.

8. What is middleware? What is a JDK?
Middleware Introduction:
Middleware is a kind of independent system software or service program, the Distributed application software uses this software to share resources among different technologies, the middleware is located on the client/server operating system, manages the computer resources and network communication, and is the software that connects two independent applications or independent systems. Connected systems, even if they have different interfaces.

But the middleware can still exchange information with each other. One of the key ways to implement middleware is information transfer
With middleware, applications can work in multi-platform or OS environments.

JDK:JDK is the SDK for Java.
It is a development environment for building applications, applets, and components that are published on the Java platform.

9, tell the meaning of Tomcat8005, 8009, 80,803 ports?
8005== "used when closed;
8009== "For the AJP port, which is used by the container, such as Apache can access Tomcat through the AJP protocol 8009 port;
8080== "is used in general applications.

10. What is CDN?

    • That is, the content distribution network
    • The goal is to publish the content of the site to a new layer of network architecture in the existing Internet
      Closest to the user's network edge, enabling users to get the content they need, increasing the speed of access to the site

11, what is called the site grayscale publishing?
Grayscale Publishing is a way to publish a smooth transition between black and white.
AB Test is a grayscale publishing method, let a user continue with a, some users start with B, if the user has no objection to B, then gradually expand the scope of all users to move to the top.
Gray-scale publishing can ensure the stability of the overall system, in the initial gray level can be found, adjust the problem to ensure its impact.

12. Describe the process of DNS for domain name resolution?
Users to access, will first find the host file, and then find the local DNS server set, if not, go to the network root server, root server feedback results, said can only provide a first-level domain name server. cn, to find a domain name server, first-class domain name server can only provide two level domain name server ., go to the level two domain name server, A secondary domain server can only provide a level three domain name server., go to find three level domain name server, three level domain name server just have this website, then send to the request server, save a copy, then send to the client.

13. What is RABBITMQ?
RABBITMQ is the message queue middleware, the message middleware is the message in the transmission process to save the message of the container, message middleware to the message from its source to its target to act as a middleman, the main purpose of the queue is to provide routing and guarantee the delivery of the message, if the recipient is not available when sending a message, Message Queuing does not retain messages until it can be successfully delivered, and of course, Message Queuing holds messages for a limited period of time.

14, talk about the working principle of keepalived?
In a virtual router, only the VRRP router as master will always send VRRP notification information,
Backup does not preempt master unless it has a higher priority. When Master is not available (backup does not receive notification information), the highest priority in multiple backups is preempted to master. This preemption is very fast (<1s) to ensure continuity of service, because of security considerations, the VRRP package uses cryptographic protocols for encryption. Backup does not send notification messages and only receives notification information.

15. Describe the working process of LVS three modes.
LVS has three load-balanced modes, namely Vs/nat (NAT mode) VS/DR (route mode) Vs/tun (tunnel mode).

One, NAT mode (Vs-nat)
Principle: It is the destination address of the IP header of the packet sent by the client, in the load balancer replaced by one of the RS IP address, and then to handle the RS, RS processing after the data to the load balancer, load balancer and then the packet original IP address to its own IP, To change the destination address to a client IP address, both incoming and outgoing traffic must pass through the load balancer.
Advantage: The physical servers in the cluster can use any TCP/IP-enabled operating system, only the load balancer requires a legitimate IP address.
Cons: Limited scalability. When the server node (normal PC server) grows too much, the load balancer becomes the bottleneck for the entire system because all the flow of the request packet and the reply packet goes through the load balancer. When a large number of packets converge on the load balancer when there are too many server nodes, the speed slows down!

Second, IP tunnel mode (Vs-tun)
Principle: First of all, the Internet, most of the Internet Service Request packet is very short, and the answer packet is usually very large, then the tunnel mode is, the client sent packets, encapsulated a new IP header tag (destination IP only) sent to Rs,rs, first unpack the packet header, restore the packet, Once processed, it is returned directly to the client and does not need to go through the load balancer. Note that since RS needs to restore the packets sent by the load balancer, it must support the Iptunnel protocol, so in the kernel of RS, the option to support Iptunnel must be compiled.
Advantage: The load balancer is only responsible for distributing the request packet to the backend node server, and RS sends the reply packet directly to the user, so that the load balancer is not the bottleneck of the system, so it can handle the large amount of requests, and a load balancer can be distributed to many Rs. and running on the public network can be distributed in different regions.
Cons: The tunnel mode RS node requires a legitimate IP, which requires all servers to support the "IP Tunneling" (IP Encapsulation) protocol, and the server may only be limited to some Linux systems.

Third, direct route mode (VS-DR)
Principle: Both the Load balancer and the RS use the same IP for external service but only the Dr responds to the ARP request
All RS on its own this ip arp request to remain silent that is, the gateway will be the request for this service IP all directed to Dr, and Dr received the packet according to the scheduling algorithm, find the corresponding RS, the destination MAC address to the RS Mac (because the IP consistent), and distribute the request to this RS then RS receives this packet, after processing completes, because the IP is consistent, can return the data directly to the customer, then is equal to receive this packet directly from the client, the processing returns directly to the client, because the load balancer wants to change the two layer Baotou, So the load balancer and RS must be in a broadcast domain or simply understood as being on the same switch.
Pros: Like Tun (tunnel mode), the load balancer is just a distribution request, and the reply packet is returned to the client through a separate routing method, which, compared to Vs-tun, does not require a tunneling structure, so most operating systems can be used as physical servers.
Disadvantage: (Can not say the shortcomings, can only be said to be insufficient) requires the network card of the load balancer with the physical network card on a physical segment.

16, MySQL InnoDB How to locate the lock problem, MySQL how to reduce the master-slave replication delay?
MySQL InnoDB How to locate the lock problem:
Deadlock problem found when checking engine status with show engine InnoDB status
In 5.5, the INFORMATION_SCHEMA Library has three additional tables on locks (memory engine)
Innodb_trx # # All the transactions currently running
Innodb_locks # # The currently appearing lock
Innodb_lock_waits # # Lock Wait Correspondence relationship

How MySQL reduces master-slave replication latency:
If the delay is large, confirm the following factors first:

    1. Error from library hardware compared to main library, resulting in replication delay
    2. Master-Slave Copy single thread, if the main library writes concurrency too large, too late to transfer to the slave library
      can cause delays. A later version of MySQL can support multi-threaded replication
    3. Too many slow SQL statements
    4. Network Latency
    5. Master Load
      Large Main library reading and writing pressure, resulting in replication delay, the front end of the architecture to add buffer and cache layer
    6. Slave load
      It is common practice to use multiple slave to apportion read requests and then take a dedicated server from these slave

It is used only as a backup and does nothing else. In addition, there are 2 parameters that can reduce the delay:
–slave-net-timeout=seconds units are set to seconds by default to 3,600 seconds
#参数含义: How long to wait to reestablish the connection and get the data when slave reads log data from the primary database
–master-connect-retry=seconds units are set to seconds by default to 60 seconds
#参数含义: When the master-slave connection is re-established, if the connection establishment fails, how long after the interval is retried
Usually configuring the above 2 parameters can reduce the master-slave data synchronization delay caused by network problems

MySQL Database master-Slave synchronization delay solution
The simplest solution to reduce the slave synchronization delay is to optimize the architecture and try to get the DDL of the main library to execute quickly.
There is also the main library is written, the data security is high, such as Sync_binlog=1,innodb_flush_log_at_trx_commit
= 1 settings, while slave does not require this high data security, can be said Sync_binlog set to 0 or close Binlog
Innodb_flushlog can also be set to zero to improve the efficiency of SQL execution. The other is to use a better hardware device than the main library as a slave

17. How to reset the MySQL root password?
First, in the case of a known root user password of the MySQL database, the method of changing the password:
1. In the shell environment, use the Mysqladmin command to set:
Mysqladmin–u root–p Password "New password" Enter after the old password is required

2, in the mysql> environment, using the Update command, directly update the MySQL library user table data:
Update Mysql.user Set Password=password (' New password ') where user= ' root ';
Flush privileges;
Note: The MySQL statement ends with a semicolon ";"

3. In the mysql> environment, use the grant command to modify the root user's authorization permissions.
Grant all on, to [e - mail protected] ' localhost ' identified by ' new password ';

Second, if you forget the MySQL database root user password, how to do it? Here's how:
1. Close the currently running MYSQLD Service Program: Service mysqld Stop (to add mysqld as a system service first)
2. Use the Mysqld_safe script to start the MYSQLD service in Safe mode (without loading the authorization table)
/usr/local/mysql/bin/mysqld_safe--skip-grant-table &
3. Log in to the database with the root user with a blank password and reset the root user's password
#mysql-u Root
Mysql> Update Mysql.user Set Password=password (' New password ') where user= ' root ';
mysql> flush Privileges;

18, Lvs/nginx/haproxy Advantages and disadvantages
The advantages of Nginx are:
1, work in the network on the 7 layer, can be targeted for the HTTP application to do some shunt strategy, such as for the domain name, directory structure, its regular rules than haproxy more powerful and flexible, which is the main reason for its widespread popularity, nginx alone this can be used in the occasion far more than LVS.

2, nginx dependence on the stability of the network is very small, in theory can ping through the load function, this is one of its advantages, contrary to the network stability of LVS rely on relatively large, this I have deep experience;

3, Nginx installation and configuration is relatively simple, the test is more convenient, it basically can make the error with the log print out
LVS configuration, testing will take a relatively long time, LVS on the network dependence is relatively large.

4, can bear high load pressure and stability, in the case of hardware is generally able to support tens of thousands of times the concurrency, load is relatively smaller than LVS.

5, Nginx can detect the server internal fault through the port, for example, according to the server processing the status code returned by the Web page, timeout and so on, and will return the wrong request resubmitted to another node, but the disadvantage is that the URL is not supported to detect. For example, the user is uploading a file, and the processing of the upload node just in the upload process failure, Nginx will upload to another server to re-process, and LVS directly broken off if it is to upload a large file or very important files, the user may be dissatisfied.

6, Nginx is not only a good load balancer/reverse proxy software, it is also a powerful Web application server, LNMP is also a very popular web architecture in recent years, in high traffic environment stability is also very good.

7, Nginx now as the Web reverse acceleration cache more and more mature, faster than the traditional squid server, can be considered as a reverse proxy accelerator.

8, Nginx can be used as a middle-class reverse proxy, this level nginx basically no opponent, only can compare Nginx only lighttpd, but lighttpd at present has not done nginx full function, configuration is not so clear and easy to read, Community information is far from Nginx active.

9, Nginx can also be used as a static web page and image server, this aspect of performance also no opponent. The Nginx community is very active and there are many third-party modules.

The drawbacks of Nginx are:
1, Nginx can only support HTTP, HTTPS and email protocol, so in the scope of application smaller, this is its shortcomings.
2, the back-end server Health check, only support through the port to detect, not support through the URL to detect, does not support the session of the direct hold, but can be resolved through the Ip_hash.

LVS: Using a Linux kernel cluster to implement a high-performance, highly available load-balancing server with good scalability (Scalability), Reliability (reliability), and manageability (manageability).

The advantages of LVS are:
1, anti-load capacity, is the work in the Network 4 layer only for distribution, no traffic generated, this feature also determines its performance in the Load Balancer software is the strongest, the memory and CPU resource consumption is low.

2, the configuration is relatively low, this is a disadvantage is also an advantage, because there is not much to configure things, so do not need too much contact, greatly reducing the chance of human error.

3, the work is stable, because of its own resistance to load capacity is very strong, the self has a complete two-machine hot-standby program, such as Lvs+keepalived, but we in the project implementation of the most used or lvs/dr+keepalived.

4, no traffic, LVS only distributes the request, and the traffic does not go out from itself, this ensures that the performance of the Equalizer IO will not receive large traffic impact.

5, a wide range of applications, because LVS work in the 4 layer, so it can almost all applications load balance, including HTTP, database, online chat room, etc.

The disadvantages of LVS are:
1, the software itself does not support regular expression processing, can not do static and dynamic separation, and now many sites in this area have a strong demand, this is the advantage of nginx/haproxy+keepalived.

2, if the application of the site is relatively large, lvs/dr+keepalived implementation is more complex, especially after the Windows Server machine, if the implementation and configuration and maintenance process is relatively complex relative, nginx/haproxy+ Keepalived is a lot easier.

Haproxy is characterized by:
1, Haproxy also support virtual host.

2, the advantages of haproxy can be added to some of Nginx's shortcomings, such as support session to maintain, cookie boot, and support by obtaining the specified URL to detect the status of the backend server.

3, haproxy similar to LVS, itself is just a load balancer software, simply from the efficiency of haproxy will be better than nginx load balancing speed, in concurrent processing is better than nginx.

4, Haproxy support the TCP protocol load-balanced forwarding, MySQL read load Balancing, the backend of the MySQL node detection and load balancing, you can use lvs+keepalived to load balance MySQL master and slave.

5, Haproxy Load Balancing strategy is very many, Haproxy load balancing algorithm is now specific to the following 8 kinds:
①roundrobin, said the simple polling, this is not much to say, this is the load balancer basically have;
②STATIC-RR, said according to the weight, suggest concern;
③leastconn, indicating that the minimum number of connections to deal with, suggest concern;
④source, according to the request source IP, this is similar to Nginx's ip_hash mechanism, we use it as a way to solve the session problem, it is recommended to pay attention to;
⑤ri, which represents the URI according to the request;
⑥rl_param, which represents the URL parameter according to the request ' balance Url_param ' requires an URL parameter name;
⑦HDR (name), which indicates that each HTTP request is locked according to the HTTP request header;
⑧rdp-cookie (name), which indicates that each TCP request is locked and hashed according to the cookie (name).

19. mysql Data Backup tool
Mysqldump Tools
Mysqldump is the backup tool that comes with MySQL, and the directory is under the bin directory:/usr/local/mysql/bin/mysqldump.
Support for InnoDB-based hot backup, but because it is a logical backup, so the speed is not very fast, suitable for small backup data scenarios.
Mysqldump full backup + binary log enables point-in-time recovery.

LVM-based Snapshot backup
In a physical backup, there is a physical backup based on the file system (a snapshot of LVM), or you can directly use a command such as tar for the entire database directory.
For a packaged backup, but these can only be backed up, and different storage engine backups are not the same, Yisam automatically backed up to the table level.
InnoDB can only back up the entire database if it does not open a separate table space.

Tar package Backup
Percona provides xtrabackup tools, support InnoDB physical hot backup, support full backup, incremental backup, and very fast, support INNODB storage caused by the data in different, migration between databases, support replication mode of slave backup restore backup recovery, To allow Xtrabackup to support more feature extensions, you can set up a stand-alone table space, open the innodb_file_per_table feature, and enable individual table backups to be enabled.

20, keepalive work principle and how to do health check
Keepalived is based on the VRRP protocol, the VRRP full name virtual Router Redundancy Protocol, that is, the VPN routing redundancy protocol.
Virtual Routing Redundancy Protocol, can be considered to implement the router high-availability protocol, the n will provide the same functionality of the router to form a router group.
There is a master and multiple backup,master in this group with a VIP on the outside service (the router's local area network, the other machine's default route is the VIP), master will send multicast, When backup does not receive the VRRP package, the master is considered to be down, and a backup master is elected according to the VRRP priority. This will ensure that the router is highly available.

Keepalived has three main modules, namely core, check and VRRP. Core module is the kernel of keepalived, which is responsible for initiating, maintaining and loading and parsing of the global configuration file of the main process. Check is responsible for health checks, including common checks, and the VRRP module is to implement the VRRP protocol.

Keepalived Health Check mode configuration
Http_get| Ssl_get
Http_get | Ssl_get
The URL that the path/# Http/ssl examines can be multiple
Digest <STRING> # Http/ssl Post-check summary information with tool Genhash generation
Status_code 200# Http/ssl Check the returned status code
Connect_port 80 # Connection Port
Connect_timeout 3 # Connection time-out
Nb_get_retry 3 # Number of re-connect
Delay_before_retry 2 #连接间隔时间

21, Statistics IP Access, request analysis Nginx Access log, find out the number of access pages in the top ten IP
Cat Access.log | awk ' {print '} ' | uniq-c | Sort-rn | Head-10

22, the use of tcpdump monitoring host for,TCP Port 80 data, while the output is saved output to Tcpdump.log
Tcpdump ' host and Port ' > Tcpdump.log

23, how to forward the local 80 port request to 8080 port, the current host IP is
Iptables-a prerouting-d tcp-m tcp-dport 80-j dnat-to-destination

24. Brief introduction to the working principle and characteristics of three kinds of working modes of RAID0 RAID1 RAID5
RAID 0: Striped volumes, which split data sequentially in bits or bytes, read/write on multiple disks in parallel, have a high data transfer rate, but no data redundancy, RAID 0 simply improves performance and does not guarantee the reliability of the data, and one of the disk failures will affect all data. Therefore, RAID 0 cannot be applied to situations where data security requirements are high.

RAID 1: Mirrored volumes, which are data redundancy through disk data mirroring, resulting in data that is backed up on paired independent disks and cannot improve write data efficiency. When raw data is busy, the data can be read directly from the mirrored copy, so RAID1 can improve read performance, RAID 1 is the highest unit cost in the disk array, the mirrored volume has a usable capacity of 1/2 of the total capacity, but provides high data security and availability, when a disk fails, The system can automatically switch to read and write on the mirrored disk without having to reorganize the failed data.

RAID5: A minimum of 3 hard drives, distributed parity of the independent disk structure, its parity code exists on all disks, any one hard disk damage, can be based on the other hard disk check bit to reconstruct the damaged data (up to 1 hard disk damage), so RAID5 can achieve data redundancy, Ensure data security, while RAID5 can also improve the read and write performance of data.

25. Your understanding of the current OPS engineer and the understanding of its work
Operations engineers in the company's responsibility, the need to ensure that the company and customers at all times to provide the highest, fastest, most stable, the most secure service, operations and maintenance engineers a small mistake, it is likely to cause significant losses to the company and customers, so operations engineers need rigorous and innovative spirit.

26, real-time capture and display the current system TCP 80 port network data information, please write out the full operation command
Tcpdump-nn TCP port 80

27, the server can not open a machine how to solve the step-by-step troubleshooting
A, the cause of server failure may have the following points:

B, how to troubleshoot the server to process the following steps:

28. How to solve the virus in Linux system
1) The simplest and most effective way is to re-install the system.

2) to check is to find the virus file and then delete, poisoning after the general machine CPU, memory usage will be high, the machine to outsourcing and other anomalies, troubleshooting methods simple Introduction to the top command to find the highest CPU utilization process, the general virus file naming is more chaotic, you can use the PS aux to find the location of the virus file , the RM-F command deletes the virus file, checks the scheduled task, the boot entry and the virus file directory for any other files that can be used.

3) It is best to re-install the machine after backing up the data, even if the virus file is not ruled out as a latent virus.

29, found a virus file you deleted him and automatically created how to solve
The Company's intranet network of a Linux server traffic inexplicably increased, with iftop to see the situation connected to the outside
In this case, it is generally important to look at the external IP and port of the Netstat connection.

The Lsof-p PID can be used to see the specific process, which files are detected/root under the relevant configuration CONF.N hhe two suspicious files, RM-RF in less than a minute automatically generated, which is inferred that a parent process produced these files. So find the mother process is to find the culprit, Avira virus best off the outside network access, fortunately is the intranet server, can be accessed through the intranet, the virus will lose the ability of the outside, kill it is easier, how to find it, find a half-day also did not see clues, no way only PS Axu a troubleshooting, method is to look at the user and the system similar to and not the counterfeit, sure enough, see the following process is suspicious, do not see the picture is/usr/bin/.sshd, So I killed all the. SSHD-related processes and then deleted the. sshd file directly before deleting the automatic resurrection file mentioned at the beginning of the article.

Summing up, encountered this problem, if not too serious, try not to re-install the system, is usually first off the outside network, and then use iftop,ps,netstat,chattr,lsof,pstree these tools to find the culprit in general. However, if you encounter such problems,/boot/efi/efi/redhat/grub.efi:heuristics.broken.executable FOUND, personally feel the need to re-install the system.

30. Seven-layer model of TCP/IP
Application Layer (application):
An interface between a network service and an end user.

Presentation layers (Presentation layer):
Representation, security, and compression of data. (The five-tier model has been incorporated into the application layer)
Format, JPEG, ASCLL, decoic, encryption format, etc.

Session Layer:
Establish, manage, and terminate sessions. (The five-tier model has been incorporated into the application layer)
A host process, which is a session that is in progress between a local host and a remote host

Transport Layer (Transport):
Defines the protocol port number for transmitting data, as well as flow control and error checking.
The protocol is TCP UDP, and once the packet leaves the network card, it enters the transport layer.

Network layer:
Logical address addressing, to achieve the choice of paths between different networks.

Data link layer (link):
Establish logical connection, hardware address addressing, error checking and other functions. (defined by the underlying network protocol)
Grouping bits into bytes and then combining them into frames, accessing the media with the MAC address, but not correcting the error

Physical layers (physical layer):
is the lowest layer in the OSI model of the computer network
Physical layer Rules: create, maintain, and dismantle the physical links required to transmit data
Providing mechanical, electronic, functional and normative properties

Simply put, the physical layer ensures that the original data can be transmitted on a variety of physical media. LAN and WAN are 1th, 2 layers, the physical layer is the first layer of the OSI, although it is at the lowest level, it is the basis of the entire open system, the physical layer for the data communication between devices to provide transmission media and interconnection equipment for data transmission to provide a reliable environment, if you want to use as few words to remember this first layer, that is Signals and media ".

31, you commonly used Nginx module, used to do what
Rewrite module for overriding functions
Access module: Source control
SSL module: Secure encryption
Ngx_http_gzip_module: Network Transmission compression module
Ngx_http_proxy_module Module Implementation Agent
Ngx_http_upstream_module Module implementation defines a list of back-end servers
Ngx_cache_purge implementing the Cache cleanup feature

32. Please list the Web server load schemas you know

33. View the number of concurrent requests for HTTP and their TCP connection status
Netstat-n | awk '/^tcp/{++s[$NF]} END {for (a in S) print A, s[a]} '
and Ulimit-n View Linux system open the largest file descriptor, here default 1024
Do not modify the Web server modification here is no longer useless, to modify a few ways to use, here say one:

    • Soft Nofile 10240
    • Hard Nofile 10240
      Effective after reboot

34, with Tcpdump sniffing 80 port access to see who the highest
Tcpdump-i ETH0-TNN DST Port 80-c 1000 | Awk-f "." ' {print $ '. $ "." $ "." $4} ' | Sort | uniq-c | Sort-nr |head-20

35, write a script to achieve the Judgment Network, the current online IP What, can ping general think online
For IP inseq 1 255
Ping-c 1 192.168.1. $ip >/dev/null 2>&1
If [$?-eq 0]; Then
Echo 192.168.1. $ip up
Echo 192.168.1. $ip down

36. The access log of the Apache service is known to be logged by day in the server local directory/app/logs, due to disk space tension now requires only the last 7 days of access logs! How can I resolve this? Please provide a workaround or configure or process the command

To create a file script:
For N inseq 14
Date-s "11/0$N/14"
Touch Accesswww (date +%F) . log



-rw-r--r--. 1 root root 0 Jan 1 00:00 access_www_2015-01-01.log
-rw-r--r--. 1 root root 0 Jan 2 00:00 access_www_201 5-01-02.log
-rw-r--r--. 1 root root 0 Jan 3 00:00 access_www_2015-01-03.log
-rw-r--r--. 1 root root 0 Jan 4 00:00 ac Cess_www_2015-01-04.log
-rw-r--r--. 1 root root 0 Jan 5 00:00 access_www_2015-01-05.log
-rw-r--r--. 1 root root 0 Ja N 6 00:00 access_www_2015-01-06.log
-rw-r--r--. 1 root root 0 Jan 7 00:00 access_www_2015-01-07.log
-rw-r--r--. 1 ro OT Root 0 Jan 8 00:00 access_www_2015-01-08.log
-rw-r--r--. 1 root root 0 Jan 9 00:00 access_www_2015-01-09.log
-rw- R--r--. 1 root root 0 Jan 00:00 access_www_2015-01-10.log
-rw-r--r--. 1 root root 0 Jan 00:00 access_www_2015-01-11.log-rw-r--r--. 1 root root 0 Jan 00:00 access_www_2015-01-12.log
-rw-r--r--. 1 root root 0 Jan 00:00 access_www_2015-01-13.log-rw-r--r--. 1 root root 0 Jan 00:00 access_www_2015-01-14.log

find/application/logs/-type f-mtime +7-name "*.log" |xargs rm–f

# #也可以使用-exec rm-f {} \; delete


-rw-r--r--. 1 root root 0 Jan 7 00:00 access_www_2015-01-07.log
-rw-r--r--. 1 root root 0 Jan 8 00:00 access_www_2015-01-08.log
-rw-r--r--. 1 root root 0 Jan 9 00:00 access_www_2015-01-09.log
-rw-r--r--. 1 root root 0 Jan 00:00 access_www_2015-01-10.log
-rw-r--r--. 1 root root 0 Jan 00:00 access_www_2015-01-11.log
-rw-r--r--. 1 root root 0 Jan 00:00 access_www_2015-01-12.log
-rw-r--r--. 1 root root 0 Jan 00:00 access_www_2015-01-13.log
-rw-r--r--. 1 root root 0 Jan 00:00 access_www_2015-01-14.log

37, how to optimize the Linux system (can not say too specific)?
No root, add ordinary users, through sudo authorization management;
Change the default remote connection SSH service port and prohibit the root user from connecting remotely;
Automatically update server time at regular intervals;
Configuration of domestic Yum source;
Turn off SELinux and iptables (iptables work scenario if there is an external network IP must be open, high concurrency excepted);
Adjust the number of file descriptors;
Streamlined boot service (Crond rsyslog network sshd);
Kernel parameter optimization (/etc/sysctl.conf);
Change character set, support Chinese, but suggest or use English character set, prevent garbled;
Lock critical system files;
Empty/etc/issue, remove the screen display before the system and kernel version login.

38, please execute the command to take out the eth0 IP address in Linux (please use cut, the ability can also be used awk,sed command answer respectively)
Cut Method 1:

Ifconfig eth0|sed-n ' 2p ' |cut-d ":-f2|cut-d" "-f1
Awk Method 2:

Ifconfig Eth0|awk ' nr==2 ' |awk-f ': ' {print $} ' |awk ' {print '} '
awk Multi-delimiter Method 3:

Ifconfig Eth0|awk ' nr==2 ' |awk-f "[:]+" ' {Print $4} '
Sed Method 4:

Ifconfig eth0|sed-n '/inet addr/p ' |sed-r ' s#^. DDR: (.) Bc.*$#\1#g '

39, please write down the following Linux SECURECRT command line shortcut key command function?
Ctrl + A
Ctrl + C
Ctrl + D
Ctrl + E
Ctrl + L
Ctrl + u
Ctrl + K

Ctrl + a--> cursor moves to the beginning of the line
Ctrl + e--> cursor moves to end of line
Ctrl + c--> terminates the current program
Ctrl + d--> If a character is removed before the cursor, no then exits the current interrupt
Ctrl + l--> Clear Screen
Ctrl + u--> Cut the previous character of the cursor
Ctrl + k--> to cut the character after the cursor
Ctrl + y--> Copy the contents of u/k
Ctrl + r--> Find recently used commands
tab--> command or path completion
ctrl+shift+c--> replication
ctrl+shift+v--> paste

40, every night 12 o'clock, packaging site Directory/var/www/html backup to the/data directory (preferably each backup by time to generate a different backup package)


cd/var/www/&&/bin/tar zcf/data/html- date +%m-%d%H . tar.gz html/


XX */bin/sh/root/

The essential interview essence of Linux operation and maintenance job

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.