CentOS7常用技巧
Posted mece
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CentOS7常用技巧相关的知识,希望对你有一定的参考价值。
1.配置sudo
useradd test
echo 123456|passwd --stdin test
cat >> /etc/sudoers <<EOF
lnso ALL=(ALL) ALL,!/usr/bin/passwd,/usr/bin/passwd [A-Za-z]*,!/usr/bin/passwd root
EOF
2.关闭SELinux
sed -i s/SELINUX=enforcing/SELINUX=disabled/ /etc/selinux/config
3.配置资源限制
echo -e ulimit -c unlimited >> /etc/profile
echo -e ulimit -s unlimited >> /etc/profile
echo -e ulimit -SHn 65535 >> /etc/profile
echo -e export HISTTIMEFORMAT="%F %T `whoami` " >>/etc/profile
echo -e export TMOUT=300 >>/etc/profile
echo -e "HISTFILESIZE=100" >>/etc/profile
source /etc/profile
cat >>/etc/security/limits.conf <<EOF
* soft nofile 60000
* hard nofile 65535
* soft nproc 60000
* hard nproc 65535
#* soft memlock 33554432
#* hard memlock 33554432
EOF
4.内核参数优化
cat >> /etc/sysctl.conf <<EOF
############add#################
net.core.somaxconn = 262144
net.core.netdev_max_backlog = 262144
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.ip_forward = 1
net.ipv4.route.gc_timeout = 20
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 120
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_wmem = 8192 131072 16777216
net.ipv4.tcp_rmem = 32768 131072 16777216
net.ipv4.tcp_mem = 94500000 915000000 927000000
#vm.swappiness = 0
fs.file-max = 6553560
EOF
/sbin/sysctl -p
5.iptables
iptables -F
iptables -X
iptables -Z
iptables -F -t nat
iptables -X -t nat
iptables -Z -t nat
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -s 10.145.254.14 --sport 1024:65534 --dport 22 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 10 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.115:80
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
/etc/init.d/iptables save
/etc/init.d/iptables restart
6.释放内存
sync ; echo 3 >/proc/sys/vm/drop_caches #释放内存和cache
sync ; echo 1 > /proc/sys/vm/drop_caches #释放内存
dmidecode | grep -A16 "Memory Device$" #查看内存条数
7.执行上一条命令
less /etc/hosts
vim !$
8.通过中间主机连接不可直达主机
ssh -t reachable_host ssh unreachable_host
9.获取主机IP地址
ifconfig eth0|grep "inet addr"|awk -F [: ]+ print $4
ifconfig eth0|grep inet addr|awk -F[:""]+ print $4
ifconfig eth0 |grep inet addr|sed -e s/^.*addr://g -e s/Bcast.*$//g
10.网络连接状态统计
netstat -an|awk /^tcp/ ++S[$NF] END for(a in S)print a,S[a]
11.检测是否被ddos
netstat -an|grep SYN_RECV|wc -l #数量过多,说明被ddos了
12.禁用ICMP协议
echo "1" >/proc/sys/net/ipv4/icmp_echo_ignore_all
13.查询操作系统位数
getconf LONG_BIT
file /bin/ls
uname -a
14.测试磁盘的读写IO速度
hdparm -Tt /dev/sda
15.修复根分区
重启进入Emergency模式
mount -o remount,rw /
fsck /
16.修复RPM数据库
rpm --rebuilddb
17.查看服务器CPU信息
cat /proc/cpuinfo |grep "physical id"|sort|uniq|wc -l #查看cpu个数
cat /proc/cpuinfo |grep "cpu cores"|uniq #查看物理cpu中core的个数
cat /proc/cpuinfo|grep "processor"|wc -l #显示逻辑cpu个数
18.查看影片IO性能
iostat -d -x -k 1 10 #%util接近100%性能差,await时间应该低于5s
19.管理模块
modprobe -r bonding #卸载模块
modprobe bonding #加载模块
lsmod|grep bonding #模块是否加载
20.查看服务器内存
free -m #used-buffers-cached已用内存,free+buffers+cached可用内存
dmidecode -t memory|grep Size #查看物理内存单位大小
cat /proc/sys/vm/freepages #查看虚拟内存默认配置
free -m | grep cache | awk /[0-9]/ print $4" MB" #显示剩余内存大小
21.录屏工具
script -t 2> timing.log -a output.session #录制
exit #退出
scriptreplay timing.log output.session #回放
22.清除空白行
cat abc|tr -s \\n
23.快速备份
cp filename,.bak
24.以HTTP方式共享当前文件夹的文件
python -m SimpleHTTPServer #启动了Python的SimpleHTTPServer模块,将在本机8000端口开放http服务,在其他能访问本机的浏览器打开http://ip:8000即打开一个目录列表
25.配置SSH免密登陆
ssh-keygen #生成密钥
ssh-copy-id user@host #拷贝公钥到远程机
26.查看解析过程
dig www.163.com +trace #从根服务器开始跟踪一个域名的解析过程
dig @202.106.0.20 www.baidu.com #在特定dns服务器查询
dig www.baidu.com ns #查询域的NS记录
dig google.com MX #查看邮件记录
traceroute -I www.google.com #路由跟踪
27.查看文件更多信息
strace ls a
strace -p pid
28.网络连通性测试过程
ping 回环地址
ping 局域网内主机
ping 网关
ping 外网
29.按文件大小排序
du -csk *|sort -rn|head -n 10
30.监控系统性能
vmstat 1 4 #r<5,b约等于0,user%+sys%<70%系统性能较好,user%+sys%>=85%系统性能比较差,id越多越好
32.查看路由表
route -n
netstat -rn
33.替换/home下所有文件中的www.test.com为 test.com
sed -i"s/www.test.com/test.com/g" `grep www.test.com -rl /home`
34.禁止获取时间戳
iptables -A INPUT -p ICMP --icmp-type timestamp-request -j DROP
iptables -A INPUT -p ICMP --icmp-type timestamp-reply -j DROP
35.fork炸弹(慎用)
:() :|:& ;:
.() .|.& ;.
36.查看哪些支柱在抓去内容
tcpdump -i eth0 -l -s 0 -w -dst port 80|strings |grep -i user-agent|grep -i -E bot|crawler|slurp|spider
37.查看数据库执行的sql
tcpdump -i eth0 -s 0 -l -w - dst port 3306 | strings | egrep -i SELECT|UPDATE|DELETE|INSERT|SET|COMMIT|ROLLBACK|CREATE|DROP|ALTER|CALL
38.按域统计流量
zcat squid_access.log.tar.gz| awk print $10,$7 |awk BEGINFS="[ /]"trfc[$4]+=$1ENDfor(domain in trfc)printf "%s\\t%d\\n",domain,trfc[domain]
39.统计http_status状态
cat access.log|awk counts[$(9)]+=1; END for(code in counts) print code,counts[code]
cat access.log |awk print $9|sort|uniq -c|sort -rn
40.统计404的连接
awk ($9 ~ /404/) access.log|awk print $9,$7|sort
41.获得访问前10位的ip地址
cat access.log|awkprint $1|sort|uniq -c|sort -nr|head -10cat access.log|awk counts[$(11)]+=1;END for(url in counts) print counts[url],url
42.访问次数最多的文件或页面
cat access.log|awkprint $11|sort |uniq -c|sort -rn|head -20
43.列出传输最大的几个exe文件
cat access.log |awk($7~/\\.exe/) print $10" "$1" "$4" "$7|sort -rn|head -20
44.列出输出大于200000byte(约200kb)的exe文件以及对应文件发生次数
cat access.log |awk($10 > 200000 &&$7~/\\.exe/)print $7|sort -n|uniq -c|sort -rn|head -100
45.如果日志最后一列记录的是页面文件传输时间,则有列出到客户端最耗时的页面
cat access.log |awk($7~/\\.php/) print $NF" "$1" "$4" "$7|head -100
46.列出最最耗时的页面,超过60秒的的以及对应页面发生次数
cat access.log |awk($NF >60 && $7~/\\.php/)print $7|sort -n|uniq -c|sort -rn |head -100
47.列出传输时间超过 30 秒的文件
cat access.log |awk($NF >30)print $7|sort -n|uniq -c|sort -rn|head -20
48.统计网站流量G
cat access.log |awksum+=$10 END print sum/1024/1024/1024
49.mysql快速导入导出
select * from t_act_creditaccount_detail into outfile /tmp/t_act_creditaccount_detail-20160627; #导出
load data infile /tmp/t_act_creditaccount_detail-20160627 into table t_act_creditaccount_detail; #导入
50.修改系统字符
vim/etc/sysconfig/i18n
LANG="zh_CN.UTF-8"
SUPPORTED="zh_CN.UTF-8:zh_CN.GB2312:zh_CN:zh:en_US.UTF-8:en_US:en"
SYSFONT="LATARCYRHEB-SUN16"
51.修改系统时区
vim /etc/sysconfig/clock
ZONE="Asia/shanghai"
date
hwclock -w
52.添加路由信息
route add -net 172.16.6.0 netmast 255.255.255.0 gw 172.16.2.25
echo "127.16.6.0/24 via 172.16.2.25" >/etc/sysconfig/network-scripts/route-eth0
53.设置bios时间
date -s "2016-06-23 16:29"
hwclock -w
54.查询编译时参数
php -i |grep configure #查询php编译时参数
/usr/local/nginx/sbin/nginx -V #查看nginx编译时参数
cat /usr/local/apache2/build/config.nice #查看apache编译时参数
cat /usr/local/mysql/bin/mysqlbug | grep CONFIGURE_LINE #查看mysql编译时参数
55.截取时间内的数据
sed -n /10:00:00/,/11:00:00/p /var/log/message
56.截取每一行输出
while read line; do echo $line ;sleep 10; done </etc/passwd
cat /etc/passwd|(while read line; do echo $line;sleep 1;done)
57.彼此之间由null字符(\\0)分割,重新输出格式化
cat /proc/33332/environ |tr \\0 \\n
58.检查当前登陆用户
if [ $UID -ne 0 ];then echo "Non root user. Please run as root.";else echo "Root user.";fi
59.清除空格行
cat test.txt |tr -s \\n
cat test.txt|tr -d 1
60.否定查找
find . ! -name test.txt -print
61.合并查找
find . \\( -name "*.txt" -o -name "*.py" \\) -print
62.查询深度
find . -maxdepth 1 -type f - print
63.&匹配每一个单词w
echo "this is an example"|sed s/\\w\\+/[&]/g
64.打印
echo -e "line1\\nline2"|awk BEGIN print "Start" print END print "End"
65.拼接打印
echo |awk var1="v1";var2="v2";var3="v3"; print var1,var2,var3
66.awk变量
echo -e "line1 f2 f3\\nline2 f4 f5\\nline3 f6 f7"|awk print "Line no:"NR",No of fields:"NF, "$0="$0, "$1="$1, "$2="$2, "$3="$3
注意:
NR处理到的行号
NF处理到行的哪列
$NF处理到行号的最后一列
67.python依赖库备份、还原
迁移前,在原机器执行pip freeze >requirements.txt
将文件发送到新机器并执行pip install -r requirements.txt --index https:/mirrors.aliyun.com/pypi/simple/
68.踢出用户
w
pkill -kill -t pts/2
69.查看系统发行版本
yum -y install redhat-lsb \\
&& lsb_release -a
70.创建war文件
jar -cvf name.war file
71.修改文件或目录的时间戳(YYMMDDhhmm)
touch -t 0712250000 file
72.在1-39内取随机数
echo$[$RANDOM%39]
73.查看二进制文件内容
echo /etc/passwd | hexdump -C
mysqlbinlog
od -t a file
od -xc file >file.txt
74.保存当前磁盘分区的分区表
sfdisk -d /dev/sdb >/etc/sdbpar.bak保存分区表
sfdisk /dev/sdb
dd if=/dev/sda of=/backup/mbr.bak count=1 bs=512
75.shell下32位随机密码生成
head /dev/urandom | md5sum | head -c 30
LANG=c < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c$1:-32;echo;
76.挂在windwos的共享目录
mount -t cifs //10.0.0.1/share /mnt --verbose -o username=zhao,password=zhao
77.实现file文件内字符串翻转
cat file.txt
abcdefghijk
rev file.txt
78.创建目录
[ ! -d /devops/shell ] && mkdir -p /devops/shell
79.同步系统时间
echo "00 01 * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1" >> /var/spool/cron/root
80.添加dns解析
echo -e nameserver 202.106.0.20 \\nnameserver 114.114.114.114 >>/etc/resolv.conf \\
&& echo "DNS添加完成..."
81.配置ssh
sed -i "s/#PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config &&systemctl restart sshd \\
&& echo "禁止root远程登录完成..."
sed -i 1a auth required pam_listfile.so item=user sense=allow file=/etc/sshusers onerr=fail /etc/pam.d/sshd &&echo -e admin >>/etc/sshusers \\
&& echo "允许授权用户登陆完成..."
82.历史命令留存
cat /etc/profile
USER_IP=`who -u am i 2>/dev/null |awk print $NF |sed -e s/[()]//g`
HISTDIR=/usr/share/.history
if [ -z $USER_IP ];then
USER_IP=`hostname`
fi
if [ ! -d $HISTDIR ];then
mkdir -p $HISTDIR
chmod 777 $HISTDIR
fi
if [ ! -d $HISTDIR/$LOGNAME ];then
mkdir -p $HISTDIR/$LOGNAME
chmod 300 $HISTDIR/$LOGNAME
fi
export TMOUT=300
export HISTSIZE=4000
DT=`date +%Y%m%d-%H%m%S`
export HISTFILE="$HISTDIR/$LOGNAME/$USER_IP.history.$DT"
export HISTTIMEFORMAT="%F %T `whoami` "
chmod 600 $HISTDIR/$LOGNAME/*.history* 2>/dev/null
83.正确关闭系统
ps -ef
sync; sync; sync
init 0
84.处理文件删除后空间未释放问题
lsof |grep -i deleted
85.
以上是关于CentOS7常用技巧的主要内容,如果未能解决你的问题,请参考以下文章