markdown 我的linux片段为RHCSA
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了markdown 我的linux片段为RHCSA相关的知识,希望对你有一定的参考价值。
# Some Linux snippets for preparation to RHCSA.
Only necessary for rhcsa topics
Some links:
- https://www.certdepot.net/rhel7-get-started-systemd/
## Working with text
### AWK
Get users with uid > 1000
awk -F'[/:]' '{if ($3 >= 1000 && $3 != 65534) print $1}' /etc/passwd
### Grep
Links:
- http://najomi.org/_nix/grep
Config without comments and blank lines
cat /etc/httpd/conf/httpd.conf | grep -v -E "(^\s*#|\s*^;|^$)"
Check upstreams in nginx conf
for i in $(grep -oE "(10.193.16.[0-9]{2}:[0-9]*)" * |cut -d: -f2,3 | sort -n | sort -u) ; do curl -s -o /dev/null -w "$i-%{http_code}\n" $i | grep 000;done
Top-50 nginx requests
zgrep -E '\[06\/Aug\/2018:0[9,12]:\w+:\w+\s+.*\]' access.gz | awk '{print $7}' | sort -n | uniq -c | sort -nr | head -n 50
Find files with sometext or SOMETEXT in /etc/httpd
grep -rli sometext /etc/httpd/
Grep current ip addresses. Syntax:
**ip a | grep 'inet '** * only ipv4 addreses (ipv6 strings contais 'intet6')
**grep -Po** 'P' using perl regexp, 'o' only match
**'(\d+\.){3}\d+'** '(\d+\.){3}\d+' Three groups of several numbers + dot + another 4th group of digits.
**(?=\/)** match '/' after ip address, but not including it
ip a | grep 'inet ' | grep -v 127.0.0 | grep -Po '(\d+\.){3}\d+(?=\/)'
Find files in /etc folder that contains any of host's ip address. Syntax: xargs work as for loop, ip is a variable, something like:
for ip in addresses:
grep -rli ip /etc/
ip a | grep 'inet ' | grep -v 127.0.0 | grep -Po '(\d+\.){3}\d+(?=\/)' | xargs -I ip grep -rli ip /etc/
200 OK per second
tail -f /var/log/nginx/*.log | grep —color=always '"200"' | perl -e 'while (<>) {$l++;if (time > $e) {$e=time;print "$l\n";$l=0}}'
### Touch
#### Modify mdata to timestamp
find . | xargs -o -I file touch -t 1812131145.23 file
touch -d "2 hours ago" filename
### Sed
Links:
- http://najomi.org/_nix/sed
- https://www.opennet.ru/docs/RUS/bash_scripting_guide/a14586.html
Print 4th line.
Syntax: N = Line number !d = Do not delete.
sed '4!d' httpd.conf
Syntax: -n = Nothing will print unless an explicit request to print is found. N = Line number p = print
sed -n '3p' httpd.conf
Print 1-10 lines
sed '1,10!d' httpd.conf
sed -n '1,10p' httpd.conf
Replace foo on too. Syntax: s/..../..../ replacement (subtitute). "g" - global, with g sed will replace all matches in string, without g ony first match in every strings.
sed -i 's/foo/too/g
Sed with perl regexp. Syntax: -E or -r for enabling regexp. This example replace "userd" or "usersff" or something else to "users".
sed -i -E 's/user\w+/users/g' httpd.com
Delete first string
sed '1d' httpd.com
Add allow after
sed '/allow 8.8.8.8;/a allow 1.1.1.1;' -i *
## File permissions
### Chmod
### ACL
Users lisa and mike have group office.
useradd lisa -g office
useradd mike -g office
Creating directory "testacl" with no permissions for group "office" and users mike, lisa. Only root user has permission to this directory.
mkdir test
chown root test
chmod 700 test
Now give access for user lisa without changing chmod.
setfacl -mR d:u:lisa:rwx -R test/
Syntax:
- *-m* modify
- *d* (defaults) means that all files that would create in this directory would have this acl
- *u* and *rwx* as in chmod.
- *R* recursive
Now only root and lisa has full access to this folder.
Show acl
getfacl test/
### Extended attributes
Add atribute
chattr +i prog.sh
Show attributes
lsattr prog.sh
Most usefull attributes
## Users
### Ldap
There are two way with nslcd or with sssd. nslcd is deprecated.
For example LDAP server address is ipa.loc.
1. You need to make sure that ipa.loc can be resoved
2. yum install -y openldap-clients nss-pam-ldapd (nss for nslcd)
3.
authconfig --enableldap --enableldapauth \
--ldapserver="ipa.loc" \
--ldapbasedn="dc=loc" --enablemkhomedir --update
(--enablemkhomedir - optional, --enableforcelegacy - optional for nslcd)
4. `scp ipa.loc:/etc/ipa/ca.crt cert.pem` (FreeIPA) or `scp root@ipa.loc:/etc/openldap/certs/cert.pem /etc/openldap/cacerts/cert.pem`(OpenLDAP) and `authconfig --enableldaptls --update`
> ("If you installed IPA with the domain example.com then your basedn is
> `dc=example,dc=com`") https://www.freeipa.org/page/HowTo/LDAP
5. Check `systemctl status sssd`
6. Check `ldapsearch -x uid=admin` or `id admin`
### Local
Create user "chermander" with uid 123 and gid 123
groupadd -g 123 chermander
useradd -u 123 -g 123 chermander
Change group to wheel
usermod -g wheel chermander
or
usermod -g 10 chermander
Add chermander to nobody group
usermod -G nobody chermander
Get info about expirity
chage -l chermander
Change date expiration to 1 month.
chage -E $(date -d "+1month" +"%Y-%m-%d") chermander
Delete additional groups
usermod -G "" chermander
## Files
Create 100 Files with size 2MB
for i in {1..100}; do dd if=/dev/zero of=$i bs=2M count=1; done
Move this files to test dir
ls | grep -Po '\d+' | xargs -I file mv file test/
Create tar.bzip archive with this files
cd test ; tar -cjf ../files.tar.bzip *
List files in archive
tar -tvf files.tar.bzip
Extract files
tar -xvf files.tar.bzip
## Network
There are several methods for network configuration
- nmtui
- nmcli
- GUI nm (nm-connection-editor)
- /etc/sysconfig/network-scripts/
Change hostname
hostnamect set-hostname host.loc
## Managing process
### shell jobs
Runing job in background
dd if=/dev/zero of=/dev/null &
Show jobs
jobs
Stops the job temporarily so that it can be managed. For instance, it can be moved to the background.
Ctrl+Z
Send the End Of File (EOF) character to the current job to indicate that it should stop waiting for further input.
Ctrl+D
Can be used to cancel the current interactive job
Ctrl+C
Continues the job that has just been frozen using Ctrl+Z in the background.
bg
Brings the last job that was moved to background execution back to the foreground.
fg
Show process
ps aux
ps ef
ps fax
Rename git branch
git branch -m old_branch new_branch # Rename branch locally
git push origin :old_branch # Delete the old branch
git push --set-upstream origin new_branch # Push the new branch, set local branch to track the new remote
### Tcpdump
timeout 60 tcpdump -i ens160 -n port not 22 -w /tmp/pcap
tcpdump -nr pcap | awk '{print }' | grep -oE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.[0-9]{1,}' | sort | uniq -c | sort -n
### Disk
Sata hotplug
echo - - - > /sys/class/scsi_host/host2/scan
ls /sys/class/scsi_host/ | while read host ; do echo "- - -" > /sys/class/scsi_host/$host/scan ; done
echo 1>/sys/class/block/sdd/device/rescan
### TOP memory usage
ps -e -o pid,user,cpu,size,rss,cmd --sort -size,-rss | head
### Find deleted files
find /proc/*/fd -ls | grep '(deleted)
### LVM
#### Resize
pvcreate /dev/sdd
vgextend vgdb /dev/sdd
lvextend -l +100%FREE /dev/mapper/vgmysql-lvmysql
xfs_growfs /dev/mapper/vgmysql-lvmysql
pvresize /dev/sda2
lvresize -l +100%FREE /dev/VolGroup00/LogVol00%
#### Display
sudo lvdisplay|awk '/LV Name/{n=$3} /Block device/{d=$3; sub(".*:","dm-",d); print d,n;}'
dm-0 /dev/SysVolGroup/LogVolRoot
dm-1 /dev/SysVolGroup/xen
dm-2 /dev/SysVolGroup/db1-2
dm-3 /dev/SysVolGroup/db1-2swap
dm-4 /dev/SysVolGroup/python1
dm-5 /dev/SysVolGroup/python1swap
dm-6 /dev/SysVolGroup/db1-2snap
### Nginx
#### pfx to key and cer for nginx
openssl pkcs12 -in cert.pfx -nocerts -nodes -out cert.ru.key
openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.ru.cer
### Grafana
#### reset password in sqllite
update user set password = '59acf18b94d7eb0694c61e60ce44c110c7a683ac6a8f09580d626f90f4a242000746579358d77dd9e570e83fa24faa88a 8a6', salt = 'F3FAxVm33R' where login = 'admin'
以上是关于markdown 我的linux片段为RHCSA的主要内容,如果未能解决你的问题,请参考以下文章