|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
|
#20170804
查看正在访问某文件/目录进程
#######################################
fuser
/path/to/file
(
dir
)
sudoers
#######################################
# cat /etc/sudoers.d/usr01
Cmnd_Alias DENYCMD = !
/usr/bin/passwd
,!
/usr/bin/passwd
root,!
/bin/vi
/etc/sudoers
,!
/usr/bin/vim
/etc/sudoers
,!
/usr/sbin/visudo
,!
/bin/vi
/etc/ssh/
*,!
/usr/bin/vim
/etc/ssh/
*,
!
/bin/chmod
777
/etc/
*,!
/bin/chmod
777 *,!
/bin/chmod
777,!
/bin/chmod
-R 777 *
Cmnd_Alias DENYRMCMD = !
/bin/rm
/*,!
/bin/rm
/,!
/bin/rm
-rf /,!
/bin/rm
-rf /*,!
/bin/rm
/etc
,!
/bin/rm
-r
/etc
,!
/bin/rm
-rf
/etc
,!
/bin/rm
/etc/
*,!
/bin/rm
-r
/etc/
*,!
/bin/rm
-rf
/etc/
*,!
/bin/rm
/root
,!
/bin/rm
-r
/root
,!
/bin/rm
-rf
/root
,!
/bin/rm
/root/
*,!
/bin/rm
-r
/root/
*,!
/bin/rm
-rf
/root/
*,!
/bin/rm
/bin
,!
/bin/rm
-r
/bin
,!
/bin/rm
-rf
/bin
,!
/bin/rm
/bin/
*,!
/bin/rm
-r
/bin/
*,!
/bin/rm
-rf
/bin/
*
Cmnd_Alias DENYSUDOI = !
/usr/bin/sudo
-i,!
/bin/su
*root*,!
/bin/bash
,!
/bin/sh
,!
/bin/tcsh
usr01 ALL=(ALL) NOPASSWD: ALL,DENYCMD,DENYRMCMD,SUDOI
sudo
命令白名单
Cmnd_Alias PERMIT =
/sbin/route
,
/sbin/ifconfig
,
/bin/ping
,
/sbin/dhclient
,
/usr/bin/net
,
/sbin/iptables
,
/usr/bin/rfcomm
,
/usr/bin/wvdial
,
/sbin/iwconfig
,
/sbin/mii-tool
,
/bin/rpm
,
/usr/bin/up2date
,
/usr/bin/yum
,
/sbin/service
,
/sbin/chkconfig
,
/sbin/fdisk
,
/sbin/sfdisk
,
/sbin/parted
,
/sbin/partprobe
,
/bin/mount
,
/bin/umount
,
/bin/nice
,
/bin/kill
,
/usr/bin/kill
,
/usr/bin/killall
Cmnd_Alias SU =
/bin/su
,!
/bin/su
*root*
Cmnd_Alias CHMOD = !
/bin/chmod
777 *,!
/bin/chmod
-R 777 *
Cmnd_Alias RM = !
/bin/rm
/*,!
/bin/rm
/,!
/bin/rm
-rf /,!
/bin/rm
-rf /*,!
/bin/rm
/etc
,!
/bin/rm
-r
/etc
,!
/bin/rm
-rf
/etc
,!
/bin/rm
/etc/
*,!
/bin/rm
-r
/etc/
*,!
/bin/rm
-rf
/etc/
*,!
/bin/rm
/root
,!
/bin/rm
-r
/root
,!
/bin/rm
-rf
/root
,!
/bin/rm
/root/
*,!
/bin/rm
-r
/root/
*,!
/bin/rm
-rf
/root/
*,!
/bin/rm
/bin
,!
/bin/rm
-r
/bin
,!
/bin/rm
-rf
/bin
,!
/bin/rm
/bin/
*,!
/bin/rm
-r
/bin/
*,!
/bin/rm
-rf
/bin/
*
bmdba ALL=(ALL) NOPASSWD: PERMIT,SU,CHMOD,RM
sudo
命令黑名单
Cmnd_Alias DENYSUROOT = !
/bin/bash
,!
/bin/sh
,!
/bin/tcsh
,!
/usr/sbin/visudo
,!
/bin/su
*root*
Cmnd_Alias DENYVI = !
/usr/bin/vim
,!
/bin/vi
,!
/bin/echo
Cmnd_Alias DENYCMD = !
/usr/bin/passwd
,!
/usr/bin/passwd
root,!
/bin/chmod
777
/etc/
*,!
/bin/chmod
777,!
/bin/chmod
777 *,!
/bin/chmod
-R 777 *
Cmnd_Alias DENYRMCMD = !
/bin/rm
/*,!
/bin/rm
/,!
/bin/rm
-rf /,!
/bin/rm
-rf /*,!
/bin/rm
/etc
,!
/bin/rm
-r
/etc
,!
/bin/rm
-rf
/etc
,!
/bin/rm
/etc/
*,!
/bin/rm
-r
/etc/
*,!
/bin/rm
-rf
/etc/
*,!
/bin/rm
/root
,!
/bin/rm
-r
/root
,!
/bin/rm
-rf
/root
,!
/bin/rm
/root/
*,!
/bin/rm
-r
/root/
*,!
/bin/rm
-rf
/root/
*,!
/bin/rm
/bin
,!
/bin/rm
-r
/bin
,!
/bin/rm
-rf
/bin
,!
/bin/rm
/bin/
*,!
/bin/rm
-r
/bin/
*,!
/bin/rm
-rf
/bin/
*
linux获取自己的外网IP
#######################################
curl
ifconfig
.me
curl icanhazip.com
curl ident.me
curl ipecho.net
/plain
curl whatismyip.akamai.com
curl myip.dnsomatic.com
curl http:
//ip
.3322.net
disk io 测试
#######################################
磁盘写速度测试:
# sync;/usr/bin/time -p bash -c "(dd if=/dev/zero of=test.dd bs=1M count=20000)"
20000+0 records
in
20000+0 records out
20971520000 bytes (21 GB) copied, 185.653 s, 113 MB
/s
real 185.66
user 0.01
sys 20.99
腾讯云cfs写速度
# sync;/usr/bin/time -p bash -c "(dd if=/dev/zero of=/tx_cfs/test.dd bs=1M count=20000)"
20000+0 records
in
20000+0 records out
20971520000 bytes (21 GB) copied, 436.983 s, 48.0 MB
/s
real 436.98
user 0.01
sys 11.98
磁盘读速度测试:
# echo 3 > /proc/sys/vm/drop_caches && /usr/bin/time -p dd if=test.dd of=/dev/null bs=1M
20000+0 records
in
20000+0 records out
20971520000 bytes (21 GB) copied, 224.633 s, 93.4 MB
/s
real 224.76
user 0.06
sys 11.75
腾讯云cfs读速度
echo
3 >
/proc/sys/vm/drop_caches
&&
/usr/bin/time
-p
dd
if
=
/tx_cfs/test
.
dd
of=
/dev/null
bs=1M
20000+0 records
in
20000+0 records out
20971520000 bytes (21 GB) copied, 278.183 s, 75.4 MB
/s
real 278.29
user 0.05
sys 8.82
awk
[]就是分隔符
#######################################
# cat /sys/kernel/mm/transparent_hugepage/enabled
[always] madvise never
[root@VM_35_216_centos ~]
# cat /sys/kernel/mm/transparent_hugepage/enabled | awk -F [][] '{print $2}'
always
ssh
连接IP白名单
#######################################
AllowUsers root@183.21.89.249
ansible
sudo
to root
#######################################
# bruce用户身份,sudoing到root用户
ansible all -m
ping
-u bruce --
sudo
echo
颜色
#######################################
echo
-e
"some text \033[31m red \033[0m"
echo
-e
"some text \033[32m green \033[0m"
sed
过滤替换
#######################################
# cat sedtest
naughty is a girlgirl
03.cc is a girl
girlgirl is naughty
[root@node0 tmp]
# sed -i "/^naughty/c\\naughty is a girl" sedtest
[root@node0 tmp]
# cat sedtest
naughty is a girl
03.cc is a girl
girlgirl is naughty
shell脚本编辑文件&&vimrc
#######################################
cat
<< EOF >
/root/
.vimrc
set
ts=4
set
expandtab
set
smartindent
set
history
=10000
autocmd BufNewFile *.sh
exec
":call SetTitle()"
func SetTitle()
if
&filetype ==
'sh'
call setline(1,
"\##########################################################"
)
call append(line(
"."
),
"\# File Name: "
.
expand
(
"%"
))
call append(line(
"."
)+1,
"\# Author: YOUR_NAME"
)
call append(line(
"."
)+2,
"\# Mail: YOUR_EMAIL@mail.com"
)
call append(line(
"."
)+3,
"\# Created Time: "
.strftime(
"%c"
))
call append(line(
"."
)+4,
"\##########################################################"
)
call append(line(
"."
)+5,
"\#!/bin/bash"
)
call append(line(
"."
)+6,
""
)
call append(line(
"."
)+7,
"\#Write Log"
)
call append(line(
"."
)+8,
"log(){"
)
call append(line(
"."
)+9,
"\treturn"
)
call append(line(
"."
)+10,
"}"
)
call append(line(
"."
)+11,
""
)
call append(line(
"."
)+12,
"\#Shell Usage"
)
call append(line(
"."
)+13,
"usage(){"
)
call append(line(
"."
)+14,
"\treturn"
)
call append(line(
"."
)+15,
"}"
)
call append(line(
"."
)+16,
""
)
call append(line(
"."
)+17,
"\#shell_lock()"
)
call append(line(
"."
)+18,
"lock(){"
)
call append(line(
"."
)+19,
"\treturn"
)
call append(line(
"."
)+20,
"}"
)
call append(line(
"."
)+21,
""
)
call append(line(
"."
)+22,
"\#shell_unlock()"
)
call append(line(
"."
)+23,
"unlock(){"
)
call append(line(
"."
)+24,
"\treturn"
)
call append(line(
"."
)+25,
"}"
)
call append(line(
"."
)+26,
""
)
endif
endfunc
autocmd BufNewFile * normal G
EOF
创建普通用户并分配root权限
#######################################
不要这个
useradd
admin && \
echo
'*0+m&djD5oo'
|
passwd
--stdin admin && \
echo
'admin ALL=(ALL) NOPASSWD: ALL'
>>
/etc/sudoers
新添加用户并添加公钥
#######################################
有问题:
useradd
seentech;
mkdir
/home/seentech/
.
ssh
;
cd
/home/seentech/
.
ssh
;vim authorized_keys
没问题:
useradd
seentech &&
mkdir
/home/seentech/
.
ssh
&&
cd
/home/seentech/
.
ssh
&& vim authorized_keys
服务器公网IP禁
ping
#######################################
iptables -A INPUT -d 122.13.72.237 -p icmp --icmp-
type
8 -s 0
/0
-j DROP
判断软件是否安装
#######################################
rpm -qa zabbix-agent |
grep
-q
"zabbix-agent"
&&
echo
"dont install"
||
echo
"install it"
脚本加锁
#######################################
LOCKFILE=
/tmp/
`
basename
$0`.lock
[ -f $LOCKFILE ] &&
trap
"echo $LOCKFILE exist,bye!"
EXIT ||
touch
$LOCKFILE
删除指定目录开头
#######################################
/bin/rm
-rf routerData[3-9]*
git代码
#######################################
cd
/path/to/web_site_dir
su
wwwww
git clone git@git.100msh.com:liuchengchi
/100msh_keyuan2
.git ./
git pull
调试shell脚本时可以加入这个暂停
#######################################
read
-t 30 -p
"scripts $1 go on after 30s, Ctrl+C will stop script"
#echo $REPLY
find
定时删日志文件
#######################################
find
/usr/local/remotemysql
-name
"*log*CNGZ01PL0005*"
-mtime +4 -
exec
/bin/rm
-f {} \;
强制踢用户下线
#######################################
whoami
查看自己用户名
who
查看所有用户和访问者IP
who
am i 查看自己
tty
pkill -
kill
-t pts
/1
把pts
/1
对应用户踢下线
awk
示例
#######################################
命令行选项 -F
"[@ /t]"
告诉
awk
@, 空格和Tab都是字段分隔符,例如:
awk
-F
"[@ /t]"
'{print $2,$3}'
test
以@,空格,Tab键分割
test
文件的每一行,并输出第二、第三列。
awk
'$2~/^(126|yahoo)/{print $2, $3}'
test
如果改行的第二个字段以
"123"
或
"yahoo"
开始,则输出改行的第二、第三列。
awk
'$1~/[0-9][0-9]$/{print $1, $3}'
test
如果改行的最后两个字段以数字结束,则输出改行的第一、第三列。
awk
'/mail/{print $0}'
test
输出
test
文件中含有
"mail"
字符串的行
awk
'$2~/mail/{print $0}'
test
输出
test
文件中第二个字段含有
"mail"
字符串的行
awk
'$2 == "gmail.com"{$1 = "ggg";print}'
test
输出
test
文件中第二个字段是
"gmail.com"
的行,并把改行第一列改为
"ggg"
awk
'$2 == "gmail.com"{$1 = "ggg"}{print}'
test
输出
test
文件中所有行,并且如果第二个字段是
"gmail.com"
,把改行第一列改为
"ggg"
awk
'{IGNORECASE=1;if($2 ~/^[a-z]/&& $2~/net$/){print $0}}'
test
打开
test
文件,忽略字母大小写,如果第二字段以[a-z]开头,并以
"net"
结尾,则输出该行。
if
的示例
#######################################
if
[ ! -d
/data/svn/
$1 ];
then
echo
"something"
exit
fi
if
[ $
# -eq 0 ];then
echo
"something"
fi
注释多行
#######################################
光标移到需要注释的第一行
Ctrl+V
J向下移动(K向上移动)
Shift+I
Shift+
#
ESC
重定向
#######################################
cmd >a 2>a 和 cmd >a 2>&1 为什么不同?
cmd >a 2>a :stdout和stderr都直接送往文件a ,a文件会被打开两遍,由此导致stdout和stderr互相覆盖。
cmd >a 2>&1 :stdout直接送往文件a ,stderr是继承了FD1的管道之后,再被送往文件a 。a文件只被打开一遍,就是FD1将其打开, 所以会效率比前者更高。
apache、nginx、php、mysql 编译参数查询
#######################################
nginx编译参数查看:
/usr/local/nginx/sbin/nginx
-V
apache编译参数查看:
cat
/usr/local/apache2/build/config
.
nice
mysql编译参数查看:
cat
/usr/local/mysql/bin/mysqlbug
|
grep
CONFIGURE_LINE
php编译参数查看:
/usr/local/php/bin/php
-i |
grep
configure
awk
参考示例
#######################################
$
cat
student-marks
Jones 2143 78 84 77
Gondrol 2321 56 58 45
RinRao 2122 38 37
Edwin 2537 87 97 95
Dayan 2415 30 47
1. Awk If Example: Check all the marks are exist
$
awk
'{
if
($3 ==
""
|| $4 ==
""
|| $5 ==
""
)
print
"Some score for the student"
,$1,
"is missing"
;'
}' student-marks
Some score
for
the student RinRao is missing
Some score
for
the student Dayan is missing
2. Awk If Else Example: Generate Pass
/Fail
Report based on Student marks
in
each subject
$
awk
'{
if
($3 >=35 && $4 >= 35 && $5 >= 35)
print $0,
"=>"
,
"Pass"
;
else
print $0,
"=>"
,
"Fail"
;
}' student-marks
Jones 2143 78 84 77 => Pass
Gondrol 2321 56 58 45 => Pass
RinRao 2122 38 37 => Fail
Edwin 2537 87 97 95 => Pass
Dayan 2415 30 47 => Fail
3. Awk If Else If Example: Find the average and grade
for
every student
$
cat
grade.
awk
{
total=$3+$4+$5;
avg=total
/3
;
if
( avg >= 90 ) grade=
"A"
;
else
if
( avg >= 80) grade =
"B"
;
else
if
(avg >= 70) grade =
"C"
;
else
grade=
"D"
;
print $0,
"=>"
,grade;
}
$
awk
-f grade.
awk
student-marks
Jones 2143 78 84 77 => C
Gondrol 2321 56 58 45 => D
RinRao 2122 38 37 => D
Edwin 2537 87 97 95 => A
Dayan 2415 30 47 => D
4. Awk Ternary ( ?: ) Example: Concatenate every 3 lines of input with a comma.
$
awk
'ORS=NR%3?",":"\n"'
student-marks
Jones 2143 78 84 77,Gondrol 2321 56 58 45,RinRao 2122 38 37
Edwin 2537 87 97 95,Dayan 2415 30 47,
awk
变量,
if
,and
#######################################
awk
-
v
name=
'access.wifiauth_hb-v1.1.gz.100msh.com.log'
-vcode=200
'{if($1==name && $2==code) print $0}'
nginx_log_stats.txt
logstats
#######################################
logfile=
/data001/data/logs/nginx/access
.wifiauth_hb-v1.1.gz.100msh.com.log
tail
-n 1000 $logfile |
awk
-
v
name=`
basename
$logfile`
'{a[$10]++}END { for(i in a) print name,i,a[i] }'
date
显示多少天前
#######################################
date
-d
"3 day ago"
+%Y%m%d 以指定格式显示3天前的日期
date
-d
"1 month"
+%Y-%m-%d 以指定格式显示一个月后的日期
date
'+%H'
小时
#获取脚本的绝对路径#######################################
scriptpath=$(readlink -f $0)
#获取脚本的父目录
scriptdir=$(
dirname
$scriptpath)
上述命令合并:脚本当前目录
scriptdir=$(
dirname
$(readlink -f $0))
ansible分发定时任务和删除定时任务
#######################################
ansible nfauth -m service -a
"name=zabbix-agent state=restarted"
ansible nfauth[10-23] -m shell -a
'/etc/init.d/zabbix-agent status'
ansible all
/192
.168.83.104 -m
cron
-a
'name="ban IP of login" minute=* hour=*/2 day=* month=* weekday=* job="sh /data/x5online/ban_try_login_ip.sh"'
ansible 192.168.83.104 -m
cron
-a
"name="
ban IP of login
" state=absent"
ansible bfauth -m shell -a
'mkdir -pv /data001/apps/php/etc/old_conf'
ansible bfauth -m copy -a
'src=/root/bfauth20170615/php.ini dest=/data001/apps/php/etc'
ansible bfauth -m
cron
-a
'name="clean cache" minute=15 hour=3 day=* month=* weekday=* job="bash /root/bin/freecache.sh"'
[txzg]
119.29.142.189 ansible_ssh_port=18922
123.207.237.77 ansible_ssh_port=18922
123.207.44.192
123.207.45.148
119.29.158.156
/etc/ansible/hosts
文件中可以使用的参数
ansible_ssh_host
#用于指定被管理的主机的真实IP
ansible_ssh_port
#用于指定连接到被管理主机的ssh端口号,默认是22
ansible_ssh_user
#ssh连接时默认使用的用户名
ansible_ssh_pass
#ssh连接时的密码
ansible_sudo_pass
#使用sudo连接用户时的密码,sudo无需密码时,无需此参数
ansible_sudo_exec
#如果sudo命令不在默认路径,需要指定sudo命令路径
ansible_ssh_private_key_file
#秘钥文件路径,秘钥文件如果不想使用ssh-agent管理时可以使用此选项ansible_shell_type
#目标系统的shell的类型,默认sh
ansible_connection
#SSH 连接的类型: local , ssh , paramiko,在 ansible 1.2 之前默认是 paramiko ,后来智能选择,优先使用基于ControlPersist的ssh(支持的前提)
ansible_python_interpreter
#用来指定Python解释器的路径,默认为/usr/bin/python 同样可以指定ruby 、perl的路径
ansible_*_interpreter
#其他解释器路径,用法和ansible_python_interpreter类似,这里"*"可以是ruby或才perl等其他语言
ssh
禁用root用户登录,修改端口后,hosts文件设置和ansible命令
139.199.65.228 ansible_ssh_user=100msh_yunwei ansible_ssh_port=18922
ansible -i txall 139.199.65.228 --
sudo
-m shell -a
'touch /root/test.file'
nginx日志滚动(官方)
#######################################
$
mv
access.log access.log.0
$
kill
-USR1 `
cat
master.nginx.pid`
$
sleep
1
$
gzip
access.log.0
awk
if
变量
#######################################
tail
-n 1000
/path/to/log_file
|
awk
-
v
code=200
'BEGIN {count=0} {if($10==code){count=count+1;}} END{print code,count}'
bash
脚本PATH
#######################################
#!/bin/bash
#
export
PATH=$PATH:
/usr/local/sbin
:
/usr/local/bin
:
/sbin
:
/bin
:
/usr/sbin
:
/usr/bin
:
/root/bin
nginx访问日志监控
#######################################
tail
-n 1000
/path/to/log_file
|
awk
'{a[$10]++}END { for(i in a) print a[i],i | "sort -k1 -nr | head -n 10" }'
585 404
403 200
3 301
3 302
1 444
/etc/bashrc
#######################################
rmmv() {
for
i
in
$@
do
mv
-iv $i
/data001/recycle/
${i
//
\
//_
}-`
date
+%F%T`
done
}
alias
rm
=rmmv
sed
的一些用法
#######################################
# echo 192-168-1-1 | sed 's/-/./g'
192.168.1.1
脚本加密工具shc
#######################################
#http://www.datsi.fi.upm.es/~frosal/sources/
tee
用法
#######################################
echo
333 |
tee
-a
/tmp/echo
.txt 追加
echo
333 |
tee
/tmp/echo
.txt 覆盖
awk
不显示某列
#######################################
history
|
awk
'{$1="";$2="";$3="";print $0}'
基本编译组件安装
#######################################
yum
install
gcc cpp glibc glibc-devel gcc-c++
高并发内核参数
#######################################
但在不同的虚拟化场景(KVM,XEN,VSPHERE)下,不一定存在以下参数
cd
/proc/sys/net/ipv4/
[root]
# cat tcp_max_syn_backlog
819200
[root]
# cat tcp_fin_timeout
30
[root]
# cat tcp_keepalive_time
60
[root]
# cat tcp_synack_retries
2
[root]
# cat tcp_syncookies
1
[root]
# cat tcp_tw_recycle
1
[root]
# cat tcp_tw_reuse
1
vi
/etc/sysctl
.conf
net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_keepalive_probes = 1
net.ipv4.tcp_keepalive_intvl = 1
date
命令
#######################################
$
date
+%F_%H:%M:%S
2017-06-01_12:57:47
更详细请查阅
http:
//www
.cnblogs.com
/xd502djj/archive/2010/12/29/1919478
.html
ssh
连接超时时间的设置方法
#######################################
echo
export
TMOUT=1800 >>
/etc/profile
echo
export
TMOUT=900 >>
/root/
.bash_profile
禁用密码登录服务器
#######################################
先配置密钥登录服务器!!!!
使用xshell等工具生成密钥对
拷贝公钥信息粘贴到 vim ~/.
ssh
/authorized_keys
mkdir
~/.
ssh
chmod
700 ~/.
ssh
vi
~/.
ssh
/authorized_keys
chmod
644 ~/.
ssh
/authorized_keys
【注意权限为644】
基于密钥认证的配置
查看
/etc/ssh/sshd_config
配置
PasswordAuthentication
yes
//
把
yes
修改为no即禁用密码登录
#PubkeyAuthentication yes //密钥登录是注释默认是允许的,无需修改
测试:
sed
-n
"s/^PasswordAuthentication yes/PasswordAuthentication no/p"
/etc/ssh/sshd_config
sed
-n
"s/^#PubkeyAuthentication yes/PubkeyAuthentication yes/p"
/etc/ssh/sshd_config
修改配置:
cp
/etc/ssh/sshd_config
{,_org}
sed
-i
"s/^PasswordAuthentication yes/PasswordAuthentication no/"
/etc/ssh/sshd_config
sed
-i
"s/#PubkeyAuthentication yes/PubkeyAuthentication yes/"
/etc/ssh/sshd_config
egrep
"^PasswordAuthentication|^PubkeyAuthentication"
/etc/ssh/sshd_config
重载服务:
/etc/init
.d
/sshd
reload
iptables配置端口转发
#######################################
清空防火墙规则
/etc/init
.d
/iptables
stop
iptables -F
iptables -X
iptables -Z
/etc/init
.d
/iptables
save
检查配置文件
/etc/sysconfig/iptables
是否包含iptables规则
/etc/init
.d
/iptables
start
只转向本地其他port
iptables -t nat -I PREROUTING -p tcp -d 10.186.35.216 --dport 30000:40000 -j REDIRECT --to-port 80
转任意IP和port
iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 30000:40000 -j DNAT --to 10.186.35.216:80
iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 30000:40000 -j DNAT --to-destination 10.186.35.216:80
查看和保存
iptables -t nat -n -L PREROUTING
/etc/init
.d
/iptables
save
iptables -t nat -I PREROUTING -p tcp -d 10.186.35.216 --dport 30000:40000 -j REDIRECT --to-port 80-81
经检验,不会转发到81端口
-j DNAT --to-destination 192.168.1.1-192.168.1.10
未检验
iptables -t nat -I PREROUTING -p tcp -d 183.60.124.69 --dport 41000:42000 -j DNAT --to 183.60.124.69:8100
iptables -t nat -A PREROUTING -d 183.60.124.69 -p tcp -m tcp --dport 41000:42000 -j REDIRECT --to-port 8100
iptables -I INPUT -p tcp -m tcp --dport 10050:10051 -m comment --comment
"zabbix_agentd communication"
-j ACCEPT
删除文件里面空行
#######################################
echo
"wq"
|ex -c
"g/^$/d"
filename
vim filename
:g/^$
/d
测试环境系统初始化
#######################################
设置网卡启动
vim
/etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=
yes
NM_CONTROLLED=no
只修改以上两个选项,其余保持不变,最后重启网络连接
/etc/init
.d
/network
restart
rpm -ivh http:
//dl
.fedoraproject.org
/pub/epel/6/x86_64/epel-release-6-8
.noarch.rpm
sed
-i
's/^SELINUX=.*/SELINUX=disabled/'
/etc/sysconfig/selinux
setenforce 0
echo
"setenforce 0"
>>
/etc/rc
.
local
/etc/init
.d
/iptables
stop
chkconfig iptables off
echo
"StrictHostKeyChecking no"
>>
/etc/ssh/ssh_config
重启系统,检查配置
/etc/init
.d
/iptables
status
chkconfig iptables --list
getenforce
yum repolist
创建系统快照
配置无密码
ssh
登录
#######################################
grep
-q
"StrictHostKeyChecking no"
/etc/ssh/ssh_config
||
echo
"StrictHostKeyChecking no"
>>
/etc/ssh/ssh_config
rpm -q sshpass || yum -y
install
sshpass
[ -f
"$HOME/.ssh/id_rsa"
] ||
ssh
-keygen -t rsa -P
""
-f
"$HOME/.ssh/id_rsa"
hostip=(
172.16.1.187
172.16.1.188
172.16.1.189
172.16.1.190
172.16.1.232
172.16.1.233
)
hostpass=
"111111"
# 所有host的密码都是111111.如果每个host用的密码不一样,可以使用字典来做
for
h
in
${hostip[@]};
do
sshpass -p $hostpass
ssh
-copy-
id
-i
/root/
.
ssh
/id_rsa
.pub root@$h
#ssh $h mkdir -pv /data001/data/kfklog/
#scp -rp /data001/app $h:/data001
done
测试:
for
h
in
${hostip[@]};
do
ssh
$h
hostname
;
done
hostip=(
172.16.1.187
172.16.1.188
172.16.1.189
)
for
h
in
${hostip[@]};
do
sshpass -p $hostpass
ssh
-copy-
id
-i
/root/
.
ssh
/id_rsa
.pub root@$h
#ssh $h mkdir -pv /data001/data/kfklog/
#scp -rp /data001/app $h:/data001
done
补充:SSHPASS环境变量和
ssh
指定端口
export
SSHPASS=
'tLqR1MqtC4y8+aZxCGYLIA'
sshpass -e
ssh
-p 54369 addansible@123.59.4.4
"sudo touch /etc/ansible/hosts.d/${PBL_IP}.tx"
sshpass -e
ssh
-p 54369 addansible@123.59.4.4
"echo 11afds | sudo tee /tmp/a.txt"
sshpass -e
ssh
-p 54369 addansible@123.59.4.4
'sudo sh -c "echo 111125 >> /etc/ansible/hosts.d/txall"'
腾讯云获取自己公网IP
#######################################
curl http:
//metadata
.tencentyun.com
/meta-data/public-ipv4
139.199.65.228
参考文档
https:
//www
.qcloud.com
/document/product/213/4934
tar
#######################################
把若干文件打包并压缩成一个文件
tar
--remove-files -zcvf aaa.log.2017-04.
tar
.gz aaa.log.2017-04*
不解压文件查看压缩包
tar
[tf or tvf] aaa.log.2017-02.
tar
.gz
解压到指定目录
tar
-xf aaa.log.2017-02.
tar
.gz -C
/usr/local/
lftp
#######################################
lftp -u
'USERNAME,PASSWORD'
IP_ADDRESS
if
#######################################
判断字符串为空
if
[ -z $b ];
then
echo
"b is null"
fi
if
[
"$a"
x ==
'ok'
x ];
then
echo
"a is ok"
fi
判断数字
if
[ $a -
eq
1 ];
then
echo
"a is 1"
fi
if
命令/条件;
then
命令
elif
命令/条件;
then
命令
else
命令
fi
while
#######################################
while
[ $a -lt 3 ];
do
let
a++
done
for
#######################################
for
i
in
aa bb cc;
do
echo
$i
done
for
i
in
`
seq
1 3`;
do
echo
$i
done
c=(`
ls
/`)
for
i
in
${c[@]};
do
echo
$i
done
以下命令可以做成xshell按钮
随机字符
#######################################
openssl rand -base64 16
随机数字
#######################################
head
-200
/dev/urandom
| cksum |
awk
'{print $1}'
随机字母数字
#######################################
head
-200
/dev/urandom
| md5sum |
awk
'{print $1}'
egrep
过滤注释
#######################################
alias
egrep
=
'egrep -v --color=auto "^$|^\s*#"'
CPU,MEM,DISK信息
#######################################
echo
;
echo
"======= system info ======="
;
printf
"cpu:\t`cat /proc/loadavg`;\n"
;
free
-m |
awk
'NR==2 {print "mem:\tused," $3 "M;free," $4 "M;"}'
;
df
-hP |
grep
-
v
sr0|
sed
's/%//g'
|
awk
'NR>1 {if($5>=10) {print $6"," $5"%"}}'
|
tr
'\n'
';'
|
awk
'{print "disk:\t" $0}'
;
echo
"======= system info ======="
du
#######################################
查找./下>1G的目录
cd
/;
du
-m --max-depth=1 --exclude=
"proc"
./ |
sort
-n |
awk
'{if($1>1024){printf "%.2fGB\t%s\n",$1/1024,$2}}'
1.67GB .
/usr
3.25GB .
/logs
54.07GB .
/data001
60.34GB ./
然后再进入某个大目录进行查看分析
cd
/usr/
du
-m --max-depth=1 --exclude=
"proc"
./ |
sort
-n |
awk
'{if($1>1024){printf "%.2fGB\t%s\n",$1/1024,$2}}'
查找大文件
#######################################
查找/下大于100MB的文件(排除
/proc
目录)并进行从小到大进行排序
find
/ -path
"/proc"
-prune -o -
type
f -size +100000k -
exec
ls
-l {} \; |
awk
'{printf "%.2fMB \t%s\n",$5/1024/1024,$9}'
|
sort
-n
文件数量
#######################################
计算当前目录及子目录下的文件数量
find
./ -path
'./proc'
-prune -o -
type
f |
wc
-l
把若干文件打包并压缩成一个文件
#######################################
tar
--remove-files -zcvf acpostdataadmin.log.2017-04.
tar
.gz acpostdataadmin.log.2017-04*
不解压文件查看压缩包
tar
tf acadmin.log.2017-02.
tar
.gz
tar
tvf acadmin.log.2017-02.
tar
.gz
本服务器上某个监听端口的连接数
#######################################
netstat
-np |
awk
'$4 ~ /:21$/{print $4,"<--",$5,$6,$7}'
本服务器上连接某个端口的连接数
#######################################
netstat
-np |
awk
'$5 ~ /:21$/{print $4,"-->",$5,$6,$7}'
#######################################
|
本文转自 zhuhc1988 51CTO博客,原文链接:http://blog.51cto.com/changeflyhigh/1919137,如需转载请自行联系原作者
