centos7修改网卡名字
net.ifnames=0 biosdevname=0
man手册中文
参考:http://www.kernel.org/pub/linux/docs/man-pages/
http://blog.csdn.net/gatieme/article/details/51656707
yum install man-pages-zh-CN -y
echo 'LANG="zh_CN.UTF-8"' >> ~/.bashrc
echo 'LANGUAGE="zh_CN:zh"' >> ~/.bashrc
source ~/.bashrc
stress压测工具
[root@n1 kubernetes]# yum install stress -y
[root@n1 kubernetes]# stress -h
stress: FAIL: [70121] (244) unrecognized option: -h
[root@n1 kubernetes]# stress --help
`stress' imposes certain types of compute stress on your system
Usage: stress [OPTION [ARG]] ...
-?, --help show this help statement
--version show version statement
-v, --verbose be verbose
-q, --quiet be quiet
-n, --dry-run show what would have been done
-t, --timeout N timeout after N seconds
--backoff N wait factor of N microseconds before work starts
-c, --cpu N spawn N workers spinning on sqrt()
-i, --io N spawn N workers spinning on sync()
-m, --vm N spawn N workers spinning on malloc()/free()
--vm-bytes B malloc B bytes per vm worker (default is 256MB)
--vm-stride B touch a byte every B bytes (default is 4096)
--vm-hang N sleep N secs before free (default none, 0 is inf)
--vm-keep redirty memory instead of freeing and reallocating
-d, --hdd N spawn N workers spinning on write()/unlink()
--hdd-bytes B write B bytes per hdd worker (default is 1GB)
Example: stress --cpu 8 --io 4 --vm 2 --vm-bytes 128M --timeout 10s
Note: Numbers may be suffixed with s,m,h,d,y (time) or B,K,M,G (size).
安装python-ldap
参考: https://stackoverflow.com/questions/4768446/i-cant-install-python-ldap
yum install python-devel openldap-devel
nginx配置安全检查工具
pip install gixy
gixy /usr/local/nginx/conf/nginx.conf
可以检查到以下一些问题:
- ssrf 服务端请求伪造
- HTTP Splitting 响应拆分
- 错误的 referrer/origin 验证
- 错误使用 add_header 指令
- Host 头信息伪造
- Referer 验证中允许为空
- 响应头中使用多行形式
禁用ipv6
参考: https://linux.cn/article-4935-1.html
vi /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
sysctl -p
sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
curl命令-网站如果3次不是200或301则报警
curl -o /dev/null -s -w "%{http_code}" baidu.com
-k/--insecure 允许不使用证书到SSL站点
-H/--header 自定义头信息传递给服务器
-I/--head 只显示请求头信息
-w/--write-out [format] 什么输出完成后
-s/--silent 静默模式。不输出任何东西
-o/--output 把输出写到该文件中
linux正则
参考: http://blog.csdn.net/Hello_Hwc/article/details/40017833
- 基本
. 匹配任何单个字符
* 前面出现0个或者多个
^ 以..开始
$ 以..结束
- 举个例子
china : 匹配此行中任意位置有china字符的行
^china : 匹配此以china开关的行
china$ : 匹配以china结尾的行
^china$ : 匹配仅有china五个字符的行
[Cc]hina : 匹配含有China或china的行
Ch.na : 匹配包含Ch两字母并且其后紧跟一个任意字符之后又有na两个字符的行
Ch.*na : 匹配一行中含Ch字符,并且其后跟0个或者多个字符,再继续跟na两字符
- 扩展正则
? : 匹配前面正则表达式的零个或一个扩展
+ : 匹配前面正则表达式的一个或多个扩展
{n,m}: 前面出现1个或2个或3个
| : 匹配|符号前或后的正则表达式
( ) : 匹配方括号括起来的正则表达式群
grep
- 参数
-n, --line-number
-i, --ignore-case 不区分大小写
-r, --recursive 按照目录
-o, --only-matching 只显示匹配行中匹配正则表达式的那部分
-v, --invert-match 排除
-c, --count 统计url出现次数
grep -nr
grep -oP
- 过滤ip
192.168.100.100
ifconfig|grep -oP "([0-9]{
1,3}\.){
3}[0-9]{
1,3}"
- 过滤邮箱
cat >>tmp.txt<<EOF
iher-_@qq.com
hello
EOF
cat tmp.txt|grep -oP "[a-zA-Z0-9_-]+@[a-zA-Z0-9_-]+(\.[a-zA-Z]+)+"
- 统计baidu关键字的url在这个大文件中出现的次数
$ cat >file.txt<<EOF
wtmp begins Mon Feb 24 14:26:08 2014
192.168.0.1
162.12.0.123
"123"
123""123
njuhwc@163.com
njuhwc@gmil.com 123
www.baidu.com
tieba.baidu.com
www.google.com
www.baidu.com/search/index
EOF
grep -cn ".*baidu.com.*" file.txt
3
bash自动补全
yum install bash-com* -y
我在dokcer命令tab可以补全了
nginx json日志格式标准版
参考: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/configmap.md
log-format-upstream: '{ "time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr",
"x-forward-for": "$proxy_add_x_forwarded_for", "request_id": "$request_id", "remote_user":
"$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status":
$status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri",
"request_query": "$args", "request_length": $request_length, "duration": $request_time,
"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent":
"$http_user_agent" }'
elk启动
nohup /bin/su - elk -c "/usr/local/elasticsearch/bin/elasticsearch" > /data/es/es-start.log 2>&1 &
nohup /bin/su - elk -c "/usr/local/kibana/bin/kibana" > /data/es/kibana-start.log 2>&1 &
nohup "/usr/local/logstash/bin/logstash -f /data/es/conf/logstash/logstash.conf" > /data/es/logstash-start.log 2>&1 &
curl -XDELETE http://192.168.100.204:9200/.monitoring-kibana-6-2017.10.23
健康:
http://192.168.100.204:9200/_cat/health?v
节点:
http://192.168.100.204:9200/_cat/nodes?v
查看index:
http://192.168.100.204:9200/_cat/indices?v
修改网卡名字
vim /etc/udev/rules.d/70-persistent-net.rules
vim /etc/sysconfig/network-scripts/ifcfg-eth0
sshfs挂载(实现nfs效果)
- 仅需客户端配置(已做客户端sshkey无密访问服务端)
yum install -y sshfs
挂载
sshfs -o allow_other,transform_symlinks root@192.168.14.133:/data /data
卸载
fusermount -u /data
参考: