10.32/10.33 rsync通过服务同步
rsync读写文件,总得以系统的某个用户的身份来操作。 就是映射的这个系统用户。
rsync 通过服务的方式同步
要编辑配置文件/etc/rsyncd.conf
启动服务rsync --daemon
格式:rsync -av test1/ 192.168.133.130::module/dir/
rsyncd.conf样例
port=873
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=192.168.133.130
[test]
path=/root/rsync
use chroot=true
max connections=4
read only=no
list=true
uid=root
gid=root
auth users=test
secrets file=/etc/rsyncd.passwd
hosts allow=192.168.133.132 1.1.1.1 2.2.2.2 192.168.133.0/24
rsyncd.conf配置文件详解
port:指定在哪个端口启动rsyncd服务,默认是873端口。
自定义端口时
vim /etc/rsyncd.conf
port=8730
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
重启服务
[root@test ~]# killall rsync
[root@test ~]# rsync --daemon
客户端同步
[root@txc209 ~]# rsync -avLP --port 8730 192.168.1.3::test/test-2.txt /tmp/5.txt
receiving incremental file list
test-2.txt
1,048 100% 1023.44kB/s 0:00:00 (xfr#1, to-chk=0/1)
sent 43 bytes received 1,144 bytes 2,374.00 bytes/sec
total size is 1,048 speedup is 0.88
log file:指定日志文件。
pid file:指定pid文件,这个文件的作用涉及服务的启动、停止等进程管理操作。
address:指定启动rsyncd服务的IP。假如你的机器有多个IP,就可以指定由其中一个启动rsyncd服务,如果不指定该参数,默认是在全部IP上启动。
[]:指定模块名,里面内容自定义。
path:指定数据存放的路径。
use chroot true|false:表示在传输文件前首先chroot到path参数所指定的目录下。这样做的原因是实现额外的安全防护,但缺点是需要以roots权限,并且不能备份指向外部的符号连接所指向的目录文件。默认情况下chroot值为true,如果你的数据当中有软连接文件(当加-L只能同步PATH指定的目录就会出现无法同步原文件),阿铭建议你设置成false。
max connections:指定最大的连接数,默认是0,即没有限制。
read only ture|false:如果为true,则不能上传到该模块指定的路径下。
list:表示当用户查询该服务器上的可用模块时,该模块是否被列出,设定为true则列出,false则隐藏。
[root@txc209 ~]# rsync --port 8730 192.168.1.3::
test
uid/gid:指定传输文件时以哪个用户/组的身份传输。
[root
@test ~]# vim /etc/rsyncd.conf
uid=nobody
gid=nobody
[root@txc209 ~]# rsync -avLP /tmp/1.txt --port 8730 183.131.3.210::test/55555.txt
sending incremental file list
1.txt
1,048 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=0/1)
rsync: chgrp "/.55555.txt.hJBVh0" (in test) failed: Operation not permitted (1)(权限不够)
sent 1,139 bytes received 119 bytes 2,516.00 bytes/sec
total size is 1,048 speedup is 0.83
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1178) [sender=3.1.2]
auth users:指定传输时要使用的用户名。
secrets file:指定密码文件,该参数连同上面的参数如果不指定,则不使用密码验证。注意该密码文件的权限一定要是600。格式:用户名:密码
[root@test ~]# vim /etc/rsyncd.conf
auth users=test
secrets file=/etc/rsyncd.passwd
[root@test ~]# vim /etc/rsyncd.passwd
test:123456
[root@test ~]# chmod 600 /etc/rsyncd.passwd
[root@txc209 ~]# rsync -avLP /tmp/1.txt --port 8730 test@192.168.1.3::test/55555.txt
Password:
sending incremental file list
1.txt
1,048 100% 339.84kB/s 0:00:00 (xfr#1, to-chk=0/1)
sent 95 bytes received 47 bytes 16.71 bytes/sec
total size is 1,048 speedup is 7.38
当设置了auth users和secrets file后,客户端连服务端也需要用用户名密码了,若想在命令行中带上密码,可以设定一个密码文件
rsync -avL test@192.168.133.130::test/test1/ /tmp/test8/ --password-file=/etc/pass
其中/etc/pass内容就是一个密码,权限要改为600
服务端直接存储密码
[root@txc209 ~]# vim /etc/rsync_pass.txt
123456
[root@txc209 ~]# chmod 600 /etc/rsync_pass.txt
[root@txc209 ~]# rsync -avLP /tmp/1.txt --port 8730 --password-file=/etc/rsync_pass.txt test@183.131.3.210::test/55555.txt
sending incremental file list
sent 44 bytes received 12 bytes 112.00 bytes/sec
total size is 1,048 speedup is 18.71
hosts allow:表示被允许连接该模块的主机,可以是IP或者网段,如果是多个,中间用空格隔开。
hosts allow=192.168.133.132 1.1.1.1 2.2.2.2 192.168.133.0/24
rsync 通过服务的方式同步
CS架构,客户端服务端 ,rsync服务开启,监听端口默认873(可以自定义 但是启动服务时
/usr/bin/rsync --daemon --config=/etc/rsyncd/rsyncd.conf)
通过端口客户端与服务端通信
第一步编辑默认配置文件(也可以将配置文件放置在其他路径下,启动服务时需)
[root@test ~]# vim /etc/rsyncd.conf
另起一行
port=873
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=本机
[test](模块名,自定义,模块名指定的就是path=/tmp/rsync)
path=/tmp/rsync
use chroot=true
max connections=4
read only=no
list=true
uid=root
gid=root
auth users=test(远程登录用户名)
secrets file=/etc/rsyncd.passwd
(远程登陆密码)
hosts allow=客户端IP或者IP段
创建配置文件中的目录及权限
[root@test ~]# mkdir /tmp/rsync
[root@test ~]# chmod 777 !$
chmod 777 /tmp/rsync
第二步默认启动服务[root@test ~]# rsync --daemon
检测是否启动服务
[root@test ~]# ps aux |grep rsync
root 1085 0.0 0.0 114740 560 ? Ss 12:20 0:00 rsync --daemon
root 1095 0.0 0.0 112720 976 pts/0 S+ 12:21 0:00 grep --color=auto rsync
查看监听端口是否起来
[root@test ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1466/master
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 967/sshd: root@pts/
tcp 0 0 192.168.1.2:873 0.0.0.0:* LISTEN 1085/rsync
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 831/rpcbind
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1630/dnsmasq
tcp 0 0 0.0.0.0:9910 0.0.0.0:* LISTEN 1225/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1466/master
tcp6 0 0 ::1:6010 :::* LISTEN 967/sshd: root@pts/
tcp6 0 0 :::111 :::* LISTEN 831/rpcbind
tcp6 0 0 :::9910 :::* LISTEN 1225/sshd
注:若在配置文件中不指定IP则会使0.0.0.0:873监听所有网段
测试:
格式:rsync -av test1/ 192.168.133.130::module/dir/(跟服务端的配置文件模块名+同步过去的文件名)
客户端同步数据至服务端
[root@txc209 ~]# rsync -avP /tmp/1.txt 192.168.1.3::test/test-2.txt (::表示就是用rsyncd.conf服务用法)
Password:
@ERROR: auth failed on module test
rsync error: error starting client-server protocol (code 5) at main.c(1648) [sender=3.1.2]
排错
查看端口是否通
[root@txc209 ~]# yum install -y telnet
[root@txc209 ~]# telnet 192.168.1.3 873
Trying 192.168.1.3...
telnet: connect to address 192.168.1.3: Connection refused
关闭客户端防火墙或者增加策略
[root@txc209 ~]# systemctl stop firewalld
查看服务端防火墙
[root@test ~]# systemctl stop firewalld.service
查看端口连通结果
[root@txc209 ~]# telnet 192.168.1.3 873
Trying 192.168.1.3...
Connected to 192.168.1.3.
Escape character is '^]'.
@RSYNCD: 31.0
上传同步文件
[root@txc209 ~]# rsync -avP /tmp/1.txt 192.168.1.3::test/test-2.txt
sending incremental file list
1.txt
1,048 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=0/1)
sent 1,139 bytes received 35 bytes 2,348.00 bytes/sec
total size is 1,048 speedup is 0.89
拉文件至客户端
[root@txc209 ~]# rsync -avP 192.168.1.3::test/test-2.txt /tmp/123.txt
receiving incremental file list
test-2.txt
1,048 100% 1023.44kB/s 0:00:00 (xfr#1, to-chk=0/1)
sent 43 bytes received 1,144 bytes 2,374.00 bytes/sec
total size is 1,048 speedup is 0.88
10.34 linux系统日志
/var/log/messages
/etc/logrotate.conf 日志切割配置文件
dmesg命令
/var/log/dmesg 日志
last命令,调用的文件/var/log/wtmp
lastb命令查看登录失败的用户,对应的文件时/var/log/btmp
/var/log/secure
系统日志
[root@test ~]# ls /var/log/messages
/var/log/messages
自动切割机制
[root@test ~]# ls /var/log/messages*
/var/log/messages /var/log/messages-20181008 /var/log/messages-20181014 /var/log/messages-20181021 /var/log/messages-20181028
logrotate切割日志服务机制
日志切割配置文件
[root@test ~]# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly (每周切割一次)
# keep 4 weeks worth of backlogs
rotate 4 (保留四个,保留一个月)
# create new (empty) log files after rotating old ones
create(切割完后创建新文件)
# use date as a suffix of the rotated file
dateext(切割创建的文件格式后面加日期)
# uncomment this if you want your log files compressed
#compress(是否压缩 .tar.gz)
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d (此路径下还有部分配置文件)
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly(每个月切割一次)
create 0664 root utmp
minsize 1M
rotate 1 (保留一个)
}
/var/log/btmp {
missingok
monthly ()
create 0600 root utmp(创建时规定了权限和属主属组)
rotate 1
}
# system-specific logs may be also be configured here.
[root@test ~]# ls /etc/logrotate.d
bootlog chrony iscsiuiolog libvirtd libvirtd.qemu numad ppp samba syslog wpa_supplicant yum
[root@test ~]# cat /etc/logrotate.d/syslog
切割以下几个文件
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
missingok
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/
syslogd.pid 2> /dev/null` 2> /dev/null || true (切割后新生成一个日志,让系统往新的日志中,inode决定特性)
endscript
}
列出系统中硬件日志(保存在内存中)硬件故障错误
[root@test ~]# dmesg
[ 21.698210] IPv6: ADDRCONF(NETDEV_UP): ens34: link is not ready
[ 21.705551] e1000: ens34 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[ 24.608711] ip6_tables: (C) 2000-2006 Netfilter Core Team
[ 24.707195] Ebtables v2.0 registered
[ 24.914504] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[ 24.932152] tun: Universal TUN/TAP device driver, 1.6
[ 24.932156] tun: (C) 1999-2004 Max Krasnyansky <
maxk@qualcomm.com>
[ 24.934003] virbr0: port 1(virbr0-nic) entered blocking state
[ 24.934007] virbr0: port 1(virbr0-nic) entered disabled state
[ 24.934069] device virbr0-nic entered promiscuous mode
[ 25.281109] virbr0: port 1(virbr0-nic) entered blocking state
[ 25.281116] virbr0: port 1(virbr0-nic) entered listening state
[ 25.281221] IPv6: ADDRCONF(NETDEV_UP): virbr0: link is not ready
[ 25.393105] virbr0: port 1(virbr0-nic) entered disabled state
[95415.819539] ip_tables: (C) 2000-2006 Netfilter Core Team
[95415.871366] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[95416.126376] Netfilter messages via NETLINK v0.30.
[95416.147127] ip_set: protocol 6
[608587.412200] Ebtables v2.0 unregistered
[608587.531576] ip_tables: (C) 2000-2006 Netfilter Core Team
[608587.577357] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
-c清空日志
[root@test ~]# dmesg -c
系统启动日志
[root@test ~]# ls /var/log/dmesg
/var/log/dmesg
last命令正确的登陆历史
[root@test ~]# last
root pts/0 115.236.28.52 Fri Nov 2 12:13 still logged in
root pts/1 122.224.172.5 Wed Oct 31 13:01 - 13:12 (00:11)
root pts/0 115.236.28.51 Wed Oct 31 11:00 - 15:11 (04:11)
root pts/0 115.236.28.51 Tue Oct 30 10:18 - 12:25 (02:06)
root pts/0 115.236.28.51 Tue Oct 30 09:24 - 09:46 (00:21)
root pts/1 115.216.15.26 Sat Oct 27 14:08 - 15:21 (01:12)
root tty1 Sat Oct 27 14:08 still logged in
root pts/0 115.216.15.26 Sat Oct 27 13:36 - 16:16 (02:39)
last命令,调用的文件/var/log/wtmp
[root@test ~]# last /var/log/wtmp
wtmp begins Thu Sep 27 16:42:56 2018
lastb命令错误的历史
[root@test ~]# lastb
btmp begins Thu Nov 1 03:22:01 2018
lastb命令查看登录失败的用户,对应的文件时/var/log/btmp
[root@test ~]# lastb /var/log/btmp
btmp begins Thu Nov 1 03:22:01 2018
记录登陆是否正常,黑客登陆等信息记录
[root@test ~]# ls /var/log/secure
/var/log/secure
动态查看
[root@test ~]# tail -f /var/log/secure
10.35 screen工具(虚拟屏幕或者终端)
screen就是一个虚拟终端,当我们进入之后,就可以当成是一个终端啊。 在这个终端运行的命令都是在前台里运行的。
加个& 是在后台运行的。
为了不让一个任务意外中断
nohup command &
screen是一个虚拟终端
yum install -y screen
screen直接回车就进入了虚拟终端
ctral a组合键再按d退出虚拟终端,但不是结束
screen -ls 查看虚拟终端列表
screen -r id 进入指定的终端
screen -S aming
screen -r aming
将任务丢到后台去 nohup+执行命令+正错日志 &
[root@test ~]# nohup ping www.baidu.com >1.log 2>1.log &
screen是一个虚拟终端
安装命令[root@test ~]# yum install -y screen
screen直接回车就进入了虚拟终端
[root@test ~]# screen
运行一个不能中断的命令
[root@test ~]# vmstat 1
ctral a组合键再按d退出虚拟终端,但不是结束
退出后可以查看到screen ID2325
[detached from 2325.pts-0.test]
screen -ls 查看虚拟终端列表
[root@test ~]# screen -ls
There are screens on:
2325.pts-0.test (Detached)
2267.pts-0.test (Detached)
2 Sockets in /var/run/screen/S-root.
screen -r id 进入指定的终端
[root@test ~]# screen -r 2267
杀死虚拟终端
[root@test ~]# exit
[screen is terminating]
指定虚拟终端名字,方便知道后台运行什么业务
[root@test ~]# screen -S "test1"
[root@test ~]# screen -ls
There are screens on:
2426.test1 (Detached)
2325.pts-0.test (Detached)
2 Sockets in /var/run/screen/S-root.