- ifconfig命令作用
ifconfig 是一个用来查看、配置、启用或禁用网络接口的工具,这个工具极为常用的。可以用这个工具来临时性的配置网卡的IP地址、掩码、广播地址、网关等。也可以把它写入一个文件中(比如/etc/rc.d/rc.local),这样系统引导后,会读取这个文件,为网卡设置IP地址
ifconfig命令作用
1.ifconfig 查看网络接口状态
- hostname%ifconfig -a
- lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
- inet 127.0.0.1 netmask ff000000
- e1000g0: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 7
- inet 10.142.35.7 netmask ffffffc0 broadcast 10.142.35.63
- e1000g0:1: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 7
- inet 10.142.35.10 netmask ffffffc0 broadcast 10.142.35.63
- cip0: flags=1008843<UP,BROADCAST,RUNNING,MULTICAST,PRIVATE,IPv4> mtu 1500 index 8
- inet 192.168.127.1 netmask ffffff00 broadcast 192.168.127.255
- ether 0:21:28:82:ae:ce
- hostname%
说明:
e1000g0 表示第一块网卡,速率1000bps 其中 HWaddr 表示网卡的物理地址,可以看到目前这个网卡的物理地址(MAC地址)是 00:03:0D:27:86:41; inet addr 用来表示网卡的IP地址,此网卡的 IP地址是 192.168.1.86,广播地址, Bcast:192.168.1.255,掩码地址Mask:255.255.255.0
lo 是表示主机的回坏地址,这个一般是用来测试一个网络程序,但又不想让局域网或外网的用户能够查看,只能在此台主机上运行和查看所用的网络接口。比如把 HTTPD服务器的指定到回坏地址,在浏览器输入 127.0.0.1 就能看到你所架WEB网站了。但只是您能看得到,局域网的其它主机或用户无从知道;
如果想知道主机所有网络接口的情况,请用下面的命令;
ifconfig -a
ifconfig eth0
2.ifconfig 配置网络接口
ifconfig 网络端口 IP地址 hw MAC地址 netmask 掩码地址 broadcast 广播地址 [up/down]
示例1:配置网卡ip(零时生效,网卡/系统重启后失效)
ifconfig eth0 192.168.1.99 broadcast 192.168.1.255 netmask 255.255.255.0
示例2:配置物理网卡
ifconfig eth1 192.168.1.252 hw ether 04:64:03:00:12:51 netmask 255.255.255.0 broadcast 192.168.1.255 up
3.用ifconfig 来配置虚拟网络接口
有时我们为了满足不同的需要还需要配置虚拟网络接口,比如我们用不同的IP地址来架运行多个HTTPD服务器,就要用到虚拟地址;这样就省却了同一个IP地址,如果开设两个的HTTPD服务器时,要指定端口号。
虚拟网络接口指的是为一个网络接口指定多个IP地址,虚拟接口是这样的 eth0:0 、 eth0:1、eth0:2 ... .. eth1N。当然您为eth1 指定多个IP地址,也就是 eth1:0、eth1:1、eth1:2 ... ...以此类推;
其实用ifconfig 为一个网卡配置多个IP地址,就用前面我们所说的ifconfig的用法,这个比较简单;看下面的例子;
[root@linuxchao ~]#ifconfig eth1:0 192.168.1.251 hw ether 04:64:03:00:12:51 netmask 255.255.255.0 broadcast 192.168.1.255 up
或
[root@linuxchao ~]#ifconfig eth1 hw ether 04:64:03:00:12:51
[root@linuxchao ~]#ifconfig eth1 192.168.1.251 netmask 255.255.255.0 broadcast 192.168.1.255 up
注意:指定时,要为每个虚拟网卡指定不同的物理地址;
在 Redhat/Fedora 或与Redhat/Fedora类似的系统,您可以把配置网络IP地址、广播地址、掩码地址、物理地址以及激活网络接口同时放在一个句子中,写入/etc/rc.d/rc.local中。比如下面的例子;
ifconfig eth1:0 192.168.1.250 hw ether 00:11:00:33:11:44 netmask 255.255.255.0 broadcast 192.168.1.255 up
ifconfig eth1:1 192.168.1.249 hw ether 00:11:00:33:11:55 netmask 255.255.255.0 broadcast 192.168.1.255 up
解说:上面是为eth1的网络接口,设置了两个虚拟接口;每个接口都有自己的物理地址、IP地址... ...
4.用ifconfig 来激活和终止网络接口的连接
svcadm disable physical |
svcadm enable physical |
5.配置文件内容
- hostname% more /etc/inet/netmasks
- #
- # The netmasks file associates Internet Protocol (IP) address
- # masks with IP network numbers.
- #
- # network-number netmask
- #
- # The term network-number refers to a number obtained from the Internet Network
- # Information Center.
- #
- # Both the network-number and the netmasks are specified in
- # "decimal dot" notation, e.g:
- #
- # 128.32.0.0 255.255.255.0
- #
- 192.168.12.13 255.255.255.192
- hostname%
6. 重启服务命令解释
示例如下:
- # svcadm disable svc:/network/ntp ----停止NTP
- # svcadm enable svc:/network/ntp ----启动NTP
- # svcadm restart svc:/network/ntp ----重启NTP
- # svcadm refresh svc:/network/ntp ----刷新NTP
- hostname% svcadm
- 用法:svcadm [-v] [命令 [参数 ...]]
- svcadm enable [-rst] <服务> ... - 启用服务并使服务联机
- svcadm disable [-st] <服务> ... - 禁用服务并使服务脱机
- svcadm restart <服务> ... - 重新启动指定的服务
- svcadm refresh <服务> ... - 重新读取服务配置
- svcadm mark [-It] <状态> <服务> ... - 设置维护状态
- svcadm clear <服务> ... - 清除维护状态
- svcadm milestone [-d] <里程碑> - 进入服务里程碑
- 可以使用 FMRI、缩写、或 fnmatch(5) 模式指定
- 服务,svc:/network/smtp:sendmail 的示例如下所示:
- svcadm <命令> svc:/network/smtp:sendmail
- svcadm <命令> network/smtp:sendmail
- svcadm <命令> network/*mail
- svcadm <命令> network/smtp
- svcadm <命令> smtp:sendmail
- svcadm <命令> smtp
- svcadm <命令> sendmail
- hostname%
6. 其他服务命令大全
- 1.Disabled Volume Management
- # cd /etc/rc2.d
- # mv S92volmgt s92volmgt
- After this configuration, CD-ROMs will not be automatically mounted. To manually mount a CD-ROM use:
- # mount -F hsfs -o ro /dev/dsk/c0t6d0s0 /mnt
- 2.Disabled Dtlogin
- Dtlogin is disabled if the server is not intended to run the Common Desktop Environment (CDE) or GUIs.
- # cd /etc/rc2.d
- # mv S99dtlogin s99dtlogin
- 3.Disabled Printing
- # /usr/lib/lpshut
- # cd /etc/rc2.d
- # mv S80lp s80lp
- 4.Disabled RPC
- RPC is disabled if the server is not intended to run CDE. To determine what is using rcp, use “rpcinfo –p”.
- # cd /etc/rc2.d
- # mv /etc/rc2.d/S71rpc /etc/rc2.d/s71rpc
- 5.Disabled the NFS Client
- # /etc/init.d/nfs.client stop
- # cd /etc/rc2.d
- # mv S73nfs.client s73nfs.client
- 6.Disabled the NFS Server
- # /etc/init.d/nfs.server stop
- # cd /etc/rc3.d
- # mv S15nfs.server s15nfs.server
- 7.Disabled UUCP
- # cd /etc/rc2.d
- # mv S70uucp s70uucp
- 8.Disabled the LDAP Client
- # cd /etc/rc2.d
- # mv S71ldap.client s71ldap.client
- 9.Disabled the Auto Mounter
- # /etc/init.d/autofs stop
- # cd /etc/rc2.d
- # mv S74autofs s74autofs
- 10.Disabled the Network Time Daemon
- # /etc/init.d/xntpd stop
- # cd /etc/rc2.d
- # mv S74xntpd s74xntpd
- 11.Disabled the Logical Link Control Driver
- # cd /etc/rc2.d
- # ./S40llc2 stop
- # mv S40llc2 s40llc2
- 12.Disabled Auto Install
- # cd /etc/rc2.d
- # mv S72autoinstall s72autoinstall
- 13.Disabled Cachefs Daemon
- # cd /etc/rc2.d
- # mv S73cachefs.daemon s73cachefs.daemon
- 14.Disabled Asynchronous PPP Daemon
- # cd /etc/rc2.d
- # mv S47pppd s47pppd
- 15.Disabled cacheos.finish Script
- # cd /etc/rc2.d
- # mv S93cacheos.finish s93cacheos.finish
- 16.Disabled Preservation of Files Killed by Vi
- # cd /etc/rc2.d
- # mv S80PRESERVE s80PRESERVE
- 17.Disabled Power Management
- # cd /etc/rc2.d
- # mv S85power s85power
- 18.Disabled Flash Prom Update
- # cd /etc/rc2.d
- # mv S75flashprom s75flashprom
- Before attempting to update the eeprom, temporally enable this script.
- 19.Disabled “Buttons n Dials-Setup”
- # cd /etc/rc2.d
- # mv S89bdconfig s89bdconfig
- 20.Disabled Spc
- # cd /etc/rc2.d
- # mv S80spc s80spc
- 21.Disabled Sun Management Center
- # cd /etc/rc2.d
- # mv S90wbem s90wbem
- 22.Disabled Network Cache and Accelerator
- # cd /etc/rc2.d
- # mv S94ncalogd s94ncalogd
- # mv S95ncad s95ncad
- Used to increase web server performance
- 23.Disabled Mobile IP Agent
- # cd /etc/rc3.d
- # mv S80mipagent s80mipagent
- 24.Disabled SNMP
- # cd /etc/rc3.d
- # /usr/bin/pkill -9 -x -u 0 '(snmpdx|snmpv2d|mibiisa)'
- # mv S76snmpdx s76snmpdx
- 25.Disabled Apache
- # cd /etc/rc3.d
- # mv S50apache s50apache
- 26.Disabled DMI
- # cd /etc/rc3.d
- # /usr/bin/pkill -9 -x -u 0 '(snmpXdmid|dmispd)'
- # mv S77dmi s77dmi
- 27.Disabled the Sendmail Daemon
- The system continues to send mail out. It does not receive mail in to the server. This eliminates a significant security
- vulnerability.
- # /etc/init.d/sendmail stop
- Prevented sendmail from starting at boot:
- # cd /etc/rc2.d
- # mv S88sendmail s88sendmail
- Ensured the sendmail queue is cleaned out:
- # crontab –e
- # The Sendmail daemon is not running - This tells it to send mail out
- 05,20,35,50 * * * * /usr/lib/sendmail –q
- 28.Disabled Multicasting
- Multicasting is typically used for clustering. Ensure that it is not required by an application.
- # vi /etc/init.d/inetsvc
- #
- # Add a static route for multicast packets out our default interface.
- # The default interface is the interface that corresponds to the node name.
- #
- #mcastif=`/sbin/dhcpinfo Yiaddr`
- #
- #if [ $? -ne 0 ]; then
- # mcastif=`uname -n`
- #fi
- #
- #echo "Setting default interface for multicast: \c"
- #/usr/sbin/route add -interface -netmask "240.0.0.0" "224.0.0.0" "$mcastif"
- 29.Disabled the Serial Port Listeners
- This configuration can be accomplished unless there is a modem or console terminal attached to the system.
- # vi /etc/inittab
- Remove the line with “/usr/lib/saf/sac -t 300”
- # chown root:sys /etc/inittab
- # chmod 644 /etc/inittab
- 1.Added Warning Banners
- These configurations replace the operating system version with a warning banner displayed during the login process.
- Login:
- # vi /etc/motd (replaced operating system version with a warning banner)
- Property of Company
- WARNING: To protect systems from unauthorized use and to ensure that the
- system is functioning properly, activities on this system are monitored and
- recorded and subject to audit. Use of this system is expressed consent to such
- monitoring and recording. Any unauthorized access or use of this system is
- prohibited and could be subject to criminal and civil penalties.
- # cp /etc/motd /etc/issue
- Telnet:
- # vi /etc/default/telnetd
- UMASK=022
- BANNER=""
- # chown root:sys /etc/default/telnetd
- # chmod 444 /etc/default/telnetd
- FTP:
- # vi /etc/default/ftpd
- UMASK=022
- BANNER=`cat /etc/motd`
- # chown root:sys /etc/default/ftpd
- # chmod 444 /etc/default/ftpd
- 2.Enabled Logging of the su Command
- This configuration logs both success and failure of su command usage.
- NOTE: This configuration is required by the root login notification script (below).
- # vi /etc/default/su
- SULOG=/var/adm/sulog (uncommented)
- # cd /var/adm
- # touch sulog
- # chgrp sys sulog
- # chmod 600 sulog
- 3.Enabled AUTH Logging
- The auth facility controls account access with login, su, etc.
- # vi /etc/syslog.conf
- auth.info /var/log/authlog
- auth.notice /var/log/authlog
- NOTE: The entries must be separated by tabs.
- # /etc/init.d/syslog stop
- # /etc/init.d/syslog start
- 4.Enabled Logging of Unsuccessful Login Attempts
- The loginlog file records consecutive failed login attempts.
- # cd /var/adm
- # touch loginlog
- # chgrp sys loginlog
- # chmod 600 loginlog
- 5.Enabled Logging of Successful Logins
- # cd /var/log
- # touch logins
- # chgrp sys logins
- # chmod 600 logins
- # vi /etc/syslog.conf
- # log successful logins
- local0.info /var/log/logins
- NOTE: The entries must be separated by tabs.
- # /etc/init.d/syslog stop
- # /etc/init.d/syslog start
- Added the following entry to /etc/profile and /etc/.login:
- logger -p local0.info "User $LOGNAME has logged in"
- 6.Enabled Logging of CDE Login Attempts
- # vi /etc/pam.conf
- Added the word “debug” after the account management entries
- #
- # Account management
- #
- login account required /usr/lib/security/$ISA/pam_unix.so.1 debug
- dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1 debug
- # vi /etc/syslog.conf
- Added “;auth.debug;user.debug” to the line that logs successful logins
- # log successful logins
- local0.info;auth.debug;user.debug /var/log/logins
- NOTE: The entries must be separated by tabs.
- # /etc/init.d/syslog stop
- # /etc/init.d/syslog start
- 7.Enabled Performance Logging
- # su – sys
- # EDITOR=vi; export EDITOR
- # crontab –e
- # The sys crontab should be used to do performance collection. See cron
- # and performance manual pages for details on startup.
- #
- 0 * * * 0-6 /usr/lib/sa/sa1
- 20,40 6-22 * * 1-5 /usr/lib/sa/sa1
- 5 18 * * 1-5 /usr/lib/sa/sa2 -s 8:00 -e 18:01 -i 1200 -A
本文出自 “Focus on Oracle” 博客,请务必保留此出处http://alexy.blog.51cto.com/6115453/1035777