who
显示当前登录的用户目录
NAME
who - show who is logged on
SYNOPSIS
who [OPTION]... [ FILE | ARG1 ARG2 ]
DESCRIPTION
Print information about users who are currently logged in.
-a, --all
same as -b -d --login -p -r -t -T -u
-b, --boot
time of last system boot
-d, --dead
print dead processes
-H, --heading
print line of column headings
-l, --login
print system login processes
--lookup
attempt to canonicalize hostnames via DNS
-m only hostname and user associated with stdin
~/pktspy master who
username pts/0 2020-03-25 21:30 (116.22.121.40)
w命令
w命令是用于显示所有登录当前系统的用户信息。他是who命令的扩展命令,通常与grep命令和管道命令相结合,检索当前登录用户的执行命令。
~/pktspy master w
NAME
w - Show who is logged on and what they are doing.
SYNOPSIS
w [options] user [...]
DESCRIPTION
w displays information about the users currently on the machine, and their processes. The header shows, in this order, the current time, how long the system has been running,
how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.
The following entries are displayed for each user: login name, the tty name, the remote host, login time, idle time, JCPU, PCPU, and the command line of their current process.
The JCPU time is the time used by all processes attached to the tty. It does not include past background jobs, but does include currently running background jobs.
The PCPU time is the time used by the current process, named in the "what" field.
21:44:02 up 209 days, 9:56, 1 user, load average: 0.01, 0.03, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
==userName== pts/0 ==ip== 21:30 2.00s 0.28s 0.01s w
logname
使用logname命令显示当前登录用户的登录名;
ac
使用ac命令从/var/log/wtmp文件中查询用户的登陆时间,并以时间(hour)为单位显示。
last
last命令从/var/log/wtmp文件中查询用户的最后登录时间并显示。不适用参数就是显示所有的用户,使用reboost参数就是显示重启后的日期和时间。
NAME
last, lastb - show listing of last logged in users
SYNOPSIS
last [-R] [-num] [ -n num ] [-adFiowx] [ -f file ] [ -t YYYYMMDDHHMMSS ] [name...] [tty...]
lastb [-R] [-num] [ -n num ] [ -f file ] [-adFiowx] [name...] [tty...]
DESCRIPTION
Last searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was created.
Names of users and tty's can be given, in which case last will show only those entries matching the arguments. Names of ttys can be abbreviated, thus last 0 is the same as
last tty0.
When last catches a SIGINT signal (generated by the interrupt key, usually control-C) or a SIGQUIT signal (generated by the quit key, usually control-\), last will show how far
it has searched through the file; in the case of the SIGINT signal last will then terminate.
The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all reboots since the log file was created.
Lastb is the same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.
OPTIONS
-f file
Tells last to use a specific file instead of /var/log/wtmp.
-num This is a count telling last how many lines to show.
-n num The same.
-t YYYYMMDDHHMMSS
Display the state of logins as of the specified time. This is useful, e.g., to determine easily who was logged in at a particular time -- specify that time with -t and
look for "still logged in".
tty
tty命令显示当前用户终端
~/pktspy master tty
/dev/pts/0
wall
wall命令用户向所有在线用户发送消息。通常在重启或者关机前提醒;
write
使用write命令向指定的用户发送消息
uname
uname 显示内核信息等系统信息
userName@localhost ~ uname
Linux
userName@localhost ~ uname -a
Linux localhost.localdomain 3.10.0-693.el7.x86_64 #1 SMP Thu Jul 6 19:56:57 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
lsof
lsof命令用于显示已打开的文件目录。使用-i选项显示已打开的网络套接字文件。
nc
nc用于显示tcp/udp端口连接和监听。
free
以字节为单位显示内训和缓存用量。
df
显示文件系统分区的使用量
cron
cron命令用于超级用户/普通用户的调度,普通用户也可以使用自己的cron调度程序。
linux系统通常使用cron守护进程进行综合管理,每个用户可以使用crontab -e命令使用自己的调度程序。
tcpdump
tcpdump用于实时显示网络数据包,如无规则则显示所有的网络数据包;