1.systemctl相关的控制单元
systemctl 用于管理各种类型的 systemd 对象, 它们称之为单元. 可以通过 systemctl -t help 查看可用单元类型的服务
/usr/lib/systemd/system 启动服务的程序 (启动脚本)
/usr/lib/systemd/system/httpd.service
/usr/lib/systemd/system/redis3000.service # systemctl start redis3000
/usr/lib/systemd/system/redis3001.service
/usr/lib/systemd/system/redis3002.service
[root@node01 ~]# systemctl -t help # 查看可管理的类型
service 代表系统服务 (常用于启动经常访问的守护进程: apache) 常用此服务单元 (服务) i
socket 代表进程间通信 (IPC) 套接字
target 用于模拟实现 "运行级别" (图形界面(Oracle) 字符界面)
snapshot 系统快照
device 用于定义内核识别的设备
mount 定义文件系统挂载点
automount 文件系统的自动挂载点如: /misc目录
swap 用于表示swap设备
timer 由systemd管理的计时器
path 用于定义文件系统中的一个文件或目录使用,常用于当文件系统变化时,延迟激活服务,如spool目录
语法: 查看服务状态 systemctl status name.type 如果不指定type, 默认显示服务单元的状态
[root@node01 ~]# systemctl status sshd # 查看服务状态
active (running): 运行 此状态需要关注 表明服务正常运行
active (exited): 退出
active (waiting): 运行中, 但正在等待某事件
inactive: 不在运行
enabled: 开机启动
disabled:
相关命令描述:
systemctl status sshd # 查看服务状态
systemctl stop sshd
systemctl start sshd
systemctl restart sshd
systemctl reload sshd
systemctl enable sshd
systemctl disable sshd
systemctl list-dependencies sshd # 依赖
# 查询所有单元的状态
[root@node01 ~]# systemctl 或 systemctl list-unit-files
# 仅查询服务单元的状态
[root@node01 ~]# systemctl --type=service
# 显示完整的输出: -l
[root@node01 ~]# systemctl status sshd.service -l
# is-active 查看服务的状态 (常用)
[root@node01 ~]# systemctl is-active sshd.service
active
[root@node01 ~]# systemctl is-active httpd.service
active
[root@node01 ~]# systemctl stop httpd.service
[root@node01 ~]# systemctl is-active httpd.service
unknown
# is-enabled 是否开机启动
[root@node01 ~]# systemctl is-enabled httpd.service
disabled
[root@node01 ~]# systemctl is-enabled sshd.service
enabled
# 重载服务 reload 思考: 与restart有何区别 ???
[root@node01 ~]# systemctl start httpd.service
[root@node01 ~]# systemctl reload httpd.service # 在running状态时 reload重置服务
# 彻底的禁用服务 systemctl mask unit
# 使禁用的服务可用 systemctl unmask unit
练习:
1) 显示ssh服务的状态, 并记下守护进程的进程ID
2) 重启restart服务, 再查看其状态, 守护进程的进程ID是否已经发生改变?
2) 重新加载reload服务, 再查看其状态, 守护进程的进程ID是否已经发生改变?
2.修改root密码
3.诊断和修复
所有的服务: httpd mysql nginx 都有日志
1) 服务的本身的: /etc/httpd/logs
2) 系统本身所记录的: /var/log/message
[root@node01 ~]# rpm -ql httpd
/etc/httpd/conf # 配置文件
/etc/httpd/logs # access_log error_log
/usr/lib/
/usr/lib64/ # 函数库相关文件
/usr/sbin/httpd # 启动程序
/usr/share/doc/httpd-2.4.6 # 帮助文件
/var/cache/httpd # 缓存
/var/www/html # 数据文件
1) systemctl status httpd -l # 长格式 long
2) journalctl -xe
3) tailf /var/log/message # 8个日志级别
模拟错误:
+500 +$
[root@node01 ~]# vi +$ /etc/httpd/conf/httpd.conf
将 IncludeOptional conf.d/*.conf 这一行的 第一个字母I去掉 保存:w 但这退出
改成如下: ncludeOptional conf.d/*.conf
再开一个终端 重启httpd服务
[root@node01 ~]# systemctl restart httpd
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
1) systemctl status httpd
[root@node01 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Apr 24 22:52:18 node01.example.cn systemd[1]: Stopped The Apache HTTP Server.
Apr 24 22:52:18 node01.example.cn systemd[1]: Starting The Apache HTTP Server...
Apr 24 22:52:18 node01.example.cn httpd[1520]: AH00526: Syntax error on line 353 of...f: # 语法错误
Apr 24 22:52:18 node01.example.cn httpd[1520]: Invalid command 'ncludeOptional', pe...on # 语法错误
Apr 24 22:52:18 node01.example.cn systemd[1]: httpd.service: main process exited, c...RE
Apr 24 22:52:18 node01.example.cn systemd[1]: Failed to start The Apache HTTP Server.
Apr 24 22:52:18 node01.example.cn systemd[1]: Unit httpd.service entered failed state.
Apr 24 22:52:18 node01.example.cn systemd[1]: httpd.service failed.
Hint: Some lines were ellipsized, use -l to show in full
[root@node01 ~]# systemctl status httpd -l # -l: 长格式
Apr 24 22:52:18 node01.example.cn systemd[1]: Stopped The Apache HTTP Server.
Apr 24 22:52:18 node01.example.cn systemd[1]: Starting The Apache HTTP Server...
Apr 24 22:52:18 node01.example.cn httpd[1520]: AH00526: Syntax error on line 353 of /etc/httpd/conf/httpd.conf: # 353 行
Apr 24 22:52:18 node01.example.cn httpd[1520]: Invalid command 'ncludeOptional', perhaps misspelled or defined by a module not included in the server configuration # 注意此行 Invalid command
Apr 24 22:52:18 node01.example.cn systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Apr 24 22:52:18 node01.example.cn systemd[1]: Failed to start The Apache HTTP Server.
Apr 24 22:52:18 node01.example.cn systemd[1]: Unit httpd.service entered failed state.
Apr 24 22:52:18 node01.example.cn systemd[1]: httpd.service failed.
2) journalctl -xe
[root@node01 ~]# journalctl -xe
Apr 24 22:52:18 node01.example.cn httpd[1520]: AH00526: Syntax error on line 353 of /etc
Apr 24 22:52:18 node01.example.cn httpd[1520]: Invalid command 'ncludeOptional', perhaps
Apr 24 22:52:18 node01.example.cn systemd[1]: httpd.service: main process exited, code=e
Apr 24 22:52:18 node01.example.cn systemd[1]: Failed to start The Apache HTTP Server.
[root@node01 ~]#
3) tailf /var/log/message
[root@node01 ~]# > /var/log/messages
[root@node01 ~]# tailf /var/log/messages # 先清空 再动态的查看日志
[root@node01 ~]# systemctl restart httpd # 启动服务
[root@node01 ~]# tailf /var/log/messages # 日志输出
Apr 24 23:09:49 node01 systemd: Starting The Apache HTTP Server...
Apr 24 23:09:49 node01 httpd: AH00526: Syntax error on line 353 of /etc/httpd/conf/httpd.conf: # 报错
Apr 24 23:09:49 node01 httpd: Invalid command 'ncludeOptional', perhaps misspelled or defined by a module not included in the server configuration # 报错
Apr 24 23:09:49 node01 systemd: httpd.service: main process exited, code=exited, status=1/FAILURE
Apr 24 23:09:49 node01 systemd: Failed to start The Apache HTTP Server.
Apr 24 23:09:49 node01 systemd: Unit httpd.service entered failed state.
Apr 24 23:09:49 node01 systemd: httpd.service failed.
Apr 26 10:13:56 node01.example.cn httpd[3278]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:22
端口号 和 服务器名对应关系 在哪个文件 /etc/services
4.系统启动过程
所有的服务: httpd mysql nginx 都有日志
1) 服务的本身的: /etc/httpd/logs
2) 系统本身所记录的: /var/log/message
[root@node01 ~]# rpm -ql httpd
/etc/httpd/conf # 配置文件
/etc/httpd/logs # access_log error_log
/usr/lib/
/usr/lib64/ # 函数库相关文件
/usr/sbin/httpd # 启动程序
/usr/share/doc/httpd-2.4.6 # 帮助文件
/var/cache/httpd # 缓存
/var/www/html # 数据文件
1) systemctl status httpd -l # 长格式 long
2) journalctl -xe
3) tailf /var/log/message # 8个日志级别
模拟错误:
+500 +$
[root@node01 ~]# vi +$ /etc/httpd/conf/httpd.conf
将 IncludeOptional conf.d/*.conf 这一行的 第一个字母I去掉 保存:w 但这退出
改成如下: ncludeOptional conf.d/*.conf
再开一个终端 重启httpd服务
[root@node01 ~]# systemctl restart httpd
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
1) systemctl status httpd
[root@node01 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Apr 24 22:52:18 node01.example.cn systemd[1]: Stopped The Apache HTTP Server.
Apr 24 22:52:18 node01.example.cn systemd[1]: Starting The Apache HTTP Server...
Apr 24 22:52:18 node01.example.cn httpd[1520]: AH00526: Syntax error on line 353 of...f: # 语法错误
Apr 24 22:52:18 node01.example.cn httpd[1520]: Invalid command 'ncludeOptional', pe...on # 语法错误
Apr 24 22:52:18 node01.example.cn systemd[1]: httpd.service: main process exited, c...RE
Apr 24 22:52:18 node01.example.cn systemd[1]: Failed to start The Apache HTTP Server.
Apr 24 22:52:18 node01.example.cn systemd[1]: Unit httpd.service entered failed state.
Apr 24 22:52:18 node01.example.cn systemd[1]: httpd.service failed.
Hint: Some lines were ellipsized, use -l to show in full
[root@node01 ~]# systemctl status httpd -l # -l: 长格式
Apr 24 22:52:18 node01.example.cn systemd[1]: Stopped The Apache HTTP Server.
Apr 24 22:52:18 node01.example.cn systemd[1]: Starting The Apache HTTP Server...
Apr 24 22:52:18 node01.example.cn httpd[1520]: AH00526: Syntax error on line 353 of /etc/httpd/conf/httpd.conf: # 353 行
Apr 24 22:52:18 node01.example.cn httpd[1520]: Invalid command 'ncludeOptional', perhaps misspelled or defined by a module not included in the server configuration # 注意此行 Invalid command
Apr 24 22:52:18 node01.example.cn systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Apr 24 22:52:18 node01.example.cn systemd[1]: Failed to start The Apache HTTP Server.
Apr 24 22:52:18 node01.example.cn systemd[1]: Unit httpd.service entered failed state.
Apr 24 22:52:18 node01.example.cn systemd[1]: httpd.service failed.
2) journalctl -xe
[root@node01 ~]# journalctl -xe
Apr 24 22:52:18 node01.example.cn httpd[1520]: AH00526: Syntax error on line 353 of /etc
Apr 24 22:52:18 node01.example.cn httpd[1520]: Invalid command 'ncludeOptional', perhaps
Apr 24 22:52:18 node01.example.cn systemd[1]: httpd.service: main process exited, code=e
Apr 24 22:52:18 node01.example.cn systemd[1]: Failed to start The Apache HTTP Server.
[root@node01 ~]#
3) tailf /var/log/message
[root@node01 ~]# > /var/log/messages
[root@node01 ~]# tailf /var/log/messages # 先清空 再动态的查看日志
[root@node01 ~]# systemctl restart httpd # 启动服务
[root@node01 ~]# tailf /var/log/messages # 日志输出
Apr 24 23:09:49 node01 systemd: Starting The Apache HTTP Server...
Apr 24 23:09:49 node01 httpd: AH00526: Syntax error on line 353 of /etc/httpd/conf/httpd.conf: # 报错
Apr 24 23:09:49 node01 httpd: Invalid command 'ncludeOptional', perhaps misspelled or defined by a module not included in the server configuration # 报错
Apr 24 23:09:49 node01 systemd: httpd.service: main process exited, code=exited, status=1/FAILURE
Apr 24 23:09:49 node01 systemd: Failed to start The Apache HTTP Server.
Apr 24 23:09:49 node01 systemd: Unit httpd.service entered failed state.
Apr 24 23:09:49 node01 systemd: httpd.service failed.
Apr 26 10:13:56 node01.example.cn httpd[3278]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:22
端口号 和 服务器名对应关系 在哪个文件 /etc/services
5.进程间的通讯方式
1) 管道pipe: 数据只能单向流动
2) 命名管道FIFO:
mkfifo /tmp/nicaicai
新开一个ssh终端: cat < /tmp/nicaicai
当前终端向里写东西: echo 'so_easy' > /tmp/nicaicai
3) 消息队列MessageQueue: 消息队列是由消息的链表
4) 共享存储SharedMemory: 共享内存就是映射一段能被其他进程所访问的内存
5) 信号量sinal: 信号量是一个计数器, 防止某进程正在访问共享资源时, 其他进程也访问该资源, 主要作为进程间以及同一进程内不同线程之间的同步手段
6) 套接字Socket: 套解口也是一种进程间通信机制, 与其他通信机制不同的是, 它可用于不同及其间的进程通信 mysql -S /var/lib/mysql/mysql.sock
7) 信号(sinal): 信号是一种比较复杂的通信方式, 用于通知接收进程某个事件已经发生
6.selinux实验
额外的系统安全层, 防止已遭泄露的系统服务访问用户数据
# 装机时已经 关闭 现在开启配置文件 并重启系统
[root@node01 ~]# sed -i 's/SELINUX=disabled/SELINUX=enforcing/g' /etc/selinux/config
[root@node01 ~]# init 6
[root@node01 ~]# getenforce
Enforcing
[root@node01 ~]# systemctl start httpd
[root@node01 ~]# ps -ZC httpd
LABEL PID TTY TIME CMD
system_u:system_r:httpd_t:s0 1468 ? 00:00:00 httpd
system_u:system_r:httpd_t:s0 1469 ? 00:00:00 httpd
system_u:system_r:httpd_t:s0 1470 ? 00:00:00 httpd
system_u:system_r:httpd_t:s0 1471 ? 00:00:00 httpd
system_u:system_r:httpd_t:s0 1472 ? 00:00:00 httpd
system_u:system_r:httpd_t:s0 1473 ? 00:00:00 httpd
# 查看系统中关于httpd的布尔值的定义
[root@node01 ~]# getsebool -a | grep httpd | grep -w on
httpd_builtin_scripting --> on
httpd_enable_cgi --> on
httpd_graceful_shutdown --> on
# 查看
[root@node01 ~]# getenforce
Enforcing
# 更改
[root@node01 ~]# setenforce
usage: setenforce [ Enforcing | Permissive | 1 | 0 ]
[root@node01 ~]# setenforce 0 # setenforce临时关闭
[root@node01 ~]# getenforce
Permissive
[root@node01 ~]# setenforce Enforcing
[root@node01 ~]# getenforce
Enforcing
# 设置默认 (需要重启)
[root@node01 ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# 备份 创建目录 创建网站主页文件 修改配置文件 重启服务
[root@node01 ~]# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bk
[root@node01 ~]# mkdir /mylike
[root@node01 ~]# echo "This is the $HOSTNAME" > /mylike/index.html
[root@node01 ~]# sed -i 's#/var/www/html#/mylike#g' /etc/httpd/conf/httpd.conf
[root@node01 ~]# systemctl restart httpd
[root@node01 ~]# tailf /etc/httpd/logs/error_log
浏览器访问: http://10.15.200.101/index.html
Forbidden
You don't have permission to access /index.html on this server.
会出现类似如下的日志:
[Thu Apr 22 21:50:53.171540 2021] [core:error] [pid 1617] (13)Permission denied: [client 10.15.200.1:63099] AH00035: access to /index.html denied (filesystem path '/mylike/index.html') because search permissions are missing on a component of the path
查看现有的/var/www/html的属性
[root@node01 ~]# ls -Zd /var/www/html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html
[root@node01 ~]# yum install -y policycoreutils-python
[root@node01 ~]# semanage fcontext -a -t httpd_sys_content_t '/mylike(/.*)?'
[root@node01 ~]# ls -Zd /mylike/
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /mylike/
[root@node01 ~]# restorecon -Rv /mylike
restorecon reset /mylike context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /mylike/index.html context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
[root@node01 ~]# ls -Zd /mylike/index.html
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 /mylike/index.html
浏览器访问: http://10.15.200.101/index.html
出现如下的输出:
This is the node01.example.cn