Linux 各种命令

最新推荐文章于 2024-08-08 17:05:02 发布

北极熊233

最新推荐文章于 2024-08-08 17:05:02 发布

阅读量1.2k

点赞数

文章标签： linux udp

本文链接：https://blog.csdn.net/quietly_brilliant/article/details/77864006

版权

linux查看防火墙状态及开启关闭命令

方式一：service方式

#查看防火墙状态
[root@localhost /]# service iptables status
表格：filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

#防火墙开启，关闭防火墙
[root@localhost /]# service iptables stop
iptables：清除防火墙规则：                                 [确定]
iptables：将链设置为政策 ACCEPT：filter                    [确定]
iptables：正在卸载模块：                                   [确定]
[root@localhost /]# 
[root@localhost /]# 
[root@localhost /]# service iptables status
iptables：未运行防火墙。

#防火墙关闭，开启防火墙
[root@localhost /]# service iptables start
iptables：应用防火墙规则：                                 [确定]
[root@localhost /]#

方式二：iptables方式

#查看防火墙状态
[root@localhost /]# /etc/init.d/iptables status
表格：filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination        

#防火墙开启，关闭防火墙
[root@localhost /]# /etc/init.d/iptables stop
iptables：清除防火墙规则：                                 [确定]
iptables：将链设置为政策 ACCEPT：filter                    [确定]
iptables：正在卸载模块：                                   [确定]
[root@localhost /]# 
[root@localhost /]# 
[root@localhost /]# /etc/init.d/iptables status
iptables：未运行防火墙。
[root@localhost /]#

#防火墙关闭，开启防火墙
[root@localhost /]# /etc/init.d/iptables restart
iptables：应用防火墙规则：                                 [确定]
[root@localhost /]#

添加Linux防火墙端口

[root@localhost /]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

编辑iptables文件/etc/sysconfig/iptables，添加如下一行，可以参照已有的已经开启的ssh的22端口

-A INPUT -m state –state NEW -m tcp -p tcp –dport 8080 -j ACCEPT

[root@localhost /]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
COMMIT

保存后，重启防火墙

[root@localhost /]# service iptables restart
iptables：清除防火墙规则：                                 [确定]
iptables：将链设置为政策 ACCEPT：filter                    [确定]
iptables：正在卸载模块：                                   [确定]
iptables：应用防火墙规则：                                 [确定]
[root@localhost /]# service iptables status
表格：filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8080 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

查看某端口是否被占用，以4700为例

[root@iZ23aha612kZ sysconfig]# netstat -lnp|grep 4700
udp        0      0 0.0.0.0:4700                0.0.0.0:*                               17736/java

[root@iZ23aha612kZ sysconfig]# netstat -lnp|grep 4702
[root@iZ23aha612kZ sysconfig]#

如果没有任何打印，说明没有被占用。有打印的话，说明被占用了，一般会列出哪个进程占用。

查看是否开启了SELinux

SELinux是一个安全体系结构，它通过LSM(Linux Security Modules)框架被集成到Linux Kernel 2.6.x中。它是NSA (United States National Security Agency)和SELinux社区的联合项目。

SELinux提供了一种灵活的强制访问控制(MAC)系统，且内嵌于Linux Kernel中。SELinux定义了系统中每个【用户】、【进程】、【应用】和【文件】的访问和转变的权限，然后它使用一个安全策略来控制这些实体(用户、进程、应用和文件)之间的交互，安全策略指定如何严格或宽松地进行检查。

SELinux对系统用户(system users)是透明的，只有系统管理员需要考虑在他的服务器中如何制定严格的策略。策略可以根据需要是严格的或宽松的。

只有同时满足了【标准Linux访问控制】和【SELinux访问控制】时，主体才能访问客体。

遇到的问题

linux本机下使用php index.php 可以查看运行结果，但是在我的windows浏览器下报错：[Mon Nov 06 10:18:33 2017] [error] [client 192.168.0.81] PHP Warning: mysql_connect(): Can’t connect to MySQL server on ‘127.0.0.1’ (13) in /var/www/html/index.php on line 9

[root@localhost html]# cat index.php 
----Hello, World!!!

---2017/11/06

<?php

$link=mysql_connect('127.0.0.1','cdms','cdms');

if($link)

echo "scuess";

else

echo "fail";
?>

---
[root@localhost html]# php index.php
----Hello, World!!!

---2017/11/06

scuess
---

原因

#发现 httpd_can_network_connect --> off
#getsebool命令是用来查询SElinux策略内各项规则的布尔值。SELinux的策略与规则管理相关命令：seinfo命令、sesearch命令、getsebool命令、setsebool命令、semanage命令。
[root@localhost html]# getsebool -a | grep httpd
allow_httpd_anon_write --> off
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> on
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_manage_ipa --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_tmp_exec --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_verify_dns --> off

解决问题

[root@localhost html]# setsebool httpd_can_network_connect 1

查看是否开启了SELinux

##如果SELinux status参数为enabled即为开启状态
[root@localhost html]# /usr/sbin/sestatus -v
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

Process contexts:
Current context:                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Init context:                   system_u:system_r:init_t:s0
/sbin/mingetty                  system_u:system_r:getty_t:s0
/usr/sbin/sshd                  unconfined_u:system_r:sshd_t:s0-s0:c0.c1023

File contexts:
Controlling term:               unconfined_u:object_r:user_devpts_t:s0
/etc/passwd                     system_u:object_r:etc_t:s0
/etc/shadow                     system_u:object_r:shadow_t:s0
/bin/bash                       system_u:object_r:shell_exec_t:s0
/bin/login                      system_u:object_r:login_exec_t:s0
/bin/sh                         system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0
/sbin/agetty                    system_u:object_r:getty_exec_t:s0
/sbin/init                      system_u:object_r:init_exec_t:s0
/sbin/mingetty                  system_u:object_r:getty_exec_t:s0
/usr/sbin/sshd                  system_u:object_r:sshd_exec_t:s0
[root@localhost html]# 
[root@localhost html]# 
[root@localhost html]# 
[root@localhost html]# 
[root@localhost html]# 
[root@localhost html]#
##也可以用这个命令检查，如果为Enforcing即为开启状态
[root@localhost html]# getenforce
Enforcing

临时关闭（不用重启机器），设置SELinux 成为 Permissive模式，setenforce 1 设置SELinux 成为 Enforcing模式

[root@localhost html]# setenforce 0
[root@localhost html]# 
[root@localhost html]# getenforce
Permissive
[root@localhost html]#

2.可以通过修改SELinux的配置文件开启或关闭它（需要重启机器）：

修改/etc/selinux/config 文件

找到：
SELINUX=enforcing
修改成:
SELINUX=disabled
重启一下，就OK。

ll命令显示文件年月日时分秒

下面是默认的ll命令显示：

[root@localhost src]# ll
总用量 1676
-rw-r--r--. 1 root root    2381 1月  23 2017 index.html
-rw-r--r--. 1 root root   37052 7月   3 2011 python-iniparse-0.3.1-2.1.el6.noarch.rpm
-rw-r--r--. 1 root root   87660 5月  12 2016 python-urlgrabber-3.9.1-11.el6.noarch.rpm
drwxr-xr-x. 3 root root    4096 9月  28 13:59 secureCRT
-rw-r--r--. 1 root root  492020 9月  28 11:27 wget-1.12-1.4.el6.x86_64.rpm
-rw-r--r--. 1 root root 1042364 3月  23 2017 yum-3.2.29-81.el6.centos.noarch.rpm
-rw-r--r--. 1 root root   33524 3月  23 2017 yum-plugin-fastestmirror-1.1.30-40.el6.noarch.rpm

设置显示样式

[root@localhost src]# alias ll='ls -lh  --time-style=+"%Y-%m-%d %H:%M:%S"'
[root@localhost src]# ll
总用量 1.7M
-rw-r--r--. 1 root root  2.4K 2017-01-23 21:28:24 index.html
-rw-r--r--. 1 root root   37K 2011-07-03 12:42:38 python-iniparse-0.3.1-2.1.el6.noarch.rpm
-rw-r--r--. 1 root root   86K 2016-05-12 18:50:34 python-urlgrabber-3.9.1-11.el6.noarch.rpm
drwxr-xr-x. 3 root root  4.0K 2017-09-28 13:59:43 secureCRT
-rw-r--r--. 1 root root  481K 2017-09-28 11:27:36 wget-1.12-1.4.el6.x86_64.rpm
-rw-r--r--. 1 root root 1018K 2017-03-23 23:04:15 yum-3.2.29-81.el6.centos.noarch.rpm
-rw-r--r--. 1 root root   33K 2017-03-23 23:00:06 yum-plugin-fastestmirror-1.1.30-40.el6.noarch.rpm

按日期排序

[root@localhost src]# ll -t
总用量 1.7M
drwxr-xr-x. 3 root root  4.0K 2017-09-28 13:59:43 secureCRT
-rw-r--r--. 1 root root  481K 2017-09-28 11:27:36 wget-1.12-1.4.el6.x86_64.rpm
-rw-r--r--. 1 root root 1018K 2017-03-23 23:04:15 yum-3.2.29-81.el6.centos.noarch.rpm
-rw-r--r--. 1 root root   33K 2017-03-23 23:00:06 yum-plugin-fastestmirror-1.1.30-40.el6.noarch.rpm
-rw-r--r--. 1 root root  2.4K 2017-01-23 21:28:24 index.html
-rw-r--r--. 1 root root   86K 2016-05-12 18:50:34 python-urlgrabber-3.9.1-11.el6.noarch.rpm
-rw-r--r--. 1 root root   37K 2011-07-03 12:42:38 python-iniparse-0.3.1-2.1.el6.noarch.rpm

Linux添加字体

查看当前系统的字体

[root@localhost ~]# cd /usr/share/fonts
[root@localhost fonts]# fc-list :lang=zh
AR PL UMing TW:style=Light
AR PL UMing HK:style=Light
AR PL UMing CN:style=Light
AR PL UKai TW MBE:style=Book
AR PL UKai CN:style=Book
AR PL UKai HK:style=Book
AR PL UKai TW:style=Book
文泉驿正黑,文泉驛正黑,WenQuanYi Zen Hei:style=Regular
文泉驿等宽正黑,文泉驛等寬正黑,WenQuanYi Zen Hei Mono:style=Regular
AR PL UMing TW MBE:style=Light
文泉驿点阵正黑,文泉驛點陣正黑,WenQuanYi Zen Hei Sharp:style=Regular
[root@localhost fonts]#

新建一个自定义的字体文件夹，把从Windows系统fonts目录下拷贝过来的字体文件直接mv进来，就能看到安装成功了

[root@localhost fonts]# 
[root@localhost fonts]# 
[root@localhost fonts]# 
[root@localhost fonts]# mkdir /usr/share/fonts/my_fonts
[root@localhost fonts]#
[root@localhost fonts]# cd my_fonts/
[root@localhost my_fonts]# mv /usr/local/src/黑体.ttf ./
[root@localhost my_fonts]# fc-list :lang=zh
AR PL UMing TW:style=Light
AR PL UMing HK:style=Light
AR PL UMing CN:style=Light
AR PL UKai TW MBE:style=Book
黑体,SimHei:style=Regular
AR PL UKai CN:style=Book
AR PL UKai HK:style=Book
AR PL UKai TW:style=Book
文泉驿正黑,文泉驛正黑,WenQuanYi Zen Hei:style=Regular
文泉驿等宽正黑,文泉驛等寬正黑,WenQuanYi Zen Hei Mono:style=Regular
AR PL UMing TW MBE:style=Light
文泉驿点阵正黑,文泉驛點陣正黑,WenQuanYi Zen Hei Sharp:style=Regular

刷新系统即刻生效，输入命令：sudo fc-cache -fv

[root@localhost my_fonts]# 
[root@localhost my_fonts]# 
[root@localhost my_fonts]#sudo fc-cache -fv
/usr/share/fonts: caching, new cache contents: 0 fonts, 5 dirs
/usr/share/fonts/cjkuni-ukai: caching, new cache contents: 4 fonts, 0 dirs
/usr/share/fonts/cjkuni-uming: caching, new cache contents: 4 fonts, 0 dirs
/usr/share/fonts/default: caching, new cache contents: 0 fonts, 2 dirs
/usr/share/fonts/default/Type1: caching, new cache contents: 35 fonts, 0 dirs
/usr/share/fonts/default/ghostscript: caching, new cache contents: 13 fonts, 0 dirs
/usr/share/fonts/my_fonts: caching, new cache contents: 1 fonts, 0 dirs
/usr/share/fonts/wqy-zenhei: caching, new cache contents: 3 fonts, 0 dirs
/usr/share/X11/fonts/Type1: skipping, no such directory
/usr/share/X11/fonts/TTF: skipping, no such directory
/usr/local/share/fonts: skipping, no such directory
/root/.fonts: skipping, no such directory
/var/cache/fontconfig: cleaning cache directory
/root/.fontconfig: not cleaning non-existent cache directory
fc-cache: succeeded