系统相关
1 Ubuntu14.04相关 2 安装 - VMware 3 Install Ubuntu 4 Continue 5 Install Now 6 Continue 7 Shanghai 8 Continue 9 用户名/登录账号设置 - Continue 10 Restart now
内核相关
1 查看内核版本 2 uname -r
网络相关
sysctl -w net.ipv4.ip_forward=1 #临时开启路由转发 service network restart #重启网络配置 永久开启路由转发 修改/etc/sysctl.conf文件 将 net.ipv4.ip_forward=0改为net.ipv4.ip_forward=1
快捷键
1 Ctrl + Alt + t - 打开终端
源相关:
1 更新源:sudo apt-get update 2 修改源:/etc/apt/sources.list 3 源整理: 4 源1(系统默认) 5 deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse 6 deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse 7 deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse 8 deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse 9 deb http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse 10 deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse 11 deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse 12 deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse 13 deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse 14 deb-src http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse 15 deb http://archive.canonical.com/ubuntu/ xenial partner 16 deb http://extras.ubuntu.com/ubuntu/ xenial main 17 源2: 18 deb http://old-releases.ubuntu.com/ubuntu/ raring main universe restricted multiverse 19 deb-src http://old-releases.ubuntu.com/ubuntu/ raring main universe restricted multiverse 20 deb http://old-releases.ubuntu.com/ubuntu/ raring-security main universe restricted multiverse 21 deb-src http://old-releases.ubuntu.com/ubuntu/ raring-security main universe restricted multiverse 22 deb http://old-releases.ubuntu.com/ubuntu/ raring-updates main universe restricted multiverse 23 deb-src http://old-releases.ubuntu.com/ubuntu/ raring-updates main universe restricted multiverse 24 deb http://old-releases.ubuntu.com/ubuntu/ raring-backports main restricted universe multiverse 25 deb-src http://old-releases.ubuntu.com/ubuntu/ raring-backports main restricted universe multiverse 26 deb http://old-releases.ubuntu.com/ubuntu/ raring-proposed main restricted universe multiverse 27 deb-src http://old-releases.ubuntu.com/ubuntu/ raring-proposed main restricted universe multiverse 28 源3(东北大学): 29 deb-src http://mirror.neu.edu.cn/ubuntu/ xenial main restricted #Added by software-properties 30 deb http://mirror.neu.edu.cn/ubuntu/ xenial main restricted 31 deb-src http://mirror.neu.edu.cn/ubuntu/ xenial restricted multiverse universe #Added by software-properties 32 deb http://mirror.neu.edu.cn/ubuntu/ xenial-updates main restricted 33 deb-src http://mirror.neu.edu.cn/ubuntu/ xenial-updates main restricted multiverse universe #Added by software-properties 34 deb http://mirror.neu.edu.cn/ubuntu/ xenial universe 35 deb http://mirror.neu.edu.cn/ubuntu/ xenial-updates universe 36 deb http://mirror.neu.edu.cn/ubuntu/ xenial multiverse 37 deb http://mirror.neu.edu.cn/ubuntu/ xenial-updates multiverse 38 deb http://mirror.neu.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse 39 deb-src http://mirror.neu.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse #Added by software-properties 40 deb http://archive.canonical.com/ubuntu xenial partner 41 deb-src http://archive.canonical.com/ubuntu xenial partner 42 deb http://mirror.neu.edu.cn/ubuntu/ xenial-security main restricted 43 deb-src http://mirror.neu.edu.cn/ubuntu/ xenial-security main restricted multiverse universe #Added by software-properties 44 deb http://mirror.neu.edu.cn/ubuntu/ xenial-security universe 45 deb http://mirror.neu.edu.cn/ubuntu/ xenial-security multiverse 46 源4(清华大学): 47 # deb cdrom:[Ubuntu 16.04 LTS _Xenial Xerus_ - Release amd64 (20160420.1)]/ xenial main restricted 48 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial main restricted 49 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates main restricted 50 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial universe 51 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates universe 52 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial multiverse 53 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates multiverse 54 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse 55 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security main restricted 56 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security universe 57 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security multiverse 58 源5(阿里云): 59 # deb cdrom:[Ubuntu 16.04 LTS _Xenial Xerus_ - Release amd64 (20160420.1)]/ xenial main restricted 60 deb-src http://archive.ubuntu.com/ubuntu xenial main restricted #Added by software-properties 61 deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted 62 deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted multiverse universe #Added by software-properties 63 deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted 64 deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted multiverse universe #Added by software-properties 65 deb http://mirrors.aliyun.com/ubuntu/ xenial universe 66 deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe 67 deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse 68 deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse 69 deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse 70 deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse #Added by software-properties 71 deb http://archive.canonical.com/ubuntu xenial partner 72 deb-src http://archive.canonical.com/ubuntu xenial partner 73 deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted 74 deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted multiverse universe #Added by software-properties 75 deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe 76 deb http://mirrors.aliyun.com/ubuntu/ xenial-security multiverse
域名-IP转换:
1 /etc/resolv.conf 2 8.8.8.8 Google DNS
Apache:
安装:sudo apt install apache2 重启:/etc/init.d/apache2 restart 默认配置文件路径:/etc/apache2/apache2.conf 查看版本:apachectl -v 查看/修改端口 /etc/apache2/ports.conf
默认页面路径 /var/www/html
Python相关
1 安装 sudo apt-get install python-pip 2 检测 pip -V
工具相关
1 VMware Tools 2 安装 3 虚拟机安装Vmware Tools 4 解压 5 cd 到 目录 6 sudo su 切换 root权限 7 ./vmware-install.pl 8 回车 all the time 9 重启
Docker相关
1 安装 sudo apt install docker.io 2 查看版本 - docker -v 3 启动docker后台服务 - sudo service docker start
ElasticSearch相关
安装 wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.5.0.zip unzip elasticsearch-5.5.0.zip mv elasticsearch-5.5.0 /data/home/es/lcoal cd elasticsearch-5.5.0/bin ./elasticsearch 添加账号 groupadd testes useradd testes -g elasticsearch chown -R testes:elasticsearch elasticsearch-5.5.0 增删改查 1、数据写入: HTTP method:POST URL:http://127.0.0.1:9200/index-docs-name/data-type-name -d "{jsonstr}" 返回:{"_index":"index-name","_type":"typename","_id":"idstr","_version":"1","created":"true"} 2、数据获取: HTTP method :GET URL:http://127.0.0.1:9200/index-docs-name/data-type-name/id 返回:数据的json结构 3、数据删除: HTTP method :DELETE URL:http://127.0.0.1:9200/index-docs-name/data-type-name/id 或者:http://127.0.0.1:9200/index-docs-name(可以使用通配符)删除多个文档 4、数据更新: (1)全量再次写入 HTTP method:POST URL:http://127.0.0.1:9200/index-docs-name/data-type-name/id -d "{jsonstr}" 返回:{"_index":"index-name","_type":"typename","_id":"idstr","_version":"1","created":"true"} (2)局部更新: HTTP method:POST URL:http://127.0.0.1:9200/index-docs-name/data-type-name/id/_update -d "{jsonstr}" 5、数据查询 (1)全文搜索 HTTP method : GET URL : http://127.0.0.1:9200[/index-docs-name/data-type-name]/_search[?q=xxx] -d "{json}" (2)聚合请求: 在查询的search输入的结构体中写聚合语句即可。 新建模板 请求方式--PUT 请求地址a.b.c.d:9200/_template/your_temp_name 模板: { "template":"whoisinfo",#模板名,索引名字一样自动适配。 "order":"7",#模板号 "state":"open", "settings": { "index": { "creation_date": "1491451435658", "number_of_shards": "5",#自己控制 "number_of_replicas": "1",#自己控制 "uuid": "0GCKTzVTRAaw-z47TfCaZQ", "version": { "created": "2030399" } } } "mapping":{ "domain":{#这里是这个模板下第n类数据的样子 "properties":{ "colunm_name":{ "index":"not_analyzed" "type":"date/string……" "format":"strict_date_optional_time||epoch_millis"#这里是时间格式 } } } } } 索引与映射 (一)、映射 1、创建 Method : PUT URL : http://127.0.0.1:9200/index-docs-name/_mappind -d "{jsonstr}" 2、新增字段 Method : PUT URL : http://127.0.0.1:9200/index-docs-name/_mappind/mapping-name -d "{jsonstr}" 3、删除映射会删除数据 Method : DELETE URL : http://127.0.0.1:9200/index-docs-name/_mappind/mapping-name 4、获取映射 Method : GET URL : http://127.0.0.1:9200/index-docs-name/_mappind/mapping-name (二)常见的字段定义 type 数据类型 index 是否分词(not_analyzed) format 格式 多重索引 "name":{ "type":"xxxxx" "fields"::{"xxx":"xxxx"} } 分页查询 创建Elasticsearch对象 es = Elasticsearch([{'host':'192.168.1.103','port':9200}]) 创建分页机制 resp = es.search(index, body=query, scroll="24h",size=10000) 24h 是scrollid 有效时间 scroll_id = resp['_scroll_id'] id就是标识 total = resp["hits"]["total"] 总量 获取数据 resp = es.scroll(scroll_id=scroll_id, scroll="24h") rdoc = resp["hits"]["hits"] scroll_id = resp['_scroll_id'] rdoc是每个数据项字典结构体的list LogStash 安装 #step-one:依赖于java jdk 所以预先安装JDK 1、下载jdk 首选1.7 2、tar xzvf jdk-7u55-linux-x86.tar.gz 3、mkdir /usr/lib/jvm 4、mv jdk1.7.0_55 /usr/lib/jvm/ 5、gedit ~/.bashrc 在末尾输入一下内容并保存退出 export JAVA_HOME=/usr/lib/jvm/jdk1.7.0_55 export JRE_HOME=${JAVA_HOME}/jre export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib export PATH=${JAVA_HOME}/bin:$PATH 6、source ~/.bashrc(多个账户下) #step-two:安装logstash 1、方法1--源代码安装 wget https://download.elastic.co/logstash/logstash/logstash-1.5.1.tar.gz tar zxvf logstash-1.5.1.tar.gz mv logstash-1.5.1 logstash cd ./logstash/ 测试语句:bin/logstash -e 'input { stdin { } } output { stdout {} }' 配置测试语句: bin/logstash -e 'input { stdin { } } output { stdout { codec => rubydebug } }' 2、方法2--elasticsearch官方仓库安装 wget -O http://packages.elasicsearch.org/GPG-KEY-elasticsearch | apt-key add -cat >> /etc/apt/sources.list deb http//packages.elasticsearch.org/logstash/1.5/debian stable main apt-get update apt-get install logstash 按照logstash配置文件运行logstash bin/logstash -f logstash.conf 配置文件logstash.conf示例 input { stdin{ } } output{ stdout{ codec => rubydebug } elasticsearch { embedded => true } } 配置语法: 1、第一个概念:区段,也就是上文中的input 或者output都是一个区段 #区段之内定义键值对# 2、数据类型 (1)布尔型 true 和 false (2)字符串 "hostname" (3)数值 514 (4)数组 [] 类似python中的队列 (5)哈希 match => { key1 => "value1" , key2 => "value2" } 3、语法规则 (1)字段读取支持倒序下标 例如a[-1] (2)条件判断if / else if / else (3)判断操作符 != , == , < ,> ,<= ,>= ,=~ ,!~ ,in ,not in , and ,or ,nand ,xor, !{} 4、命令行参数 -e 执行 -f 配置文件 -l 错误日志的输出文件 -P 加载插件\ --verbose 输出一定到调试日志 --debug 输出更多调试信息 logstash的处理过程 |filtername |xxx <inputname <logA >outputname >elasticsearch logstash处理的是事件,事件的流转过程; 输入 -》 过滤 -》 输出 plugin命令: 查看本机有多少插件可用 plugin list 安装插件 plugin install xxxx 升级插件 plugin update xxx logstash运行 1、服务模式 services logstash start 2、nohup模式 nohup logstash -f ./logstash.conf & 3、screen模式(避免用户退出命令行到哦之程序退出 screen -dmS elksc1 screen -r elksc1 screen list 标准输出入 input { stdin{ add_field => {"key" => "value"} codec => plain tags => {"add"}标签 type => "std"类型 } } 文件输入 input { file { path => ["fiel1","file2",...] type => "systen" start_position => "beginning"duqushujuweizhi #discover_interval 每隔多久去检查下path选的下新文件 默认15s #execlude 排出文件 list #sincedb/sincedb_write_interval #start_interval 每隔多久监听下新文件 } } TCP 输入: input { tcp { port => 8888 mode => server ssl_enable => false } } 网络导入旧数据时候常用 与nc配合 nc 127.0.0.1 8888 < olddata syslog输入: input { syslog { port => "514" } } collectd输入: input { collectd { port => 25289 type => colletced } } Codec 1、json codec => "json" 注意对于nginx日志 可以把-替换成0 2、多行事件编码 codec => multiline { pattern => "^\[" negate => true waht => "previous" } 3、网络流编码: codec => netflow { definitions => "/opt/logstash-1.4.2/lib/logstash/codec/netflow/netflow.yaml" version => [5] } 时间处理: filter { gork { match => ["message","%{HTTPDATE:logdate}"] } date { match => ["logdate","dd/MMM/yyyy:HH:mm:ss Z"] } } gork 正则捕获 语法 gork { match => { "message"=> "%{WORD} {NUMBER:request_time:float} %{WORD}" } } match => {"message"=>"%{SYSLOGBASE} %{DATA:message}"}
计划任务
crontab -l ls -alh /var/spool/cron ls -al /etc/ | grep cron ls -al /etc/cron* cat /etc/cron* cat /etc/at.allow cat /etc/at.deny cat /etc/cron.allow cat /etc/cron.deny cat /etc/crontab cat /etc/anacrontab cat /var/spool/cron/crontabs/root
不安全的文件/文件夹权限配置
cat ~/.bash_history cat ~/.nano_history cat ~/.atftp_history cat ~/.mysql_history cat ~/.php_history
明文用户名/密码搜索
#删除用户 userdel 用户名
#根据uid反查用户名 getent passwd 0
grep -i user [filename] grep -i pass [filename] grep -C 5 "password" [filename] find . -name "*.php" -print0 | xargs -0 grep -i -n "var $password"
日志相关
/bin/systemctl restart rsyslog.service -- NewStart Carrier Grade Server Linux release 5/centos7 #重启日志服务
常见问题1:
1 Linux下出现Read-only file system 2 mount -o remount rw /
常见问题2:
userdel: cannot open /etc/passwd -》
chattr -i /etc/passwd /etc/shadow /etc/group /etc/gshadow
工具安装
Mysql
环境 Ubuntu 64 14.04-Desktop
检查是否安装MySQL
dpkg -l | grep mysql
安装
sudo apt-get install mysql-server
检查是否安装成功
netstat -tap | grep mysql
卸载
sudo rm /var/lib/mysql/ -R
sudo rm /etc/mysql/ -R
sudo apt-get autoremove mysql* --purge
sudo apt-get remove apparmor
问题
/usr/bin/dpkg returned an error code (1)
解决方案:
(1)sudo mv /var/lib/dpkg/info /var/lib/dpkg/info.bk
(2)sudo mkdir /var/lib/dpkg/info
(3)sudo apt-get update
(4)sudo apt-get install -f
(5)sudo mv /var/lib/dpkg/info/* /var/lib/dpkg/info.bk
(6)sudo rm -rf /var/lib/dpkg/info
(7)sudo mv /var/lib/dpkg/info.bk /var/lib/dpkg/info
程序名/端口/进程:
通过进程id查看占用的端口:netstat -nap | grep 2708
通过PID查看进程:ps -aux |grep -v grep|grep 28990
关闭端口 sudo iptables -A INPUT -p tcp --dport $PORT -j DROP" sudo iptables -A OUTPUT -p tcp --dport $PORT -j DROP"
或者 lsof -i :8080|grep -v "PID"|awk '{print "kill -9",$2}'|sh
防火墙相关
禁止所有的ip访问本机的固定端口 iptables -I INPUT -p tcp --dport 80 -j DROP 启用所有的ip访问本机的固定端口 iptables -I INPUT -p tcp --dport 80 -j ACCEPT 允许指定IP访问本机固定端口(需要先禁止所有的ip访问固定端口) iptables -I INPUT -s 192.168.1.123 -p tcp --dport 22 -j ACCEPT 禁止某个IP地址的PING iptables –A Filter –p icmp –s 192.168.0.1 –j DROP 只允许PING 202.96.134.133 其它公网IP都不许PING "iptables -A Filter -p icmp -s 192.168.100.200 -d 202.96.134.133 -j ACCEPT iptables -A Filter -p icmp -j DROP" 备份iptables cp /etc/sysconfig/iptables /var/tmp 保存iptables service iptables save 重启防火墙 service iptables restart 服务器只开启收发邮件功能 "iptables -I Filter -m mac --mac-source 00:0F:EA:25:51:37 -j DROP iptables -I Filter -m mac --mac-source 00:0F:EA:25:51:37 -p udp --dport 53 -j ACCEPT iptables -I Filter -m mac --mac-source 00:0F:EA:25:51:37 -p tcp --dport 25 -j ACCEPT iptables -I Filter -m mac --mac-source 00:0F:EA:25:51:37 -p tcp --dport 110 -j ACCEPT" 只允许访问指定网址 "iptables -A Filter -p udp --dport 53 -j ACCEPT iptables -A Filter -p tcp --dport 53 -j ACCEPT iptables -A Filter -d www.3322.org -j ACCEPT iptables -A Filter -d img.cn99.com -j ACCEPT iptables -A Filter -j DROP" 指定时间上网 "iptables -A Filter -s 10.10.10.253 -m time --timestart 6:00 --timestop 11:00 --days Mon,Tue,Wed,Thu,Fri,Sat,Sun -j DROP iptables -A Filter -m time --timestart 12:00 --timestop 13:00 --days Mon,Tue,Wed,Thu,Fri,Sat,Sun -j ACCEPT iptables -A Filter -m time --timestart 17:30 --timestop 8:30 --days Mon,Tue,Wed,Thu,Fri,Sat,Sun -j ACCEPT" 基于MAC,只能收发邮件,其它都拒绝 "iptables -I Filter -m mac --mac-source 00:0A:EB:97:79:A1 -j DROP iptables -I Filter -m mac --mac-source 00:0A:EB:97:79:A1 -p tcp --dport 25 -j ACCEPT iptables -I Filter -m mac --mac-source 00:0A:EB:97:79:A1 -p tcp --dport 110 -j ACCEPT" 禁用QQ防火墙配置 "iptables -A Filter -p udp --dport ! 53 -j DROP iptables -A Filter -d 218.17.209.0/24 -j DROP iptables -A Filter -d 218.18.95.0/24 -j DROP iptables -A Filter -d 219.133.40.177 -j DROP" 禁用MSN配置 "iptables -A Filter -p udp --dport 9 -j DROP iptables -A Filter -p tcp --dport 1863 -j DROP iptables -A Filter -p tcp --dport 80 -d 207.68.178.238 -j DROP iptables -A Filter -p tcp --dport 80 -d 207.46.110.0/24 -j DROP"
扫一扫
1930
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
