10.32/10.33 rsync通过服务同步
rsync数据同步:除了可以本地磁盘方式,ssh方式同步之外,还可以启用rsync服务的方式进行同步,是客户端-服务端C/S架构的形式。 1、在A机器作为服务端,需要先编辑一个配置文件: /etc/rsyncd.conf
[root@lgs ~]# cat /etc/rsyncd.conf
port=873
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=192.168.87.130
[test]
path=/tmp/rsync/
use chroot=true
max connections=4
read only=no
list=true
uid=root
gid=root
#auth users=test
#secrets file=/etc/rsyncd.passwd
hosts allow= 192.168.87.132
2、然后在A机器上,启动rsync服务:默认就是873端口,可以自己在配置文件里定义其他端口。
[root@lgs ~]# rsync --daemon
[root@lgs ~]# ps aux |grep rsync
root 1493 0.0 0.0 114696 540 ? Ss 17:20 0:00 rsync --daemon
root 1495 0.0 0.0 112676 992 pts/0 S+ 17:20 0:00 grep --color=auto rsync
3、确保B机器能够telnet通A机器的网络和873端口
[root@lgs-02 ~]# ping 192.168.87.130
PING 192.168.87.130 (192.168.87.130) 56(84) bytes of data.
64 bytes from 192.168.87.130: icmp_seq=1 ttl=64 time=1.26 ms
64 bytes from 192.168.87.130: icmp_seq=2 ttl=64 time=0.647 ms
[root@lgs-02 ~]# telnet 192.168.87.130 873
Trying 192.168.87.130...
telnet: connect to address 192.168.87.130: No route to host
telnet报错:提示没有路由到A机器。此时检查是不是防火墙firewalld的问题,我们把firewalld临时关闭
[root@lgs-02 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
347 460K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
1 244 INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
1 244 INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
1 244 INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
1 244 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 289 packets, 34888 bytes)
pkts bytes target prot opt in out source destination
289 34888 OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public all -- ens33 * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDI_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public all -- * ens33 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDO_public all -- * + 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_direct (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDI_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDO_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
1 244 IN_public all -- ens33 * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_direct (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public (2 references)
pkts bytes target prot opt in out source destination
1 244 IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
1 244 IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
1 244 IN_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_public_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
Chain IN_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
[root@lgs-02 ~]# systemctl stop firewalld
[root@lgs-02 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
关闭B机器的firewalld后还是不同,可能A机器的firewalld问题,也一起临时关闭。就能够telnet通了。
[root@lgs ~]# systemctl stop firewalld
[root@lgs ~]# iptables -nvL
Chain INPUT (policy ACCEPT 580 packets, 1337K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 567 packets, 81739 bytes)
pkts bytes target prot opt in out source destination
进入telnet,按ctrl+],再输入quit退出。
[root@lgs-02 ~]# telnet 192.168.87.130 873
Trying 192.168.87.130...
Connected to 192.168.87.130.
Escape character is '^]'.
@RSYNCD: 31.0
^]
telnet> q
Connection closed.
4、B机器作为客户端,在B上进行操作同步:两个冒号 : : 是用rsync服务的格式。test是配置文件中的模块[test],指向定义的path指定的操作目录。1.txt是有内容的,同步到A机器后再读内容,验证一下是否成功。
[root@lgs-02 ~]# touch /tmp/1.txt
[root@lgs-02 ~]# echo "dafagafafaas14r142" >/tmp/1.txt
[root@lgs-02 ~]# cat /tmp/1.txt
dafagafafaas14r142
[root@lgs-02 ~]# rsync -av /tmp/1.txt 192.168.87.130::test/abc.txt
sending incremental file list
1.txt
sent 110 bytes received 35 bytes 290.00 bytes/sec
total size is 19 speedup is 0.13
5、验证A机器上的abc.txt文件,验证同步成功。
[root@lgs ~]# ls -l /tmp/rsync/
总用量 4
-rw-r--r-- 1 root root 19 5月 16 17:35 abc.txt
[root@lgs ~]# cat /tmp/rsync/abc.txt
dafagafafaas14r142
rsyncd.conf 配置文件详解: port=873:指定服务端口。可以自定义。如果不是默认873端口,同步时要用 --port=8100 端口号 来指定。
log file=/var/log/rsync.log:指定日志文件
[root@lgs ~]# cat /var/log/rsync.log
2018/05/16 17:20:13 [1493] rsyncd version 3.1.2 starting, listening on port 873
2018/05/16 17:23:30 [1745] name lookup failed for 192.168.87.132: Name or service not known
2018/05/16 17:23:30 [1745] connect from UNKNOWN (192.168.87.132)
2018/05/16 17:25:55 [1807] name lookup failed for 192.168.87.132: Name or service not known
2018/05/16 17:25:55 [1807] connect from UNKNOWN (192.168.87.132)
2018/05/16 17:37:44 [1816] name lookup failed for 192.168.87.132: Name or service not known
2018/05/16 17:37:44 [1816] connect from UNKNOWN (192.168.87.132)
2018/05/16 09:37:44 [1816] rsync to test/abc.txt from UNKNOWN (192.168.87.132)
2018/05/16 09:37:44 [1816] receiving file list
2018/05/16 09:37:44 [1816] sent 40 bytes received 118 bytes total size 19
pid file=/var/run/rsyncd.pid:服务进程id文件,查看命令历史可知,rsync服务开启时生成这个pid文件, 都是17:20分。
[root@lgs ~]# history
1024 2018/05/16 17:20:13rsync --daemo
[root@lgs ~]# ls -l /var/run/rsyncd.pid
-rw-r--r-- 1 root root 5 5月 16 17:20 /var/run/rsyncd.pid
address=192.168.87.130 :指定服务端机器的网卡ip,可以指定多个ip。上面例子中A机器的网卡ip
[test] :定义服务模块
path=/tmp/rsync :模块指定的同步操作的目录
[root@lgs ~]# ls -l /tmp/rsync/
总用量 4
-rw-r--r-- 1 root root 19 5月 16 17:35 abc.txt
use chroot=true :限定只能在path目录下活动,如果同步含有软链接,设置为false才能同步,否则报错。
[root@lgs ~]# vim /etc/rsyncd.conf
port=873
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=192.168.87.130
[test]
path=/tmp/rsync/
use chroot=false
max connections=4
read only=no
list=true
uid=root
gid=root
#auth users=test
#secrets file=/etc/rsyncd.passwd
hosts allow= 192.168.87.132
[root@lgs ~]# touch 123.txt
[root@lgs ~]# echo "rsync chroot test" >123.txt
[root@lgs ~]# cat 123.txt
rsync chroot test
[root@lgs ~]# cd /tmp/rsync/
[root@lgs rsync]# ln -s /root/123.txt /tmp/rsync/123_lnk
[root@lgs rsync]# ls -l
总用量 4
lrwxrwxrwx 1 root root 13 5月 16 18:01 123_lnk -> /root/123.txt
-rw-r--r-- 1 root root 19 5月 16 17:35 abc.txt
[root@lgs-02 ~]# rsync -avL 192.168.87.130::test/123_lnk /tmp/
receiving incremental file list
123_lnk
sent 43 bytes received 111 bytes 308.00 bytes/sec
total size is 18 speedup is 0.12
[root@lgs-02 ~]# ls -l /tmp
总用量 8
-rw-r--r--. 1 root root 18 5月 16 17:59 123_lnk
-rw-r--r--. 1 root root 19 5月 16 17:35 1.txt
[root@lgs-02 ~]# cat /tmp/123_lnk
rsync chroot test
#设置成use chroot=true,会报错。
[root@lgs rsync]# vim /etc/rsyncd.conf
port=873
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=192.168.87.130
[test]
path=/tmp/rsync/
use chroot=true
max connections=4
read only=no
list=true
uid=root
gid=root
#auth users=test
#secrets file=/etc/rsyncd.passwd
hosts allow= 192.168.87.132
[root@lgs-02 ~]# rsync -avL 192.168.87.130::test/123_lnk /tmp/
receiving incremental file list
rsync: link_stat "/123_lnk" (in test) failed: No such file or directory (2)
sent 8 bytes received 87 bytes 190.00 bytes/sec
total size is 0 speedup is 0.00
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1650) [Receiver=3.1.2]
max connections=4:最大连接数,0为无限制
read only=no:是否只能取文件,不能写入文件。设置成yes,写入文件会报错。
[root@lgs-02 ~]# rsync -av /tmp/1.txt 192.168.87.130::test/abc.txt
sending incremental file list
rsync: read error: Connection reset by peer (104)
rsync error: error in socket IO (code 10) at io.c(785) [sender=3.1.2]
list=true :列出服务含有的模块,rsync --port 8730 172.16.37.139::,如果false则隐藏模块,是安全配置。
[root@lgs-02 ~]# rsync 192.168.87.130::
test
#设置成false就隐藏了模块。
[root@lgs rsync]# vim /etc/rsyncd.conf
port=873
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=192.168.87.130
[test]
path=/tmp/rsync/
use chroot=true
max connections=4
read only=no
list=false
uid=root
gid=root
#auth users=test
#secrets file=/etc/rsyncd.passwd
hosts allow= 192.168.87.132
[root@lgs-02 ~]# rsync 192.168.87.130::
[root@lgs-02 ~]#
uid=root :以什么用户身份传输,写入的文件属主是root
gid=root:以什么组身份传输,写入的文件属组是root
auth users=test :安全配置,同步服务登录的用户名,同步时要指定用户名,否则报错test@192.168.87.130::test/zzz.txt。
secrets file=/etc/rsyncd.passwd :同步服务登录的验证密码,编辑密码文件,权限是600,格式是 user:password
[root@lgs rsync]# touch /etc/rsyncd.passwd
[root@lgs rsync]# vim !$
vim /etc/rsyncd.passwd
[root@lgs rsync]# ls -l /etc/rsyncd.passwd
-rw-r--r-- 1 root root 12 5月 16 18:42 /etc/rsyncd.passwd
[root@lgs rsync]# chmod 600 !$
chmod 600 /etc/rsyncd.passwd
[root@lgs rsync]# ls -l /etc/rsyncd.passwd
-rw------- 1 root root 12 5月 16 18:42 /etc/rsyncd.passwd
#B机器上验证密码:
[root@lgs-02 ~]# rsync -av /tmp/1.txt 192.168.87.130::test/xxx.txt
Password:
@ERROR: auth failed on module test
rsync error: error starting client-server protocol (code 5) at main.c(1648) [sender=3.1.2]
[root@lgs-02 ~]# rsync -av /tmp/1.txt test@192.168.87.130::test/xxx.txt
Password:
sending incremental file list
1.txt
sent 110 bytes received 35 bytes 58.00 bytes/sec
total size is 19 speedup is 0.13
如果是用在脚本当中,不能够需要自动输入密码,可以在客户端设置一个密码文件(权限600),同步时指定密码文件即可:--password-file=/tmp/2.txt 。
[root@lgs-02 ~]# vi /tmp/2.txt
[root@lgs-02 ~]# chmod 600 /tmp/2.txt
[root@lgs-02 ~]# ls -l /tmp/2.txt
-rw-------. 1 root root 7 5月 16 18:51 /tmp/2.txt
[root@lgs-02 ~]# rsync -av /tmp/1.txt --password-file=/tmp/2.txt test@192.168.87.130::test/zzz.txt
sending incremental file list
1.txt
sent 110 bytes received 35 bytes 290.00 bytes/sec
total size is 19 speedup is 0.13
hosts allow= 192.168.87.150 :指定来访客户端的ip。可以写多个。
10.34 linux系统日志
linux日志的存放路径:/var/log
[root@lgs ~]# ls /var/log/
anaconda boot.log-20180510 cron-20180422 gdm maillog-20180513 rsync.log secure-20180513 tuned
audit boot.log-20180513 cron-20180430 grubby_prune_debug messages sa spooler vmware-vgauthsvc.log.0
boot.log boot.log-20180516 cron-20180506 lastlog messages-20180422 samba spooler-20180422 vmware-vmsvc.log
boot.log-20180430 btmp cron-20180513 maillog messages-20180430 secure spooler-20180430 wtmp
boot.log-20180501 btmp-20180501 dmesg maillog-20180422 messages-20180506 secure-20180422 spooler-20180506 yum.log
boot.log-20180506 chrony dmesg.old maillog-20180430 messages-20180513 secure-20180430 spooler-20180513
boot.log-20180509 cron firewalld maillog-20180506 rhsm secure-20180506 tallylog
系统的总日志:/var/log/messages,存放系统的总体日志。
[root@lgs ~]# ls -l /var/log/messages
-rw------- 1 root root 134456 5月 16 19:30 /var/log/messages
[root@lgs ~]# du -sh /var/log/messages
132K /var/log/messages
系统日志文件会不断的增长,占用磁盘空间,可以使用日志切割服务logrotate进行管理。在配置文件 /etc/logrotate.conf 里进行定义。
weekly:一周切割一次。rotate 4:切割4个文件。
create:切割后新建一个日志文件。dateext:以日期命名切割后的文件。
[root@lgs ~]# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
include /etc/logrotate.d:包含/etc/logrotate.d/ 目录
[root@lgs ~]# ls -l /etc/logrotate.d/
总用量 24
-rw-r--r--. 1 root root 76 8月 2 2017 bootlog
-rw-r--r--. 1 root root 160 1月 31 2017 chrony
-rw-r--r--. 1 root root 115 11月 28 00:21 samba
-rw-r--r--. 1 root root 224 5月 10 2017 syslog
-rw-r--r--. 1 root root 100 8月 4 2017 wpa_supplicant
-rw-r--r--. 1 root root 100 8月 6 2017 yum
系统硬件信息日志:dmesg 命令查看,该日志是保存在内存里,磁盘故障,网卡故障等会记录在此日志里。
[root@lgs ~]# dmesg
[ 1.813293] usb 2-2: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[ 1.813295] usb 2-2: Product: VMware Virtual USB Hub
[ 1.817237] hub 2-2:1.0: USB hub found
[ 1.818586] hub 2-2:1.0: 7 ports detected
[ 1.938328] XFS (sda3): Ending clean mount
[ 2.097456] systemd-journald[92]: Received SIGTERM from PID 1 (systemd).
[ 2.120286] SELinux: Disabled at runtime.
[ 2.120301] SELinux: Unregistering netfilter hooks
[ 2.162272] type=1404 audit(1526460943.531:2): selinux=0 auid=4294967295 ses=4294967295
[ 2.180423] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 2.180471] systemd[1]: Inserted module 'ip_tables'
[ 2.261213] systemd-journald[366]: Received request to flush runtime journal from PID 1
[ 2.268547] random: crng init done
[ 2.377352] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4
[ 2.378644] vmw_vmci 0000:00:07.7: Found VMCI PCI device at 0x11080, irq 16
[ 2.378677] vmw_vmci 0000:00:07.7: Using capabilities 0xc
[ 2.378710] vmw_vmci 0000:00:07.7: irq 56 for MSI/MSI-X
[ 2.378743] vmw_vmci 0000:00:07.7: irq 57 for MSI/MSI-X
[ 2.378836] Guest personality initialized and is active
[ 2.379610] piix4_smbus 0000:00:07.3: SMBus Host Controller not enabled!
[ 2.379661] VMCI host device registered (name=vmci, major=10, minor=58)
[ 2.379663] Initialized host personality
[ 2.509886] sd 2:0:0:0: Attached scsi generic sg0 type 0
[ 2.509913] sd 2:0:1:0: Attached scsi generic sg1 type 0
[ 2.509937] sr 1:0:0:0: Attached scsi generic sg2 type 5
[ 2.516433] input: PC Speaker as /devices/platform/pcspkr/input/input5
[ 2.597679] ppdev: user-space parallel port driver
[ 2.602819] Adding 4194300k swap on /dev/sda2. Priority:-1 extents:1 across:4194300k FS
[ 2.615981] alg: No test for __gcm-aes-aesni (__driver-gcm-aes-aesni)
[ 2.640814] alg: No test for crc32 (crc32-pclmul)
[ 2.688545] device-mapper: uevent: version 1.0.3
[ 2.688601] device-mapper: ioctl: 4.35.0-ioctl (2016-06-23) initialised: dm-devel@redhat.com
[ 2.694512] XFS (sda1): Mounting V5 Filesystem
[ 2.999307] XFS (sda1): Ending clean mount
[ 3.027983] type=1305 audit(1526460944.396:3): audit_pid=525 old=0 auid=4294967295 ses=4294967295 res=1
[ 3.271531] NET: Registered protocol family 40
[ 3.291745] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[ 3.355663] IPv6: ADDRCONF(NETDEV_UP): ens33: link is not ready
[ 3.357809] e1000: ens33 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[ 3.847375] traps: httpd[843] general protection ip:7f3c6a15152c sp:7ffe17f86130 error:0 in libphp5.so[7f3c69cd8000+b32000]
[ 5.475261] floppy0: no floppy controllers found
[ 5.475306] work still pending
[ 1676.126068] ip_tables: (C) 2000-2006 Netfilter Core Team
-c选项:清空硬件日志,系统重启后又会自动生成。
[root@lgs ~]# dmesg -c
[root@lgs ~]# dmesg
[root@lgs ~]#
系统启动日志:存放在 /var/log/dmesg ,与dmesg命令无关联。
[root@lgs ~]# cat /var/log/dmesg
[ 1.813290] usb 2-2: New USB device found, idVendor=0e0f, idProduct=0002
[ 1.813293] usb 2-2: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[ 1.813295] usb 2-2: Product: VMware Virtual USB Hub
[ 1.817237] hub 2-2:1.0: USB hub found
[ 1.818586] hub 2-2:1.0: 7 ports detected
[ 1.938328] XFS (sda3): Ending clean mount
[ 2.097456] systemd-journald[92]: Received SIGTERM from PID 1 (systemd).
[ 2.120286] SELinux: Disabled at runtime.
[ 2.120301] SELinux: Unregistering netfilter hooks
[ 2.162272] type=1404 audit(1526460943.531:2): selinux=0 auid=4294967295 ses=4294967295
[ 2.180423] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 2.180471] systemd[1]: Inserted module 'ip_tables'
[ 2.261213] systemd-journald[366]: Received request to flush runtime journal from PID 1
[ 2.268547] random: crng init done
[ 2.377352] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4
[ 2.378644] vmw_vmci 0000:00:07.7: Found VMCI PCI device at 0x11080, irq 16
[ 2.378677] vmw_vmci 0000:00:07.7: Using capabilities 0xc
[ 2.378710] vmw_vmci 0000:00:07.7: irq 56 for MSI/MSI-X
[ 2.378743] vmw_vmci 0000:00:07.7: irq 57 for MSI/MSI-X
[ 2.378836] Guest personality initialized and is active
[ 2.379610] piix4_smbus 0000:00:07.3: SMBus Host Controller not enabled!
[ 2.379661] VMCI host device registered (name=vmci, major=10, minor=58)
[ 2.379663] Initialized host personality
[ 2.509886] sd 2:0:0:0: Attached scsi generic sg0 type 0
[ 2.509913] sd 2:0:1:0: Attached scsi generic sg1 type 0
[ 2.509937] sr 1:0:0:0: Attached scsi generic sg2 type 5
[ 2.516433] input: PC Speaker as /devices/platform/pcspkr/input/input5
[ 2.597679] ppdev: user-space parallel port driver
[ 2.602819] Adding 4194300k swap on /dev/sda2. Priority:-1 extents:1 across:4194300k FS
[ 2.615981] alg: No test for __gcm-aes-aesni (__driver-gcm-aes-aesni)
[ 2.640814] alg: No test for crc32 (crc32-pclmul)
[ 2.688545] device-mapper: uevent: version 1.0.3
[ 2.688601] device-mapper: ioctl: 4.35.0-ioctl (2016-06-23) initialised: dm-devel@redhat.com
[ 2.694512] XFS (sda1): Mounting V5 Filesystem
[ 2.999307] XFS (sda1): Ending clean mount
[ 3.027983] type=1305 audit(1526460944.396:3): audit_pid=525 old=0 auid=4294967295 ses=4294967295 res=1
last命令:调用 /var/log/wtmp日志,是记录系统正常登录的日志。
[root@lgs ~]# last
root pts/0 192.168.87.1 Thu Mar 22 19:28 - 19:28 (00:00)
root pts/0 192.168.87.1 Thu Mar 22 19:16 - 19:16 (00:00)
root tty1 Thu Mar 22 19:17 - 19:32 (00:15)
reboot system boot 3.10.0-693.el7.x Thu Mar 22 19:15 - 19:35 (00:19)
reboot system boot 3.10.0-693.el7.x Thu Mar 22 18:54 - 18:54 (00:00)
root pts/0 192.168.87.1 Thu Mar 22 18:46 - 18:46 (00:00)
root pts/0 192.168.87.1 Thu Mar 22 18:46 - 18:46 (00:00)
root tty1 Thu Mar 22 18:46 - 18:47 (00:00)
reboot system boot 3.10.0-693.el7.x Thu Mar 22 18:44 - 18:48 (00:03)
reboot system boot 3.10.0-693.el7.x Thu Mar 22 18:44 - 18:48 (00:04)
root tty1 Thu Mar 22 17:16 - 17:16 (00:00)
root pts/1 192.168.87.1 Thu Mar 22 16:34 - 16:35 (00:00)
root pts/0 192.168.87.1 Thu Mar 22 16:14 - 17:05 (00:51)
reboot system boot 3.10.0-693.el7.x Thu Mar 22 16:13 - 17:16 (01:02)
root pts/1 192.168.87.1 Wed Mar 21 22:39 - 22:39 (00:00)
root pts/1 192.168.87.1 Wed Mar 21 21:03 - 21:06 (00:02)
root pts/0 192.168.87.1 Wed Mar 21 20:56 - 21:06 (00:09)
root tty1 Wed Mar 21 20:49 - 22:42 (01:52)
reboot system boot 3.10.0-693.el7.x Wed Mar 21 20:38 - 22:42 (02:03)
root tty1 Wed Mar 21 15:32 - 08:13 (-7:-19)
reboot system boot 3.10.0-693.el7.x Wed Mar 21 15:29 - 08:13 (-7:-16)
root tty1 Tue Mar 20 09:24 - 09:25 (00:00)
reboot system boot 3.10.0-693.el7.x Tue Mar 20 09:24 - 09:25 (00:01)
wtmp begins Tue Mar 20 09:24:10 2018
[root@lgs ~]# ls -l /var/log/wtmp
-rw-rw-r--. 1 root utmp 250368 5月 16 16:55 /var/log/wtmp
lastb命令:调用 /var/log/btmp 日志,是记录登录系统失败的日志,当系统被暴力破解登录时,这个日志会记录,但没有详细的登录来源ip等。
[root@lgs ~]# lastb
root tty1 Wed May 16 19:51 - 19:51 (00:00)
btmp begins Wed May 16 19:51:43 2018
[root@lgs ~]# ls -l /var/log/btmp
-rw-------. 1 root utmp 384 5月 16 19:51 /var/log/btmp
安全日志:/var/log/secure ,登录成功和失败的详细信息。系统被暴力破解攻击,会记录攻击的详细信息。
[root@lgs ~]# cat /var/log/secure
May 13 13:41:42 lgs polkitd[569]: Registered Authentication Agent for unix-process:1750:684968 (system bus name :1.64 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8)
May 13 13:41:42 lgs polkitd[569]: Unregistered Authentication Agent for unix-process:1750:684968 (system bus name :1.64, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (disconnected from bus)
May 16 16:55:44 lgs polkitd[550]: Loading rules from directory /etc/polkit-1/rules.d
May 16 16:55:44 lgs polkitd[550]: Loading rules from directory /usr/share/polkit-1/rules.d
May 16 16:55:44 lgs polkitd[550]: Finished loading, compiling and executing 3 rules
May 16 16:55:44 lgs polkitd[550]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
May 16 16:58:27 lgs sshd[833]: Server listening on 0.0.0.0 port 22.
May 16 16:58:27 lgs sshd[833]: Server listening on :: port 22.
May 16 16:55:44 lgs sshd[1275]: Accepted publickey for root from 192.168.87.1 port 50341 ssh2: RSA SHA256:v5PSs01EL2lHyCyvKv8k/oi3Bv2MREJ6p4/pCibVWgk
May 16 16:55:44 lgs sshd[1275]: pam_unix(sshd:session): session opened for user root by (uid=0)
May 16 17:21:17 lgs polkitd[550]: Registered Authentication Agent for unix-process:1498:154743 (system bus name :1.28 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8)
May 16 17:21:17 lgs polkitd[550]: Unregistered Authentication Agent for unix-process:1498:154743 (system bus name :1.28, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (disconnected from bus)
May 16 17:23:23 lgs polkitd[550]: Registered Authentication Agent for unix-process:1676:167347 (system bus name :1.29 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8)
May 16 17:23:23 lgs polkitd[550]: Unregistered Authentication Agent for unix-process:1676:167347 (system bus name :1.29, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (disconnected from bus)
May 16 19:51:41 lgs login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= user=root
May 16 19:51:41 lgs login: pam_succeed_if(login:auth): requirement "uid >= 1000" not met by user "root"
May 16 19:51:43 lgs login: FAILED LOGIN 1 FROM tty1 FOR root, Authentication failure
10.35 screen工具
遇到有这样的需求:我们需要运行一些处理时间比较长的脚本,例如一天一夜不能中断的,脚本需要输出信息到屏幕,但是我们通过远程登录服务器,不能保证网络不会中断,而且我们不可能一天一夜守在电脑面前。此时:
方法1、可以通过后台运行解决, nohup 命令 输入写入文件 & ,方法1不能够随时监控到运行情况。
[root@lgs ~]# nohup sleep 1000 &
[1] 2170
[root@lgs ~]# nohup: 忽略输入并把输出追加到"nohup.out"
fg
nohup sleep 1000
^Z
[1]+ 已停止 nohup sleep 1000
[root@lgs ~]# fg
nohup sleep 1000
^C
[root@lgs ~]# bg
-bash: bg: 当前: 无此任务
我们可以用方法2、 screen工具:运行一个虚拟终端。
[root@lgs ~]# screen
-bash: screen: 未找到命令
[root@lgs ~]# yum install -y screen
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* epel: mirror.dmmlabs.jp
正在解决依赖关系
--> 正在检查事务
---> 软件包 screen.x86_64.0.4.1.0-0.25.20120314git3c2946.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
==============================================================================================================================================================
Package 架构 版本 源 大小
==============================================================================================================================================================
正在安装:
screen x86_64 4.1.0-0.25.20120314git3c2946.el7 base 552 k
事务概要
==============================================================================================================================================================
安装 1 软件包
总下载量:552 k
安装大小:914 k
Downloading packages:
screen-4.1.0-0.25.20120314git3c2946.el7.x86_64.rpm | 552 kB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : screen-4.1.0-0.25.20120314git3c2946.el7.x86_64 1/1
验证中 : screen-4.1.0-0.25.20120314git3c2946.el7.x86_64 1/1
已安装:
screen.x86_64 0:4.1.0-0.25.20120314git3c2946.el7
完毕!
进入screen终端,再进行一些命令操作,xshell标题栏会显示当前是screen的状态。
可以按ctrl+a,在+d,虚拟终端就会进入后台运行。
[root@lgs ~]# sleep 300
[root@lgs ~]# screen
[detached from 2184.pts-0.lgs]
screen -ls :查看后台运行的虚拟终端
[root@lgs ~]# screen -ls
There are screens on:
2291.pts-0.lgs (Detached)
2275.pts-0.lgs (Detached)
2247.pts-0.lgs (Detached)
2184.pts-0.lgs (Detached)
4 Sockets in /var/run/screen/S-root.
screen -r 终端id :调出后台运行的虚拟终端。
[root@lgs ~]# screen -r 2184
[root@lgs ~]# sleep 300
在screen中,exit命令退出虚拟终端。
[root@lgs ~]# exit
如果虚拟终端太多,为了区分功能,可以自定义命名:screen -S "name"
这里输入代码
当你 screen -ls,就可以区分调用你想要的虚拟终端。
[root@lgs ~]# screen -S "screen test"
[detached from 2348.screen test]
[root@lgs ~]# screen -ls
There are screens on:
2348.screen test (Detached)
2331.pts-0.lgs (Detached)
2291.pts-0.lgs (Detached)
2275.pts-0.lgs (Detached)
2247.pts-0.lgs (Detached)
2184.pts-0.lgs (Detached)
6 Sockets in /var/run/screen/S-root.
screen -r id或者终端名,进行终端操作。
[root@lgs ~]# screen -r screen test
[root@lgs ~]# sleep 500