八周三次课(5月15日)

最新推荐文章于 2022-06-28 22:52:54 发布
最新推荐文章于 2022-06-28 22:52:54 发布
阅读量240 收藏
点赞数
文章标签: 运维 操作系统 开发工具
原文链接:http://blog.51cto.com/235571/2114162
版权

10.32/10.33 rsync通过服务同步

编辑配置文件
vim /etc/rsyncd.conf

启动服务rsync --daemon

格式:rsync -av test1/172.16.22.220::module/dir/

rsyncd.conf样例

port=873
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=172.16.22.221
[test]
path=/root/rsync
use chroot=true
max connections=4
read only=no
list=true
uid=root
gid=root
auth users=test
secrets file=/etc/rsyncd.passwd
hosts allow=172.16.22.220

先打开vi /etc/rsyncd.conf编辑配置文件

[root@localhost ~]# vi /etc/rsyncd.conf

# /etc/rsyncd: configuration file for rsync daemon mode

# See rsyncd.conf man page for more options.

# configuration example:

# uid = nobody
# gid = nobody
# use chroot = yes
# max connections = 4
# pid file = /var/run/rsyncd.pid
# exclude = lost+found/
# transfer logging = yes
# timeout = 900
# ignore nonreadable = yes
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2

# [ftp]
#        path = /home/ftp
#        comment = ftp export area
~                                                                                      

~                                                                                      
"/etc/rsyncd.conf" 20L, 458C

把上面的样例放进去

[root@localhost ~]# vi /etc/rsyncd.conf

# use chroot = yes
# max connections = 4
# pid file = /var/run/rsyncd.pid
# exclude = lost+found/
# transfer logging = yes
# timeout = 900
# ignore nonreadable = yes
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2

# [ftp]
#        path = /home/ftp
#        comment = ftp export area
port=873
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=172.16.22.221
[test]
path=/root/rsync
use chroot=true
max connections=4
read only=no
list=true
uid=root
gid=root
auth users=test
secrets file=/etc/rsyncd.passwd
hosts allow=172.16.22.220 
INSERT --

[root@localhost ~]# vi /etc/rsyncd.conf

启动服务rsync --daemon

[root@localhost ~]# rsync --daemon
[root@localhost ~]# ps aux |grep rsync (检测一下看下有没有启动服务)
root       2927  0.0  0.0 114644   556 ?        Ss   22:26   0:00 rsync --daemon
root       2929  0.0  0.0 112664   972 pts/0    R+   22:26   0:00 grep --color=auto rsync
[root@localhost ~]# netstat -lntp (检查下监听的端口)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1085/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1523/master         
tcp        0      0 172.16.22.221:873     0.0.0.0:*               LISTEN      2927/rsync          
tcp6       0      0 :::22                   :::*                    LISTEN      1085/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      1523/master         
[root@localhost ~]#

/root/rsync/ 这样的路径,不要放在root 下,权限不好把握

[root@localhost ~]# vim /etc/rsyncd.conf

# /etc/rsyncd: configuration file for rsync daemon mode

# See rsyncd.conf man page for more options.

# configuration example:

# uid = nobody
# gid = nobody
# use chroot = yes
# max connections = 4
# pid file = /var/run/rsyncd.pid
# exclude = lost+found/
# transfer logging = yes
# timeout = 900
# ignore nonreadable = yes
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2

# [ftp]
#        path = /home/ftp
#        comment = ftp export area
port=873
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=172.16.22.221
[test]
path=/tmp/rsync
use chroot=true
:wq

把path=/root/rsync/ 改为path=/tmp/rsync/ ,然后创建一下这个目录/tmp/rsync/ 把权限改为777,为了方便测试

[root@localhost ~]# vim /etc/rsyncd.conf
[root@localhost ~]# mkdir /tmp/rsync
[root@localhost ~]# chmod 777 /tmp/rsync
[root@localhost ~]#

在终端2 上 同步一个文件过去
rsync -avP /tmp/aiker.txt 172.16.22.221::test/aiker-02.txt
命令解释:在终端2上把/tmp/aiker.txt 文件同步到 (172.16.22.221)终端1的test(/tmp/rsync/)目录下,并且改名aiker-02.txt

[root@aiker ~]# rsync -avP /tmp/aiker.txt 172.16.22.221::test/aiker-02.txt
rsync: failed to connect to 172.16.22.221 (172.16.22.221): No route to host (113)
rsync error: error in socket IO (code 10) at clientserver.c(122) [sender=3.0.9]
[root@aiker ~]#

这里报错了,我们先来看下网络是否是通的,ping下,可以,再试下telnet

[root@aiker ~]# ping 172.16.22.221
PING 172.16.22.221 (172.16.22.221) 56(84) bytes of data.
64 bytes from 172.16.22.221: icmp_seq=1 ttl=64 time=0.421 ms
64 bytes from 172.16.22.221: icmp_seq=2 ttl=64 time=0.410 ms
64 bytes from 172.16.22.221: icmp_seq=3 ttl=64 time=0.449 ms
^C
172.16.22.221 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.410/0.426/0.449/0.028 ms
[root@aiker ~]# telnet 172.16.22.221 873
bash: telnet: 未找到命令
[root@aiker ~]#

再看下是否是端口有问题,看下telnet 命令没有,安装一下,telnet 172.16.22.221 873 ,
telnet ip 端口 这个是检测一个端口是否通的一个命令

[root@aiker ~]# yum install -y telnet
已加载插件:fastestmirror

已安装:
telnet.x86_64 1:0.17-60.el7                                                                   

完毕!
[root@aiker ~]# 

[root@aiker ~]# telnet 172.16.22.221 873
Trying 172.16.22.221...
telnet: connect to address 172.16.22.221: No route to host
[root@aiker ~]#

telnet 这样说明这个端口不通的,有问题,检查下是否是iptables的问题

[root@aiker ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         
450  112K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
1    80 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
152 42932 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
152 42932 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
152 42932 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
151 42880 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         
0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 22 packets, 2088 bytes)
pkts bytes target     prot opt in     out     source               destination         
435 42068 OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
pkts bytes target     prot opt in     out     source               destination         
0     0 FWDI_public  all  --  ens37  *       0.0.0.0/0            0.0.0.0/0           [goto] 
0     0 FWDI_public  all  --  ens33  *       0.0.0.0/0            0.0.0.0/0           [goto] 
0     0 FWDI_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target     prot opt in     out     source               destination         
0     0 FWDO_public  all  --  *      ens37   0.0.0.0/0            0.0.0.0/0           [goto] 
0     0 FWDO_public  all  --  *      ens33   0.0.0.0/0            0.0.0.0/0           [goto] 
0     0 FWDO_public  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_direct (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public (3 references)
pkts bytes target     prot opt in     out     source               destination         
0     0 FWDI_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FWDI_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FWDI_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDI_public_allow (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_deny (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_log (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public (3 references)
pkts bytes target     prot opt in     out     source               destination         
0     0 FWDO_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FWDO_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FWDO_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDO_public_allow (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_deny (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_log (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_ZONES (1 references)
pkts bytes target     prot opt in     out     source               destination         
0     0 IN_public  all  --  ens37  *       0.0.0.0/0            0.0.0.0/0           [goto] 
32  3572 IN_public  all  --  ens33  *       0.0.0.0/0            0.0.0.0/0           [goto] 
120 39360 IN_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain IN_public (3 references)
pkts bytes target     prot opt in     out     source               destination         
152 42932 IN_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
152 42932 IN_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
152 42932 IN_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain IN_public_allow (1 references)
pkts bytes target     prot opt in     out     source               destination         
1    52 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW

Chain IN_public_deny (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain IN_public_log (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (1 references)
pkts bytes target     prot opt in     out     source               destination         
[root@aiker ~]#

果然是iptables里面的规则导致,现在需要把firewalld 服务给停掉 使用命令systemctl stop firewalld 把firewalld服务停掉,现在规则没有了

[root@aiker ~]# systemctl stop firewalld

[root@aiker ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         
[root@aiker ~]#

终端1 那里也要看下,

[root@localhost ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         
859 72158 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
1    80 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
125 51825 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
125 51825 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
125 51825 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
190 51689 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         
0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 15 packets, 1328 bytes)
pkts bytes target     prot opt in     out     source               destination         
757 78611 OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
pkts bytes target     prot opt in     out     source               destination         
0     0 FWDI_work  all  --  ens37  *       0.0.0.0/0            0.0.0.0/0           [goto] 
0     0 FWDI_work  all  --  ens33  *       0.0.0.0/0            0.0.0.0/0           [goto] 
0     0 FWDI_work  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target     prot opt in     out     source               destination         
0     0 FWDO_work  all  --  *      ens37   0.0.0.0/0            0.0.0.0/0           [goto] 
0     0 FWDO_work  all  --  *      ens33   0.0.0.0/0            0.0.0.0/0           [goto] 
0     0 FWDO_work  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_direct (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_work (3 references)
pkts bytes target     prot opt in     out     source               destination         
0     0 FWDI_work_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FWDI_work_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FWDI_work_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDI_work_allow (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_work_deny (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_work_log (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_work (3 references)
pkts bytes target     prot opt in     out     source               destination         
0     0 FWDO_work_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FWDO_work_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
0     0 FWDO_work_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDO_work_allow (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_work_deny (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_work_log (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_ZONES (1 references)
pkts bytes target     prot opt in     out     source               destination         
0     0 IN_work    all  --  ens37  *       0.0.0.0/0            0.0.0.0/0           [goto] 
57  7545 IN_work    all  --  ens33  *       0.0.0.0/0            0.0.0.0/0           [goto] 
135 44280 IN_work    all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain IN_work (3 references)
pkts bytes target     prot opt in     out     source               destination         
125 51825 IN_work_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
125 51825 IN_work_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
125 51825 IN_work_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
1    84 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain IN_work_allow (1 references)
pkts bytes target     prot opt in     out     source               destination         
1    52 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1121 ctstate NEW

Chain IN_work_deny (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain IN_work_log (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (1 references)
pkts bytes target     prot opt in     out     source               destination         
[root@localhost ~]#

所以我们也需要把firewalld 服务 给停掉

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         
[root@localhost ~]#

再去终端2上面重新试下telnet ip 端口

[root@aiker ~]# telnet 172.16.22.221 873
Trying 172.16.22.221...
Connected to 172.16.22.221.
Escape character is '^]'.
@RSYNCD: 30.0      (显示到这里说明通了)

[root@aiker ~]# telnet 172.16.22.221 873
Trying 172.16.22.221...
Connected to 172.16.22.221.
Escape character is '^]'.
@RSYNCD: 30.0
^]                      (退出来用ctrl + ])   然后quit
telnet> quit
Connection closed.
[root@aiker ~]#

再来运行这个命令,

Connection closed.
[root@aiker ~]# rsync -avP /tmp/aiker.txt 172.16.22.221::test/aiker-02.txt
Password:

提示输入密码,
再去终端1 修改配置文件,把密码那里注释掉

[root@localhost ~]# vim /etc/rsyncd.conf

# /etc/rsyncd: configuration file for rsync daemon mode

# See rsyncd.conf man page for more options.

# configuration example:

# uid = nobody
# gid = nobody
# use chroot = yes
# max connections = 4
# pid file = /var/run/rsyncd.pid
# exclude = lost+found/
# transfer logging = yes
# timeout = 900
# ignore nonreadable = yes
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2

# [ftp]
#        path = /home/ftp
#        comment = ftp export area
port=873
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=172.16.22.221
[test]
path=/tmp/rsync
use chroot=true
max connections=4
read only=no
list=true
uid=root
gid=root
#auth users=test
#secrets file=/etc/rsyncd.passwd
hosts allow=172.16.22.220
插入 --

再来终端2 看下 成功了

[root@aiker ~]# rsync -avP /tmp/aiker.txt 172.16.22.221::test/aiker-02.txt
sending incremental file list
aiker.txt
1397 100%    0.00kB/s    0:00:00 (xfer#1, to-check=0/1)

sent 1470 bytes  received 27 bytes  998.00 bytes/sec
total size is 1397  speedup is 0.93
[root@aiker ~]#

来检查下终端1 /tmp/rsync/ 里面有aiker-02.txt文件

[root@localhost ~]# ls /tmp/rsync/
aiker-02.txt
[root@localhost ~]#

反过来我们也可以把这个文件拉下来,拉到这台机器上来 也可以

[root@aiker ~]# rsync -avP 172.16.22.221::test/aiker-02.txt /tmp/123.txt
receiving incremental file list
aiker-02.txt
1397 100%    1.33MB/s    0:00:00 (xfer#1, to-check=0/1)

sent 45 bytes  received 1504 bytes  3098.00 bytes/sec
total size is 1397  speedup is 0.90
[root@aiker ~]#

下面来看下这些配置文件的里面 含义是什么
rsyncd.conf配置文件详解
port:指定在哪个端口启动rsyncd服务,默认是873端口。也可以改下端口 把873端口改为8730 

[root@localhost ~]# vim /etc/rsyncd.conf

# uid = nobody
# gid = nobody
# use chroot = yes
# max connections = 4
# pid file = /var/run/rsyncd.pid
# exclude = lost+found/
# transfer logging = yes
# timeout = 900
# ignore nonreadable = yes
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2

# [ftp]
#        path = /home/ftp
#        comment = ftp export area
port=8730
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=172.16.22.221
[test]
path=/tmp/rsync
use chroot=true
max connections=4
read only=no
list=true
uid=root
gid=root
#auth users=test
#secrets file=/etc/rsyncd.passwd
hosts allow=172.16.22.220
插入 --

看下他的日志文件 /var/log/rsync.log

[root@localhost ~]# vim /etc/rsyncd.conf
[root@localhost ~]# cat /var/log/rsync.log
2018/01/14 22:26:50 [2927] rsyncd version 3.0.9 starting, listening on port 873
2018/01/14 22:56:55 [3172] name lookup failed for 172.16.22.220: Name or service not known
2018/01/14 22:56:55 [3172] connect from UNKNOWN (172.16.22.220)
2018/01/14 23:26:30 [3172] rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
2018/01/14 23:26:30 [3172] rsync error: error in rsync protocol data stream (code 12) at io.c(605) [Receiver=3.0.9]
2018/01/14 23:50:03 [3395] name lookup failed for 172.16.22.220: Name or service not known
2018/01/14 23:50:03 [3395] connect from UNKNOWN (172.16.22.220)
2018/01/14 23:50:09 [3395] auth failed on module test from unknown (172.16.22.220): unauthorized user
2018/01/14 23:50:51 [3402] name lookup failed for 172.16.22.220: Name or service not known
2018/01/14 23:50:51 [3402] connect from UNKNOWN (172.16.22.220)
2018/01/14 23:53:27 [3402] auth failed on module test from unknown (172.16.22.220): unauthorized user
2018/01/14 23:53:30 [3414] name lookup failed for 172.16.22.220: Name or service not known
2018/01/14 23:53:30 [3414] connect from UNKNOWN (172.16.22.220)
2018/01/14 15:53:30 [3414] rsync to test/aiker-02.txt from unknown (172.16.22.220)
2018/01/14 15:53:30 [3414] receiving file list
2018/01/14 15:53:30 [3414] sent 54 bytes  received 1489 bytes  total size 1397
2018/01/14 23:56:16 [3424] name lookup failed for 172.16.22.220: Name or service not known
2018/01/14 23:56:16 [3424] connect from UNKNOWN (172.16.22.220)
2018/01/14 15:56:16 [3424] rsync on test/aiker-02.txt from unknown (172.16.22.220)
2018/01/14 15:56:16 [3424] building file list
2018/01/14 15:56:16 [3424] sent 1519 bytes  received 46 bytes  total size 1397
[root@localhost ~]#

log file:指定日志文件。
pid file:指定pid文件,这个文件的作用涉及服务的启动、停止等进程管理操作。
address:指定启动rsyncd服务的IP。假如你的机器有多个IP,就可以指定由其中一个启动rsyncd服务,如果不指定该参数,默认是在全部IP上启动。
[]:指定模块名(刚刚用的test),里面内容自定义。
path:指定数据存放的路径。(我们指定了/tmp/rsync)
use chroot true|false:表示在传输文件前首先chroot到path参数所指定的目录下。这样做的原因是实现额外的安全防护,但缺点是需要以roots权限,并且不能备份指向外部的符号连接所指向的目录文件。默认情况下chroot值为true,如果你的数据当中有软连接文件,阿铭建议你设置成false。

实例
创建一个软链接文件12.txt 在rsync 下面

[root@localhost ~]# cd /tmp/rsync/
[root@localhost rsync]# ls
aiker-02.txt
[root@localhost rsync]# ln -s /etc/passwd ./12.txt
[root@localhost rsync]# ls -l
总用量 4
lrwxrwxrwx 1 root root   11 9月  15 00:04 12.txt -> /etc/passwd
rw-r--r-- 1 root root 1397 9月   3 14:37 aiker-02.txt
[root@localhost rsync]#

在终端2下

[root@aiker ~]# rsync -avP 172.16.22.221::test/  /tmp/test/
receiving incremental file list
./
12.txt -> /etc/passwd

sent 32 bytes  received 115 bytes  294.00 bytes/sec
total size is 1408  speedup is 9.58
[root@aiker ~]# 

[root@aiker ~]# ls -l /tmp/test
总用量 4
lrwxrwxrwx. 1 root root   11 9月  15 00:04 12.txt -> /etc/passwd
rw-r--r--. 1 root root 1397 9月   3 14:37 aiker-02.txt
[root@aiker ~]#

这是没问题的,同步完成了
先把 tem/test 里面文件删掉, 再来同步

[root@aiker ~]# rm -rf /tmp/test

[root@aiker ~]# rsync -avLP 172.16.22.221::test/  /tmp/test/
receiving incremental file list
symlink has no referent: "/12.txt" (in test)
created directory /tmp/test
./
aiker-02.txt
1397 100%    1.33MB/s    0:00:00 (xfer#1, to-check=0/2)

sent 48 bytes  received 1572 bytes  3240.00 bytes/sec
total size is 1397  speedup is 0.86
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1518) [generator=3.0.9]
[root@aiker ~]#

现在报错了,没有同步,那我们来看看日志

[root@localhost rsync]# cat /var/log/rsync.log
2018/01/14 22:26:50 [2927] rsyncd version 3.0.9 starting, listening on port 873
2018/01/14 22:56:55 [3172] name lookup failed for 172.16.22.220: Name or service not known
2018/01/14 22:56:55 [3172] connect from UNKNOWN (172.16.22.220)
2018/01/14 23:26:30 [3172] rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
2018/01/14 23:26:30 [3172] rsync error: error in rsync protocol data stream (code 12) at io.c(605) [Receiver=3.0.9]
2018/01/14 23:50:03 [3395] name lookup failed for 172.16.22.220: Name or service not known
2018/01/14 23:50:03 [3395] connect from UNKNOWN (172.16.22.220)
2018/01/14 23:50:09 [3395] auth failed on module test from unknown (172.16.22.220): unauthorized user
2018/01/14 23:50:51 [3402] name lookup failed for 172.16.22.220: Name or service not known
2018/01/14 23:50:51 [3402] connect from UNKNOWN (172.16.22.220)
2018/01/14 23:53:27 [3402] auth failed on module test from unknown (172.16.22.220): unauthorized user
2018/01/14 23:53:30 [3414] name lookup failed for 172.16.22.220: Name or service not known
2018/01/14 23:53:30 [3414] connect from UNKNOWN (172.16.22.220)
2018/01/14 15:53:30 [3414] rsync to test/aiker-02.txt from unknown (172.16.22.220)
2018/01/14 15:53:30 [3414] receiving file list
2018/01/14 15:53:30 [3414] sent 54 bytes  received 1489 bytes  total size 1397
2018/01/14 23:56:16 [3424] name lookup failed for 172.16.22.220: Name or service not known
2018/01/14 23:56:16 [3424] connect from UNKNOWN (172.16.22.220)
2018/01/14 15:56:16 [3424] rsync on test/aiker-02.txt from unknown (172.16.22.220)
2018/01/14 15:56:16 [3424] building file list
2018/01/14 15:56:16 [3424] sent 1519 bytes  received 46 bytes  total size 1397
2017/09/15 00:06:19 [3494] name lookup failed for 172.16.22.220: Name or service not known
2017/09/15 00:06:19 [3494] connect from UNKNOWN (172.16.22.220)
2018/01/14 16:06:19 [3494] rsync on test/aiker-02.txt from unknown (172.16.22.220)
2018/01/14 16:06:19 [3494] building file list
2018/01/14 16:06:19 [3494] sent 1519 bytes  received 46 bytes  total size 1397
2017/09/15 00:08:04 [3496] name lookup failed for 172.16.22.220: Name or service not known
2017/09/15 00:08:04 [3496] connect from UNKNOWN (172.16.22.220)
2018/01/14 16:08:04 [3496] rsync on test/ from unknown (172.16.22.220)
2018/01/14 16:08:04 [3496] building file list
2018/01/14 16:08:04 [3496] sent 130 bytes  received 33 bytes  total size 1408
2017/09/15 00:12:06 [3509] name lookup failed for 172.16.22.220: Name or service not known
2017/09/15 00:12:06 [3509] connect from UNKNOWN (172.16.22.220)
2018/01/14 16:12:06 [3509] rsync on test/ from unknown (172.16.22.220)
2018/01/14 16:12:06 [3509] building file list
2018/01/14 16:12:06 [3509] symlink has no referent: "/12.txt" (in test)
[root@localhost rsync]#

2018/01/14 16:12:06 [3509] symlink has no referent: "/12.txt" (in test)
去终端2上 没有同步过来,只有一个aiker-02.txt,

[root@aiker ~]# ls -l /tmp/test/
总用量 4
rw-r--r--. 1 root root 1397 9月   3 14:37 aiker-02.txt
[root@aiker ~]#

为什么没同步过来,就是因为这个文件 这里use chroot=true 了

[root@localhost rsync]# cat /etc/rsyncd.conf
# /etc/rsyncd: configuration file for rsync daemon mode

# See rsyncd.conf man page for more options.

# configuration example:

# uid = nobody
# gid = nobody
# use chroot = yes
# max connections = 4
# pid file = /var/run/rsyncd.pid
# exclude = lost+found/
# transfer logging = yes
# timeout = 900
# ignore nonreadable = yes
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2

# [ftp]
#        path = /home/ftp
#        comment = ftp export area
port=8730
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=172.16.22.221
[test]
path=/tmp/rsync
use chroot=true
max connections=4
read only=no
list=true
uid=root
gid=root
#auth users=test
#secrets file=/etc/rsyncd.passwd
hosts allow=172.16.22.220
[root@localhost rsync]#

把上面 use chroot=true 改成 chroot=false

[root@localhost rsync]# vim /etc/rsyncd.conf

# /etc/rsyncd: configuration file for rsync daemon mode

# See rsyncd.conf man page for more options.

# configuration example:

# uid = nobody
# gid = nobody
# use chroot = yes
# max connections = 4
# pid file = /var/run/rsyncd.pid
# exclude = lost+found/
# transfer logging = yes
# timeout = 900
# ignore nonreadable = yes
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2

# [ftp]
#        path = /home/ftp
#        comment = ftp export area
port=8730
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=172.16.22.221
[test]
path=/tmp/rsync
use chroot=false
插入 --

改好了之后,chroot 是不需要重启服务的 ,端口是不会变得

[root@localhost rsync]# netstat -lnpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1085/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1523/master         
tcp        0      0 172.16.22.221:873     0.0.0.0:*               LISTEN      2927/rsync          
tcp6       0      0 :::22                   :::*                    LISTEN      1085/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      1523/master         
[root@localhost rsync]#

再去终端2 同步下

[root@aiker ~]# rsync -avLP 172.16.22.221::test/  /tmp/test/
receiving incremental file list
12.txt
1397 100%    1.33MB/s    0:00:00 (xfer#1, to-check=1/3)

sent 45 bytes  received 1529 bytes  3148.00 bytes/sec
total size is 2794  speedup is 1.78
[root@aiker ~]# 

[root@aiker ~]# ls -l /tmp/test/
总用量 8
rw-r--r--. 1 root root 1397 9月   3 14:37 12.txt
rw-r--r--. 1 root root 1397 9月   3 14:37 aiker-02.txt
[root@aiker ~]#

下面我们来重新启动它 ,把端口改一下

[root@localhost rsync]# killall rsync
rsync: no process found
[root@localhost rsync]# ps aux |grep rsync
root       2356  0.0  0.0 112664   972 pts/0    R+   22:54   0:00 grep --color=auto rsync
[root@localhost rsync]# rsync --daemon
[root@localhost rsync]# !ps
ps aux |grep rsync
root       2366  0.0  0.0 114644   552 ?        Ss   22:54   0:00 rsync --daemon
root       2368  0.0  0.0 112664   976 pts/0    R+   22:55   0:00 grep --color=auto rsync
[root@localhost rsync]# 

[root@localhost rsync]# !net
netstat -lnpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1141/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1560/master         
tcp        0      0 172.16.22.221:8730    0.0.0.0:*               LISTEN      2366/rsync          
tcp6       0      0 :::22                   :::*                    LISTEN      1141/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      1560/master         
[root@localhost rsync]#

现在变成了 8730

再去客户端 终端2 下面 同步报错,了,因为873 端口根本就没有开放,所以要制定端口号为8730 

[root@aiker ~]# rsync -avLP 172.16.22.221::test/
rsync: failed to connect to 172.16.22.221 (172.16.22.221): No route to host (113)
rsync error: error in socket IO (code 10) at clientserver.c(122) [Receiver=3.0.9]
[root@aiker ~]#

--port 8730 制定端口号为8730
如果不成功就看下iptables -nvL 查看规则,记得systemctl stop firewalld 服务关掉,服务端客户端都是的

[root@aiker ~]# rsync -avLP --port 8730 172.16.22.221::test/ /tmp/test/
receiving incremental file list

sent 26 bytes  received 89 bytes  230.00 bytes/sec
total size is 2794  speedup is 24.30
[root@aiker ~]#

max connections:指定最大的连接数,默认是0,即没有限制。
read only ture|false:如果为true,则不能上传到该模块指定的路径下。
后面不跟模块名 ,它就会自动把模块名列出来

[root@aiker ~]# rsync --port=8730 172.16.22.221::test               
[root@aiker ~]#

打开服务端终端1 vi /etc/rsyncd.conf 把lish=true 改成 false ,list=false 再来看下

[root@localhost rsync]# vi /etc/rsyncd.conf

# [ftp]
#        path = /home/ftp
#        comment = ftp export area
port=8730
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=172.16.22.221
[test]
path=/tmp/rsync
use chroot=false
max connections=4
read only=no
list=false
uid=root
gid=root
#auth users=test
#secrets file=/etc/rsyncd.passwd
hosts allow=172.16.22.222
:wq

再来看下客户端 ,没有了模块名,
其实这个是一个安全选项,因为如果你要把模块名暴露可见的,如果你也没做其他安全限制,没有限制ip ,那对方就可以跟模块名,在你的文件里面 目录里面写数据,如果是网站上很重要的一个目录,还能够在线上能访问,它就给你上传一个***文件,执行后,你的机器就被黑了,所以可以改成false

[root@aiker ~]# rsync --port=8730 172.16.22.221::
[root@aiker ~]#

list:表示当用户查询该服务器上的可用模块时,该模块是否被列出,设定为true则列出,false则隐藏。
uid/gid:指定传输文件时以哪个用户/组的身份传输。
uid gid 都是root ,所以在传输的时候 ,它的身份也是root

[root@localhost rsync]# ls -l /tmp/rsync/
总用量 4
lrwxrwxrwx 1 root root   11 9月  15 00:04 12.txt -> /etc/passwd
-rw-r--r-- 1 root root 1397 9月   3 14:37 aiker-02.txt
[root@localhost rsync]#

把它删掉,删完之后重新定义uid gid 改为nobody (这是一个系统权限很小的用户)

[root@localhost rsync]# vim /etc/rsyncd.conf

port=8730
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=172.16.22.221
[test]
path=/tmp/rsync
use chroot=false
max connections=4
read only=no
list=false
uid=nobody
gid=nobody
#auth users=test
#secrets file=/etc/rsyncd.passwd
hosts allow=172.16.22.222
:wq             

[root@localhost rsync]# vim /etc/rsyncd.conf
[root@localhost rsync]# id nobody
uid=99(nobody) gid=99(nobody) 组=99(nobody)
[root@localhost rsync]#

再来客户端 终端2 同步下, 提示 Operation not permitted 

[root@aiker ~]# rsync -avP /tmp/test/ --port 8730 172.16.22.221::test/
sending incremental file list
./
rsync: failed to set times on "." (in test): Operation not permitted (1)
12.txt
        1397 100%    0.00kB/s    0:00:00 (xfer#1, to-check=1/3)
aiker-02.txt
        1397 100%    1.33MB/s    0:00:00 (xfer#2, to-check=0/3)

sent 2941 bytes  received 49 bytes  5980.00 bytes/sec
total size is 2794  speedup is 0.93
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1052) [sender=3.0.9]
[root@aiker ~]#

Operation not permitted 因为权限不够,nobody 写不了

[root@localhost rsync]# id nobody
uid=99(nobody) gid=99(nobody) 组=99(nobody)
[root@localhost rsync]# ls -ld
drwxrwxrwx 2 root root 40 9月  15 23:31 .
[root@localhost rsync]#

所以还需要改成root

[root@localhost rsync]# vim /etc/rsyncd.conf

port=8730
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=172.16.22.221
[test]
path=/tmp/rsync
use chroot=false
max connections=4
read only=no
list=false
uid=root
gid=root
#auth users=test
#secrets file=/etc/rsyncd.passwd
hosts allow=172.16.22.222
:wq

再去客户端终端2 更新下,就可以写了

[root@aiker ~]# rsync -avP /tmp/test/ --port 8730 172.16.22.221::test/
sending incremental file list
./

sent 67 bytes  received 17 bytes  168.00 bytes/sec
total size is 2794  speedup is 33.26
[root@aiker ~]# 

[root@localhost rsync]# ls -l 
总用量 8
-rw-r--r-- 1 root root 1397 9月   3 14:37 12.txt
-rw-r--r-- 1 root root 1397 9月   3 14:37 aiker-02.txt
[root@localhost rsync]#

auth users:指定传输时要使用的用户名。
secrets file:指定密码文件,该参数连同上面的参数如果不指定,则不使用密码验证。注意该密码文件的权限一定要是600。格式:用户名:密码

把密码文件注释部分给取消
auth users=test
secrets file=/etc/rsyncd.passwd

密码文件
权限改为600


port=8730
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=172.16.22.221
[test]
path=/tmp/rsync
use chroot=false
max connections=4
read only=no
list=false
uid=root
gid=root
auth users=test
secrets file=/etc/rsyncd.passwd
hosts allow=172.16.22.222
:wq         

[root@localhost rsync]# vim /etc/rsyncd.passwd

test:aiker
~                                                                                               

~                                                                                               
:wq     

[root@localhost rsync]# chmod 600 /etc/rsyncd.passwd

再去客户端 终端2 同步下

[root@aiker ~]# rsync -avP /tmp/test/ --port 8730 test@172.16.22.221::test/
Password: 
sending incremental file list

sent 58 bytes  received 8 bytes  18.86 bytes/sec
total size is 2794  speedup is 42.33
[root@aiker ~]#

加个文件 ,再来同步 1.txt 同步了

[root@aiker ~]# touch /tmp/test/1.txt
[root@aiker ~]# rsync -avP /tmp/test/ --port 8730 test@172.16.22.221::test/
Password: 
sending incremental file list
./
1.txt
           0 100%    0.00kB/s    0:00:00 (xfer#1, to-check=2/4)

sent 114 bytes  received 30 bytes  96.00 bytes/sec
total size is 2794  speedup is 19.40
[root@aiker ~]#

这个就是在传输的时候 指定用户密码,密码需要手动写,发现手动输入密码 写在脚本里不好,需要和用户打交道,交互的时候可以输入用户名密码,但是写到shell 脚本里, 要备份数据库,每天都要备份,很麻烦,
所以还有一个办法,在客户端 终端2 也定义一个密码文件

[root@aiker ~]# vi /etc/rsync_pass.txt

aiker

~                                                                                               
:wq

只写一个密码就行,这个和服务端那个密码文件格式不一样,客户端只写一个密码就行了,权限改成600

[root@aiker ~]# chmod 600 /etc/rsync_pass.txt

[root@aiker ~]# rsync -avP /tmp/test/ --port 8730 --password-file=/etc/rsync_pass.txt test@172.16.22.221::test/
sending incremental file list

sent 72 bytes  received 8 bytes  160.00 bytes/sec
total size is 2794  speedup is 34.92
[root@aiker ~]#

看现在是不是没有输入密码,再来创建一个文件,再同步看下2.txt同步了,这样就可以不用输入密码了

[root@aiker ~]# touch /tmp/test/2.txt
[root@aiker ~]# rsync -avP /tmp/test/ --port 8730 --password-file=/etc/rsync_pass.txt test@172.16.22.221::test/
sending incremental file list
./
2.txt
           0 100%    0.00kB/s    0:00:00 (xfer#1, to-check=1/5)

sent 128 bytes  received 30 bytes  316.00 bytes/sec
total size is 2794  speedup is 17.68
[root@aiker ~]#

[x] 当设置了auth users和secrets file后,客户端连服务端也需要用用户名密码了,若想在命令行中带上密码,可以设定一个密码文件
rsync -avL test@172.16.22.221::test/test1/ /tmp/test8/ --password-file=/etc/pass
其中/etc/pass内容就是一个密码,权限要改为600

hosts allow:表示被允许连接该模块的主机,可以是IP或者网段,如果是多个,中间用空格隔开。
用来定义你允许哪些机器去做同步,推,拉逗号,总得有一个机器连接你,这个选项,就是定义允许谁,哪个机器过来连他,如果是多个ip 那就写空格隔开 hosts allow=172.16.22.221 页可以写ip段172.16.20.0/22

10.34 linux系统日志

很多报错都是需要去查看日志,日志里会有信息,看日志非常的重要
/var/log/messages

[root@localhost ~]# ls /var/log/messages
/var/log/messages
[root@localhost ~]# less !$
less /var/log/messages
[root@localhost ~]# 
[root@localhost ~]# du -sh !$
du -sh /var/log/messages
2.5M    /var/log/messages
[root@localhost ~]# ls /var/log/messages*
/var/log/messages           /var/log/messages-20170829  /var/log/messages-20170910
/var/log/messages-20170820  /var/log/messages-20170903

/etc/logrotate.conf 日志切割配置文件

[root@localhost ~]# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly    (每周切割一次)

# keep 4 weeks worth of backlogs
rotate 4      (保留4个)

# create new (empty) log files after rotating old ones
create         (切割完了之后 创建一个新的文件)

# use date as a suffix of the rotated file
dateext

# uncomment this if you want your log files compressed
#compress         (压缩)

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d       (这个目录下面还有一些配置文件)

# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    minsize 1M
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp    (指定权限 ,属主属组)
    rotate 1
}

# system-specific logs may be also be configured here.
[root@localhost ~]# 
[root@localhost ~]# ls /etc/logrotate.d
chrony  ppp  syslog  wpa_supplicant  yum
[root@localhost ~]# cat /etc/logrotate.d/syslog
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
    missingok
    sharedscripts
    postrotate
    /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}
[root@localhost ~]#

参考https://my.oschina.net/u/2000675/blog/908189

dmesg命令
这个命令回车之后 ,会把系统里面的硬件相关的日志列出来,这个日志保存在内存中,并不是一个文件,假如硬盘损坏了,网卡有问题了,都会记录在这里,除了看var/log/messages 还要查看硬件的故障,错误,
命令dmesg -c 把这些日志先清空掉(再重启系统又会生成这些日志)
/var/log/dmesg 日志文件,这个日志和 命令dmesg 没有关联

last命令,调用的文件/var/log/wtmp

[root@localhost ~]# last
root     pts/1        172.16.22.220    Sat 1月 22 20:19 - 20:19  (00:00)    
root     pts/0        172.16.22.220    Sat 1月 22 20:19   still logged in   
root     tty1                          Sat 1月 22 20:18   still logged in   
reboot   system boot  3.10.0-514.el7.x Sat 1月 22 20:14 - 20:40  (00:25)    
root     pts/0        172.16.22.220    Fri Sep 15 22:47 - 00:35  (01:48)    
root     tty1                          Fri Sep 15 22:46 - 00:36  (01:49)    
reboot   system boot  3.10.0-514.el7.x Fri Sep 15 22:46 - 00:36  (01:49)    
root     pts/0        172.16.22.220    Thu Sep 14 21:00 - crash (1+01:46)   
root     tty1                          Thu Sep 14 20:59 - 00:27  (03:28)    
reboot   system boot  3.10.0-514.el7.x Thu Sep 14 20:51 - 00:36 (1+03:44)   

[root@localhost ~]# ls /var/log/wtmp
/var/log/wtmp
[root@localhost ~]#

lastb命令查看登录失败的用户,对应的文件时/var/log/btmp 这个也是不能直接cat 的,它是一个二进制的文件

[root@localhost ~]# ls /var/log/btmp
/var/log/btmp
[root@localhost ~]#

/var/log/secure 安全日志

[root@localhost ~]# ls /var/log/secure
/var/log/secure
[root@localhost ~]#

实验,客户端2 尝试登录 服务端 1
1.先设置一个动态查看/var/log/secure/文件

[root@localhost ~]# tail -f /var/log/secure
1月 22 20:15:13 localhost polkitd[481]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
1月 22 20:15:49 localhost sshd[1073]: Server listening on 0.0.0.0 port 22.
1月 22 20:15:49 localhost sshd[1073]: Server listening on :: port 22.
1月 22 20:18:51 localhost login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
1月 22 20:18:51 localhost login: ROOT LOGIN ON tty1
1月 22 20:19:09 localhost sshd[2317]: Accepted publickey for root from 172.16.22.220 port 49438 ssh2: RSA 62:b0:d7:04:7d:c9:3c:ba:5b:e0:e8:e9:dd:c6:db:7b
1月 22 20:19:09 localhost sshd[2317]: pam_unix(sshd:session): session opened for user root by (uid=0)
1月 22 20:19:17 localhost sshd[2340]: Accepted publickey for root from 172.16.22.220 port 49439 ssh2: RSA 62:b0:d7:04:7d:c9:3c:ba:5b:e0:e8:e9:dd:c6:db:7b
1月 22 20:19:17 localhost sshd[2340]: pam_unix(sshd:session): session opened for user root by (uid=0)
1月 22 20:19:21 localhost sshd[2340]: pam_unix(sshd:session): session closed for user root

2.再去终端2 尝试登录 服务端1


[root@aiker ~]# ssh 172.16.22.221
Last login: Sat 1月 22 20:19:17 2017 from 172.16.22.220

服务端1 有更新信息


1月 22 20:51:55 localhost sshd[2585]: Accepted publickey for root from 172.16.22.220 32 port 35894 ssh2: RSA 8f:33:a7:03:62:b6:5a:56:34:42:b4:e9:e9:1a:e1:e8
1月 22 20:51:55 localhost sshd[2585]: pam_unix(sshd:session): session opened for user root by (uid=0)

这时候把秘钥清掉


[root@localhost ~]# vi .ssh/authorized_keys

##aiker
#ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK5yZBSsOsWDn3jXFScS6JiYsQGY3kFcd***A1v0+DjeVdKy2SVCCrNWc23HRDxJpoVw88Y67pzj/raU/aSrk1FSYdWoiAaDhqshw+8dJ39qMaMdHkmuBzzHpGNNxCLAGvDPBxA+taPeoUIqElAgd3g/uuhic+anZOVVlIEwBUQV20qmWwzYKYXI3ASL8r5rujE5MVAVtQvrrq/5VHC/0YpGndBtVWUOAte0AnpZyEIDqlBDepvcsno25hk8sONQq4XGl3vI672fgxxDoaWgfgKuiKukftMDZehCURkEqLUD3SJKcKYlvcW04vbQ7N3tNMXxsBYM1SoD5C8zZkY/GX root@aminglinux-0
~                                                                                               

~                                                                                               
:wq

再来看

[root@localhost ~]# vi .ssh/authorized_keys 
[root@localhost ~]# tail -f /var/log/secure
1月 22 20:15:49 localhost sshd[1073]: Server listening on :: port 22.
1月 22 20:18:51 localhost login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
1月 22 20:18:51 localhost login: ROOT LOGIN ON tty1
1月 22 20:19:09 localhost sshd[2317]: Accepted publickey for root from 172.16.22.220 port 49438 ssh2: RSA 62:b0:d7:04:7d:c9:3c:ba:5b:e0:e8:e9:dd:c6:db:7b
1月 22 20:19:09 localhost sshd[2317]: pam_unix(sshd:session): session opened for user root by (uid=0)
1月 22 20:19:17 localhost sshd[2340]: Accepted publickey for root from 172.16.22.220 port 49439 ssh2: RSA 62:b0:d7:04:7d:c9:3c:ba:5b:e0:e8:e9:dd:c6:db:7b
1月 22 20:19:17 localhost sshd[2340]: pam_unix(sshd:session): session opened for user root by (uid=0)
1月 22 20:19:21 localhost sshd[2340]: pam_unix(sshd:session): session closed for user root
1月 22 20:51:55 localhost sshd[2585]: Accepted publickey for root from 172.16.22.22032 port 35894 ssh2: RSA 8f:33:a7:03:62:b6:5a:56:34:42:b4:e9:e9:1a:e1:e8
1月 22 20:51:55 localhost sshd[2585]: pam_unix(sshd:session): session opened for user root by (uid=0)

再去客户端2 尝试登录服务端1 故意把密码输错

[root@localhost ~]# 登出

[root@aiker ~]# ssh 172.16.22.221
root@172.16.22.221's password: 
Permission denied, please try again.
root@172.16.22.221's password: 

再去服务端1 看下文件,发现多了几行信息

1月 22 20:57:49 localhost sshd[2585]: Received disconnect from 172.16.22.22032: 11: disconnected by user
1月 22 20:57:49 localhost sshd[2585]: pam_unix(sshd:session): session closed for user root
1月 22 20:58:11 localhost sshd[2665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.22.22032  user=root
1月 22 20:58:11 localhost sshd[2665]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
1月 22 20:58:13 localhost sshd[2665]: Failed password for root from 172.16.22.220 32 port 35898 ssh2

10.35 screen工具

可以认为是一个虚拟的终端

为了不让一个进程意外中断
nohup command &

现在有个需求,执行一个脚本,这个脚本执行时间很长,可能一天一夜,而且这个脚本会输出一些东西出来,意味着这个脚本不能中途中断, 我们登录服务器是网络操作的,如果网络中段, 为了保证一天一夜的脚本不能中断,为了保证中途不出差错,但是我们不敢保证,因为我不可能一天一夜不睡觉,
有俩个办法,第一个办法 把这个任务丢到后台去,加个日志的输出,虽然没有输出到屏幕上,输出到日志里也可以,
执行命令 加上 日志 加上& ,(命 令 nohup command & ) 丢到后台去,即使你的终端断开,它依然会在后台执行
虽然解决了防止任务中断 的问题,但是没有办法实时查看任务输出的东西,毕竟在后台,是可以写一个日志,但是能不能保证写在屏幕上输出的内容看到呢?

有没有一种终端 让我们的任务一直执行,随时把这个终端退出,临时放到后台去也可以,随时想调回来也可以,这个工具就是screen , 说白了就是虚拟终端,可以在退出远程终端pts 1 pts0 远程终端之前, 先把这个screen 丢到后台去,随时用 随时调出来

screen是一个虚拟终端
首先安装screen命令, yum install -y screen

[root@localhost ~]# yum install -y screen
已加载插件:fastestmirror
base                                                                     | 3.6 kB  00:00:00     
epel/x86_64/metalink                                                     | 6.5 kB  00:00:00     
epel                                                                     | 4.3 kB  00:00:00  

已安装:
  screen.x86_64 0:4.1.0-0.23.20120314git3c2946.el7_2                                            

完毕!
[root@localhost ~]#

安装完之后,screen直接回车就进入了虚拟终端

ctral a组合键再按d退出虚拟终端,但不是结束
screen -ls 查看虚拟终端列表

[root@localhost ~]# screen
[detached from 2822.pts-0.localhost]
[root@localhost ~]# screen -ls
There is a screen on:
    2822.pts-0.localhost    (Detached)
1 Socket in /var/run/screen/S-root.

[root@localhost ~]#
  • 想要回去看下
    screen -r id 进入指定的终端

[root@localhost ~]# screen -r 2822
[screen is terminating]
[root@localhost ~]# screen -ls
No Sockets found in /var/run/screen/S-root.

[root@localhost ~]#

现在弄三个screen

[root@localhost ~]# screen
[detached from 2854.pts-0.localhost]
[root@localhost ~]# screen
[detached from 2871.pts-0.localhost]
[root@localhost ~]# screen
[detached from 2888.pts-0.localhost]
[root@localhost ~]# screen -ls
There are screens on:
    2888.pts-0.localhost    (Detached)
    2871.pts-0.localhost    (Detached)
    2854.pts-0.localhost    (Detached)
3 Sockets in /var/run/screen/S-root.

[root@localhost ~]#
  • 想进其中一个 直接 screen -r id 就可以了,数字不同,后面都一样,太难区分了,不知道哪一个screen 运行了什么东西,实际上可以自定义一个名字

命令screen -S aikera 自定义一个名字
screen -r aikera 进入得时候 加自定义的名字,也可以加id

[root@localhost ~]# screen -S "test_screen"
[detached from 2942.test_screen]
[root@localhost ~]# screen -ls
There are screens on:
    2942.test_screen    (Detached)
    2888.pts-0.localhost    (Detached)
    2871.pts-0.localhost    (Detached)
    2854.pts-0.localhost    (Detached)
4 Sockets in /var/run/screen/S-root.

[root@localhost ~]# 

[root@localhost ~]# sleep 100
[root@localhost ~]# ^C
[root@localhost ~]# 

 分别进入screen 使用命令 exit 退出screen

[root@localhost ~]# screen -r 2942
[screen is terminating]
[root@localhost ~]# screen -r 2888
[screen is terminating]
[root@localhost ~]# screen -r 2871
[screen is terminating]
[root@localhost ~]# screen -r 2854
[screen is terminating]
[root@localhost ~]# screen -ls
No Sockets found in /var/run/screen/S-root.
[root@localhost ~]#

扩展

1. Linux日志文件总管logrotate

logrotate是个十分有用的工具,它可以自动对日志进行截断(或轮循)、压缩以及删除旧的日志文件。例如,你可以设置logrotate,让/var/log/foo日志文件每30天轮循,并删除超过6个月的日志。配置完后,logrotate的运作完全自动化,不必进行任何进一步的人为干预。另外,旧日志也可以通过电子邮件发送,不过该选项超出了本教程的讨论范围。

主流Linux发行版上都默认安装有logrotate包,如果出于某种原因,logrotate没有出现在里头,你可以使用apt-get或yum命令来安装。

在Debian或Ubuntu上:

#apt-get install logrotate cron

在Fedora,CentOS或RHEL上:

#yum install logrotate crontabs

logrotate的配置文件是/etc/logrotate.conf,通常不需要对它进行修改。日志文件的轮循设置在独立的配置文件中,它(们)放在/etc/logrotate.d/目录下。

样例一
在第一个样例中,我们将创建一个10MB的日志文件/var/log/log-file。我们将展示怎样使用logrotate来管理该日志文件。

我们从创建一个日志文件开始吧,然后在其中填入一个10MB的随机比特流数据。

#touch /var/log/log-file
#head -c 10M < /dev/urandom > /var/log/log-file
由于现在日志文件已经准备好,我们将配置logrotate来轮循该日志文件。让我们为该文件创建一个配置文件。

#vim /etc/logrotate.d/log-file 
/var/log/log-file {
    monthly
    rotate 5
    compress
    delaycompress
    missingok
    notifempty
    create 644 root root
    postrotate
        /usr/bin/killall -HUP rsyslogd
    endscript
}

这里:

monthly: 日志文件将按月轮循。其它可用值为‘daily’,‘weekly’或者‘yearly’。
rotate 5: 一次将存储5个归档日志。对于第六个归档,时间最久的归档将被删除。
compress: 在轮循任务完成后,已轮循的归档将使用gzip进行压缩。
delaycompress: 总是与compress选项一起用,delaycompress选项指示logrotate不要将最近的归档压缩,压缩将在下一次轮循周期进行。这在你或任何软件仍然需要读取最新归档时很有用。
missingok: 在日志轮循期间,任何错误将被忽略,例如“文件无法找到”之类的错误。
notifempty: 如果日志文件为空,轮循不会进行。
create 644 root root: 以指定的权限创建全新的日志文件,同时logrotate也会重命名原始日志文件。
postrotate/endscript: 在所有其它指令完成后,postrotate和endscript里面指定的命令将被执行。在这种情况下,rsyslogd 进程将立即再次读取其配置并继续运行。
上面的模板是通用的,而配置参数则根据你的需求进行调整,不是所有的参数都是必要的。

样例二
在本例中,我们只想要轮循一个日志文件,然而日志文件大小可以增长到50MB。

#vim /etc/logrotate.d/log-file 
/var/log/log-file {
    size=50M
    rotate 5
    create 644 root root
    postrotate
        /usr/bin/killall -HUP rsyslogd
    endscript
}

样例三
我们想要让旧日志文件以创建日期命名,这可以通过添加dateext常熟实现。

#vim
 /etc/logrotate.d/log-file 
/var/log/log-file {
    monthly
    rotate 5
    dateext
    create 644 root root
    postrotate
        /usr/bin/killall -HUP rsyslogd
    endscript
}

这将让归档文件在它们的文件名中包含日期信息。

排障
这里提供了一些logrotate设置的排障提示。

  1. 手动运行logrotate
    logrotate可以在任何时候从命令行手动调用。

要调用为/etc/lograte.d/下配置的所有日志调用logrotate:

#logrotate /etc/logrotate.conf

要为某个特定的配置调用logrotate:

#logrotate /etc/logrotate.d/log-file
  1. 演练
    排障过程中的最佳选择是使用‘-d’选项以预演方式运行logrotate。要进行验证,不用实际轮循任何日志文件,可以模拟演练日志轮循并显示其输出。
#logrotate -d /etc/logrotate.d/log-file

正如我们从上面的输出结果可以看到的,logrotate判断该轮循是不必要的。如果文件的时间小于一天,这就会发生了。

  1. 强制轮循
    即使轮循条件没有满足,我们也可以通过使用‘-f’选项来强制logrotate轮循日志文件,‘-v’参数提供了详细的输出。
#logrotate -vf /etc/logrotate.d/log-file 
reading config file /etc/logrotate.d/log-file
reading config info for /var/log/log-file

Handling 1 logs

rotating pattern: /var/log/log-file  forced from command line (5 rotations)
empty log files are rotated, old logs are removed
considering log /var/log/log-file
  log needs rotating
rotating log /var/log/log-file, log->rotateCount is 5
dateext suffix '-20140916'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
renaming /var/log/log-file.5.gz to /var/log/log-file.6.gz (rotatecount 5, logstart 1, i 5),
old log /var/log/log-file.5.gz does not exist
renaming /var/log/log-file.4.gz to /var/log/log-file.5.gz (rotatecount 5, logstart 1, i 4),
old log /var/log/log-file.4.gz does not exist
. . .
renaming /var/log/log-file.0.gz to /var/log/log-file.1.gz (rotatecount 5, logstart 1, i 0),
old log /var/log/log-file.0.gz does not exist
log /var/log/log-file.6.gz doesn't exist -- won't try to dispose of it
renaming /var/log/log-file to /var/log/log-file.1
creating new /var/log/log-file mode = 0644 uid = 0 gid = 0
running postrotate script
compressing log with: /bin/gzip
  1. Logrotate的记录日志
    logrotate自身的日志通常存放于/var/lib/logrotate/status目录。如果处于排障目的,我们想要logrotate记录到任何指定的文件,我们可以指定像下面这样从命令行指定。
#logrotate -vf –s /var/log/logrotate-status /etc/logrotate.d/log-file
  1. Logrotate定时任务
    logrotate需要的cron任务应该在安装时就自动创建了,我把cron文件的内容贴出来,以供大家参考。
#cat /etc/cron.daily/logrotate 
#!/bin/sh

#Clean non existent log file entries from status file
cd /var/lib/logrotate
test -e status || touch status
head -1 status > status.clean
sed 's/"//g' status | while read logfile date
do
    [ -e "$logfile" ] && echo "\"$logfile\" $date"
done >> status.clean
mv status.clean status

test -x /usr/sbin/logrotate || exit 0
/usr/sbin/logrotate /etc/logrotate.conf

小结一下,logrotate工具对于防止因庞大的日志文件而耗尽存储空间是十分有用的。配置完毕后,进程是全自动的,可以长时间在不需要人为干预下运行。本教程重点关注几个使用logrotate的几个基本样例,你也可以定制它以满足你的需求。

2. xargs用法详解

  1. 简介

    之所以能用到这个命令,关键是由于很多命令不支持|管道来传递参数,而日常工作中有有这个必要,所以就有了xargs命令,例如:

find /sbin -perm +700 |ls -l 这个命令是错误的

find /sbin -perm +700 |xargs ls -l 这样才是正确的

xargs 可以读入 stdin 的资料,并且以空白字元或断行字元作为分辨,将 stdin 的资料分隔成为 arguments 。 因为是以空白字元作为分隔,所以,如果有一些档名或者是其他意义的名词内含有空白字元的时候, xargs 可能就会误判了~他的用法其实也还满简单的!就来看一看先!

  1. 选项解释

-0 当sdtin含有特殊字元时候,将其当成一般字符,想/'空格等

例如:

root@localhost:~/test#echo "//"|xargs  echo 

      root@localhost:~/test#echo "//"|xargs -0 echo 

       /

-a file 从文件中读入作为sdtin,(看例一)

-e flag ,注意有的时候可能会是-E,flag必须是一个以空格分隔的标志,当xargs分析到含有flag这个标志的时候就停止。(例二)

-p 当每次执行一个argument的时候询问一次用户。(例三)

-n num 后面加次数,表示命令在执行的时候一次用的argument的个数,默认是用所有的。(例四)

-t 表示先打印命令,然后再执行。(例五)

-i 或者是-I,这得看linux支持了,将xargs的每项名称,一般是一行一行赋值给{},可以用{}代替。(例六)

-r no-run-if-empty 当xargs的输入为空的时候则停止xargs,不用再去执行了。(例七)

-s num 命令行的最好字符数,指的是xargs后面那个命令的最大命令行字符数。(例八)

-L num Use at most max-lines nonblank input lines per command line.-s是含有空格的。

-l 同-L

-d delim 分隔符,默认的xargs分隔符是回车,argument的分隔符是空格,这里修改的是xargs的分隔符(例九)

-x exit的意思,主要是配合-s使用。

-P 修改最大的进程数,默认是1,为0时候为as many as it can ,这个例子我没有想到,应该平时都用不到的吧。

  1. 应用举例

例一:

root@localhost:~/test#cat test 

#!/bin/sh

echo "hello world/n"

root@localhost:~/test#xargs -a test echo

#!/bin/sh echo hello world/n

root@localhost:~/test#

例二:

root@localhost:~/test#cat txt

/bin tao shou kun

root@localhost:~/test#cat txt|xargs -E 'shou' echo

/bin tao

root@localhost:~/test#

例三:

root@localhost:~/test#cat txt|xargs -p echo

echo /bin tao shou kun ff ?...y

/bin tao shou kun ff

例四:

root@localhost:~/test#cat txt|xargs -n1 echo

/bin

tao

shou

kun

root@localhost:~/test3#cat txt|xargs  echo

/bin tao shou kun

例五:

root@localhost:~/test#cat txt|xargs -t echo

echo /bin tao shou kun 

/bin tao shou kun

例六:

$ ls | xargs -t -i mv {} {}.bak

例七:

root@localhost:~/test#echo ""|xargs -t mv

mv 

mv: missing file operand

Try `mv --help' for more information.

root@localhost:~/test#echo ""|xargs -t -r  mv

root@localhost:~/test#

(直接退出)

例八:

root@localhost:~/test#cat test |xargs -i -x  -s 14 echo "{}"

exp1

exp5

file

xargs: argument line too long

linux-2

root@localhost:~/test#

例九:

root@localhost:~/test#cat txt |xargs -i -p echo {}

echo /bin tao shou kun ?...y

root@localhost:~/test#cat txt |xargs -i -p -d " " echo {}

echo /bin ?...y

echo tao ?.../bin

y

echo shou ?...tao

再如:

root@localhost:~/test#cat test |xargs -i -p -d " " echo {}

echo exp1

exp5

file

linux-2

ngis_post

tao

test

txt

xen-3

 ?...y

root@localhost:~/test#cat test |xargs -i -p echo {}

echo exp1 ?...y

echo exp5 ?...exp1

y

echo file ?...exp5

y

转载于:https://blog.51cto.com/235571/2114162

weixin_34245082
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Iptables应用
zt_96123的博客
02-12 2198
一 、防火墙的分类 1 、包过滤防火墙。 数据包过滤(packet Filtering)技术是在网络层对数据包进行选择,选择的依据是系统内设置的过滤逻辑,称为访问控制表(access control lable,ACL)。通过检查数据流中每个数据包的源地址和目的地址,所用的端口号和协议状态等因素,或他们的组合来确定是否允许该数据包通过。 包过滤防火墙的优点是它对用户来说是透明的,处理速度快且易于维...
linux vip切换后不通,keepalived主备节点都配置vipvip切换异常案例分析
weixin_39759995的博客
05-12 1433
keepalived主备节点都配置vipvip切换异常案例分析keepalived主备节点都配置vip,vip切换异常案例分析故障现象:主机名director-Adirector-BIP192.168.14.128192.168.14.131默认主备MASTERBACKUP优先级9080VIP为 192.168.14.201先启动主节点keepalived服务,后启动备节点keepalived,发...
docker publish 端口和iptables 问题
10-13 1449
iptables -t nat -nvL DOCKER Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 20 1200 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 0 0 DNAT
centos6,7 防火墙管理
eyeofeagle的博客
08-20 1438
1, 添加规则:开放端口 2,删除规则 #1,查看现有的防火墙规则 [root@s111 ~]# iptables -L -n --line-numbers Chain INPUT (policy DROP) num target prot opt source destination 1 ACCEPT all -- 0.0...
iptables总结存档
u011635437的博客
06-28 906
目前我的工作已经比较少去使用linux防火墙了,机房分多区域,生产都在内网使用,庞大的系统也已经无法使用linux的防火墙来隔离机器之间的网络访问关系。iptables的结构由表Tables,链Chains,规则Rules三部分组成。 首先是iptables的表(tables)与链(chains) iptables有Filter, NAT, Mangle, Raw四种内建表: (1). Filter表 Filter是iptables的默认表,它有如下三种内建的链(chains): OUTPUT链 : 就是处
河南省信阳市淮滨县2018中考数学周考试卷2018年420pdf
09-09
8. 概率计算:第八题计算了从有红球和绿球的袋子中连续摸球两次都摸到红球的概率,概率为3/5。 9. 二次函数与根的性质:第九题通过二次函数的图像判断其方程的根的和,由图像可知根的和为零。 10. 等边三角形的...
河南省信阳市淮滨县2018中考数学周考试卷2018年316pdf
09-09
8. 二次函数的顶点坐标与概率:第八题是概率问题,需要找出二次函数顶点在坐标轴上的情况。二次函数y=mx^2+n的顶点坐标为(-n/m, 0)或(0, n),根据题目中给出的数,计算出每种情况的概率。 9. 几何最值问题:第九题...
河南省登封市第一高级中学2018_2019学年高一地理上学期第三次双周考试题
08-05
9. 太阳高度角变化:622为夏至,北半球各地太阳高度达到一年中最大,所以对应于622的夹角应是最小,故选②。 10. 节气判断:根据落时间和气温变化,可以推断接近春分,因为春分前后昼夜接近等长,...
2021-2022收藏资料人教版九年级上册数学期中考试试卷43095.doc
09-26
5. **图形旋转**:第五题考察图形旋转的知识,询问哪种图形旋转180度后仍保持不变,这涉及到基本的几何图形性质。 6. **圆的性质**:第六题与圆的性质相关,给出了一个圆的内接三角形,根据圆周角定理,可以求出∠C...
江苏省苏州市外国语学校2020-2021学年高一上学期123数学周测(十二) 含答案.doc
09-12
15. **不等式的恒成立问题**:第十五题是关于不等式$x^2+2x-a>0$对所有$x\in[1,+\infty)$都成立的条件,需要考虑二次函数的开口方向和对称轴。 16. **幂函数和函数值域的性质**:第十六题是关于幂函数和函数值域的...
linux 防火墙规则 备份,iptables规则备份恢复,firewalld的9个zone
weixin_39812046的博客
05-13 239
[root@zgxlinux-01 ~]# systemctl disable iptables[root@zgxlinux-01 ~]# systemctl stop iptables[root@zgxlinux-01 ~]# system enable fierwalld-bash: system: 未找到命令[root@zgxlinux-01 ~]# systemctl enable fie...
深入理解firewalld设置防火墙
chenxiangneu的博客
05-02 2517
关于firewalld防火墙设置的博客很多,但都是介绍它的使用方法或者使用规则,但并不是知道了firewall-cmd命令的使用就能够很好地设置防火墙规则,本人也是在使用的过程中就遇到过“明明设置了规则,但就是没有生效的情况”,因此有必要深入地理解firewalld的工作方式。 下面给出本人在实际工作中遇到的一种情况,我们将通过这个场景来深入理解firewalld的工作过程。 在上面的使用...
iptables
death_kada的博客
06-17 2622
一.概述 iptables利用数据包过滤机制,根据数据包的分析资料“比对”预先定义的规则,若数据包数据与规则内容相同则进行相应的动作,否则比对下一条规则,类似于网络设备中的ACL。 二.iptables的表格(table)与链(chain) 1.Linux的iptables至少有三个table:包括管理本机进出的Filter、管理后端主机(防火墙内部的其他计算机)的NAT、管理特殊标
centos7 在iptables中增加通行端口
热门推荐
勿忘初心
05-02 1万+
查看:iptables -L -n修改 : iptables -I IN_public_allow -p tcp --dport 8080 -j ACCEPT原文地址:http://www.jianshu.com/p/7b38b8cebc61 作者:jiankunking 出处:http://blog.csdn.net/jiankunking
java工程远程Linux服务器上的Mysql
tiandicx3441的博客
07-10 665
首先,我是通过Navicat远程连接数据库,使用了SSH配置。当然连接也是成功的! 但是,当我通过java工程,使用Mysql的驱动来连接时,就连接不上了,报错Communications link failure。 后面发现是防火墙端口没有开。Linux发行版:CentOS7 要打开防火墙,就先要去/etc/sysconfig下找到iptables文件,修改它添加上对应端口即可。 这里可以
八周三次
weixin_33726313的博客
01-29 98
2019独角兽企业重金招聘Python工程师标准>>> ...
学习笔记0420----文件同步工具-rsync
嘻哈记的运维学习之路
04-20 690
1.rsync工具介绍 Linux系统下有很多数据备份工具, 常用的是rsync,从字面意思理解为remote sync (远程同步). rsync不仅可以远程同步数据(类似于scp),而且可以本地同步数据(类似于cp),但不同于cp或者scp的一点是, 它不会覆盖以前的数据 (如果数据已经存在),而是先判断已经存在的数据和新数据的差异,只有数据不同时才会把不相同的部分覆盖。 Rsync是-款快速...
【9.27】运维——firewalld
张森纳的博客
09-26 387
10.20 firewalld的9个zone 10.21 firewalld关于zone的操作 10.22 firewalld关于service的操作
zabbix访问失败排查(磁盘空间不足防火墙有问题)
weixin_40018205的博客
02-19 576
//发现磁盘空间不足 [root@zabbix ~]# df -h Filesystem               Size  Used Avail Use% Mounted on /dev/mapper/centos-root   40G   40G   44K 100% / devtmpfs                 3.9G     0  3.9G   0% /dev tmpfs  ...
matlab计算三次根号下负八得到-2
最新发布
06-07
三次根号下负八的值为-2,也就是说,执行以下matlab命令可以得到这个结果: ``` x = (-8)^(1/3) ``` 在matlab中,^(1/3)表示三次方根运算,(-8)表示负八。执行这条命令后,matlab会自动计算出三次根号下负八的值,...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值