Linux 常用命令
文件和目录管理:
-
ls
: 列出当前目录的内容。模拟执行:
plaintextCopy code $ ls Desktop Documents Downloads Music Pictures Videos
-
cd
: 切换当前目录。模拟执行:
plaintextCopy code $ cd Documents $ pwd /home/username/Documents
-
pwd
: 显示当前工作目录的完整路径。模拟执行:
plaintextCopy code $ pwd /home/username/Documents
-
mkdir
: 创建新目录。模拟执行:
plaintextCopy code $ mkdir NewFolder $ ls Desktop Documents Downloads Music NewFolder Pictures Videos
-
rmdir
: 删除空目录。模拟执行:
plaintextCopy code $ rmdir NewFolder $ ls Desktop Documents Downloads Music Pictures Videos
-
rm
: 删除文件或目录。模拟执行(示例删除文件file1.txt):
plaintextCopy code $ rm file1.txt
-
cp
: 复制文件或目录。模拟执行(示例复制文件file1.txt为file1_copy.txt):
plaintextCopy code $ cp file1.txt file1_copy.txt
-
mv
: 移动文件或目录,或重命名。模拟执行(示例将文件file1_copy.txt移动到另一个目录):
plaintextCopy code $ mv file1_copy.txt /path/to/destination/
-
cat
: 查看文件内容。模拟执行:
plaintextCopy code $ cat file1.txt This is the content of file1.txt.
-
more
orless
: 分页查看文件内容。模拟执行:
plaintextCopy code $ more file1.txt This is the content of file1.txt. ... Press q to quit.
-
head
: 显示文件开头部分内容。模拟执行:
plaintextCopy code $ head -n 5 file1.txt Line 1 of file1.txt Line 2 of file1.txt Line 3 of file1.txt Line 4 of file1.txt Line 5 of file1.txt
-
tail
: 显示文件末尾部分内容。模拟执行:
plaintextCopy code $ tail -n 5 file1.txt Line 6 of file1.txt Line 7 of file1.txt Line 8 of file1.txt Line 9 of file1.txt Line 10 of file1.txt
权限管理:
-
chmod
: 修改文件权限。模拟执行(示例将文件file1.txt设置为只读):
plaintextCopy code $ chmod 400 file1.txt
-
chown
: 修改文件所有者。模拟执行(示例将文件file1.txt的所有者改为新用户):
plaintextCopy code $ chown newuser file1.txt
-
chgrp
: 修改文件所属组。模拟执行(示例将文件file1.txt的所属组改为newgroup):
plaintextCopy code $ chgrp newgroup file1.txt
系统和进程管理:
-
ps
: 显示当前进程状态。模拟执行:
plaintextCopy code $ ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.1 162908 9532 ? Ss Mar27 0:03 /sbin/init ...
-
top
: 实时显示系统资源使用情况。模拟执行:
plaintextCopy code $ top
-
kill
: 终止进程。模拟执行(示例终止进程ID为1234的进程):
plaintextCopy code $ kill 1234
网络管理:
-
ifconfig
orip
: 显示网络配置信息。模拟执行:
plaintextCopy code $ ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255 ...
-
ping
: 向指定的主机发送 ICMP 回显请求。模拟执行(示例Ping谷歌):
plaintextCopy code $ ping www.google.com PING www.google.com (216.58.192.4) 56(84) bytes of data. 64 bytes from 216.58.192.4: icmp_seq=1 ttl=117 time=10.2 ms ...
-
traceroute
ortracepath
: 显示数据包从本地主机到目标主机的路径。模拟执行(示例Traceroute谷歌):
plaintextCopy code $ traceroute www.google.com traceroute to www.google.com (216.58.192.4), 30 hops max, 60 byte packets 1 gateway (192.168.1.1) 1.234 ms 1.456 ms 1.678 ms ...
-
netstat
: 显示网络连接、路由表等信息。模拟执行:
plaintextCopy code $ netstat -tuln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN ...
其他实用工具:
-
grep
: 在文件中搜索指定模式。模拟执行(示例在文件中搜索关键词):
plaintextCopy code $ grep "keyword" file1.txt
-
find
: 在文件系统中查找文件。模拟执行(示例查找所有以.txt结尾的文件):
plaintextCopy code $ find /path/to/search -name "*.txt"
-
df
: 显示磁盘空间使用情况。模拟执行:
plaintextCopy code $ df -h Filesystem Size Used Avail Use% Mounted on /dev/sda1 20G 10G 10G 50% /
-
du
: 显示文件或目录的磁盘使用情况。模拟执行:
plaintextCopy code $ du -sh /path/to/directory 5.2G /path/to/directory
-
ssh
: 安全登录远程主机。模拟执行(示例登录到远程主机):
plaintextCopy code $ ssh username@remote_host
-
scp
: 在本地主机和远程主机之间安全地复制文件。模拟执行(示例从本地复制文件到远程主机):
plaintextCopy code $ scp file1.txt username@remote_host:/path/to/destination/
-
rsync
: 远程文件同步工具。模拟执行:
plaintextCopy code $ rsync -avz /path/to/source/ username@remote_host:/path/to/destination/
-
wget
: 下载文件。模拟执行(示例下载文件):
plaintextCopy code $ wget http://example.com/file.zip
-
tar
: 打包和解压文件。模拟执行(示例解压缩文件):
plaintextCopy code $ tar -xzvf file.tar.gz
-
uname
: 显示系统信息。模拟执行:
plaintextCopy code $ uname -a Linux ubuntu 5.4.0-1047-aws #49-Ubuntu SMP Wed Mar 24 01:34:12 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
-
iptables
: 配置防火墙规则。模拟执行:
plaintextCopy code $ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
-
journalctl
: 查看系统日志。模拟执行:
plaintextCopy code $ journalctl -xe Mar 27 13:15:01 ubuntu CRON[1234]: (root) CMD (command to run) ...
-
history
: 显示最近执行过的命令历史。模拟执行:
plaintextCopy code $ history 1 ls 2 cd Documents 3 vim file1.txt 4 sudo apt-get update ...
网络安全常用命令
网络扫描和侦察:
-
nmap
: 扫描目标主机的开放端口和服务。模拟执行(示例扫描目标主机):
plaintextCopy code $ nmap -sV target_host Starting Nmap 7.80 ( https://nmap.org ) at 2024-03-27 15:00 UTC Nmap scan report for target_host (192.168.1.1) Host is up (0.0020s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.29 ((Ubuntu)) 443/tcp open ssl/https Apache httpd 2.4.29 ((Ubuntu)) Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
-
whois
: 查询域名的注册信息。模拟执行(示例查询域名):
plaintextCopy code $ whois example.com Domain Name: example.com Registry Domain ID: 123456789_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.iana.org ...
-
dig
: 查询域名的 DNS 信息。模拟执行(示例查询域名的 A 记录):
plaintextCopy code $ dig example.com A ; <<>> DiG 9.10.6 <<>> example.com A ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; ANSWER SECTION: example.com. 3600 IN A 93.184.216.34 ;; Query time: 50 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Sat Mar 27 15:05:43 UTC 2024 ;; MSG SIZE rcvd: 55
-
traceroute
ortracepath
: 显示数据包从本地主机到目标主机的路径。模拟执行(示例Traceroute谷歌):
plaintextCopy code $ traceroute www.google.com traceroute to www.google.com (216.58.192.4), 30 hops max, 60 byte packets 1 gateway (192.168.1.1) 1.234 ms 1.456 ms 1.678 ms ...
网络流量分析和抓包:
-
tcpdump
: 抓取和分析网络数据包。模拟执行:
plaintextCopy code $ sudo tcpdump -i eth0 -n host 192.168.1.100 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 15:15:03.127343 IP 192.168.1.100.12345 > 192.168.1.200.80: Flags [S], seq 123456789, win 1024, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 15:15:03.127560 IP 192.168.1.200.80 > 192.168.1.100.12345: Flags [S.], seq 987654321, ack 123456790, win 1024, options [mss 1460,nop,nop,sackOK], length 0 ...
-
wireshark
: 图形化网络数据包分析工具。模拟执行:
plaintextCopy code $ sudo wireshark
网络连接管理:
-
netstat
: 显示网络连接、路由表等信息。模拟执行:
plaintextCopy code $ netstat -tuln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN ...
-
ss
: 显示套接字统计信息。模拟执行:
plaintextCopy code $ ss -tuln State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* ...
-
arp
: 显示和修改 ARP 表。模拟执行:
plaintextCopy code $ arp -a ? (192.168.1.1) at aa:bb:cc:dd:ee:ff [ether] on eth0 ...
安全审计和日志管理:
-
auditd
: 安全审计框架。模拟执行:
plaintextCopy code $ sudo service auditd status auditd (pid 1234) is running...
-
journalctl
: 查看系统日志。模拟执行:
plaintextCopy code $ journalctl -xe Mar 27 13:15:01 ubuntu CRON[1234]: (root) CMD (command to run) ...
-
syslog-ng
orrsyslog
: 系统日志管理工具。模拟执行:
plaintextCopy code $ tail -f /var/log/syslog
防火墙和安全策略:
-
iptables
: 配置防火墙规则。模拟执行:
plaintextCopy code $ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
-
ufw
: 简化防火墙配置的前端工具。模拟执行:
plaintextCopy code $ sudo ufw status Status: active ...
-
fail2ban
: 防止暴力破解攻击。模拟执行:
plaintextCopy code $ sudo fail2ban-client status Status |- Number of jail: 1 `- Jail list: sshd