本文档提供了一份全面的 Linux 系统管理指南,涵盖了防火墙配置、系统信息查询、软件包管理、网络配置、进程管理等核心内容,适用于系统管理员和技术人员。
防火墙
- sudo systemctl status firewalld
- sudo systemctl start firewalld
- sudo systemctl stop firewalld
- 添加白名单
[root@localhost ~]# firewall-cmd --zone=public --add-port=2377/tcp --permanent
success
[root@localhost ~]# firewall-cmd --query-port=2377/tcp
no
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --query-port=2377/tcp- iptables:iptables -A INPUT -p tcp --numeric 3443 -j ACCEPT
系统信息
- top:查看内存和CPU使用率
- cat /proc/cupinfo:查看cpu信息
- cat /etc/os-release:查看系统信息
- cat /etc/hostname:查看主机名
- 检查系统FIPS状态:/usr/bin/fips-mode-setup --check
- 关闭系统FIPS:/usr/bin/fips-mode-setup --disable
- 设置主机名:hostnamectl set-hostname name
- 关闭Selinux:vi /etc/selinux/config 修改SELINUX=disabled,重启
源信息
- 查看源:cat /etc/yum.repos.d/*.repo | grep -v "^#"
- 添加源:yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- package下载:yum install yum-utils yumdownloader --resolve packagename
- yum grouplist 查看组信息
- yum group info "Xfce":查看Xfce组信息
- yum install @groupname:安装一个组
- 创建源:
yum install createrepo
yum install modulemd-tools
创建repodata 和 modular metadata
cd workdir
createrepo_c .
repo2module -s stable . modules.yaml
modifyrepo_c --mdtype=modules modules.yaml repodata/
- yum makecache
- yum clean all.
- rpm -qa:查询已安装软件
rpm -qi:查询已安装软件的具体信息
rpm -ql:查询已安装软件的文件列表
rpm -qR:查询已安装软件依赖软件包
rpm -qc:查询已安装软件配置文件
rpm -ivh:安装rpm
rpm -Uvh:升级rpm
rpm -e:删除卸载软件
rpm --rebuilddb 重建RPM数据库 - 添加本地源或外部源
[temp]
name=
baseurl=https:// or file://
proxy=_none_
gpgcheck=0
username=
password=
enabled=1- 下载某个包的所有依赖包:repotrack
- 源控制:--disablerepo= --enablerepo=
- 从目录里安装:yum localinstall --nogpgcheck name --disablerepo= --enablerepo=
- 更新整个系统:yum -y update
时间
- 修改时间:date -s "YYYY-MM-DD hh:mm:ss"
- 修改硬件时间:date -s "YYYY-MM-DD hh:mm:ss" && hwclock -w
- 输出时间:date
- 按格式输出时间: date "+%y_%m_%d_%H_%M_%S" 格式可以自定义
网络配置
/etc/sysconfig/network-scripts/ifcfg-*
静态IP:
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=e0d98963-047b-4dd5-9b21-f3f81f3be338
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.2.11
GATEWAY=192.168.2.222
NETMASK=255.255.255.0
DNS1=192.168.2.222
DNS2=114.114.114.114动态获取IP:
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=e0d98963-047b-4dd5-9b21-f3f81f3be338
DEVICE=ens33
ONBOOT=yes重启网络:systemctl daemon-reload systemctl restart network
修改网卡名:
cd /etc/sysconfig/network-scripts
mv ifcfg-ens0 ifcfg-eth0
vi ifcfg-eth0
NAME=eth0
DEVICE=eth0
vi /etc/default/grub add "net.ifnames=0 biosdevname=0" in GRUB_CMDLINE_LINUX
//添加udev网卡规则
SUBSYSTEM=="net",ACTION=="add",DRIVERS=="?*",ATTR{address}=="mac address",ATTR{type}=="1",KERNEL=="eth*",NAME=="eth0"
grub2-mkconfig -o /boot/grub2/grub.cfg
rebootProxy
export https_proxy=
export http_proxy=
export no_proxy=localhost,127.0.0.1,localip,domaininfo网络抓包
- sudo tcpdump ip host dl.k8s.io -i ens160
- tcpdump ip host dl.k8s.io -i ens160 -l > t.log
- sudo tcpdump port 443 -i ens160 -tttt
- tcpdump ip host dl.k8s.io -i ens160 -w t.pcap
SHELL
- shell heredocs: https://en.wikipedia.org/wiki/Here_document
-
difference between "" and '':
double quotes allow for variable expansion and command substitution,
while preserving the special meaning of certain characters.
Single quotes treat everything as a literal string,
without variable expansion or command substitution,
and only require escaping the single quote character itself.- set -e: 脚本运行中,出现非0返回值,中断运行
- set -/+x:显示详细日志,-打开,+关闭
- set -o pipefail:返回管道中最后一个非零返回值
GCC
-
install: apt install gcc g++
-
install linux arm cross compile tool: apt install gcc-aarch64-linux-gnu binutils-aarch64-linux-gnu g++-aarch64-linux-gnu
-
install add-apt-repository: apt install software-properties-common
-
add repository: add-apt-repository ppa:jonathonf/gcc apt-get update
-
uninstall: apt remove g++-7 gcc-7
-
Linaro Releases: Linaro Releases
URLs - Uniform Resource Locators
- protocol (e.g. http)
- servername (e.g. www.apache.org)
- URL-path (e.g. /docs/current/getting-started.html)
- query string (e.g. ?arg=value)
- hosts file : /etc/hosts or C:\Windows\system32\drivers\etc\hosts.
GDB
- gdb executionname corefiles
- gdb -c corefiles executionname
- bt: print crashed callstack
- info threads: print all threads
- thread id: enter thread
- f num: enter specific frame
- disas /m functionname:
- break: set break point
- run
建立信任关系
- 本机生成key:ssh-keygen -t rsa -b 4096
- 对端机添加公钥:cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
- 确保本机的~/.ssh/known_hosts文件中不包含过时的记录。如果需要移除旧的记录,可以使用ssh-keygen命令:ssh-keygen -R hostname -f ~/.ssh/known_hosts
Curl
- curl -H "Content-Type: application/json" -X POST -d '{"logMessage": "Imsg" }' "http://192.168.1.1:50010/logMessage"
- curl -u username url -o filename
- curl -u username:password url -o filename
- cur https://username:password@url
- curl --netrc-file credentialfile url
- 忽略证书 curl -k
Process
进程被Ctrl+Z挂起后如何恢复:
jobs列出所有被挂起的进程
fg jobsID唤醒被挂起的进程
SCP
下载:scp username@hostname:/remotefilewithfullpath localpath
上传:scp localpath username@hostname:/remotefilewithfullpath
指定端口:scp -P xxx username@hostname:/remotefilewithfullpath localpath
配置信任关系后可以和SSH一样免密下载
WGET
wget url --no-check-certificate
Disk Manager
扩展磁盘空间:lvextend -L +49G devicename;
修改生效:xfs_growfs devicename
lsblk
pvs
pvdisplay
vgs
vgdisplay
df -h
lvdisplay
cat /etc/fstab
mount src dst
umount src
mount windows 网络共享:sudo mount -t cifs -o rw,username=username,password=password,file_mode=0775,dir_mode=0775,gid=1100 //IP/Folder /mountfolder
blkid
sudo findmnt --verify --verbose:检查 /etc/fstab
挂载一个iso:mount -o loop /path/xxx.iso /mnt/iso
只读挂载:mount -o ro /dev/sdxx /mnt/usb
PostgreSQL
login: psql -h localhost -p port -U username -d databasename
change passwd: ALTER USER username WITH PASSWORD 'newpasswd';
see all roles: \dg
check all users:SELECT usename FROM pg_user;
- \l #查看数据库
- \c databanse_name #切换数据库
- \d #查看表
- \d table_name #查看表结构
- \q #退出
- \dx #查看已安装插件
- env:PGPASSWORD
初始化PostgreSQL:
/usr/pgsql-MajorVersion/bin/postgresql-MajorVersion-setup initdb
/usr/pgsql-11/bin/postgresql-11-setup initdb启动PostgreSQL,并设置自启动:
systemctl start postgresql-MajorVersion
systemctl enable postgresql-MajorVersion
systemctl status postgresql-MajorVersion
systemctl restart postgresql-MajorVersion
systemctl restart postgresql-11
VI
$ 跳到行尾
^ 跳到函数
Ctrl+u 向上翻页
Ctrl+f 向下翻页
dw 删除连续的单词
u 撤销上次命令
Ctrl+r 恢复撤销命令
x 删除光标所在的字符或选中文字
d(移动命令) 删除移动命令对应的内容
dd 删除光标所在行
D 删除至行尾
d0 删除到开头
d} 删除到最后
ndd 删除n行
dnG 从当前行删除到指定行,含当前行
ma a为标记,可以为任意小写字母,标记一行
d'a 删除到标记行,含当前行
q! 强制退出
wq! 强制保存退出
Sed
sed -i "s/A/B/g" file
Alias
alias cmda=' '
unalias cmdaFind
find . -name "xxx"
find / -path /path1 -prune -name "xxxx" // -path /path1 -prune 忽略path1,多个path通过-o连接
find / -path /path1 -prune -o -path /path2 -prune -name "xxxx"
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
