1. rsync通过后台服务传输数据
在其中一台主机上建立并配置rsync的配置文件/etc/rsyncd.conf,编辑如下内容:
port=873 log file=/var/log/rsync.log pid file=/var/run/rsyncd.pid address=192.168.30.128 [test] path=/tmp/rsync use chroot=true max connections=4 read only=no list=true uid=root gid=root #auth users=test #secrets file=/etc/rsyncd.passwd hosts allow=192.168.30.129
保存并退出后,使用命令“rsync --daemon”启动rsync服务;
启动后可以查看日志,或者查看端口是否启动;
[root@yuioplvlinux-128 ~]# cat /var/log/rsync.log 2018/05/16 23:39:17 [4676] rsyncd version 3.1.2 starting, listening on port 873 [root@yuioplvlinux-128 ~]# netstat -lnp | grep rsync tcp 0 0 192.168.30.128:873 0.0.0.0:* LISTEN 4676/rsync
同时给/tmp/rsync目录创建权限,命令“ chmod 777 /tmp/rsync/”;
为了不影响实验,需要将两台服务器的firewalld服务关闭,使用命令“systemctl stop firewalld”和“systemctl disable firewalld”;
[root@yuioplvlinux-129 ~]# rsync -av /etc/passwd 192.168.30.128::test/11.txt #同步129的/etc/passwd至128的/tmp/rsync目录下并命名为11.txt,这里的test指模块名 sending incremental file list passwd sent 937 bytes received 35 bytes 84.52 bytes/sec total size is 846 speedup is 0.87
[root@yuioplvlinux-128 ~]# cd /tmp/rsync/ [root@yuioplvlinux-128 rsync]# ll 总用量 4 -rw-r--r-- 1 root root 846 3月 20 07:48 11.txt
查看129机器的/etc.rsync目录,可以看到文件被传输了过来;
/etc/rsyncd.conf文件中,各个参数的作用:
port:指定在哪个端口启动rsyncd服务,默认是873端口;
log file:指定日志文件;
pid file:指定pid文件,这个文件的作用涉及服务的启动、停止等进程管理操作;
address:指定启动rsyncd服务的IP,假如你的机器有多个IP,就可以指定由其中一个启动rsyncd服务,如果不指定制定该参数,默认实在全部IP上启动;
【】:指定模块名,里面内容自定义;
path:指定数据存放的路径;
use chroot true|false:表示在传输文件前,首先chroot到path参数所指定的目录下,这样做的原因是实现额外的安全防护,但缺点是需要root权限,并且不能备份指向外部的符号连接所指向的目录文件,默认情况下,chroot的值为true,如果数据中有软链接文件,建议设置为false;
max connections:指定最大的连接数,默认是0,即没有限制;
read only true|false:如果为true,则不能上传到该模块指定的路径下;
list:表示当用户查询该服务器上的可用模块时,该模块是否被列出,设定为true则列出,设定为false则隐藏;
uid/gid:指定传输文件时以哪个用户/组的身份传输;
auth users:指定传输时要使用的用户名;
secrets file:指定密码文件,该参数连同上面的参数如果不指定,则不使用密码验证,该密码文件的权限一定要是600;
host allow:表示被允许连接该模块的主机,可以是IP或者网段,如果是多个,中间使用空格隔开;
使用同步时,还可以使用-port选项指定端口;
[root@yuioplvlinux-128 ~]# killall rsync [root@yuioplvlinux-128 ~]# vim /etc/rsyncd.conf [root@yuioplvlinux-128 ~]# rsync --daemon [root@yuioplvlinux-128 ~]# netstat -lnp | grep rsync tcp 0 0 192.168.30.128:8730 0.0.0.0:* LISTEN 5016/rsync
[root@yuioplvlinux-129 ~]# rsync -avP --port 8730 /etc/passwd 192.168.30.128::test/aa.txt
sending incremental file list
passwd
846 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=0/1)
sent 937 bytes received 35 bytes 92.57 bytes/sec
total size is 846 speedup is 0.87
在传输时,可以采取注释关于用户配置项来不输入密码,也可以指定密码文件;
在客户端新建一个文件,在文件输入传输用户的密码,然后使用--password-file指定密码文件。
[root@yuioplvlinux-129 ~]# vi /tmp/pass
[root@yuioplvlinux-129 ~]# chmod 600 /tmp/pass
[root@yuioplvlinux-129 ~]# rsync -avP --port 8730 --password-file=/tmp/pass /etc/passwd 192.168.30.128::test/sf.txt
sending incremental file list
passwd
846 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=0/1)
sent 937 bytes received 35 bytes 84.52 bytes/sec
total size is 846 speedup is 0.87
2. Linux系统日志
2.1 /var/log/messages
/var/log/messages是核心系统日志文件,包含了系统启动时的引导信息,以及系统运行时的其它状态消息。I/O错误、网络错误和其它系统错误都会记录到这个文件中。
系统有一个日志轮询的机制,每星期切换一个日志,切换的名字如下所示:
[root@yuioplvlinux-128 ~]# ls /var/log/messages* /var/log/messages /var/log/messages-20180415 /var/log/messages-20180422 /var/log/messages-20180503 /var/log/messages-20180506
这是通过logrotate工具的控制来实现的,它的配置文件是/etc/logrotate.conf;
[root@yuioplvlinux-128 ~]# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
2.2 dmesg及/var/log/dmesg
该命令可以显示系统的启动信息,如果某个硬件有问题,比如网卡,也可以使用该命令;
[root@yuioplvlinux-128 ~]# dmesg |head [ 0.000000] Initializing cgroup subsys cpuset [ 0.000000] Initializing cgroup subsys cpu [ 0.000000] Initializing cgroup subsys cpuacct [ 0.000000] Linux version 3.10.0-693.el7.x86_64 ([email protected]) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Tue Aug 22 21:09:27 UTC 2017 [ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-3.10.0-693.el7.x86_64 root=UUID=b5c92668-64a6-43e9-932e-db59581e0ffa ro crashkernel=auto rhgb quiet LANG=zh_CN.UTF-8 [ 0.000000] Disabled fast string operations [ 0.000000] e820: BIOS-provided physical RAM map: [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009efff] usable [ 0.000000] BIOS-e820: [mem 0x000000000009f000-0x000000000009ffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000000ca000-0x00000000000cbfff] reserved
/var/log/dmesg记录了系统启动的一些信息,但它跟dmesg没有关系;
2.3 安全日志
1)last命令
用来查看登录Linux的历史信息,实际上是读取了二进制文件/var/log/wtmp;
[root@yuioplvlinux-128 ~]# last |head root pts/1 192.168.30.1 Wed May 16 23:11 still logged in root pts/0 192.168.30.1 Tue May 15 21:53 - 00:28 (1+02:35) root pts/1 192.168.30.1 Mon May 14 21:03 - 23:49 (02:46) root pts/0 192.168.30.1 Sun May 13 21:48 - 22:26 (1+00:37) reboot system boot 3.10.0-693.el7.x Sun May 13 21:45 - 01:49 (3+04:03) root pts/1 192.168.30.1 Sun May 13 12:17 - down (00:00) root pts/0 192.168.30.1 Sat May 12 12:12 - down (1+00:06) root pts/0 192.168.30.1 Sat May 12 11:47 - 12:10 (00:22) reboot system boot 3.10.0-693.el7.x Sat May 12 11:44 - 12:18 (1+00:33) root tty1 Sat May 12 11:44 - 11:44 (00:00)
2)lastb
用来查看登录失败Linux的历史信息,实际上是读取了二进制文件/var/log/btmp;
[root@yuioplvlinux-128 ~]# lastb |head root tty1 Sat May 12 11:43 - 11:43 (00:00) root tty1 Thu May 10 00:34 - 00:34 (00:00) (unknown tty1 Thu May 10 00:33 - 00:33 (00:00) root tty1 Thu May 10 00:33 - 00:33 (00:00) root tty1 Sat May 5 10:58 - 10:58 (00:00) btmp begins Sat May 5 10:58:29 2018
3)/var/log/secure
该日志文件记录验证和授权等方面的信息,比如ssh登录系统成功或失败;
[root@yuioplvlinux-128 ~]# cat /var/log/secure
May 6 13:31:01 yuioplvlinux-128 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
May 6 13:31:01 yuioplvlinux-128 login: ROOT LOGIN ON tty1
May 6 13:31:05 yuioplvlinux-128 polkitd[547]: Registered Authentication Agent for unix-process:2129:2003933 (system bus name :1.106 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
May 7 22:20:38 yuioplvlinux-128 polkitd[556]: Loading rules from directory /etc/polkit-1/rules.d
May 7 22:20:38 yuioplvlinux-128 polkitd[556]: Loading rules from directory /usr/share/polkit-1/rules.d
May 7 22:20:38 yuioplvlinux-128 polkitd[556]: Finished loading, compiling and executing 2 rules
May 7 22:20:38 yuioplvlinux-128 polkitd[556]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
May 7 22:20:47 yuioplvlinux-128 sshd[850]: Server listening on 0.0.0.0 port 22.
May 7 22:20:47 yuioplvlinux-128 sshd[850]: Server listening on :: port 22.
May 7 22:21:21 yuioplvlinux-128 sshd[970]: Accepted publickey for root from 192.168.30.1 port 57338 ssh2: RSA SHA256:aaTXxYKHkVnuvyJJykgVqbUZZeA6ns/aJmWTb6fF+Mc
May 7 22:21:21 yuioplvlinux-128 sshd[970]: pam_unix(sshd:session): session opened for user root by (uid=0)
May 8 01:45:10 yuioplvlinux-128 groupadd[1264]: group added to /etc/group: name=tcpdump, GID=72
May 8 01:45:10 yuioplvlinux-128 groupadd[1264]: group added to /etc/gshadow: name=tcpdump
May 8 01:45:10 yuioplvlinux-128 groupadd[1264]: new group: name=tcpdump, GID=72
May 8 01:45:10 yuioplvlinux-128 useradd[1268]: new user: name=tcpdump, UID=72, GID=72, home=/, shell=/sbin/nologin
May 8 01:58:12 yuioplvlinux-128 groupadd[1306]: group added to /etc/group: name=tss, GID=59
May 8 01:58:12 yuioplvlinux-128 groupadd[1306]: group added to /etc/gshadow: name=tss
May 8 01:58:12 yuioplvlinux-128 groupadd[1306]: new group: name=tss, GID=59
May 8 01:58:12 yuioplvlinux-128 useradd[1311]: new user: name=tss, UID=59, GID=59, home=/dev/null, shell=/sbin/nologin
May 8 01:58:14 yuioplvlinux-128 groupadd[1335]: group added to /etc/group: name=wireshark, GID=995
May 8 01:58:14 yuioplvlinux-128 groupadd[1335]: group added to /etc/gshadow: name=wireshark
May 8 01:58:14 yuioplvlinux-128 groupadd[1335]: new group: name=wireshark, GID=995
May 8 03:38:02 yuioplvlinux-128 sshd[1829]: Accepted publickey for root from 192.168.30.1 port 57387 ssh2: RSA SHA256:aaTXxYKHkVnuvyJJykgVqbUZZeA6ns/aJmWTb6fF+Mc
May 8 03:38:02 yuioplvlinux-128 sshd[1829]: pam_unix(sshd:session): session opened for user root by (uid=0)
May 8 04:07:01 yuioplvlinux-128 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
May 8 04:07:02 yuioplvlinux-128 login: ROOT LOGIN ON tty1
May 8 04:13:49 yuioplvlinux-128 sshd[1829]: pam_unix(sshd:session): session closed for user root
May 8 04:16:05 yuioplvlinux-128 sshd[2143]: Accepted publickey for root from 192.168.30.1 port 61361 ssh2: RSA SHA256:aaTXxYKHkVnuvyJJykgVqbUZZeA6ns/aJmWTb6fF+Mc
May 8 04:16:05 yuioplvlinux-128 sshd[2143]: pam_unix(sshd:session): session opened for user root by (uid=0)
3. screen工具
如果要长期执行一个命令或者脚本,为了保证不中断,使用screen工具;
首先使用命令“yum install -y screen”安装,输入命令“screen”即可进入screen会话窗口;
按Ctrl+A键,然后再按d退出screen会话;
查看已经打开的会话窗口;
[root@yuioplvlinux-128 ~]# screen -ls There are screens on: 1008.pts-0.yuioplvlinux-128 (Detached) 995.pts-0.yuioplvlinux-128 (Detached) 981.pts-0.yuioplvlinux-128 (Detached) 3 Sockets in /var/run/screen/S-root.
退出后如果想重新登录某个screen会话,可使用命令“screen -r”,后面跟screen编号或名称;
[root@yuioplvlinux-128 ~]# screen -r 1008 [detached from 1008.pts-0.yuioplvlinux-128]
使用-S选项指定打开窗口的名称。
[root@yuioplvlinux-128 ~]# screen -S test33 [detached from 1046.test33] [root@yuioplvlinux-128 ~]# screen -ls There are screens on: 1046.test33 (Detached) 1032.test (Attached) 1008.pts-0.yuioplvlinux-128 (Detached) 995.pts-0.yuioplvlinux-128 (Detached) 981.pts-0.yuioplvlinux-128 (Detached) 5 Sockets in /var/run/screen/S-root.
[root@yuioplvlinux-128 ~]# screen -r test33 [detached from 1046.test33]