21, statistics ip access cases, requirements analysis nginx access log to find out the number of pages accessed the previous ten ip
the access.log CAT | awk '{}. 1 Print $' | the uniq -C | Sort -rn | -10 head
22 is, using tcpdump listening host 192.168.1.1, tcp port 80 of the data, while outputs the result to save the output tcpdump .log
the tcpdump '192.168.1.1 host and port 80'> tcpdump.log
23 is, how to forward the request to the local port 80 to port 8080, the current IP address is 192.168.2.1 host
-A the PREROUTING -d 192.168.2.1 -p iptables -m TCP TCP 80 - dport -j DNAT 192.168.2.1:8080 Where do you want-to-
24, the principle outlined raid0 raid1 raid5 three operating modes and features
RAID 0: tape volume are continuously in bits or bytes divided data, parallel read / write on a plurality of disks, and therefore has a high data transfer rate
, but it does not have redundant data, RAID 0 simply to improve performance, and is not to ensure the reliability of the data provided
and in which a disk failure will affect all the data. Therefore, RAID 0 can not be used in high data security requirements of the occasion
RAID 1: mirrored volume, it is to achieve data redundancy by mirroring disk data, resulting in mutual backup on a pair of independent disk data
can not write data to enhance efficiency. When the original data is busy, read directly from the image copy data, thus read performance can be improved RAID1
RAID 1 is the highest in the unit cost of the disk array, the usable capacity is mirrored volume 1/2 of the total capacity, but provides a very high data security and availability
when a disk fails, the system can automatically switch to the reader the mirror disk failure without data recombinant
RAID5: hard disks by at least three, independent distributed parity disk structure, it is present on all disk parity code
data in any of a hard disk is damaged, the damage can be reconstructed in accordance with the parity bit on the other hard (Maximum a hard disk corruption)
so that data redundancy may be implemented raid5 ensure data security, and may also enhance read and write performance raid5 data
25, your understanding of the current operation and maintenance engineers as well as awareness of its work and the
operation and maintenance engineers in the company among the great responsibility to ensure that the time required for the company and customers to provide the highest, the fastest, most stable, most secure service
operation and maintenance engineers a small mistake, indeed, likely to cause significant loss of customers and the company
therefore work to operation and maintenance engineers of rigorous and innovative
26, real-time network data captured and displayed as tcp port 80 in the current system information, please write the full operation command
tcpdump -nN tcp 80 Port
27, the server can not be switched step by step how to resolve the investigation
reasons A, may cause server failure the following points:
B, the server how to troubleshoot the fault processing steps as follows:
28, Linux virus how to solve the system
1) The most simple and effective way is to reinstall the system
2) to check if the virus is to find and then delete the file
after the poisoning of general machine cpu, memory usage will be higher, machine contracting out and other unusual circumstances under investigation methods briefly, top command to find the highest cpu usage process, the virus file named general are more chaotic, the virus can be found in the file location using ps aux, rm -f command to delete the virus file, check the scheduled tasks, startup items and virus file directory without other documents may
3) Since even after the heavy equipment to remove the virus file does not rule out latent virus, so it is best to back up the machine data
29, I found a virus file you deleted automatically create how he solved
the company's intranet a Taiwan linux server traffic inexplicable surge, with iftop Access to the external network-connected cases
are generally focused view of this situation external network connections netstat ip and port. With lsof -p pid you can view those specific process, what documents, the survey found that there are two relevant configuration conf.n hhe suspicious files in / root, less than a minute after rm -rf automatically generated, thus these files are a mother inference is generated by the process. So the process is to find the mother found the culprit
Killing the virus outside the network access to the best broken, but fortunately, the network server can be accessed through the network
off the network, the virus loses the ability to outreach, it is much easier to kill, how to find it, find long time did not see clues, no way ps axu only one investigation method is similar to the view of the user and can not counterfeit and systems but, sure enough, saw the process as suspicious, do not see the picture is / usr / bin /.sshd, so I kill all .sshd related processes, and then delete .sshd directly executable file, the file is automatically deleted before the resurrection of the article mentioned at the beginning
In summary, we encounter this problem, if not too severe, try not to reinstall the system
in general is first off outside the network, and then use iftop, ps, netstat, chattr, lsof, pstree deeper investigation of these tools
can usually find the culprit. However, if you encounter problems like
/boot/efi/EFI/redhat/grub.efi: Heuristics.Broken.Executable FOUND, personally I feel that we should reinstall the system
30, talk about the TCP / IP-seven-layer model
Application Layer (Application):
an interface to network services and end users.
There are protocols: HTTP FTP TFTP SMTP SNMP DNS TELNET HTTPS POP3 DHCP
Presentation Layer (Presentation Layer):
representation of data, security, compression. (Five in the model which has been incorporated into the application layer)
format, JPEG, ASCll, DECOIC, encrypted format
Session layer (Session Layer):
the establishment, management, terminating the session. (Five in the model which has been incorporated into the application layer)
corresponding to the host process, means the local host to the remote host ongoing session
Transport Layer (Transport):
definition of transmission of data protocol port, and flow control and error checking.
There protocols: TCP UDP, i.e., once the packet leaves the network adapter into the network transport layer
Network layer (Network):
logical address addressing, routing implemented between different networks.
There protocol: ICMP IGMP IP (IPV4 IPV6) ARP RARP
Data link layer (Link):
establishing a logical connection, hardware address addressing, error checking and other functions. (Defined by the underlying network protocol)
the bits into bytes and then combined into frames, using the MAC address access media, but can not correct errors found
The physical layer (Physical Layer):
is the lowest layer of the OSI model in a computer network
physical layer provides that: the physical link to transmit data needed to create, maintain, remove
and provided with mechanical characteristics, electrical, and functional specifications
Briefly, the physical layer ensures that the original data can be transferred in a variety of physical media. LAN and WAN are the first and second metal layer
The physical layer is the first layer of the OSI, while it at the bottom, but it is the basis of an open system
The physical layer provides a transmission medium for the interconnect device and the data communication between devices, as to provide reliable data transmission environment
if you want as few words to remember this first layer, that is, "the signal and media"