Linux management skills
1. Monitor the status of the system
1. View the load 
2. View the number of CPUs
3. Monitoring system status-vmstat
4. Monitoring process status-top
Dynamic monitoring of the system resources occupied by the process is characterized by putting the highest process occupying system resources to the forefront. Add -bn1 to list the static information of all processes at once. Nothing is dynamically refreshed every three seconds. Press shift + m to sort the memory occupied by the process. q Exit.
5. Network card traffic and historical load-sar
View the network card traffic sar -n DEV number1 number2 [Dynamic view of the network card traffic, view the network card traffic number1 times per second number2 times], use the command sar -n DEV -f /var/log/sa/sa?? to view the recent Four days of network card traffic [? ? Represents a few numbers, such as: sar -n DEV -f /var/log/sa/sa01 means to view the network card traffic of No. 1]. sar -q can view the load situation.
6. View the network card traffic—nload
can directly use the command nolad to visually view the traffic entering the network card (incoming), which also includes the current traffic (Curr), the maximum flow (max), the minimum flow (min), and the total flow of the network card. (Ttl), average traffic (Avg); and outgoing traffic from the network card (outgoing).
6. Check the memory situation-free
You can use free directly to view the total memory size (total), the actual memory size actually used (used), the size of the remaining physical memory (free) [not allocated, pure surplus], buff/cache (allocated to buff and How big is the total memory of the cache? The buff is the cache size of the data to be written to the disk, and the cache is the cache size of the data read from the disk in the future), the unoccupied buff and cache plus free are available (available) RAM). You can also add -m or -g to change the unit to MB or GB, and -h for humanized display.
7. View the system process-ps
ps aux View system process information. The relevant content is as follows:
Pid represents the id of the process. If you want to terminate a process, you can use kill -9 pid, but this may cause data loss.
STAT: Process status
D: Uninterruptible process
R: Running process (including processes waiting for CPU time slice)
S: Interrupted process
T: Process that has been stopped or suspended.
W: There are not enough memory pages available.
X: Processes that have died.
Z: Zombie processes, that is, garbage processes that cannot be killed.
<: High priority process
N: Low priority process
L: Locked in memory Memory paging
s: Main process
l: Multithreaded process
+: Process running in the foreground
8. View the network status-netstat
netstat -lntp check which ports the system has opened; netstat -an check the network connection status
9. Packet capture tool
-
tcpdump tool
Daily usage
-
wireshark tool
10. Check the network card connection
11. Change the host name
2.Linux firewall
SELinux is a unique security protection mechanism for Linux. Because the configuration is particularly troublesome, after installing the system, generally turn off SELinux. The temporary shutdown method is: setenforce 0. Permanent shutdown requires changing the SELINUX variable in the configuration file /etc/selinux/config to disabled, as follows:
You can also use getenforce to check whether selinux is closed.
2. netfilter
1. The early centos firewall is netfilter, centos7 is firewalld. The following is an introduction to the firewalld of centos7:
View firewall status:
firewall-cmd --state
Turn off or open the firewall:
systemctl stop/start firewalld.service
Prohibit firewalld from booting:
systemctl disable firewalld
2. Use iptables:
yum intsall -y iptables-services Download iptables-service
systemctl enable iptables Let him start it on boot
systemctl start iptables Start iptables service
iptables -nvL View centos default iptables rules, firewall rules are stored in /etc/sysconfig/iptables
iptables -F clears the default iptables rules on centos
service iptables save will use the original rules after restarting the system. Save the cleared rules here.
3. The five tables of
natfilter : 1. The filter table is mainly used to filter packets, the system preset table, this table has three built-in chains:
① INPUT chain acts on the packets entering the machine ② OUTPUT chain acts on the machine to send out The package ③The FOREWARD chain acts on packages that have nothing to do with the machine
2. The nat table is mainly used for network address translation, with three built-in chains:
① The function of the PREROUTING chain is to change its destination address (if necessary) when the packet just arrives at the firewall, and to change its source when the packet is about to leave the firewall. The function of the address ②OUTPUT chain is to change the destination address of the locally generated packet.
3. The mangle table is mainly used to mark the data packet, and then operate the corresponding packet according to the mark.
4. The raw table can realize that some data packets are not tracked. the default system packets will be tracked, but the track is bound to consume some resources, it can be used to specify certain raw packet port is not being tracked
4. iptables view rules and clear rules iptables -nvL -t filter; iptables -Z/F
-t option and table name, the default filter
-n does not anti-resolve the host name for IP
-L list
-v The information listed is more detailed
-F delete all rules, if you do not add -t to specify the table, only clear the rules of the filter table
-Z set the packet and traffic counter to zero (a bit important)
5. iptables increase rule -A/-D means add or delete one The rule
-p indicates the specified protocol tcp, dup, icmp
-dport and -p are used together to indicate the specified destination port
-sport and p are used together to indicate the specified source port
-s indicates the specified source IP
-d indicates the specified destination IP
-j followed by the action ACCEPT Indicates that the packet is allowed, DROP indicates that the packet is dropped, and REJECT indicates that the packet is rejected
-i indicates the specified network card
Supplement: -P chain ACCEPT/DROP/REJECT [The default strategy, the default is accept, use it with caution when logging in remotely]
6. About the icmp package
3.Linux system service management
1.chkconfig service management tool
1. chkconfig is a service management tool of centos6, all preset services can be viewed in the directory /etc/init.d
2. Use **service service name start|stop|restart to open|close|restart a service. You can also use /etc/init.d/service name start ** to open a service.
3. The service and the opening status of each level
4. Management of level switch
5. Adding or deleting a service to a system service is
often used to add a custom startup script to a system service
4. Data backup tool under Linux--rsync
4.1 Features of rsync
It can be backed up remotely or locally.
4.2 Specific instructions
Local backup: rsync -av SRC Purpose of
remote backup: rsync -av SRC IP: destination
Related parameters: -a This is the archive mode, which means that files are transferred in a recursive manner and all attributes are maintained.
-v Visualization --exclude="file name" Do not include those files when transferring --delete Synchronize the destination file with the SRC in the second transfer.
5. System Log
-
The core system log file under Linux is /var/log/message, which contains boot messages when the system starts, and other status messages about system operation. IO errors, network errors, and other system errors are all recorded. So if there is a bug, you should check it first
-
The dmesg command displays the system startup information. If you have any hardware problems, please find him.
dmesg | less -
last command to view historical information about logging in to Linux
# last reboot system boot 3.10.0-327.el7.x Wed Mar 17 05:34 - 05:39 (00:05) 账户名称 登陆终端 登录客户IP 登录时间以及登录时长 -
/var/log/secureThe log file records information about authentication and authorization, and there will be records for ssh login success or failure