log
The role of the log:
1. Solve system problems
2. Solve network service problems
3. Record past events
/var/log/ //Log file storage location
cron //Record the periodic task plan
dmesg //Startup core detection information
lastlog //The latest login information of all the systems in the system
maillog //Email exchanges
messages //System error information
secure //Design a program for entering the system account password
wtmp //Account information for correct login to the system
btmp //Account information for incorrect login to the system
/var/log/httpd/ //Different network services will be saved in their own log directories
/var/log/samba/
log type
1.ASCII type
2.data type
last //View wtmp log file
lastb //View btmp log file
The service required by the log
rsyslogd //Mainly responsible for recording system operation information and kernel information into the log, the main service of the log
logrotate //Mainly responsible for log polling
Log service syslogd service before rhel5 version, rsyslogd service after rhel6
What rsyslog
service and what level are recorded in which file
configuration file: /etc/rsyslog.conf
/etc/rsyslog.d/*
/etc/rsyslog.conf
#### RULES ####
OPTIONS ACTIONS (options and actions are separated by a "Tab" character)
Options: facility and level (facilities and levels are separated by ".") (different options are separated by ";")
*.info;mail.none;authpriv.none;cron.none /var/log/messages
Facility
authpriv //authentication system, ask user and password
cron //periodic scheduled task
daemon //daemon program
kern //kernel information
mail //mail system
lpr //printer
news //news system
user //local user application Program information
uucp //information of uucp subsystem,
local0-7 //local type information
man syslog //Check the help, there is a level description
level
0-7
0 emerg //Basically to crash
1 alert //This problem is quite serious, more serious than the critical point
2 crit //The critical point, this error is already very serious
3 err //major error message
4 waiting //warning
5 notice //note: non-error status report, but should be handled specially; more attention is needed than info level
6 info //notification message
7 debug //debug error
none //There is no need to send the information with this level
of longevity
.
Action
/filename Log file, the absolute path indicates the file name, and the log information of the option is saved in the file. This file must establish the
@host remote host in advance; the @ symbol can be followed by an IP address, or a domain name or hostname
username. The username is sent to the specified user, and the user must be in the logged-in state.
- All users, the user must be logged in.
Example:
1. Save in a common file or device file
. /var/log/file.log //Record to a common file
. /dev/pts/0 //Record to a device file
2. Forward to a remote host
. @192.168 .0.1 //Use the UDP protocol to forward to the 514 (default) port of 192.168.0.1
. @@192.168.1.1:10514 //Use the TCP protocol to forward to the 10514 (default) port of 192.168.1.1
3. Send to the user (must be online .root //Send to user root .root , student,redhat //Send to multiple specified users . //Send to all users 4. Ignore, discard local3
. ~ //Ignore all local3 types Level of log 5. Execute the script local3.* ^/tmp/shell.sh //"^" followed by the absolute path of the executable script or program
Service
rhel6
service rsyslog restart //Restart the service
rhel7
systemctl restart rsyslog //Restart the service
Note: If the log configuration file is modified, you need to restart the service to make it take effect
logrotate // polling of logs
/etc/logrotate.conf //轮询主配置文件
/etc/logrotate.d/*
vim /etc/logrotate.conf
日志文件{
规则
}
参数和选项
daily 每天轮询
weekly 每周轮询
monthly 每月轮询
rotate 保留几个带时间戳的文件
create 创建新文件(可以规定权限,拥有者,所属组)
dateext 旧文件以时间为结尾
size 指定大小
logrotate -vf /etc/logrotate.conf
总结
日志的作用
日志的主配置文件
日志的位置
日志的类型
日志的轮询作用
日志轮询的主配置文件
计划任务
一次性的计划任务
周期性的计划任务
一次性的计划任务
atd //一次性计划任务的服务
命令
at 时间 日期 //创建一次性计划任务
at>指令 //执行什么命令
at><EOT> //ctrl+d来提交该计划任务
at -l //查询一次性计划任务
at -d ID //删除某个一次性计划任务
at -c ID //查询某个计划任务的详细信息
After the scheduled task is generated, a file will be generated and
saved in the /var/spool/at/ directory. Deleting the file inside is equivalent to deleting the scheduled task.
Blacklist of one-time scheduled tasks
vim /etc/at.deny
Note: one username per line
Periodic scheduled tasks
vim /etc/crontab //Configuration files of periodic scheduled tasks
SHELL=/bin/bash //The command uses the bash command interpreter
PATH=/sbin:/bin:/usr/sbin:/usr/bin //If the absolute path command is not used, search for
MAILTO=root from these directories //If there is a problem with the periodic scheduled task, it will send mail to root
Use "-" for
continuous time, use "," for intermittent time
*/5 If it is in the minute segment, it means every 5 minutes
The cache directory /var/spool/cron/ has the file
root with the same name as the creator and has the right to create periodic scheduled tasks for anyone
crontab -e //Edit periodic scheduled tasks
-l //View
-u username //Use other user operations (root)
-r //Clear all periodic scheduled tasks
crontab -u student -e //Edit periodic scheduled tasks for student users
/etc/cron.deny //Blacklist of periodic scheduled tasks
Exercise:
Every Monday to Friday at 9:00 a.m. and 13:00 p.m., count how many users are logged in in the current system and append the results to /tmp/wc.txt to
check the number of current processes every two hours, and append the results to /tmp/ps.txt
Modularization of the kernel kernel
uname -a //View all current kernel versions
Kernel module
/lib/modules/2.6.32-431.el6.x86_64/kernel/ //Module storage location
Module files generally end with ".ko"
/lib/modules/2.6.32-431.el6.x86_64/modules.dep //records the dependencies between modules
depmod // command to update module dependencies
View
lsmod //View all currently loaded modules
modinfo //View the detailed information of a module
where to load
the insmod module // load a module (failed to resolve dependencies)
rmmod module name //Uninstall a module
-f //Force unload, regardless of whether the module is being used or not
modprobe //You can load modules and automatically resolve dependencies
-r //Uninstall modules, but like yum, all corresponding dependencies will be uninstalled, use with caution! ! !
-f //Force loading
-c //View
Kernel parameter
management system function switch
cat /proc/sys/net/ipv4/icmp_echo_ignore_all //This kernel parameter manages to ignore all ping packets
vim /etc/sysctl.conf //Permanently effective A kernel parameter is written in this configuration file
sysctl -p //Make kernel parameters take effect immediately
mount
mount //View mount information Mount
df -h //View mount information
1. Standard format
mount -t file system type mount source mount point
-o //mount with options
ro //read-only
rw / /
readwrite remount //remount
loop //local
2. Non-standard format
mount mount source mount point
Note: The mount point is best to be an empty directory.
If the mount point is a non-empty directory, after the mount is complete, the original data of the directory will disappear (temporarily unavailable); the original data of the directory will be restored when it is unmounted.
Do not be in the uninstall directory when uninstalling
umount mount point // unmount the mount point
Application of mount
1. Mount large files, in disguise, you can control the space used by the directory (disk quota)
1) Create large files
2) Format large files mkfs.ext4 file name //Format a file
3) Mount
2. Mount the image file
3. Mount the remote directory
mount IP address: /content mount point
4. Multi-level directory quick access
mount --bind old directory new directory
vim /etc/fstab //Want to mount permanently and write information in this configuration file
6 fields
1. Mount source
2. Mount point
3. File system type
4. Option (if the option is empty, use "defaults")
5. Whether backup is required (0 means no, 1 means yes)
6. Whether it needs to be detected ( 0 means no non-0 means yes and has priority, the smaller the number, the higher the priority)
mount -a //Use this command to take effect immediately after the modification is completed or restart the computer
Boot process
1. Hardware boot
MBR: master boot record
bootloader boot program: win ntblr; rhel6 grub; rhel7 grub2
DTP: partition table
55AA: verification
2. Software startup
runlevel 0 // is to let init close all processes and terminate the system (shutdown)
runlevel 1 // is used to transfer the system to single-user mode, which is used for emergency rescue of the system. Only the administrator (root) can enter the single-user mode.
runlevel 2 //allows the use of multi-user mode (incomplete), does not support file sharing and other functions, generally rarely uses
runlevel 3 //true multi-user mode (complete), which is the default mode of most servers
runlevel 4 //generally Not used by the system, users can design their own system state and apply it (customize)
runlevel 5 //Graphical interface, use X windows terminal
runlevel 6 //It is to let init close all processes and restart the system (restart )
rhel6
uses single-user mode to change the root password
grub---->"e" to edit -----> select kernel and press "e" to edit -----> enter "1" at the end ( space and 1)
----"Enter"-----Press "b" to enter single user mode------Enter "passwd" to change password-----exit
vim /boot/grub/grub.conf
default=0 //default grub menu
timeout=30 //automatically enter the system after the default time 30
splashimage=(hd0,0)/grub/splash.xpm.gz //grub menu Background image
hiddenmenu //The grub menu is not displayed by default
password --md5 $1$UwQm4/$8h/VGdOXDLf3NuvoOAOS40 //The password above the description information encrypts the grub menu
title windows 7 //The description information
password --md5 $1$ogRm4 /$5dQmC.gvXAzmvKhiGsgwl/ //In the password below the description information, the password is required when entering the system
root (hd0,0) //Make boot the root (/)
kernel /vmlinuz-2.6.32-431.el6.x86_64 // Load kernel, driver, hard disk partition, language format encoding, etc.
initrd /initramfs-2.6.32-431.el6.x86_64.img //Enable virtual file system
grub-md5-crypt //command to generate encrypted password
rhel6
chkconfig service name on/off //Set whether the service is turned on or not
chkconfig --list //Check whether the service is turned on or not
chkconfig --level 35 sshd off //Do not start sshd at startup levels 3 and 5
rhel7
1.stage1 and stage2 file names have changed
stage1 becomes /boot/grub2/i386-pc/boot.img
stage2 becomes /boot/grub2/i386-pc/core.img
2. The partition naming method in the grub.cfg configuration file of the grub2 version has been changed
(hd0,0) to 'hd0,msdos1'
3. Changed the location of the boot menu appearance main configuration file
/etc/default/grub
4. You can regenerate the configuration file or update the configuration file through the command grub2-mkconfig -o /boot/grub2/grub.cfg
- init becomes systemd
6. /etc/inittab becomes the description file
Startup level
systemctl get-default //View the default startup level
systemctl set-default Startup level name //Set the startup level
Example: systemctl set-default multi-user.target //Set the startup level to level 3
The configuration file corresponding to the startup level /lib/systemd/system/<target name>.target
vim /usr/lib/systemd/system/multi-user.target //Check the 3-level configuration file
AllowIsolate=yes //Whether this level can be temporarily switched, restart after modification to take effect
Start
the service Whether the service is started or not is assigned to each service
systemctl status sshd //Check the status of the sshd service
sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled) / /represents whether the boot is turned
on.disabledrepresents close enablerepresents turn on
Set the startup service
systemctl enable service name//set the startup
systemctl disabled service name//set the startup does not start
systemctl isolate rescue.target //Temporarily switch to rescue mode, rescue.target rescue mode name
The first way to change the password
of rhel7 1. Find the line starting with linux16, delete it from the back, delete it to the first root, append rd.break at the end, and then press Ctrl-x to restart to enter single-player mode
2.mount -o remount,rw /sysroot
3.chroot /sysroot
4.passwd
5.touch /.autorelabel
6.exit
7.exit
The second way
1. Find the line starting with linux16, find ro in this line and change ro to "rw init=/sysroot/bin/sh", then press Ctrl-x to restart to enter single-player mode
2. chroot /sysroot
3.passwd 4.touch
/.autorelabel
5.Ctrl+Alt+del
rhel7 encrypts grub2 menu
vim /etc/grub.d/40_custom
set superusers='root'
password root 123
After the configuration is complete,
grub2-mkconfig -o /boot/grub2/grub.cfg //Update the main configuration file The
above is plaintext encryption, the user name can be Arbitrary (can be a user that the system does not have)
Ciphertext encryption
grub2-mkpasswd-pbkdf2 //Generate the encrypted password, note that the encrypted password is to take the
vim /etc/grub.d/40_custom
set superusers='root'
password_pbkdf2 root grub.pbkdf2.sha512.10000.0862D41B5F0BBF76090C2BDB710 after the
configuration is complete After
grub2-mkconfig -o /boot/grub2/grub.cfg //Update the main configuration file
selinux
selinux is a privilege
/etc/selinux/config
getenforce //View the status of selinux
setenforce 1 or 0 //Set the state of selinux
selinux restricts two aspects
1. Boolean value
2. Security context
1. Boolean value
getsebool -a //View the Boolean value of all current restrictions
setsebool -P Boolean value name on or off //Adjust the Boolean value
Example: setsebool -P samba_share_nfs on //Adjust the Boolean value
2. The security context of the security context
subject (process) and the security context of the target must be consistent for smooth access
View security context
ls -Z
-rw-------. root root system_u:object_r:admin_home_t:s0 anaconda-ks.cfg
system_u:object_r:admin_home_t //Security context
identity: role: type
ps -efZ | grep httpd //View topic security context
unconfined_u:system_r:httpd_t:s0 apache 1951 1944 0 10:35 ? 00:00:00 /usr/sbin/httpd
Modify
the type file of security context 1.chcon -t security context
Example: chcon -t httpd_t /var/www/html/index.html
2.restorecon file or directory //synchronize security context-
R //recursive modification -
v //display process
selinux log analysis tool
yum install -y setroubleshoot-server //If there is no following command, safe this package
sealert -a /var/log/audit/audit.log //Use the selinux log analysis tool to analyze the log, and the solution will be analyzed