1. Monitor system status – w, vmstat
command w, uptime
system load averages The number of active processes in a unit time period to
view the number of CPUs and cores
vmstat 1
vmstat 1 10
The meaning of each vmstat indicator:
r: Indicates running and waiting cpu time The number of processes on the slice, if it is greater than the number of server CPUs for a long time, it means that the CPU is not enough;
b: Indicates the number of processes waiting for resources, such as waiting for I/O, memory, etc. If the value of this column is greater than 1 for a long time, then Need to pay attention to
si: the number of memory from the swap area;
so: the number of memory to enter the swap area;
bi: the amount of data read from the block device (read disk);
bo: the amount of data written from the block device ( Write to disk);
wa : Indicates the percentage of CPU time occupied by I/O waiting.
2. Monitoring system status – top
is used to dynamically monitor system resources occupied by processes, which changes every 3 seconds.
RES is the memory size of the process, and %MEM is the percentage of memory used. In the top state, press "shift + m" to sort by memory usage. Press the number '1' to list the usage status of each cpu.
top -bn1 It means non-dynamic printing of system resource usage and can be used in shell scripts
3. Monitor system status – sar
does not have this command, use yum install -y sysstat
NIC traffic sar -n DEV, sar -n DEV 1 10
sar -n DEV -f /var/log/sa/sa24
View historical load sar -q
View disk read and write sar -b
4. free View system memory usage
free to k is displayed in units of -m is in M units -g is in G units
mem(total): total memory; mem(used): allocated memory; mem(free): unallocated memory; mem(buffers): system Buffers allocated but not used; mem(cached) cache allocated but not used by the system
buffers/cache(used): the total amount of buffers and caches actually used, and also the actual memory used; buffers/cache(free): not used The sum of used buffers, cache and unallocated memory, this is the current actual available memory of the system. The
buffers are about to be written to the disk, and the cache is read from the disk.
5. ps View the system process
ps aux / ps -elf
PID: the id of the process, this id is very useful. In linux, the kernel management process has to rely on the pid to identify and manage a certain process. For example, if I want to terminate a certain process, I use 'kill process pid' and sometimes If you can't kill it, you need to add a -9 option to kill -9 process pid
STAT: Indicates the state of the process, which is divided into the following types:
D Processes that cannot be interrupted (usually IO)
R Running processes
S is a process that has been interrupted. Most of the processes in the system are processes that
have been stopped or suspended in this state. If we are running a command, such as sleep 10, if we press ctrl -z to pause it, then we use ps to view It will display the process of T in this state
X has died (this will never appear)
Z Zombie process, the garbage process that cannot be killed or killed, occupies a small amount of system resources, but it does not matter. If there are too many, there is a problem.
< high priority process
N low priority process
L is locked in memory memory paging s
main process
l multithreaded process + process in the
foreground an View all connections of the current system 1.cap wireshark can also be installed under linux yum install -y wireshark
Packet capture analysis http request: tshark -n -ta -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" - e "http.request.uri"
8. Selinux
configuration file /etc/selinux/config Three forms: enforcing, permissive, disabled SELINUX=disabled
setenforce 0/1 getenforce yum install -y libselinux-utils
9. netfilter -- iptables
iptables -nvL View the rules
iptables -F Clear the current rules
iptables -Z Clear the counters
service iptables save Save the rules The rules file saved is: /etc/sysconfig/iptables
service iptables stop The firewall can be suspended, but after restarting it will read /etc /sysconfig/iptables to start the firewall, and even if we stop the firewall, once we add any rule, it will also open
iptables -t to specify the table name, the default without -t is the filter table
filter This table is mainly used to filter packets. It is a preset table of the system. There are three built-in chains INPUT, OUTPUT and FORWARD. INPUT acts on the packets entering the machine; OUTPUT acts on the packets sent by the machine; FORWARD acts on the packets that have nothing to do with the machine.
The main purpose of nat is network address translation, and there are also three chains. The role of the PREROUTING chain is to change the destination address of a packet just after it reaches the firewall, if necessary. The OUTPUT chain changes the destination address of locally generated packets. The POSTROUTING chain changes the source address of a packet just before it leaves the firewall.
The mangle table is mainly used to mark data packets, and then operate which packets according to the mark. This table is hardly used.
10. iptables rules related:
view rules iptables -t nat -nvL
clear rules iptables -t nat -F
add/delete rules iptables -A/-D INPUT -s 10.72.11.12 -p tcp --sport 1234 -d 10.72.137.159 --dport 80 -j DROP
insert rule iptables -I INPUT -s 1.1.1.1 -j DROP/ACCEPT/REJECT
iptables -nvL --line-numbers View rule with id number
iptables -D INPUT 1 Delete according to the id number of the rule The corresponding rule
iptables -P INPUT DROP is used to set the default rule. The default is ACCEPT. Once set to DROP, you can only use iptables -P ACCEPT to restore the original state, instead of the -F parameter
example:
For the filter table, preset the policy INPUT chain DROP, the other two chains ACCEPT, and then open port 22 for 192.168.0.0/24, open port 80 to all network segments, and open port 21 to all network segments. The script is as follows:
#! /bin/bash
ipt="/sbin/iptables"
$ipt -F; $ipt -P INPUT DROP;
$ipt -P OUTPUT ACCEPT; $ipt -P FORWARD ACCEPT;
$ipt -A INPUT -s 192.168.0.0/24 -p tcp --dport 22 -j ACCEPT
$ipt -A INPUT -p tcp --dport 80 -j ACCEPT
$ipt -A INPUT -p tcp --dport 21 -j ACCEPT
icmp packages are common iptables -I INPUT -p icmp --icmp-type 8 -j DROP
nat table application:
The router is implemented using the nat principle of iptables.
Assuming that your machine has Two network cards eth0 and eth1, where the IP of eth0 is 192.168.10.11, and the IP of eth1 is 172.16.10.11. eth0 is connected to intnet but eth1 is not connected, and now there is another machine (172.16.10.12) that communicates with eth1, so how to set it up so that the machine connected to eth1 can also connect to intnet?
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 172.16.10.0/24 -o eth0 -j MASQUERADE
iptables rule backup and restore:
service iptables save This will save to /etc /sysconfig/iptables
iptables-save > myipt.rule can save firewall rules to the specified file
iptables-restore < myipt.rule This can restore the specified rules
11. Linux system task plan
/etc/crontab The main configuration file of cron, you can Define the PATH
cron format as follows:
# .----------------minutes(0 - 59)
# | .-------------hours(0 - 23)
# | | .---------- Day(1 - 31)
# | | | .------- Month(1 - 12)
# | | | | .---- week (0 - 6) (Sunday=0 or 7)
# | | | | |
# * * * * * user-name command to be executed
cron is also a service, so you need to start the service first to take effect: service crond start; service crond status
12. Linux system service management
tool ntsysv is similar to a graphical interface management tool. If there is no such command, use yum install -y ntsysv to install
common services: crond, iptables, network, sshd, syslog, irqbalance, sendmail, microcode_ctl
chkconfig --list
chkconfig --add/del servicename
chkconfig --level [345] servicename on/off
13. Linux system log
/var/log/messages core system log file
Archive a log message-20130901 every week
/etc/logrotate.conf
messages are generated by the syslogd daemon. If the service is stopped, the system will not generate /var/log/messages
/var/log/wtmp View user login history last
/var/log/btmp lastb View invalid login history
/var/log/maillog
/var/log/secure
dmesg
/var/log/dmesg
14. exec and xargs
exec and find are used at the same time to
find files with a creation time greater than 10 days in the current directory and delete them: find . -mtime +10 -exec rm -rf {} \;
batch change file names: find ./* -exec mv {} {}_bak \;
xargs is used after the pipe symbol to
find . -mtime +10 |xargs rm -rf
ls -d ./* |xargs -n1 -i{} mv {} {}_bak
xargs can change multiple lines to In one line cat 1.txt|xargs
15. Screen tool introduction
screen is equivalent to a virtual terminal, it will not exit due to network interruption, you can enter that screen every time you log in How to
use: directly enter the screen command
screen -ls to see if it has been opened The screen
Ctrl + a and then press d to exit the screen session, just exit, not over. If you want to log in to a screen session again after entering Ctrl +d or exit
, use sreen -r screenid. If there is only one screen, directly screen -r
screen -S aming; if you log in, screen -raming
16. Learn to use the curl command
curl is a tool used to simply test web access under the Linux system command line. You must master several commonly used options.
curl -xip:port www.baidu.com # -x can specify ip and port, omit writing hosts, which is convenient and practical
curl -Iv http://www.qq.com # -I can omit the content of the visit and only display Status code, -v can display the detailed process
curl -u user:password http://123.com # -u can specify the user name and password
curl http://study.lishiming.net/index.html -O # can be downloaded, You can also use -o to customize the name curl -o index2.htmlhttp://study.lishiming.net/index.html
17. Several network-related commands
ping
telnet www.lishiming.net 80
traceroute www.baidu.com
dig @8.8.8.8 study.lishiming.net
nc -z -w2 www.baidu.com 1-1024 # -w2 means 2s timeout port Here you can write only one port or a range. When using nc to scan ports, you must add -z or the results will not be displayed. In addition, if you want to display the ports that are not open, you can add a -v
18. The rsync tool uses the
rsync command format
rsync [OPTION]... SRC DEST
rsync [OPTION]... SRC [USER@]HOST:DEST
rsync [OPTION]... [USER@]HOST:SRC DEST
rsync [OPTION]... [USER@]HOST::SRC DEST
rsync [OPTION]... SRC [USER@]HOST::DEST
rsync common options
-a archive mode, which means to transfer files recursively and keep all attributes, equivalent to -rlptgoD, -a option can be followed by a --no-OPTION which means to close one of -rlptgoD such as -a--no- l Equivalent to -rptgoD
-r Process subdirectories in recursive mode, mainly for directories. If you pass a file alone, you don't need to add -r, but if you transmit a directory, you must add the -r option
-v to print some information. , such as rate, number of files, etc.
-l keep soft links
-L treat soft links like regular files. If there is a soft link file in SRC, adding this option will copy the target file pointed to by the soft link to DST
-p keep file permissions
-o keep file owner information
-g keep file group information
-D keep device file information
-t keep file time information
--delete delete those files that are not in SRC in DST
--exclude=PATTERN specify exclusion For files that do not need to be transferred, the equal sign is followed by the file name, which can be in wildcard mode (such as *.txt)
--progress During the synchronization process, you can see the synchronization process status, such as counting the number of files to be synchronized, synchronization file transfer speed, etc.
-u Adding this option will exclude files in DST that are newer than SRC, and will not cover
the most commonly used -a -v --delete --exclude
rsync options explain
rsync -av dir1/ dir2/ # where dir2 The / directory does not need to exist. Remember to add /
-a at the end when synchronizing the directory. The soft link will be copied in its original form. What if we sometimes want to copy the source file? Just use a -L
rsync -avL test1/ test2/
-u option, if the target file is newer than the source file, then the file will be ignored
touch test2/1.txt; rsync -avu test1/ test2/
rsync -av --delete test1/ test2/ #This will delete the more files in the test2/ directory than the test1/ directory.
rsync -a --exclude=“2.txt” test1/ test2/ #During the synchronization process, The file 2.txt will be ignored.
rsync -a --progress --exclude=“*.txt” test1/ test2/ #--progress displays the details of the synchronization process, and wildcards can also be used after --exclude *
rsync application example - ssh mode
rsync -avL test1/ [email protected] :/tmp/test2/
rsync -avL 192.168.0.101:/tmp/test2/ ./test3/
is not suitable for writing a script because it requires a password, but you can create a key pair to create a trust relationship between the two machines without entering a password.
If ssh port If it is not 22, it needs to be written in this form: rsync -av "--rsh=ssh -p port" /dir1/ 192.168.0.101:/tmp/dir2/
rsync application instance - background service
configuration file /etc/rsyncd.conf , the content is as follows:
#port=873 #The default listening port is 873, or it can be another port
log file=/var/log/rsync.log #Specify log
pid file=/var/run/rsyncd.pid #Specify pid
# address=192.168.0.10 #The above part of the bound ip can be defined
as the global configuration part, the following are the settings in the module
[test] # is the module name, custom
path=/root/rsync # Specify which directory the module corresponds to
use chroot=true #Whether it is limited to this directory, the default is true, when there is a soft connection, it needs to be changed to fasle
max connections=4 # Specify the maximum number of clients that can be connected
read only=no #Whether it is read-only
list=true #Whether it is possible to list the module name
uid=root #Transfer as which user
gid=root #In which group to transmit
auth users=test #Specify the authentication user name, you can not set
secrets file=/etc/rsyncd.passwd #Specify the password file, if the authentication user is set, this item must be set to
hosts allow=192.168.0.101 #Set the host that can be accessed, which can be a network segment. The content format of the
password file /etc/rsyncd.passwd is: username:password
The command to start the service is: rsync --daemon
uses /etc/rsyncd by default The .conf configuration file can also be specified in the configuration file rsync --daemon --config=/etc/rsyncd2.conf
The options available are: rsync --daemon --help
command w, uptime
system load averages The number of active processes in a unit time period to
view the number of CPUs and cores
vmstat 1
vmstat 1 10
The meaning of each vmstat indicator:
r: Indicates running and waiting cpu time The number of processes on the slice, if it is greater than the number of server CPUs for a long time, it means that the CPU is not enough;
b: Indicates the number of processes waiting for resources, such as waiting for I/O, memory, etc. If the value of this column is greater than 1 for a long time, then Need to pay attention to
si: the number of memory from the swap area;
so: the number of memory to enter the swap area;
bi: the amount of data read from the block device (read disk);
bo: the amount of data written from the block device ( Write to disk);
wa : Indicates the percentage of CPU time occupied by I/O waiting.
2. Monitoring system status – top
is used to dynamically monitor system resources occupied by processes, which changes every 3 seconds.
RES is the memory size of the process, and %MEM is the percentage of memory used. In the top state, press "shift + m" to sort by memory usage. Press the number '1' to list the usage status of each cpu.
top -bn1 It means non-dynamic printing of system resource usage and can be used in shell scripts
3. Monitor system status – sar
does not have this command, use yum install -y sysstat
NIC traffic sar -n DEV, sar -n DEV 1 10
sar -n DEV -f /var/log/sa/sa24
View historical load sar -q
View disk read and write sar -b
4. free View system memory usage
free to k is displayed in units of -m is in M units -g is in G units
mem(total): total memory; mem(used): allocated memory; mem(free): unallocated memory; mem(buffers): system Buffers allocated but not used; mem(cached) cache allocated but not used by the system
buffers/cache(used): the total amount of buffers and caches actually used, and also the actual memory used; buffers/cache(free): not used The sum of used buffers, cache and unallocated memory, this is the current actual available memory of the system. The
buffers are about to be written to the disk, and the cache is read from the disk.
5. ps View the system process
ps aux / ps -elf
PID: the id of the process, this id is very useful. In linux, the kernel management process has to rely on the pid to identify and manage a certain process. For example, if I want to terminate a certain process, I use 'kill process pid' and sometimes If you can't kill it, you need to add a -9 option to kill -9 process pid
STAT: Indicates the state of the process, which is divided into the following types:
D Processes that cannot be interrupted (usually IO)
R Running processes
S is a process that has been interrupted. Most of the processes in the system are processes that
have been stopped or suspended in this state. If we are running a command, such as sleep 10, if we press ctrl -z to pause it, then we use ps to view It will display the process of T in this state
X has died (this will never appear)
Z Zombie process, the garbage process that cannot be killed or killed, occupies a small amount of system resources, but it does not matter. If there are too many, there is a problem.
< high priority process
N low priority process
L is locked in memory memory paging s
main process
l multithreaded process + process in the
foreground an View all connections of the current system 1.cap wireshark can also be installed under linux yum install -y wireshark
Packet capture analysis http request: tshark -n -ta -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" - e "http.request.uri"
8. Selinux
configuration file /etc/selinux/config Three forms: enforcing, permissive, disabled SELINUX=disabled
setenforce 0/1 getenforce yum install -y libselinux-utils
9. netfilter -- iptables
iptables -nvL View the rules
iptables -F Clear the current rules
iptables -Z Clear the counters
service iptables save Save the rules The rules file saved is: /etc/sysconfig/iptables
service iptables stop The firewall can be suspended, but after restarting it will read /etc /sysconfig/iptables to start the firewall, and even if we stop the firewall, once we add any rule, it will also open
iptables -t to specify the table name, the default without -t is the filter table
filter This table is mainly used to filter packets. It is a preset table of the system. There are three built-in chains INPUT, OUTPUT and FORWARD. INPUT acts on the packets entering the machine; OUTPUT acts on the packets sent by the machine; FORWARD acts on the packets that have nothing to do with the machine.
The main purpose of nat is network address translation, and there are also three chains. The role of the PREROUTING chain is to change the destination address of a packet just after it reaches the firewall, if necessary. The OUTPUT chain changes the destination address of locally generated packets. The POSTROUTING chain changes the source address of a packet just before it leaves the firewall.
The mangle table is mainly used to mark data packets, and then operate which packets according to the mark. This table is hardly used.
10. iptables rules related:
view rules iptables -t nat -nvL
clear rules iptables -t nat -F
add/delete rules iptables -A/-D INPUT -s 10.72.11.12 -p tcp --sport 1234 -d 10.72.137.159 --dport 80 -j DROP
insert rule iptables -I INPUT -s 1.1.1.1 -j DROP/ACCEPT/REJECT
iptables -nvL --line-numbers View rule with id number
iptables -D INPUT 1 Delete according to the id number of the rule The corresponding rule
iptables -P INPUT DROP is used to set the default rule. The default is ACCEPT. Once set to DROP, you can only use iptables -P ACCEPT to restore the original state, instead of the -F parameter
example:
For the filter table, preset the policy INPUT chain DROP, the other two chains ACCEPT, and then open port 22 for 192.168.0.0/24, open port 80 to all network segments, and open port 21 to all network segments. The script is as follows:
#! /bin/bash
ipt="/sbin/iptables"
$ipt -F; $ipt -P INPUT DROP;
$ipt -P OUTPUT ACCEPT; $ipt -P FORWARD ACCEPT;
$ipt -A INPUT -s 192.168.0.0/24 -p tcp --dport 22 -j ACCEPT
$ipt -A INPUT -p tcp --dport 80 -j ACCEPT
$ipt -A INPUT -p tcp --dport 21 -j ACCEPT
icmp packages are common iptables -I INPUT -p icmp --icmp-type 8 -j DROP
nat table application:
The router is implemented using the nat principle of iptables.
Assuming that your machine has Two network cards eth0 and eth1, where the IP of eth0 is 192.168.10.11, and the IP of eth1 is 172.16.10.11. eth0 is connected to intnet but eth1 is not connected, and now there is another machine (172.16.10.12) that communicates with eth1, so how to set it up so that the machine connected to eth1 can also connect to intnet?
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 172.16.10.0/24 -o eth0 -j MASQUERADE
iptables rule backup and restore:
service iptables save This will save to /etc /sysconfig/iptables
iptables-save > myipt.rule can save firewall rules to the specified file
iptables-restore < myipt.rule This can restore the specified rules
11. Linux system task plan
/etc/crontab The main configuration file of cron, you can Define the PATH
cron format as follows:
# .----------------minutes(0 - 59)
# | .-------------hours(0 - 23)
# | | .---------- Day(1 - 31)
# | | | .------- Month(1 - 12)
# | | | | .---- week (0 - 6) (Sunday=0 or 7)
# | | | | |
# * * * * * user-name command to be executed
cron is also a service, so you need to start the service first to take effect: service crond start; service crond status
12. Linux system service management
tool ntsysv is similar to a graphical interface management tool. If there is no such command, use yum install -y ntsysv to install
common services: crond, iptables, network, sshd, syslog, irqbalance, sendmail, microcode_ctl
chkconfig --list
chkconfig --add/del servicename
chkconfig --level [345] servicename on/off
13. Linux system log
/var/log/messages core system log file
Archive a log message-20130901 every week
/etc/logrotate.conf
messages are generated by the syslogd daemon. If the service is stopped, the system will not generate /var/log/messages
/var/log/wtmp View user login history last
/var/log/btmp lastb View invalid login history
/var/log/maillog
/var/log/secure
dmesg
/var/log/dmesg
14. exec and xargs
exec and find are used at the same time to
find files with a creation time greater than 10 days in the current directory and delete them: find . -mtime +10 -exec rm -rf {} \;
batch change file names: find ./* -exec mv {} {}_bak \;
xargs is used after the pipe symbol to
find . -mtime +10 |xargs rm -rf
ls -d ./* |xargs -n1 -i{} mv {} {}_bak
xargs can change multiple lines to In one line cat 1.txt|xargs
15. Screen tool introduction
screen is equivalent to a virtual terminal, it will not exit due to network interruption, you can enter that screen every time you log in How to
use: directly enter the screen command
screen -ls to see if it has been opened The screen
Ctrl + a and then press d to exit the screen session, just exit, not over. If you want to log in to a screen session again after entering Ctrl +d or exit
, use sreen -r screenid. If there is only one screen, directly screen -r
screen -S aming; if you log in, screen -raming
16. Learn to use the curl command
curl is a tool used to simply test web access under the Linux system command line. You must master several commonly used options.
curl -xip:port www.baidu.com # -x can specify ip and port, omit writing hosts, which is convenient and practical
curl -Iv http://www.qq.com # -I can omit the content of the visit and only display Status code, -v can display the detailed process
curl -u user:password http://123.com # -u can specify the user name and password
curl http://study.lishiming.net/index.html -O # can be downloaded, You can also use -o to customize the name curl -o index2.htmlhttp://study.lishiming.net/index.html
17. Several network-related commands
ping
telnet www.lishiming.net 80
traceroute www.baidu.com
dig @8.8.8.8 study.lishiming.net
nc -z -w2 www.baidu.com 1-1024 # -w2 means 2s timeout port Here you can write only one port or a range. When using nc to scan ports, you must add -z or the results will not be displayed. In addition, if you want to display the ports that are not open, you can add a -v
18. The rsync tool uses the
rsync command format
rsync [OPTION]... SRC DEST
rsync [OPTION]... SRC [USER@]HOST:DEST
rsync [OPTION]... [USER@]HOST:SRC DEST
rsync [OPTION]... [USER@]HOST::SRC DEST
rsync [OPTION]... SRC [USER@]HOST::DEST
rsync common options
-a archive mode, which means to transfer files recursively and keep all attributes, equivalent to -rlptgoD, -a option can be followed by a --no-OPTION which means to close one of -rlptgoD such as -a--no- l Equivalent to -rptgoD
-r Process subdirectories in recursive mode, mainly for directories. If you pass a file alone, you don't need to add -r, but if you transmit a directory, you must add the -r option
-v to print some information. , such as rate, number of files, etc.
-l keep soft links
-L treat soft links like regular files. If there is a soft link file in SRC, adding this option will copy the target file pointed to by the soft link to DST
-p keep file permissions
-o keep file owner information
-g keep file group information
-D keep device file information
-t keep file time information
--delete delete those files that are not in SRC in DST
--exclude=PATTERN specify exclusion For files that do not need to be transferred, the equal sign is followed by the file name, which can be in wildcard mode (such as *.txt)
--progress During the synchronization process, you can see the synchronization process status, such as counting the number of files to be synchronized, synchronization file transfer speed, etc.
-u Adding this option will exclude files in DST that are newer than SRC, and will not cover
the most commonly used -a -v --delete --exclude
rsync options explain
rsync -av dir1/ dir2/ # where dir2 The / directory does not need to exist. Remember to add /
-a at the end when synchronizing the directory. The soft link will be copied in its original form. What if we sometimes want to copy the source file? Just use a -L
rsync -avL test1/ test2/
-u option, if the target file is newer than the source file, then the file will be ignored
touch test2/1.txt; rsync -avu test1/ test2/
rsync -av --delete test1/ test2/ #This will delete the more files in the test2/ directory than the test1/ directory.
rsync -a --exclude=“2.txt” test1/ test2/ #During the synchronization process, The file 2.txt will be ignored.
rsync -a --progress --exclude=“*.txt” test1/ test2/ #--progress displays the details of the synchronization process, and wildcards can also be used after --exclude *
rsync application example - ssh mode
rsync -avL test1/ [email protected] :/tmp/test2/
rsync -avL 192.168.0.101:/tmp/test2/ ./test3/
is not suitable for writing a script because it requires a password, but you can create a key pair to create a trust relationship between the two machines without entering a password.
If ssh port If it is not 22, it needs to be written in this form: rsync -av "--rsh=ssh -p port" /dir1/ 192.168.0.101:/tmp/dir2/
rsync application instance - background service
configuration file /etc/rsyncd.conf , the content is as follows:
#port=873 #The default listening port is 873, or it can be another port
log file=/var/log/rsync.log #Specify log
pid file=/var/run/rsyncd.pid #Specify pid
# address=192.168.0.10 #The above part of the bound ip can be defined
as the global configuration part, the following are the settings in the module
[test] # is the module name, custom
path=/root/rsync # Specify which directory the module corresponds to
use chroot=true #Whether it is limited to this directory, the default is true, when there is a soft connection, it needs to be changed to fasle
max connections=4 # Specify the maximum number of clients that can be connected
read only=no #Whether it is read-only
list=true #Whether it is possible to list the module name
uid=root #Transfer as which user
gid=root #In which group to transmit
auth users=test #Specify the authentication user name, you can not set
secrets file=/etc/rsyncd.passwd #Specify the password file, if the authentication user is set, this item must be set to
hosts allow=192.168.0.101 #Set the host that can be accessed, which can be a network segment. The content format of the
password file /etc/rsyncd.passwd is: username:password
The command to start the service is: rsync --daemon
uses /etc/rsyncd by default The .conf configuration file can also be specified in the configuration file rsync --daemon --config=/etc/rsyncd2.conf
The options available are: rsync --daemon --help