Summary of Commands That You Need to Master in Linux Operation and Maintenance

1. The code for deleting 0-byte files
is as follows:
find -type f -size 0 -exec rm -rf {} \;

2. The code for viewing processes
in descending order of memory
is as follows:
ps -e -o “%C: % p : %z : %a"|sort -k5 -nr

3. Sort the codes in descending order of CPU utilization
as follows:
ps -e -o "%C: %p: %z: %a"|sort -nr

4. Print the URL
code in the cache as follows:
grep -r -a jpg /data/cache/* | strings | grep "http:" | awk -F'http:' '{print "http:"$2;}'

5. Check the number of concurrent http requests and their TCP connection status: the
code is as follows:
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a ]}'

6. sed -i '/Root/s/no/yes/' /etc/ssh/sshd_config sed in this text Root line, match Root line, replace no with yes.

7. How to kill mysql Process: The
code is as follows:
ps aux |grep mysql |grep -v grep |awk '{print $2}' |xargs kill -9 (from which I learned the purpose of awk)
killall -TERM mysqld
kill -9 `cat /usr/local/apache2/logs/httpd.pid` Try to kill the process PID

8. Display the service running at level 3: the
code is as follows:
ls /etc/rc3.d/S* |cut - c 15- (Learn the purpose of cut and intercept data)

9. How to display multiple information in writing SHELL, use EOF
code as follows:
cat "EOF
+--------------- ---------------------------------------------------------+
| = == Welcome to Tunoff services === |
+-------------------------------------------------- -----------------------+
EOF

10. The clever use of for (such as creating a soft link to mysql)
code is as follows:
cd /usr/local/mysql/ bin
for i in *
do ln /usr/local/mysql/bin/$i /usr/bin/$i
done

11. Get the IP address: the
code is as follows:
ifconfig eth0 |grep "inet addr:" |awk '{print $2 }'|cut -c 6-
Or ifconfig | grep 'inet addr: '| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'

12. Size of memory: The
code is as follows:
free -m |grep "Mem" | awk '{print $2}'

13. Check the IP address
code that connects the most ports of a service as follows:
netstat -an -t | grep ":80" | grep ESTABLISHED | awk '{printf "%s %s\n" , $5, $6}' | sort

14. Check the number of concurrent requests of Apache and its TCP connection status: the
code is as follows:
netstat -n | awk '/^tcp/ {++S[$NF]} END {for (a in S) print a, S[a]}'

15. Because my colleague wants to count the size of all jpg files under the server, I wrote a shell for him to count. It was originally implemented with xargs, but he processed one part at a time and engaged in multiple sums. . . . , the following command will solve it.
The code is as follows:
find / -name *.jpg -exec wc -c {} \;|awk '{print $1}'|awk '{a+=$1}END{print a}'
The number of CPUs (counting multiple CPUs , cat /proc/cpuinfo |grep -c processor), the lower the system load, the more requests can be processed per second.

16. CPU load # cat /proc/loadavg
checks if the first three output values ​​exceed 4 times the system logical CPU.

18. CPU load #mpstat 1 1
Check if %idle is too low (for example, less than 5%)

19. Memory space # free
Check whether the free value is too low You can also use # cat /proc/meminfo 20. swap

space # free
check swap used Whether the value is too high If the swap used value is too high, further check whether the swap action is frequent:

# vmstat 1 5
Observe whether the si and so values ​​are large

21. Disk space # df -h
Check whether the partition usage (Use%) is too high (For example, more than 90%) If you find that the space of a partition is nearly exhausted, you can enter the mount point of the partition and use the following command to find the file or directory that occupies the most space: The
code is as follows:
# du -cks * | sort -rn | head -n 10

22. Disk I/O load # iostat -x 1 2
Check if I/O usage (%util) exceeds 100%

23. Network load # sar -n DEV
Check network traffic (rxbyt/s, txbyt /s) is too high

24. Network error # netstat -i
Check if there is a network error (drop fifo colls carrier) You can also use the command: # cat /proc/net/dev


25. The number of network connections # netstat -an | grep - E "^(tcp)" | cut -c 68- | sort | uniq -c | sort -n

26. Total number of processes # ps aux | wc -l
Check whether the number of processes is normal (such as more than 250)

27. Number of runnable processes # vmwtat 1
Column 5 gives the number of runnable processes, check whether it exceeds 4 times the system logical CPU

28. Process # top -id 1
Observe whether there are abnormal processes.

29. Check the network status to see if DNS, gateway, etc. can be connected normally

30. User # who | wc -l
Check whether there are too many logged in users (for example, more than 50) You can also use the command: # uptime

31. System Log # cat /var/log/rflogview/*errors
Check if there are abnormal error records or search for some abnormal keywords, for example: the
code is as follows:
# grep -i error /var/log/messages
# grep -i fail /var/ log/messages

32. Core log # dmesg
check if there are abnormal error records

33 System time # date
Check if the system time is correct

34. Number of open files # lsof | wc -l
Check if the total number of open files is too much

35. Log # logwatch –print Configure /etc/log.d/logwatch.conf, set Mailto to your own email address, and start the mail service (sendmail or postfix) so that you can receive daily log reports.
The default logwatch only reports yesterday's logs, you can use # logwatch –print –range all to get all the log analysis results.
You can use # logwatch --print --detail high to get more specific log analysis results (not just error logs).

36. Kill the process
code related to port 80 as follows:
lsof -i : 80|grep -v "PID"|awk '{print "kill -9", $2}'|sh

37. Clear the zombie process.
The code is as follows:
ps -eal | awk '{ if ($2 == "Z") {print $4}}' | kill -9

38.tcpdump Capture packets to prevent data analysis when port 80 is attacked. The
code is as follows:
# tcpdump -c 10000 -i eth0 -n dst port 80 》 /root/pkts

39. Then check the number of IP repetitions and sort from small to large Note that there are two spaces in the middle of "-t\ +0" The
code is as follows:
# less pkts | awk {'printf $3"\n"'} | cut -d. -f 1-4 | sort | uniq -c | awk {'printf $1" "$2"\n"'} | sort -n -t\ +0

40. Check how many active php-cgi processes the
code is as follows:
netstat -anp | grep php-cgi | grep ^tcp | wc -l
chkconfig --list | awk '{if ($5=="3:on") print $1}'

41.kudzu check the network card model
code as follows:
kudzu --probe --class=network

42. Common regular expressions

　　match Chinese characters The regular expression: [\u4e00-\u9fa5]

　　Comment: Matching Chinese is really a headache. With this expression, it is easy to

　　match double-byte characters (including Chinese characters): [^\x00-\ xff]

　　Comment: Can be used to calculate the length of a string (a double-byte character counts as 2, ASCII character counts as 1)
Regular expression to match blank lines: \n\s*\r

　　Comment: Can be used to remove blank lines

　　Regular expression to match HTML tags: "(\S*?)[^"]*".*? "/\1"|".*? /"

　　Comment: The version circulating on the Internet is too bad. The above one can only match part, and it is still powerless for complex nested tags

　　. Regular expression to match whitespace characters at the beginning and end: ^\s*|\s*$

　　Comment: Can be used to Remove whitespace characters (including spaces, tabs, form feeds, etc.) at the beginning and end of a line, very useful expressions

　　to match regular expressions of email addresses: \w+([-+.]\w+)*@\ w+([-.]\w+)*\. \w+([-.]\w+)*

　　Comment: Useful for form validation

　　Regular expression matching URL: [a-zA-z]+://[^\s]*

　　Comment: Version function circulating on the Internet Very limited, the above can basically meet the needs

　　Whether the matching account number is legal (begins with letters, allows 5-16 bytes, and allows alphanumeric underscores): ^[a-zA-Z][a-zA-Z0-9_]{4,15}$

　　Comment: It is very difficult to verify the form Practical

　　Match domestic phone numbers: \d{3}-\d{8}|\d{4}-\d{7}

　　Comments: Matching forms such as 0511-4405222 or 021-87888822

　　match Tencent QQ numbers: [1-9 ][0-9]{4,}

　　Comment: Tencent QQ number starts from 10000

　　Matching Chinese postal code: [1-9]\d{5}(?!\d)

　　Comment: Chinese postal code is 6 digits to

　　match identity ID card: \d{15}|\d{18}

　　Comments: China's ID card is 15 or 18 digits

　　Matching ip address: \d+\. \d+\. \d+\. \d+

　　Comment: Useful when extracting ip address

　　Match a specific number: The

　　code is as follows:

　　^[1-9]\d*$ //Match positive integer

　　^-[1-9]\d*$ //Match negative integer

　　^-? [1-9]\d*$ //match integer

　　^[1-9]\d*|0$ //match non-negative integer (positive integer + 0)

　　^-[1-9]\d*|0$ //Matches non-positive integers (negative integers + 0)

　　^[1-9]\d*\. \d*|0\. \d*[1-9]\d*$ //Matches positive float

　　^-([1-9]\d*\.\d*|0\.\d*[1-9]\d*) $ // matches negative float

　　^-? ([1-9]\d*\.\d*|0\.\d*[1-9]\d*|0?\.0+|0)$ //Match float

　　^[1-9 ]\d*\. \d*|0\. \d*[1-9]\d*|0? \.0+|0$ // matches non-negative float (positive float + 0)

　　^(-([1-9]\d*\.\d*|0\.\d*[1-9] \d*))|0? \.0+|0$ //Match non-positive floating-point numbers (negative floating-point numbers + 0)

　　Comments: Useful when dealing with large amounts of data, pay attention to corrections when specific applications

　　Match specific strings: The

　　code is as follows:

　　^[A-Za-z] +$ //Matches a string consisting of 26 English letters

　　^[AZ]+$ //Matching a string consisting of uppercase 26 English letters

　　^[az]+$ //Matching lowercase 26 English letters A string composed of

　　^[A-Za-z0-9]+$ //Matches a string composed of numbers and 26 English letters

　　^\w+$ //Matches a string composed of numbers, 26 English letters or underscores

　　Comments: Some of the most basic and commonly used expressions The

　　above is an introduction to the common commands that Linux operation and maintenance need to master. The commands introduced in this article are commands that are often used in Linux operation and maintenance, and need to be remembered firmly.