Shulou(Shulou.com)06/02 Report--

This article mainly introduces the example analysis of the network system in Linux, which has a certain reference value, and interested friends can refer to it. I hope you will gain a lot after reading this article.

Network information modification hostname # hostname node01 / / login modification # hostname / / View hostname # vi/etc/hostname / / permanent modification # shutdown-r now / / restart virtual machine DNS domain name resolution after modification

IP address is not easy to remember, so hostname and ip mapping are generally used when configuring hosts files by name mapping IP

Windows system: C:\ Windows\ system32\ drivers\ etc\ hostsLinux: # vi / etc/hosts # 192.168.192.100 basenode in the future all virtual machines need to be configured as hosts file network related commands # ifconfig | | # ip addr View the configuration information of the current network card # yum install net-tools-y install ifconfig related packages

The ifconfig command belongs to a command in net-tools, but the minimal version of Centos7 does not integrate this package, so you need to install it manually at 7.

# netstat View the status information of the current network # netstat-r | | # route Core routing Table # ping to see if it can be connected to the destination ip # telnet to see if it can be connected to the destination ip port # yum install telnet-y # curl-X GET http://www.baidu.com identifies the resource by specifying a unique location

Restful all our resources have a unique location on the network, and we can identify the specified resources through this unique location.

Firewall # check firewall status systemctl status firewalld.service # temporarily stop firewallsystemctl stop firewalld.service # disable firewall boot start systemctl disable firewalld.service firewall-cmd-- state # # check firewall status, whether it is runningfirewall-cmd-- reload # # reload configuration, such as after adding rules You need to execute this command firewall-cmd-- get-zones # # list the supported zonefirewall-cmd-- get-services # # list the supported services, and the service in the list is the released firewall-cmd-- query-service ftp # # check whether the ftp service supports it Return yes or nofirewall-cmd-- add-service=ftp # # temporarily open ftp service firewall-cmd-- add-service=ftp-- permanent # # permanently open ftp service firewall-cmd-- remove-service=ftp-- permanent # permanently remove ftp service firewall-cmd-- add-port=80/tcp-- permanent # # permanently add port 80 to open a port execution flow # add firewall-cmd-- zone=public-- add-port=80/tcp-- Permanent# reload firewall-cmd-- reload# view firewall-cmd-- zone=public-- query-port=80/tcp# delete firewall-cmd-- zone=public-- remove-port=80/tcp-- permanent encryption algorithm irreversible encryption algorithm

Http://tool.chacuo.net/cryptrsaprikey

The encrypted results can be calculated from the data, but the encrypted data cannot be calculated from the results.

Application

# Hash algorithm is commonly used in irreducible password storage and information integrity check. # documents, audio and video files, software installation packages, etc., compare whether the new and old abstracts are the same (whether the files received have been modified) # the user name or password is encrypted and stored in the database (most databases do not store the plaintext of critical information. Just like many login features where forgotten passwords cannot be recovered, they can only be reset)

Salt operation

The symmetric encryption algorithm has the advantages of open algorithm, small amount of computation, fast encryption speed, high encryption efficiency and short key. one of the keys is stolen, and both sides affect that if different keys are generated for each customer, the number of keys is huge. Key management stressful application scenarios login information username and password encryption, transmission encryption, instruction encryption asymmetric encryption algorithm requires a pair of keys (two keys): public key (publickey) and private key (privatekey) (public key, private key for short). When the public key and the private key are generated, the encryption with the public key can only be decrypted with the corresponding private key, while the encryption with the private key can only be decrypted with the corresponding public key. Representative algorithms are called RSA, ECC, Diffie-Hellman, El Gamal, DSA (for digital signature) advantages: high security (almost difficult to crack) disadvantages such as slow speed of encryption and decryption, long key, large amount of computation, inefficient application scenario HTTPS (ssl) certificate production, CRS request certificate, financial communication encryption, Bluetooth and other hardware information encryption pairing transmission, key login information verification. Key-free login

Process flow

[external link image transfer failed. The origin server may have hotlink protection mechanism. It is recommended to save the image and upload it directly (img-xcOiupVR-1639032571895) (Linux network system. Assets/image-20211028103327750.png)]

Mutual key-free between hosts

# ssh-keygen-t rsa-P''- f ~ / .ssh/id_rsa generation key # ssh-copy-id-I ~ / .ssh/id_rsa.pub root@192.168.192.101 send public key # ll-a check whether .ssh / folder # cd /-- > # cat authorized_keys view key # scp file root@192.168.192.101:~ send file in 192.168.192.101

Hostname and host check

[root@basenode ~] # ssh-copy-id-I ~ / .ssh/id_rsa.pub root@192.168.192.101/usr/bin/ssh-copy-id: INFO: Source of key (s) to be installed: "/ root/.ssh/id_rsa.pub" The authenticity of host '192.168.192.101 (192.168.192.101)' can't be established.ECDSA key fingerprint is SHA256:EV00Zl3Snn9UREndOJHXpzfAhDYkB3lLysSjiE/RlRo.ECDSA key fingerprint is MD5:86:be:05: 0d:92:84:79:c0:6f:9b:9a:47:67:64:28:07.Are you sure you want to continue connecting (yes/no)? Cause of yes error: Cannot determine realm for numeric host solution 1 mura-this ssh-v-o GSSAPIAuthentication=no root@192.168.192.101 solution 2 muri-all modifications to the configuration of the / etc/ssh/ssh_config file In the future, this problem will not occur again. Add: StrictHostKeyChecking noUserKnownHostsFile / dev/null date and time Command # ll / etc/localtime View time Zone # ln-sf / usr/share/zoneinfo/Asia/Shanghai / etc/localtime modify time Zone to Shanghai # ln-sf / usr/share/zoneinfo/America/Los_Angeles / etc/localtime modify time Zone to Los Angeles # date View current time # cal 2021 View Calendar # date-s' 2019-11-11: 11NTP 11' modify time date synchronization # yum install ntp-y install time synchronization Service # ntpdate cn.ntp.org.cn automatic synchronization Network time Center automatic synchronization Network time Center Local NTP Service: NTP Server # vi / etc/ntp.conf # = privilege Control = restrict default kod nomodify notrap nopeer noquery denies IPV4 user restrict-6 default kod Nomodify notrap nopeer noquery refuses IPV6 user restrict 210.72.145.44 to authorize the National time Service Center server to access local NTP restrict 133.100.11.8 authorization 133.100.11.8 access local NTP restrict 127.0.0.1 restrict-6:: 1 restrict 192.168.88.2 mask 255.255.255.0 nomodify Local Network Segment Authorization # = Source server = server cn.ntp.org.cn prefer specifies the superior update time server Give priority to this address # = difference analysis = driftfile / var/lib/ntp/drift keys / etc/ntp/keys # systemctl start ntpd.service enable the local NTP server # ntpdate 192.168.192.101 synchronization time user group permissions

User

# useradd sam add user, create homonym group and home directory # password 123set password # userdel-r delete user cascade delete # usermod-l sam sum modify user name do not modify home directory and group # usermod-L sam locked user name # usermod-U sam unlock user name # cat / etc/shadow username and password # cat / etc/passwd username, number, group number, home directory, command Directory 6.5 system 0-499 ordinary 500 + 7.6 system 0-999 ordinary 1000+#su sam switching users

Group

# groupadd lucky create group # groupdel lucky delete group # groupmod-n bdp lucky modify group name # groups to view the corresponding group of users # groups bdpboy when we create a user, a primary group with the same name is created by default # usermod-g lucky bdpboy (primary group) modifies the user's group # usermod-G lucky bdpls (affiliated group modifies the user's group

Authority

[external link image transfer failed. The origin server may have hotlink protection mechanism. It is recommended to save the image and upload it directly (img-u4QdKmSh-1639032571898) (Linux network system. Assets/image-20211028204436113.png)]

# ll-a UGO model for viewing file details permissions u:user file owner g:group file owner g:group file group user o:other other user rwxr:read read permission w:write write permission x: execute permission: no permission to modify the file to modify the file belongs to # chown N1 / var/lucky1# chown n1:m1 / var/lucky2 to modify the folder Let the subdirectory iteratively modify # chown-R n1:m1 bdp#chgrp m2 lucky3 when the user's group is modified, you need to log in again to obtain the permission of the new group to modify the rwx# chmod lucky4# chmod ug+rw lucky4# chmod ugo-rw lucky4 of the modified file (permission RWX corresponds to the number 4 21 15 = 4 chmod 664 lucky4-> (rw- rw-r--))

[external link image transfer failed. The origin server may have hotlink protection mechanism. It is recommended to save the image and upload it directly (img-avVk35qA-1639032571899) (Linux network system. Assets/image-20211028205247968.png)]

Authorization of authority

Give administrator privileges to ordinary users

# vim / etc/sudoers# visudo modify Line 99n1 ALL= (root) / sbin/useraddn1 ALL= (root) / sbin/* use # su N1 to switch users # sudo chkconfig iptables off pipes and redirect

Pipeline

Pass the result of the previous command as an argument to the following command

Grep's powerful search tool # cat profile | grep if# ls / | grep ^ t

Redirect

# change the location of data output Direction # 0 in 1 out 2 err# ls / 1 > lucky Standard output # ls / > lucky Standard output # ls abcd 2 > lucky error output # > replace > > append # ls / 1 > > lucky# ls / 1 > lucky# using # ls / etc / abc > lucky 2 > & matching ls / etc / abc > > lucky 2 > & the information black hole # ls / etc / abc > > / dev/null 2 > & process information # ps-ef# UID PID PPID C STIME TTY TIME CMD# UID belongs to user # PID current process number # PPID current process number # ps-ef | grep redis# ps-aux# all information # ps-aux-- sort-pcpu# top# current server memory utilization background process # only need to add a & symbol # ping www.baidu.com > baidu & # jobs-l # after the command to view the current background process # But only the current user interface can get # nohup to prevent background processes from being suspended # nohup ping www.baidu.com > > baidu 2 > & 1 & kill process kill-9 Thank you for reading this article carefully I hope the article "sample Analysis of Network Systems in Linux" shared by the editor will be helpful to you. At the same time, I also hope that you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.