Shulou(Shulou.com)06/02 Report--

I. systemctl

1. Server startup process

Redhat 7 previous startup mode, init: start 1 2 3 4 sequentially. Start slowly

Redhat 7 systemd: parallelization starts by dependency. 1234 (network) 567 depends on 4, but does not start directly. Start up quickly.

Operation level

Init 0 shutdown

1 single user mode

2 No network mode

(3) No graphical mode

4 user-defined mode

5 GUI

6 reboot

Instructions for using 2.systemctl

-start the service

Old: service xxxx start

New: systemctl start xxx.service

The systemctl restart xxx.service service will be cut off instantly

The systemctl reload xxx.service service will not be interrupted

-set boot up

Old:chkconfig xxx on

New:systemctl enable xxx.service

-displays the current level of operation

# systemctl get-default

Graphical.target

Switch operation level

Systemctl isolate multi-user.target/emergency.target/graphical.target

-Summary

two。 SSH

1.SSH concept

Shell each user has its own shell containing permissions, personalization settings, environment variables, etc.

Users need to interact with the kernel through shell

SSH is secure Shell.

Users must interact with the os kernel through shell

User

-

Shell

-

Kernel

-

Hardware

2.SSH species

(1) ssh user@ip

In the untrusted mode, the server gives its own public key to the client

(2)。 Configure authentication based on secret key / public key

Encryption method:

-symmetrically encrypted same key

-asymmetric encryption public key encryption, private key decryption

Trust method: the client sends its own public key to the server. If the client's public key is trusted, no password is required.

(3)。 Configuration process

Linux

-ssh-keygens

Generate the client's own public and private keys

-ssh-copy-id-I specify the public key user/hostname-- upload the client public key to the server

Upload the client public key to the server

Windows

-secureCRT generates a public key / secret key on the client

Tool-> create public key

-upload the public key to the target server, cat public key > > ~ / .ssh/authorized_keys

3. Customize SSH service configuration

Vi / etc/ssh/sshd_config

# LoginGraceTime 2m . -- disconnect ssh connection without operation for 2 minutes

# PermitRootLogin yes-whether to allow root login

# StrictModes yes

# MaxAuthTries 6-the number of login attempts allowed

# MaxSessions 10

# PasswordAuthentication yes-allow password to log in

III. Linux log system

1. General Syslog structure

Cd / var/log

Messages-General Log

Secure-related to security and authentication

Maillog-related to email

Cron-related to scheduled tasks

Boot.log-the system starts log

two。 General Log Service configuration

(1)。 Log profile

Vim / etc/rsyslog.conf

* .info;mail.none;authpriv.none;cron.none / var/log/messages

* .info logs of all categories above the info level are recorded in messages.

Logs of the mail.none mail category are not recorded

Mail.*-/ var/log/maillog async

(2)。 Log priority set

3. Analyze a log entry

4. System Review Log systemd journal

(1)

Systemd journal is stored in / run/log by default, and the content is erased when the system is rebooted. Requires that the role be changed to rootq for viewing.

-an all

-n 5 Last 5 lines

-p priority (err,info)

-b start message

-f monitoring

-- since "2014-02-10 20:30:00"-- until "2014-02-10 21:30:00" designated range

-- since today shows today

-o change the output mode of the log

(2)。 Common command

# journalctl-priority err

# journalctl _ UID=1000-n 5

# journalctl-since 13:00:00-until 14:00:00 _ SYSTEMD_UNIT= "sshd.service"

(3)。 Permanently save the journal log

[root@rh2] # mkdir-p / var/log/journal

[root@rh2 ~] # chown root:systemd-journal / var/log/journal

[root@rh2 ~] # chmod 2755 / var/log/journal

[root@rh2 ~] # systemctl restart systemd-journald.service

The log will be permanently saved in / var/log/journal

four。 time

1. Time command

# timedatectl

Local time: Mon 2018-07-30 14:22:32 CST

Universal time: Mon 2018-07-30 06:22:32 UTC

RTC time: Mon 2018-07-30 06:22:32

Time zone: Asia/Shanghai (CST, + 0800)

NTP enabled: no

NTP synchronized: yes

RTC in local TZ: no

DST active: n/a

Timedatectl set-time 15:00:00 set local time

2.ntp

(1)。 Install package chrony.x86_64

Yum-install-y chrony.x86_64

(2)。 Enable ntp server support

Timedatectl set-ntp true

(3)。 Configure the ntp server

Vi / etc/chrony.confserver ntp1.aliyun.com iburstserver ntp2.aliyun.com iburstserver ntp3.aliyun.com iburst

(4)。 Restart the service

Systemctl restart chronydsystemctl enable chronyd# timedatectl Local time: Mon 2018-07-30 14:49:16 CST Universal time: Mon 2018-07-30 06:49:16 UTC RTC time: Mon 2018-07-30 06:49:16 Time zone: Asia/Shanghai (CST, + 0800) NTP enabled: yesNTP synchronized: yes RTC in local TZ: no DST active: Numbera

(5)。 View ntp time status

# chronyc sources-v210 Number of sources = 2.-Source mode'^'= server,'='= peer,'#'= local clock. /.-Source state'*'= current synced,'+'= combined,'-'= not combined, | /'?'= unreachable,'x' = time may be in error,'~'= time too variable. |.-xxxx [yyyy] + /-zzzz | | Reachability register (octal) -. | xxxx = adjusted offset, | | Log2 (Polling interval)--. | | yyyy = measured offset | |\ | | zzzz = estimated error. |\ MS Name/IP address Stratum Poll Reach LastRx Last sample = ^ + 120.25.115.20 2 10 377,643 + 4362us [+ 4362us] + /-50ms ^ * 203.107.6.88 | 2 10 377 704-27ms [- 29ms] + /-68ms

five。 The network

1. General network configuration

RHEL6: network service network restart manages the device name ifcfg- device name

RHEL7: NetworkManager-- > nmcli manages the connection name ifcfg- connection name

Related services: systemctl start NetworkManager

Configuration file of the network card: / etc/sysconfig/network-scripts/ifcfg-xxxx

2.nmcli

(1)。 Show link name and device name

# nmcli connection show NAME UUID TYPE DEVICE Profile 1 105c22e6-d4be-4a1b-978d-a53b81b60d33 802-3-ethernet ens38 ens33 e11de05d-64d8-421e-97f5-bd9cfbc9f647 802-3-ethernet ens33 virbr0 3728e459-2ed5-405b-8f2c-f56c9c22a16d bridge virbr0 eth0 bd139d4f-d603-47a1-8ee6-95f883cddcf2 802-3-ethernet-

(2)。 View connection name information

# nmcli connection show Profile\ 1connection.id: Profile 1connection.uuid: 105c22e6-d4be-4a1b-978d-a53b81b60d33connection.stable-id:-- connection.interface-name:-- connection.type: 802-3-ethernetconnection.autoconnect: yesconnection.autoconnect-priority: 0connection.autoconnect-retries:-1 (default) connection.timestamp: 1532948503connection.read-only: noconnection.permissions:-connection.zone:-- connection.master:-- connection.slave-type:-- connection.autoconnect-slaves: -1 (default) connection.secondaries:-- connection.gateway-ping-timeout: 0connection.metered: unknownconnection.lldp:-1 (default) 802-3-ethernet.port:-802-3-ethernet.speed: 0802-3-ethernet.duplex: 802-3-ethernet.auto-negotiate: no802-3-ethernet.mac-address:-- 802-3-ethernet.cloned-mac-address:-- 802-3-ethernet.generate-mac-address-mask:--802-3-ethernet.mac-address-blacklist:-- 802-3-ethernet.mtu: auto802-3-ethernet.s390-subchannels: -- 802-3-ethernet.s390-nettype:-- 802-3-ethernet.s390-options:-- 802-3-ethernet.wake-on-lan: 1 (default) 802-3-ethernet.wake-on-lan-password:-- ipv4.method: manualipv4.dns: 114.114.114ipv4.dns-search:-- ipv4.dns-options: (default) ipv4.dns-priority: 0ipv4.addresses: 192.168.1.100 Universe 24 1.1.1.1/8ipv4.gateway: 192.168.1.1ipv4.routes:-- ipv4.route-metric:-1ipv4.ignore-auto-routes: noipv4.ignore-auto-dns: noipv4.dhcp-client-id: Ipv4.dhcp-timeout: 0ipv4.dhcp-send-hostname: yesipv4.dhcp-hostname:-- ipv4.dhcp-fqdn:-- ipv4.never-default: noipv4.may-fail: yesipv4.dad-timeout: 1 (default) ipv6.method: autoipv6.dns:-- ipv6.dns-search:-- ipv6.dns-options: (default) ipv6.dns-priority: 0ipv6.addresses: Ipv6.gateway:-- ipv6.routes:-- ipv6.route-metric:-- 1ipv6.ignore-auto-routes: noipv6.ignore-auto-dns: noipv6.never-default: noipv6.may -fail: yesipv6.ip6-privacy:-1 (unknown) ipv6.addr-gen-mode: stable-privacyipv6.dhcp-send-hostname: yesipv6.dhcp-hostname:-- ipv6.token:-- proxy.method: Noneproxy.browser-only: noproxy.pac-url:-- proxy.pac-script:-- GENERAL.NAME: Profile 1GENERAL.UUID: 105c22e6-d4be-4a1b-978d-a53b81b60d33GENERAL.DEVICES: Ens38GENERAL.STATE: activatedGENERAL.DEFAULT: noGENERAL.DEFAULT6: noGENERAL.VPN: noGENERAL.ZONE:-- GENERAL.DBUS-PATH: / org/freedesktop/NetworkManager/ActiveConnection/ 224GENERAL.CON-PATH: / org/freedesktop/NetworkManager/Settings/2GENERAL.SPEC-OBJECT:-GENERAL.MASTER-PATH:-IP4.ADDRESS [1]: 1.1.1.1/8IP4.ADDRESS [2]: 192.168.1.100/24IP4.GATEWAY 192.168.1.1IP4.DNS [1]: 114.114.114.114IP6.ADDRESS [1]: fe80::f434:5dd6:8419:fc87/64IP6.GATEWAY:-

(3)。 Create a network connection

# nmcli connection modify ens33 ipv4.addresses 192.168.1.100/24 ipv4.gateway xxx ipv4.dns xxx ipv4.method manual connection.autoconnect yes

Rhel 7.0: # nmcli connection modify ens33 ipv4.addresses "192.168.1.100 Universe 24 192.168.1.1" ipv4.dns xxx ipv4.method manual connection.autoconnect yes ifname eth0 type ethernet

Description:

Ipv4.addresses ip address

Ipv4.gateway Gateway

Ipv4.dns dns address

Ipv4.method static / dynamic ip

Connection.autoconnect system initiates automatic connection

Ifname specifies the hardware device name

Type Network Typ

(4)。 Activate the connection

# nmcli connection up Profile\ 1

(5)。 Delete connection

# nmcli connection delete ens33

(6)。 Configure multiple ip address conditions

-the first ip must be a static ip

-nmcli connection modify Profile\ 1 + ipv4.addresses 1.1.1.1Accord 8

# ip addr

1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1

Link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

Inet 127.0.0.1/8 scope host lo

Valid_lft forever preferred_lft forever

Inet6:: 1/128 scope host

Valid_lft forever preferred_lft forever

2: ens33: mtu 1500 qdisc pfifo_fast state UP qlen 1000

Link/ether 00:50:56:2f:8a:54 brd ff:ff:ff:ff:ff:ff

Inet 172.20.10.9/28 brd 172.20.10.15 scope global dynamic ens33

Valid_lft 77270sec preferred_lft 77270sec

Inet6 fe80::9fbb:474d:f8bb:fcb2/64 scope link

Valid_lft forever preferred_lft forever

3: ens38: mtu 1500 qdisc pfifo_fast state UP qlen 1000

Link/ether 00:50:56:36:d0:6c brd ff:ff:ff:ff:ff:ff

Inet 192.168.1.100/24 brd 192.168.1.255 scope global ens38

Valid_lft forever preferred_lft forever

Inet 1.1.1.1/8 brd 1.255.255.255 scope global ens38

Valid_lft forever preferred_lft forever

Inet6 fe80::f434:5dd6:8419:fc87/64 scope link

Valid_lft forever preferred_lft forever

4: virbr0: mtu 1500 qdisc noqueue state DOWN qlen 1000

Link/ether 52:54:00:e2:ac:76 brd ff:ff:ff:ff:ff:ff

Inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0

Valid_lft forever preferred_lft forever

5: virbr0-nic: mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000

Link/ether 52:54:00:e2:ac:76 brd ff:ff:ff:ff:ff:ff

(7)。 Summary nmcli command

(8)。 Network graphical configuration tool

Nmtui

Nm-connection-editor

(9)。 Modify the device name of the network card

/ etc/udev/rules.d/70-persistent-ipoib.rules

(10)。 Configuration file structure

3. Hostname configuration

RHEL6: / etc/sysconfig/network

RHEL7:/etc/hostname

Hostnamectl set-hostname hostname

4.DNS profile

/ etc/resolv.conf

It is more recommended to use ifcfg-xxx files for dns configuration

Nmcli con mod ID + ipv4.dns IP

5. Service Port Profil

/ etc/services

6. Analyze routing issu

Tracepath IP

7. View the ports that the service is listening to

# netstat-tunpl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0 only servers 111 0.0.0.0 LISTEN 1/systemd tcp 0 192.168.122.1 Fran 53 0.0.0.0 * LISTEN 1579/dnsmasq tcp 00 0.0.0.0 LISTEN 1200/cupsd tcp 22 0.0.0.0 LISTEN 1200/cupsd tcp 0 * LISTEN 1199/sshd tcp 00 127.0.0.1 0 127.0.0.1 LISTEN 1507/master tcp6 25 0.0.0.0 LISTEN 1507/master tcp6 0 0: 111:: * LISTEN 1/systemd tcp6 0 0:: 22:: * LISTEN 1199/sshd tcp6 00:: 1LISTEN 1507/master udp 631: * LISTEN 1200/cupsd tcp6 00:: 1:25:: * LISTEN 1507/master udp 00 0.0.0.0: 38435 0.0.0.01579/dnsmasq udp * 807/avahi-daemon: r udp 0 0 192.168.122.1 1579/dnsmasq udp 53 0.0.0.0 1579/dnsmasq udp 67 0.0.0.0 1579/dnsmasq udp 00 0.0.0.0 1579/dnsmasq udp 5353 0.0.0.0 54003/chronyd udp6 * 807/avahi-daemon: r udp 00 127.0.0.1 udp 323 0.0.0.0 0: 1 54003/chronyd 323: *

Six. Yum and rpm

1.yum client configuration

Yum install httpd

Systemctl start httpd

Systemctl enable httpd

Mkdir-p / var/www/html/iso

Access address: http://IP/iso

2.yum client configuration

Cd / etc/yum.repos.d/

Vim aaa.repo

[test]

Name=test

Baseurl= http://IP/iso

Gpgcheck=0 # does not enable key checking

Enable=1

3.yum common commands

Yum install-yyum localinstall package_name # uses the Yum source to parse the local installation package to handle the package's dependencies. Yum remove # remove package yum search # search by keyword search command which packages provide yum reinstall # reinstall yum clean all # package download error, when parsing dependency error, you can empty the cache and local source data. Yum repolist # View available yum source yum list # list package information in the current repository yum list installed # list installed packages yum grouplist # list package group yum groupinstall # install package group yum info # View soft Package information yum update # upgrade package yum install http://xxxx/xxx.rpm # install packageyum-config-manager directly on the Internet-- add-repo http://xxxx-- nogpgcheck # automatically generate yum source configuration files

4. Use a third-party software repository (remember to install httpd and start the service)

-download the epel installation package

Https://fedoraproject.org/wiki/EPEL

-yum localinstall

# yum localinstall epel-release-latest-7.noarch.rpm

5.rpm

Rpm installation and management tool rpm-ivh # installation package rpm-qa # query the installed package rpm-ql # View the package installation path rpm-qf / usr/bin/ls # query the rpm-qc command provided by the ls command # query the configuration file of the installation software rpm-qd # query the help file of the installation software rpm-qi # query the information in the package rpm-e # uninstall package rpm-- import # install package directly on the Internet

seven。 Zoning

1. Partition Typ

MBR-> fdisk

Each disk can be divided into up to 4 primary partitions + extended partitions. A total of 15 partitions can be divided (primary partition + extended partition + logical partition)

GPT-> gdisk

Common parameters of 2.fdisk

Command action a toggle a bootable flag b edit bsd disklabel c toggle the dos compatibility flag d delete a partition g create a new empty GPT partition table G create an IRIX (SGI) partition table l list known partition types m print this menu n add a new partition o create a new empty DOS partition table p print the partition table q quit without saving changes s create a new empty Sun disklabel t change a partition's system id u change display/entry Units v verify the partition table w write table to disk and exit x extra functionality (experts only)

* partprobe scans the partition table to force the kernel to create device files. Multipathing uses the kpartx command.

3. Format Partition

Mkfs. File system format / dev/sda5

4.swap partition

(1)。 Process: fdisk-> mkswap-> swapon-a-> / etc/fstab

You need to modify the file system id as 82Command (m for help): l 0 Empty 24 NEC DOS 81 Minix / old Lin bf Solaris 1 FAT12 27 Hidden NTFS Win 82 Linux swap / So C1 DRDOS/sec (FAT- 2 XENIX root 39 Plan 9 83 Linux c4 DRDOS/sec (FAT- 3 XENIX usr 3c PartitionMagic 84 OS/2 hidden C: C6 DRDOS/sec (FAT- 4 FAT16)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.