CentOS7常用技巧 _Centos7

莫问天涯路几重，轻衫侧帽且从容。这篇文章主要讲述CentOS7常用技巧相关的知识，希望能为你提供帮助。
1.配置sudo

useradd test
echo 123456|passwd --stdin test
cat > > /etc/sudoers < < EOF
lnso ALL=(ALL) ALL,!/usr/bin/passwd,/usr/bin/passwd [A-Za-z]*,!/usr/bin/passwd root
EOF

2.关闭SELinux

sed -i s/SELINUX=enforcing/SELINUX=disabled/ /etc/selinux/config

3.配置资源限制

echo -e ulimit -c unlimited> > /etc/profile
echo -e ulimit -s unlimited> > /etc/profile
echo -e ulimit -SHn 65535> > /etc/profile
echo -e export HISTTIMEFORMAT="%F %T `whoami` " > > /etc/profile
echo -e export TMOUT=300 > > /etc/profile
echo -e "HISTFILESIZE=100" > > /etc/profile
source/etc/profile

cat > > /etc/security/limits.conf < < EOF
*softnofile60000
*hardnofile65535
*softnproc60000
*hardnproc65535
#*softmemlock33554432
#*hardmemlock33554432
EOF

4.内核参数优化

cat > > /etc/sysctl.conf < < EOF
############add#################
net.core.somaxconn = 262144
net.core.netdev_max_backlog = 262144
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.ip_forward = 1
net.ipv4.route.gc_timeout = 20
net.ipv4.ip_local_port_range = 102465535
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 120
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_wmem = 8192 131072 16777216
net.ipv4.tcp_rmem = 32768 131072 16777216
net.ipv4.tcp_mem = 94500000 915000000 927000000
#vm.swappiness = 0
fs.file-max = 6553560
EOF
/sbin/sysctl -p

5.iptables

iptables -F
iptables -X
iptables -Z
iptables -F -t nat
iptables -X -t nat
iptables -Z -t nat
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -s 10.145.254.14 --sport 1024:65534 --dport 22-j ACCEPT
iptables -A INPUT -p icmp--icmp-type echo-request -m limit --limit 1/s --limit-burst 10 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.115:80
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
/etc/init.d/iptables save
/etc/init.d/iptables restart

6.释放内存

sync ; echo 3 > /proc/sys/vm/drop_caches#释放内存和cache
sync ; echo 1 > /proc/sys/vm/drop_caches#释放内存
dmidecode | grep -A16 "Memory Device$"#查看内存条数

7.执行上一条命令

less /etc/hosts
vim !$

8.通过中间主机连接不可直达主机

ssh -t reachable_host ssh unreachable_host

9.获取主机IP地址

ifconfig eth0|grep "inet addr"|awk -F [: ]+ print $4
ifconfig eth0|grep inet addr|awk -F[:""]+ print $4
ifconfig eth0 |grep inet addr|sed -e s/^.*addr://g -e s/Bcast.*$//g

10.网络连接状态统计

netstat -an|awk /^tcp/ ++S[$NF] END for(a in S)print a,S[a]

11.检测是否被ddos

netstat -an|grep SYN_RECV|wc -l #数量过多，说明被ddos了

12.禁用ICMP协议

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

13.查询操作系统位数

getconf LONG_BIT
file /bin/ls
uname -a

14.测试磁盘的读写IO速度

hdparm -Tt /dev/sda

15.修复根分区

重启进入Emergency模式
mount -o remount,rw /
fsck /

16.修复RPM数据库

rpm --rebuilddb

【CentOS7常用技巧】17.查看服务器CPU信息

cat /proc/cpuinfo |grep "physical id"|sort|uniq|wc -l#查看cpu个数
cat /proc/cpuinfo |grep "cpu cores"|uniq#查看物理cpu中core的个数
cat /proc/cpuinfo|grep "processor"|wc -l#显示逻辑cpu个数

18.查看影片IO性能

iostat -d -x -k 1 10#%util接近100%性能差，await时间应该低于5s

19.管理模块

modprobe -r bonding #卸载模块
modprobe bonding#加载模块
lsmod|grep bonding#模块是否加载

20.查看服务器内存

free -m#used-buffers-cached已用内存,free+buffers+cached可用内存
dmidecode -t memory|grep Size#查看物理内存单位大小
cat /proc/sys/vm/freepages#查看虚拟内存默认配置
free -m | grep cache | awk /[0-9]/ print $4" MB"#显示剩余内存大小

21.录屏工具

script -t 2> timing.log -a output.session #录制
exit#退出
scriptreplay timing.log output.session#回放

22.清除空白行

cat abc|tr -s \\n

23.快速备份

cp filename,.bak

24.以HTTP方式共享当前文件夹的文件

python -m SimpleHTTPServer#启动了Python的SimpleHTTPServer模块，将在本机8000端口开放http服务，在其他能访问本机的浏览器打开http://ip:8000即打开一个目录列表

25.配置SSH免密登陆

ssh-keygen #生成密钥
ssh-copy-id user@host #拷贝公钥到远程机

26.查看解析过程

dig www.163.com +trace#从根服务器开始跟踪一个域名的解析过程
dig @202.106.0.20 www.baidu.com #在特定dns服务器查询
dig www.baidu.com ns#查询域的NS记录
dig google.com MX #查看邮件记录
traceroute -I www.google.com#路由跟踪

27.查看文件更多信息

strace ls a
strace -p pid

28.网络连通性测试过程

ping 回环地址
ping 局域网内主机
ping 网关
ping 外网

29.按文件大小排序

du -csk *|sort -rn|head -n 10

30.监控系统性能

vmstat 1 4#r< 5,b约等于0，user%+sys%< 70%系统性能较好，user%+sys%> =85%系统性能比较差，id越多越好

32.查看路由表

route -n
netstat -rn

33.替换/home下所有文件中的www.test.com为 test.com

sed -i"s/www.test.com/test.com/g" `grep www.test.com -rl /home`

34.禁止获取时间戳

iptables -A INPUT -p ICMP --icmp-type timestamp-request -j DROP
iptables -A INPUT -p ICMP --icmp-type timestamp-reply -j DROP

35.fork炸弹（慎用）

:():|:& ; :
.().|.& ; .

36.查看哪些支柱在抓去内容

tcpdump -i eth0 -l -s 0 -w -dst port 80|strings |grep -i user-agent|grep -i -E bot|crawler|slurp|spider

37.查看数据库执行的sql

tcpdump -i eth0 -s 0 -l -w - dst port 3306 | strings | egrep -i SELECT|UPDATE|DELETE|INSERT|SET|COMMIT|ROLLBACK|CREATE|DROP|ALTER|CALL

38.按域统计流量

zcat squid_access.log.tar.gz| awk print $10,$7 |awk BEGINFS="[ /]"trfc[$4]+=$1ENDfor(domain in trfc)printf "%s\\t%d\\n",domain,trfc[domain]

39.统计http_status状态

cat access.log|awk counts[$(9)]+=1; END for(code in counts) print code,counts[code]
cat access.log |awk print $9|sort|uniq -c|sort -rn

40.统计404的连接

awk ($9 ~ /404/) access.log|awk print $9,$7|sort

41.获得访问前10位的ip地址

cat access.log|awkprint $1|sort|uniq -c|sort -nr|head -10cat access.log|awk counts[$(11)]+=1; END for(url in counts) print counts[url],url

42.访问次数最多的文件或页面

cat access.log|awkprint $11|sort |uniq -c|sort -rn|head -20

43.列出传输最大的几个exe文件

cat access.log |awk($7~/\\.exe/) print $10" "$1" "$4" "$7|sort -rn|head -20

44.列出输出大于200000byte(约200kb)的exe文件以及对应文件发生次数

cat access.log |awk($10 > 200000 & & $7~/\\.exe/)print $7|sort -n|uniq -c|sort -rn|head -100

45.如果日志最后一列记录的是页面文件传输时间，则有列出到客户端最耗时的页面

cat access.log |awk($7~/\\.php/) print $NF" "$1" "$4" "$7|head -100

46.列出最最耗时的页面，超过60秒的的以及对应页面发生次数

cat access.log |awk($NF > 60 & & $7~/\\.php/)print $7|sort -n|uniq -c|sort -rn |head -100

47.列出传输时间超过 30 秒的文件

cat access.log |awk($NF > 30)print $7|sort -n|uniq -c|sort -rn|head -20

48.统计网站流量G

cat access.log |awksum+=$10 END print sum/1024/1024/1024

49.mysql快速导入导出

select * from t_act_creditaccount_detail into outfile /tmp/t_act_creditaccount_detail-20160627; #导出
load data infile /tmp/t_act_creditaccount_detail-20160627 into table t_act_creditaccount_detail; #导入

50.修改系统字符

vim/etc/sysconfig/i18n
LANG="zh_CN.UTF-8"
SUPPORTED="zh_CN.UTF-8:zh_CN.GB2312:zh_CN:zh:en_US.UTF-8:en_US:en"
SYSFONT="LATARCYRHEB-SUN16"

51.修改系统时区

vim /etc/sysconfig/clock
ZONE="Asia/shanghai"
date
hwclock -w

52.添加路由信息

route add -net 172.16.6.0 netmast 255.255.255.0 gw 172.16.2.25
echo "127.16.6.0/24 via 172.16.2.25" > /etc/sysconfig/network-scripts/route-eth0

53.设置bios时间

date -s "2016-06-23 16:29"
hwclock -w

54.查询编译时参数

php -i |grep configure#查询php编译时参数
/usr/local/nginx/sbin/nginx -V#查看nginx编译时参数
cat /usr/local/apache2/build/config.nice#查看apache编译时参数
cat /usr/local/mysql/bin/mysqlbug | grep CONFIGURE_LINE #查看mysql编译时参数

55.截取时间内的数据

sed -n /10:00:00/,/11:00:00/p /var/log/message

56.截取每一行输出

while read line; do echo $line ; sleep 10; done < /etc/passwd
cat /etc/passwd|(while read line; do echo $line; sleep 1; done)

57.彼此之间由null字符（\\0）分割，重新输出格式化

cat /proc/33332/environ |tr \\0 \\n

58.检查当前登陆用户

if [ $UID -ne 0 ]; then echo "Non root user. Please run as root."; else echo "Root user."; fi

59.清除空格行

cat test.txt |tr -s \\n
cat test.txt|tr -d 1

60.否定查找

find . ! -name test.txt -print

61.合并查找

find . \$ -name "*.txt" -o -name "*.py" \$ -print

62.查询深度

find . -maxdepth 1 -type f - print

63.& 匹配每一个单词w

echo "this is an example"|sed s/\\w\\+/[& ]/g

64.打印

echo -e "line1\\nline2"|awk BEGIN print "Start" print END print "End"

65.拼接打印

echo |awk var1="v1"; var2="v2"; var3="v3"; print var1,var2,var3

66.awk变量

echo -e "line1 f2 f3\\nline2 f4 f5\\nline3 f6 f7"|awk print "Line no:"NR",No of fields:"NF, "$0="$0, "$1="$1, "$2="$2, "$3="$3
注意：
NR处理到的行号
NF处理到行的哪列
$NF处理到行号的最后一列

67.python依赖库备份、还原

迁移前，在原机器执行pip freeze > requirements.txt
将文件发送到新机器并执行pip install -r requirements.txt --index https:/mirrors.aliyun.com/pypi/simple/

68.踢出用户

w
pkill -kill -t pts/2

69.查看系统发行版本

yum -y install redhat-lsb \\
& & lsb_release -a

70.创建war文件

jar -cvf name.war file

71.修改文件或目录的时间戳(YYMMDDhhmm)

touch -t 0712250000 file

72.在1-39内取随机数

echo$[$RANDOM%39]

73.查看二进制文件内容

echo /etc/passwd | hexdump -C
mysqlbinlog
od -t a file
od -xc file > file.txt

74.保存当前磁盘分区的分区表

sfdisk -d /dev/sdb > /etc/sdbpar.bak保存分区表
sfdisk /dev/sdb
dd if=/dev/sda of=/backup/mbr.bak count=1 bs=512

75.shell下32位随机密码生成

head /dev/urandom | md5sum | head -c 30
LANG=c < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c$1:-32; echo;

76.挂在windwos的共享目录

mount -t cifs //10.0.0.1/share /mnt --verbose -o username=zhao,password=zhao

77.实现file文件内字符串翻转

cat file.txt
abcdefghijk
rev file.txt

78.创建目录

[ ! -d /devops/shell ] & & mkdir -p /devops/shell

79.同步系统时间

echo "00 01 * * */usr/sbin/ntpdate time.nist.gov > /dev/null 2> & 1" > > /var/spool/cron/root

80.添加dns解析

echo -e nameserver 202.106.0.20 \\nnameserver 114.114.114.114 > > /etc/resolv.conf \\
& & echo "DNS添加完成..."

81.配置ssh

sed -i "s/#PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config & & systemctl restart sshd \\
& & echo "禁止root远程登录完成..."
sed -i 1a auth required pam_listfile.so item=user sense=allow file=/etc/sshusers onerr=fail /etc/pam.d/sshd & & echo -e admin > > /etc/sshusers \\
& & echo "允许授权用户登陆完成..."

82.历史命令留存

cat /etc/profile
USER_IP=`who -u am i 2> /dev/null |awk print $NF |sed -e s/[()]//g`
HISTDIR=/usr/share/.history

if [ -z $USER_IP ]; then
USER_IP=`hostname`
fi

if [ ! -d $HISTDIR ]; then
mkdir -p $HISTDIR
chmod 777 $HISTDIR
fi

if [ ! -d $HISTDIR/$LOGNAME ]; then
mkdir -p $HISTDIR/$LOGNAME
chmod 300 $HISTDIR/$LOGNAME
fi

export TMOUT=300
export HISTSIZE=4000
DT=`date +%Y%m%d-%H%m%S`
export HISTFILE="$HISTDIR/$LOGNAME/$USER_IP.history.$DT"
export HISTTIMEFORMAT="%F %T `whoami` "
chmod 600 $HISTDIR/$LOGNAME/*.history* 2> /dev/null