常用操作

安装docker

'''

curl https://releases.rancher.com/install-docker/20.10.sh | sh

'''

删除最近2天日志 {#title-0}

find ./ -mtime +2 -name "*.log" -exec rm -rf {} \;

重启应用

su admin

cd /opt/tomcat

ps -ef|grep pwd| grep -v 'grep' | awk '{print $2}' |xargs kill -9

rm -rf ./work/* ./temp/*

./bin/startup.sh && tail -f ./logs/catalina.out

安装nginx

sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

yum install nginx -y

sudo systemctl enable nginx.service

查看排名

ps aux|head -1;ps aux|grep -v PID|sort -rn -k +3|head 查看cpu排名

du -sk *|sort -n|cut -f2|xargs -d '\n' du -sh 查看磁盘排名

ps auxw|head -1;ps auxw|sort -rn -k4|head -10 查看内存

批量替换

```

sed -i "s/*.*2.144.192/*.*2.166.38/g" grep .2.144.192 -rl /opt/xkmictest/

```

磁盘修复

fsck -y /dev/sdb

日志处理

find /opt/goaccess-logs/nbapache4.34/ -type f -name "access_log-2017_06*" | xargs -i cat {} >> /opt/nb201706apache.txt

cat nb201706apache.txt|awk '{print $1}'|grep -v '*.'|grep -v '192.'|sort -n|uniq -c|sort -n |wc -l

awk -v total=0 '{total+=$*.END{print total/*.*/*.*/*.*} ' nb201708apache.txt

计算磁盘最多分区

df -h|awk '{print $5}'|grep -v 'Use'|awk -F '%' '{print $1}'|awk 'BEGIN {max = 0} {if ($1+0 > max+0) max=$1} END {print "Max=", max}'

fdisk -l|grep 'GB'|grep '/dev/emcpowera'|awk '{print $3}' || grep 'GB'|grep '/dev/xvd'|awk '{print $3}'

安装jdk

yum install java-1.8.0-openjdk* -y

apt-get install openjdk-8-jdk

远程挂载和同步

sshfs -o nonempty logcheck@*.*..1.59:/opt/tomcat-chj-9090/logs/ /opt/goaccess-logs/*.*..1.59-nbchj1/

#反推

rsync -e "ssh -p22" -avpgolr /root/.jenkins/ root@*.*2.144.191:/root/.jenkins/

#正拉

rsync -avz --delete -e ssh .2.144.191:/root/.jenkins/ /root/.jenkins/

磁盘分区挂载

fdisk -l

pvcreate /dev/sdb

vgcreate datavg /dev/sdb

lvcreate -l +100%FREE -n datalv datavg

mkfs.ext4 /dev/datavg/datalv

mkdir /data

mount /dev/datavg/datalv /data/

df -h

echo "/dev/mapper/datavg-datalv /data ext4 defaults 0 0" >>/etc/fstab

直接扩容磁盘大小,增加LVM的方法

lsblk

pvresize -v /dev/sda

lvdisplay

lvextend -l +100%FREE /dev/datavg/datalv

lvextend -L +60g /dev/mapper/vg_data-lv_data

resize2fs /dev/datavg/datalv

df -h

增加磁盘,增加lvm的方法,接上面的,例如增加一个SDC 向SDB中扩容容量。

pvcreate /dev/sdc

vgdisplay 查看VGname

lvextend -l +100%FREE /dev/datavg/datalv

resize2fs /dev/datavg/datalv

ubuntu参考命令

pvcreate /dev/sdc

vgs

vgextend datavg /dev/sdc

vgs

lvs

lvextend -l +100%FREE /dev/mapper/datavg-datalv

resize2fs /dev/mapper/datavg-datalv

service iptables stop

/sbin/service firewalld stop

/sbin/chkconfig firewalld off

/usr/bin/sed -i "/SELINUX/s/enforcing/disabled/" /etc/selinux/config

/usr/sbin/setenforce 0

#### ssh 互信

/usr/bin/ssh-keygen -t rsa

ssh-copy-id -i /root/.ssh/id_rsa.pub root@*.*.31.205

ssh root@*.*.31.205 ifconfig

方法2:

/usr/bin/ssh-keygen -d

scp -P 8022 id_dsa.pub 223.*..98.83:/root/.ssh/authorized_keys

ssh -p 37 root@218.24.71.26

ssh -p 8022 root@223.*..98.84 ifconfig

同步时间和改时区

https://www.aliyun.com/jiaocheng/118626.html

时间同步:ntpdate 0.centos.pool.ntp.org

ntpdate 0.cn.pool.ntp.org

更换yum源

网易yum源:

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

yum clean all

yum makecache

配置ELEP源:

yum -y install epel-release

数据库操作:

加权限

grant all privileges on . to 'root'@'%' identified by '123' with grant option;

快速清理表

truncate table ja_alarm_alarminstance;

清理binlog

show binary logs;

purge binary logs to 'mysql-bin.000271';

创建数据库

CREATE DATABASE IF NOT EXISTS RUNOOB DEFAULT CHARSET utf8 COLLATE utf8_general_ci;

导入脚本 mysql -u -p < ddd.sql

bi数据库在182 3306 记得备份

/data/weadmin/mysql-mxj/bin/mysql -h127.0.0.1 -P3308 -uroot -proot

/data/weadmin/mysql-mxj/bin/mysqldump -h127.0.0.1 -P3308 -uroot -proot itoss > itoss*.0.sql

mysql itoss < itoss*.0.sql

yum安装mysql5.7 https://www.jianshu.com/p/f46b6f089328

wget https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm

yum localinstall mysql80-community-release-el7-1.noarch.rpm

yum install yum-utils

yum-config-manager --disable mysql80-community

yum-config-manager --enable mysql57-community

yum install -y mysql-community-server

systemctl start mysqld.service

grep 'temporary password' /var/log/mysqld.log

mysqladmin -p'ZBEjTcaj6H!L' password 'QFedu123!'

vi my.cnf

plugin-load=validate_password.so

validate-password=OFF

防火墙

```

服务器被攻击,发包占满带宽处理

时间不够,进程暂时找不到,把ip段封了

查看网络流量攻击 iptraf iftop -i eth1 -n -P

封ip段 iptables -A INPUT -s *..231.0.0/16 -j DROP

```

```

yum install firewalld

systemctl enable firewalld.service

#查看防火墙规则

firewall-cmd --list-all

# 查询端口是否开放

firewall-cmd --query-port=8080/tcp

# 开放80端口

firewall-cmd --permanent --add-port=80/tcp

# 移除端口

firewall-cmd --permanent --remove-port=8080/tcp

#重启防火墙(修改配置后要重启防火墙)

firewall-cmd --reload

#添加、删除规则

firewall-cmd --zone=public --add-port=60022/tcp --permanent

firewall-cmd --zone=public --remove-port=80/tcp --permanent

# 参数解释

1、firwall-cmd:是Linux提供的操作firewall的一个工具;

2、--permanent:表示设置为持久;

3、--add-port:标识添加的端口;

查看网络流量攻击 iptraf iftop -i eth1 -n -P

```

```

### 允许某网段访问特定端口的例子,例如MQ8161端口有安全漏洞的整改

systemctl start firewalld

firewall-cmd --zone=public --add-port=0-8160/tcp --permanent

firewall-cmd --zone=public --add-port=8162-65535/tcp --permanent

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.8.7.0/24" port protocol="tcp" port="8161" accept"

irewall-cmd --reload

firewall-cmd --list-all

```

rsync同步保持文件夹一致

```

拉rsync -avz --delete -e ssh 10.32.144.191:/data/jenkins\_workspace/ /data/jenkins\_workspace/

推 rsync -e "ssh -p22" -avpgolr /root/.jenkins/ root@10.32.144.191:/root/.jenkins/

不一致,压缩增量传输限速等

rsync -vzrtup -P --append --bwlimit=1024 -e 'ssh -p 60022' 10.4.31.174:/data/logs/tm-film\* /data/bjrc-microservice-logs/tm-film/

```

setfacl命令设置文件或目录的ACL

```

为用户zhangsan设置ACL,使其对/opt/ta文件具有rwx权限

\[root@rhe~\]# setfacl -m u:zhangsan:rwx /opt/ta

为组群zhangsan设置ACL,使其对/opt/ta文件具有rwx权限

\[root@rhe~\]# setfacl -m g:zhangsan:rwx /opt/ta

重新设置/opt/ta文件的ACL规则,以前的设置将会被覆盖掉

\[root@rhe~\]# setfacl --set u::rw,u:zhangsan:rw,g::r,o::- /opt/ta

注意:o::-的完整写法是o::---,u::rw的完整写法是u::rw-。 通常可以把“-”省略,但是当权限位只包含“-”时,至少 应该保留一个。如果写成了o::, 就会出现错误。

删除用户zhangsan对/opt/ta文件的ACL规则。

\[root@rhe~\]# setfacl -x u:zhangsan /opt/ta

```

循环curl测试web接口

```

while sleep 0.1; do curl -I -m 10 -o /dev/null -s -w %{http\_code} http://aaaaaaa;echo \;echo date “+%Y-%m-%d %H:%M:%S”; done

```

linux抓包

```

tcpdump -i em1 -s0 -w 110_1319.cap

tcpdump -i eth0 -s 0 -l -w out.log port 3306 | strings

在数据库服务器是通过tcpdump抓sql语句

```

性能问题排查

```

dstat -ndy --top-mem --top-cpu --top-io -t

ps aux|head -n1;ps aux|grep -v PID|sort -nr -k3|head -n10 CPU top

ps aux|head -n1;ps aux|grep -v PID|sort -nr -k4|head -n10 内存top

du -sk *|sort -n|cut -f2|xargs -d '\n' du -sh 磁盘top

iotop iftop nethogs 网络top

web 服务并发

watch 'netstat -an | egrep -w "80|443"|grep ESTABLISHED |wc -l'

ping检测 ping 202.96.134.134 |awk '{print $0"\t" strftime("%H:%M:%S",systime())}'

```