实践Linux常用命令

Posted on | In | Visitors

zip

1
2
# 打包software目录为software.zip,-r表示递归,包括子目录
$ zip -r software.zip software/

du

1
2
# 统计当前目录下各文件或目录的大小
$ du -h --max-depth=1

sed

1
2
# 批量替换*.md文件中的categories: Spring为categories: Java
$ sed -i 's/categories: Spring/categories: Java/g' *.md

telnet

1
$ telnet 192.168.1.2 22

ssh

1
2
3
4
# 
$ ssh 192.168.1.2
$ ssh test@192.168.1.2
$ ssh -p 60022 test@192.168.1.3

sftp

1
2
3
4
# 
$ sftp 192.168.1.2
$ sftp test@192.168.1.2
$ sftp -P 60022 test@192.168.1.3

scp

1
$ scp software.zip app@192.168.103.83:/app

ssh-keygen

1
2
# 会生成~/.ssh/id_rsa和id_rsa.pub,id_rsa的权限为600,id_rsa.pub的权限为644
$ ssh-keygen

~.ssh/known_hosts存放的是登录远程主机的指纹信息,对远程主机的信任,权限是644

1
2
3
4
5
# 删除远程主机的指纹信息
$ ssh-keygen -f "/home/angi/.ssh/known_hosts" -R 192.168.12.165
# Host 192.168.12.165 found: line 4
/home/angi/.ssh/known_hosts updated.
Original contents retained as /home/angi/.ssh/known_hosts.old

ssh/scp/sftp等免密登录

  1. 本机生成密钥

    1
    $ ssh-keygen

  2. 将公钥添加到目标机器相应用户的授权密钥里面

    1
    2
    $ ssh-copy-id app@192.168.1.183
$ ssh-copy-id -i ~/.ssh/id_rsa_test app@192.168.1.183

    本地公钥上传到目标机器

    1
    $ cat id_rsa.pub >> ~/.ssh/authorized_keys

注意确保授权密钥权限为600

1
   $ chmod 600 ~/.ssh/authorized_keys

备注:目标服务器需要关闭selinux,通过setenforce 0实时生效,修改文件/etc/selinux/config中的SELINUX=disabled

lokkit

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# lokkit --help
Usage: lokkit [options]

Options:
  -?, -h, --help, --usage
                        Show this help message
  -q, --quiet           Run noninteractively; process only command-line
                        arguments
  -v, --verbose         Be more verbose
  --version             Show version
  -n, --nostart         Configure firewall but do not activate the new
                        configuration
  -f                    Ignore actual settings
  --update              Update firewall non-interactively if the firewall is
                        enabled. This will also restart the firewall. The -n
                        and -f options will be ignored.
  --default=<type>      Set firewall default type: server, desktop. This
                        overwrites any existing configuration.
  --list-services       List predefined services.
  --list-icmp-types     List the supported icmp types.
  --enabled             Enable firewall (default)
  --disabled            Disable firewall
  --addmodule=<module>  Enable an iptables module
  --removemodule=<module>
                        Disable an iptables module
  -s <service>, --service=<service>
                        Open the firewall for a service (e.g, ssh)
  -p <port>[-<port>]:<protocol>, --port=<port>[-<port>]:<protocol>
                        Open specific ports in the firewall (e.g, ssh:tcp)
  -t <interface>, --trust=<interface>
                        Allow all traffic on the specified device
  -m <interface>, --masq=<interface>
                        Masquerades traffic from the specified device. This is
                        IPv4 only.
  --high, --medium      Backwards compatibility, aliased to --enabled
  --custom-rules=[<type>:][<table>:]<filename>
                        Specify a custom rules file for inclusion in the
                        firewall, after the default rules. Default protocol
                        type: ipv4, default table: filter. (Example:
                        ipv4:filter:/etc/sysconfig/ipv4_filter_addon)
  --forward-port=if=<interface>:port=<port>:proto=<protocol>[:toport=<destination port>][:toaddr=<destination address>]
                        Forward the port with protocol for the interface to
                        either another local destination port (no destination
                        address given) or to an other destination address with
                        an optional destination port. This is IPv4 only.
  --block-icmp=<icmp type>
                        Block this ICMP type. The default is to accept all
                        ICMP types.

  SELinux Options (deprecated):
    Using these options with no additional firewall options will not
    create or alter firewall configuration, only SELinux will be
    configured.

    --selinux=<mode>    Configure SELinux mode: enforcing, permissive,
                        disabled
    --selinuxtype=<type>
                        Configure SELinux type: Usually targeted or strict
                        Policy

lsof

lsof(list open files)是一个列出当前系统打开文件的工具。在linux系统环境下,任何事物都可以以文件形式存在,通过文件不仅可以访问常规的数据,还可以访问网络连接和硬件。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
$ lsof -h
lsof 4.87
 latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/
 latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ
 latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man
 usage: [-?abhKlnNoOPRtUvVX] [+|-c c] [+|-d s] [+D D] [+|-f[gG]] [+|-e s]
 [-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s]
[+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names]
Defaults in parentheses; comma-separated set (s) items; dash-separated ranges.
  -?|-h list help          -a AND selections (OR)     -b avoid kernel blocks
  -c c  cmd c ^c /c/[bix]  +c w  COMMAND width (9)    +d s  dir s files
  -d s  select by FD set   +D D  dir D tree *SLOW?*   +|-e s  exempt s *RISKY*
  -i select IPv[46] files  -K list tasKs (threads)    -l list UID numbers
  -n no host names         -N select NFS files        -o list file offset
  -O no overhead *RISKY*   -P no port names           -R list paRent PID
  -s list file size        -t terse listing           -T disable TCP/TPI info
  -U select Unix socket    -v list version info       -V verbose search
  +|-w  Warnings (+)       -X skip TCP&UDP* files     -Z Z  context [Z]
  -- end option scan     
  +f|-f  +filesystem or -file names     +|-f[gG] flaGs 
  -F [f] select fields; -F? for help  
  +|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0)
                                        +m [m] use|create mount supplement
  +|-M   portMap registration (-)       -o o   o 0t offset digits (8)
  -p s   exclude(^)|select PIDs         -S [t] t second stat timeout (15)
  -T qs TCP/TPI Q,St (s) info
  -g [s] exclude(^)|select and print process group IDs
  -i i   select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list]
  +|-r [t[m<fmt>]] repeat every t seconds (15);  + until no files, - forever.
       An optional suffix to t is m<fmt>; m must separate t from <fmt> and
      <fmt> is an strftime(3) format for the marker line.
  -s p:s  exclude(^)|select protocol (p = TCP|UDP) states by name(s).
  -u s   exclude(^)|select login|UID set s
  -x [fl] cross over +d|+D File systems or symbolic Links
  names  select named files or files on named file systems
Anyone can list all files; /dev warnings disabled; kernel ID check disabled.

1
2
3
4
5
6
# 查看端口打开文件情况
$ lsof -i:8080
$ lsof -i:1-1024       #查看端口1-1024

# 查看进程打开文件情况
$ lsof -p 2034|wc -l

stat

1
2
3
4
5
6
7
8
9
$ stat nginx.conf
  File: ‘nginx.conf’
  Size: 2658      	Blocks: 8          IO Block: 4096   regular file
Device: fd01h/64769d	Inode: 655370      Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1000/industry)   Gid: ( 1000/appusers)
Access: 2018-10-08 17:11:27.559757751 +0800
Modify: 2018-10-08 17:08:55.260898172 +0800
Change: 2018-10-08 17:08:55.263898150 +0800
 Birth: -

lsb_release

1
2
3
4
5
6
$ lsb_release -a
LSB Version:	:core-4.1-amd64:core-4.1-noarch
Distributor ID:	CentOS
Description:	CentOS Linux release 7.6.1810 (Core) 
Release:	7.6.1810
Codename:	Core

如果没有安装,则参考如下命令安装

1
2
3
$ yum install redhat-lsb-core
# 或者
$ yum install redhat-lsb