一、這篇文章講了什么?
這篇文章很有參考性哈。本來是想等一段時間有更多條技巧后在發布的,不過,突然發現,我是去年的今天在博客園落戶了,祝我的博客一周歲快樂,希望以后多分享一些文章啦。所以就把草稿箱的其中一篇很實用性的linux小技巧分享給運維的基友們。后續該篇文章會一直更新新技巧喲。感謝童鞋們的關注哈。
二、干貨開始啦!
1.查看端口監聽
[root@opm ~]# netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a,S[a]}' CLOSE_WAIT 4 ESTABLISHED 343
2.查看端口監聽狀態統計
[root@Master ~]# netstat -aultn | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a,S[a]}' TIME_WAIT 28253 ESTABLISHED 15 LISTEN 13
可以看出當前系統有28253的端口在使用,
3.優化以上內核參數方式:
編輯/etc/sysctl.conf net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 30
修改完成后,sysctl -p 立即生效
4.修改流量大的web 服務器上,優化內核參數
net.ipv4.tcp_keepalive_time = 1200 net.ipv4.ip_local_port_range = 10000 65000 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_max_tw_buckets = 5000 #這幾個參數,建議只在流量非常大的服務器上開啟,會有顯著的效果。一般的流量小的服務器上,沒有必要去設置這幾個參數。
5.查看linux 系統默認網關
ip route show | grep 'default' | awk '{print $3}'
6.過濾文件中的注釋以及空格開頭
egrep -v '^$|^#' /etc/rsyslog.conf
7.如何清空/刪除 last記錄
#清空最后登錄 echo >/var/log/wtmp #清空歷史紀錄 echo > ./.bash_history #在空格后輸入命令,不記錄到歷史命令中,先輸入到環境變量中 export HISTCONTROL=ignorespace
8.mysql密碼忘記了,咋辦?
vi /etc/my.cnf 添加下面一句話 [mysqld] skip-grant-tables 重啟mysqld。 之后登陸mysql系統,修改root 的密碼 USE mysql; UPDATE user SET Password = password ( 'new-password' ) WHERE User = 'root' ; flush privileges 以上就可以了。
9.利用tcpdump 監控某個接口上的端口,如80 端口,-i 后跟網絡接口,centos6上是eth0。-c 是抓的包數目
[root@web ~]# tcpdump -i eno16777984 'port 80' -c 8 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eno16777984, link-type EN10MB (Ethernet), capture size 65535 bytes 23:41:42.142270 IP 192.168.30.65.27342 > web.ichunqiu.com.http: Flags [S], seq 779859144, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 23:41:42.142360 IP web.ichunqiu.com.http > 192.168.30.65.27342: Flags [S.], seq 1569747590, ack 779859145, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 23:41:42.142677 IP 192.168.30.65.27342 > web.ichunqiu.com.http: Flags [.], ack 1, win 256, length 0 23:41:42.142722 IP 192.168.30.65.27343 > web.ichunqiu.com.http: Flags [S], seq 2277286734, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 23:41:42.142759 IP web.ichunqiu.com.http > 192.168.30.65.27343: Flags [S.], seq 3574925053, ack 2277286735, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 23:41:42.143280 IP 192.168.30.65.27344 > web.ichunqiu.com.http: Flags [S], seq 2564439030, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 23:41:42.143317 IP web.ichunqiu.com.http > 192.168.30.65.27344: Flags [S.], seq 4279749150, ack 2564439031, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 23:41:42.143346 IP 192.168.30.65.27343 > web.ichunqiu.com.http: Flags [.], ack 1, win 256, length 0 8 packets captured 23 packets received by filter 0 packets dropped by kernel
10.統計web服務器站點的日志,如apache 的access.log日志
- 統計訪問者的ip數目
[root@elk ~]# awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr | head -n 25 5568 124.126.211.201 5247 123.125.2.108 4085 139.59.253.208
- 利用系統自帶geoiplookup查看訪問者的ip歸屬地(注:需要在本機先安裝GeoIP軟件)如下:
安裝geoip軟件 [root@elk nginx]# yum install GeoIP -y 查詢ip歸屬地 [root@elk nginx]# cat access.log-20160903 | awk '{ print $1 }' | sort | uniq -c | sort -rn | head -n 25 | \
awk '{ printf("%5d\t%-15s\t", $1, $2); system("geoiplookup " $2 " | cut -d \\: -f2 ") }' 5568 124.126.211.201 CN, China 5337 123.125.2.108 CN, China 4085 139.59.253.208 AU, Australia 1543 223.223.181.131 CN, China 80 93.174.93.99 NL, Netherlands 42 121.43.61.205 CN, China 26 36.110.44.114 CN, China 26 183.6.143.154 CN, China 25 116.226.39.94 CN, China 24 111.207.81.199 CN, China 24 106.81.231.217 CN, China 18 36.44.56.82 CN, China 18 112.80.61.114 CN, China 11 220.181.132.219 CN, China 5 61.141.94.68 CN, China 5 171.8.167.69 CN, China 4 101.226.33.240 CN, China 3 180.153.212.13 CN, China 3 180.153.206.20 CN, China 3 171.8.167.68 CN, China 3 101.226.89.119 CN, China 3 101.226.33.226 CN, China 3 101.226.102.97 CN, China 2 27.221.19.18 CN, China
- 查看訪問者404 錯誤頁面的請求次數以及請求頁面,並按降序排列
[root@elk nginx]# cat /var/log/nginx/access.log | awk '($9 ~ /404/)' | awk '{ print $7 }' | sort | uniq -c | sort -rn | head -n 25
- 查看訪問者使用的User-Agent,並統計排序
[root@elk nginx]# cat /var/log/nginx/access.log | awk -F\" '{ print $6 }' | sort | uniq -c |sort -frn | head -n 25
- 統計web服務器的 UV 量
[root@elk nginx]# cat /var/log/nginx/access.log | awk '{ print $1 }' | sort | uniq -c | wc -l 122
- 統計當天的uv訪問量
[root@elk nginx]# cat /var/log/nginx/access.log | grep `date '+%d/%b/%G'` | awk '{ print $1 }' | sort | uniq -c | wc -l 10
- 統計當月的uv訪問量
[root@elk nginx]# cat access.log | grep `date '+%b/%G'` | awk '{ print $1 }' | sort | uniq -c | wc -l 111
- 根據返回的響應碼進行排序
[root@elk nginx]# cat /var/log/nginx/access.log | awk '{ print $9 }' | sort | uniq -c | sort -rn 8973 200 7304 401 720 304 79 404 49 400 10 502 10 "-" 7 201 4 499 4 409 4 173 1 405
- 快速列出點擊量最多的請求頁面
[root@elk nginx]# cat /var/log/nginx/access.log | awk '{ print $7 }' | sort | uniq -c | sort -rn | head -n 25 4015 /elasticsearch/packetbeat-*/_field_stats?level=indices 3581 /favicon.ico 2117 /bundles/src/ui/public/images/elk.ico 799 / 340 /elasticsearch/logstash-*/_field_stats?level=indices 225 /elasticsearch/.kibana/_refresh 171 /app/kibana 167 /elasticsearch/_msearch?timeout=0&ignore_unavailable=true&preference=1472786252222 153 /elasticsearch/_msearch?timeout=0&ignore_unavailable=true&preference=1472784429830 144 /elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1472746017033 139 /elasticsearch/.kibana/index-pattern/_search?fields= 132 /bundles/src/ui/public/images/kibana.svg 130 /bundles/kibana.bundle.js?v=10000 129 /bundles/node_modules/font-awesome/fonts/fontawesome-webfont.woff2 128 /bundles/commons.style.css?v=10000 128 /bundles/commons.bundle.js?v=10000 121 /bundles/kibana.style.css?v=10000 107 /elasticsearch/topbeat-*/_field_stats?level=indices 97 /elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1472744909049 97 /elasticsearch/.kibana/visualization/_search?size=100 75 /elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1472749929499 72 /elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1472750405461 66 /elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1472750160122 66 /elasticsearch/.kibana/dashboard/_search?size=100 62 /elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1472743171471
- 實時的查看請求者ip、http方法、響應碼、請求的頁面
[root@elk nginx]# tailf /var/log/nginx/access.log | awk '{ printf("%-15s\t%s\t%s\t%s\n", $1, $6, $9,$7) }' 60.191.52.254 "HEAD 401 http://115.236.176.134:3434/ 141.212.122.160 "GET 401 / 101.200.215.149 "GET 401 /manager/html 114.44.57.4 "CONNECT 400 126mx01.mxmail.netease.com:25 187.160.7.218 "GET 401 /cgi/common.cgi 187.160.7.218 "GET 401 /stssys.htm 187.160.7.218 "GET 401 / 187.160.7.218 "POST 401 /command.php 218.75.70.3 "GET 401 / 163.172.173.181 "GET 401 http://www.baidu.com/cache/global/img/gs.gif 123.125.2.108 "GET 200 / 123.125.2.108 "GET 200 /app/kibana 123.125.2.108 "GET 304 /bundles/commons.style.css?v=10000
- 跟上面的類似,只是在第四個字段加了個GeoIP解析歸屬地,如下:
[root@elk nginx]# tailf /var/log/nginx/access.log | awk '{ "geoiplookup " $1 " | cut -d \\: -f2 " | getline geo printf("%-15s\t%s\t%s\t%-20s\t%s\n", $1, $6, $9, geo, $7);}' 123.125.2.108 "GET 304 CN, China /bundles/src/ui/public/images/kibana.svg 123.125.2.108 "POST 200 CN, China /elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1472922034187 123.125.2.108 "POST 200 CN, China /elasticsearch/.kibana/index-pattern/_search?fields= 123.125.2.108 "GET 200 CN, China /elasticsearch/.kibana/_mapping/*/field/_source?_=1472922034556 123.125.2.108 "POST 200 CN, China /elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1472922034187 123.125.2.108 "GET 304 CN, China /bundles/node_modules/font-awesome/fonts/fontawesome-webfont.woff2
- 顯示非法代理的訪問者
[root@elk nginx]# awk -F\" '($6 ~ /^-?$/)' /var/log/nginx/access.log | awk '{ print $1 }' | sort | uniq 114.44.57.4 183.129.160.229 218.75.70.3 61.231.3.98
11.linux中利用python開啟臨時的web下載服務,訪問端口是88,http://ip:88/,端口可以自定義其它的,避免與系統其它的沖突
[root@web ~]# python -m SimpleHTTPServer 88
Serving HTTP on 0.0.0.0 port 88 ...
12.vim 復制多行內容
:1,10 co 10 意思是復制第1行到10行之間的內容到第10行后面。 :1,-1 co 10 意思是復制第1行到文件最后一行之間的內容到第10行后面。
13.快速刪除文件內每行中的的空格
刪除行首的空格
[root@hcloud webtest]# sed -i 's/^[ \t]*//g' filename
刪除行尾的空格
[root@hcloud webtest]# sed -i 's/[ \t]*$//g' filename
14.windows 編寫的腳本到linux 上運行,編碼錯誤解決方法:
:set ff=unix
:wq
15.yum 安裝軟件時,出現以下提示:
Resolving Dependencies There are unfinished transactions remaining. You might consider running yum-complete-transaction first to finish them.
解決方法:
[root@test ]# yum-complete-transaction
16.用grep 過濾文件中的空行已經#注釋,並將顯示出來的內容標上行號
grep -Ev '^$|^#' hosts >test.txt && cat -n test.txt && rm -f test.txt
17.假如server的某個進程的日志由於訪問量或者其它錯誤bug導致日志大小暴增,且該日志分區空間即將不足,需要在線清空該日志(清理前先備份)
解決方法,有以下幾種:
1)
cat /dev/null > logfile
2)
dd if=/dev/null of=logfile
3)
rm logfile
18.利用linux 自帶工具實時檢測網卡流量
1)ifconfig
[root@zabbix-6 ~]# watch -d ifconfig eth0
2)/proc/net/dev
[root@zabbix-6 ~]# watch -d cat /proc/net/dev
19.模擬cpu升高(可后台運行n次,每個進程的使用率*n 就是總的cpu利用率)
1)
dd if=/dev/zero of=/dev/null
2)
fulload() { dd if=/dev/zero of=/dev/null | dd if=/dev/zero of=/dev/null | dd if=/dev/zero of=/dev/null | dd if=/dev/zero of=/dev/null & }; fulload; read; killall dd
3)
yes > /dev/null &
4) 哈哈,這個慎用。。。。。!!!!
:(){ :|:& };:
20. 查看瀏覽器內部的緩存,谷歌為例,瀏覽器內輸入以下內容:
chrome://net-internals/#dns
21. 使用awk 做百分比計算(用-v 連接外部變量)
如下圖:
[root@docker ~]# awk -v a=$a -v b=$b -v c=$c 'BEGIN{printf "%2.f%\n",((a - b) / c) * c}'
22. 將查看man手冊時的終端設置為有顏色高亮的,添加如下:
修改/root/.bashrc 文件,添加到文末
# Set have color's terminal export LESS_TERMCAP_mb=$'\E[01;31m' # begin blinking export LESS_TERMCAP_md=$'\E[01;38;5;74m' # begin bold export LESS_TERMCAP_me=$'\E[0m' # end mode export LESS_TERMCAP_se=$'\E[0m' # end standout-mode export LESS_TERMCAP_so=$'\E[38;5;246m' # begin standout-mode - info box export LESS_TERMCAP_ue=$'\E[0m' # end underline export LESS_TERMCAP_us=$'\E[04;38;5;146m' # begin underline
23.斷點續傳下載文件
使用wget 下載文件,-c 斷點續傳
wget -c http://www.niu.com/filename
使用rsync 走ssh 協議拷貝文件, -e 參數,是指定遠程ssh 的服務端口為8080
rsync -azP -e "ssh -p 8080" root@10.10.0.88:/root/4-21/* ./
24.修改ulimit 文件大小,並且加入/etc/profile最后一行中,已經看到生效了,但是scp 傳輸給服務器時,文件依舊會中斷
ulimit -f unlimited
后來覺得是ssh的問題,因為scp 依靠的是ssh 協議,所以重啟了服務器上的ssh 服務。從客戶端上繼續上傳文件成功。所以應該在不重啟主機的情況下,只要重啟相關使用的程序即可
service sshd restart
25.批量修改數據庫中的ip記錄成統一格式,如下所示
在庫里,有一批服務器需要修改ip子網網段地址,如原來都是192.168.10.x, 現在要統一修改成10.10.0.0,那么可以使用該sql 語句
MariaDB [cloud]> update d_host set HostIP=concat('10.10.0',substring(hostip,10));
26.xargs 的一般使用技巧
處理每行顯示的單詞數量,如下:沒有使用xargs處理的方式:
[root@docker test]# ls *.html baaiqzryca_oldboy.html fhqvkawqgv_oldboy.html mdxppexnhr_oldboy.html ozkqzhpcof_oldboy.html xkkclfmfsx_oldboy.html eqxvzmbthe_oldboy.html hckcitirol_oldboy.html okpolqsrlz_oldboy.html vhktzmneui_oldboy.html yytrltjhjy_oldboy.html
使用xargs 加 -n number 處理的方式,如下:
[root@docker test]# ls *.html | xargs -n 2 baaiqzryca_oldboy.html eqxvzmbthe_oldboy.html fhqvkawqgv_oldboy.html hckcitirol_oldboy.html mdxppexnhr_oldboy.html okpolqsrlz_oldboy.html ozkqzhpcof_oldboy.html vhktzmneui_oldboy.html xkkclfmfsx_oldboy.html yytrltjhjy_oldboy.html
[root@docker test]# ls *.html | xargs -n 1 baaiqzryca_oldboy.html eqxvzmbthe_oldboy.html fhqvkawqgv_oldboy.html hckcitirol_oldboy.html mdxppexnhr_oldboy.html okpolqsrlz_oldboy.html ozkqzhpcof_oldboy.html vhktzmneui_oldboy.html xkkclfmfsx_oldboy.html yytrltjhjy_oldboy.html
還有一個功能,是xargs 的 -I {} 參數 將管道前的標准輸出,傳遞給xargs參數,后面可以把 {}當作參數傳遞給它其它命令,如下:
[root@docker test]# ls *.html | xargs -I {} cp {} /tmp/test2/.
上面的意思就是將當前目錄 所有以.html 結尾的文件,cp到 /tmp/test2目錄下。(備注:這個目的用xargs 有點多此一舉啦,直接cp *.html dest 也是可以的)
27.curl 構造參數,傳參,提交請求
curl -d 'Key=xxx&phone=xxx&sms=xxx' -X POST -v api接口地址
28.如何殺死僵屍進程 Z
找出該Z進程的父進程,進而殺死
kill $(ps -A -ostat,ppid | awk '/[zZ]/{print $2}')
孤兒進程:一個父進程退出,而它的一個或多個子進程還在運行,那么那些子進程將成為孤兒進程。孤兒進程將被init進程(進程號為1)所收養,並由init進程對它們完成狀態收集工作。
僵屍進程:一個進程使用fork創建子進程,如果子進程退出,而父進程並沒有調用wait或waitpid獲取子進程的狀態信息,那么子進程的進程描述符仍然保存在系統中。這種進程稱之為僵死進程。詳細參考內容
29.永遠的擦除硬盤數據,比rm更危險,謹慎操作
[root@node-2 ~]# shred --help Usage: shred [OPTION]... FILE... Overwrite the specified FILE(s) repeatedly, in order to make it harder for even very expensive hardware probing to recover the data. Mandatory arguments to long options are mandatory for short options too. -f, --force change permissions to allow writing if necessary -n, --iterations=N overwrite N times instead of the default (3) --random-source=FILE get random bytes from FILE -s, --size=N shred this many bytes (suffixes like K, M, G accepted) -u, --remove truncate and remove file after overwriting -v, --verbose show progress -x, --exact do not round file sizes up to the next full block; this is the default for non-regular files -z, --zero add a final overwrite with zeros to hide shredding --help display this help and exit --version output version information and exit If FILE is -, shred standard output. Delete FILE(s) if --remove (-u) is specified. The default is not to remove the files because it is common to operate on device files like /dev/hda, and those files usually should not be removed. When operating on regular files, most people use the --remove option. CAUTION: Note that shred relies on a very important assumption: that the file system overwrites data in place. This is the traditional way to do things, but many modern file system designs do not satisfy this assumption. The following are examples of file systems on which shred is not effective, or is not guaranteed to be effective in all file system modes: * log-structured or journaled file systems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.) * file systems that write redundant data and carry on even if some writes fail, such as RAID-based file systems * file systems that make snapshots, such as Network Appliance's NFS server * file systems that cache in temporary locations, such as NFS version 3 clients * compressed file systems In the case of ext3 file systems, the above disclaimer applies (and shred is thus of limited effectiveness) only in data=journal mode, which journals file data in addition to just metadata. In both the data=ordered (default) and data=writeback modes, shred works as usual. Ext3 journaling modes can be changed by adding the data=something option to the mount options for a particular file system in the /etc/fstab file, as documented in the mount man page (man mount). In addition, file system backups and remote mirrors may contain copies of the file that cannot be removed, and that will allow a shredded file to be recovered later. Report shred bugs to bug-coreutils@gnu.org GNU coreutils home page: <http://www.gnu.org/software/coreutils/> General help using GNU software: <http://www.gnu.org/gethelp/> For complete documentation, run: info coreutils 'shred invocation'
30.過濾ip 地址的通用方法
echo My ip address is 192.168.8.88 | grep -E -o "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" 或 echo My ip address is 192.168.8.88 | egrep -o "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"
40.在mysql 中,為用戶修改遠程授權
MariaDB [(none)]> update mysql.user set Host='%' where Host='::1'
更新歷史:
2017/06/01: 更新curl構造參數、如何殺死僵屍進程;
注意:該文章屬於作者原創,如有轉載或者分享,請注明出處以及該文章鏈接:http://www.cnblogs.com/hanyifeng/p/5440274.html