###解压命令
.tar.gz 格式解压为 tar -zxvf xx.tar.gz
.tar.bz2 格式解压为 tar -jxvf xx.tar.bz2
###
E:TDDOWNLOAD新建文件夹 (2)>dir >D:programPuTTYa.txt
E:TDDOWNLOAD新建文件夹>dir >>D:programPuTTYa.txt
D:programPuTTY>pscp.exe a.txt root@192.168.1.104:/root/
[root@localhost film]# tr -s ' ' ' ' <a.txt >b.txt
[root@localhost film]# cat name |grep "^[" >name-1
####查看进程pid的标准做法,pid文件全在/var/run/目录下
cat /var/run/httpd.pid
kill -TERM `cat /var/run/httpd.pid`
####查找大批量的文件时最合适了
[root@rac02 u01]# find /u01 -size +10M -type f|grep log_[0-9][0-9].xml
[root@rac02 u01]# find /u01 -size +10M -type f|grep l[0-9][0-9]
####单行变多行
[root@250-shiyan log]# echo /etc/init/avahi-{daemon,lol,what}.conf
/etc/init/avahi-daemon.conf /etc/init/avahi-lol.conf /etc/init/avahi-what.conf
[root@250-shiyan log]# echo /etc/init/avahi-{daemon,lol,what}.conf|xargs -n 1
/etc/init/avahi-daemon.conf
/etc/init/avahi-lol.conf
/etc/init/avahi-what.conf
####改名
[root@250-shiyan frag]# mv aabb.{dd,ee}
[root@250-shiyan frag]# ls
aabb.bak aabb.ee age check-root.sh eth.sh for.sh here.sh jj while2.sh while.sh
[root@250-shiyan frag]# cp mail.rc{,.bak}
[root@rac02 log]# grep "Failed password for root" /var/log/secure.1|wc -l
27625
[root@rac02 log]# grep "Failed password for root" /var/log/secure.2|wc -l
63933
[root@rac02 log]# grep "Failed password for root" /var/log/secure.3|wc -l
51078
[root@rac02 log]# grep "Failed password for root" /var/log/secure.4|wc -l
82726
[root@rac02 log]# ll secure*
-rw------- 1 root root 8031968 Oct 27 09:41 secure
-rw------- 1 root root 37622253 Oct 26 04:03 secure.1
-rw------- 1 root root 48321044 Oct 19 04:03 secure.2
-rw------- 1 root root 37040497 Oct 12 04:04 secure.3
-rw------- 1 root root 29897126 Oct 5 04:03 secure.4
###来统计一下有多少人在暴力破解我的 root 密码吧
[root@rac02 log]# grep "Failed password for root" /var/log/secure | awk '{print $11}' | sort | uniq -c | sort -nr | more
###很明显我禁用了 root 登录,人家也不是那么笨,开始暴力猜用户名
[root@rac02 log]# grep "Failed password for invalid user" /var/log/secure | awk '{print $11}' | sort | uniq -c | sort -nr | more
###快速备份文件
[root@250-shiyan ~]# cp mail.rc{,.bak}
###循环显示pid为3066的pmap命令的结果,如果watch不方便的话,就用循环 [root@C44 ~]# while true; do pmap -d 3066 | tail -1; sleep 2; done
[root@250-shiyan sh]# while sleep 2;do pstree;done
[root@109-com1 ~]# while sleep 1;do echo `/usr/sbin/ss -n|grep ESTAB|awk '($2 && $3)!~/0/{printf $0}'`;done
###查看和本机80端口建立连接并状态在established的所有ip [root@221-comecs ~]# netstat -an |grep 10001 |grep ESTA |awk '{print$5 " "}' |awk 'BEGIN {FS=":"} {print $1 " "}' |sort |uniq ###查看系统tcp连接中各个状态的连接数。 [root@221-comecs ~]# netstat -an|awk '/^tcp/ {++S[$NF]} END {for (a in S) print a,S[a]}' ESTABLISHED 16 LISTEN 12 ###查看udp所属进程,udp没有连接的概念,只能用tcpdump抓包才能看到有数据产生,tcp用netstat来查看。 ###udp 查看com上的asterisk进程与cache的连接 [root@com1 ~]# tcpdump port 50001 [root@com1 ~]# netstat -anp|grep 41934 udp 0 0 0.0.0.0:41934 0.0.0.0:* 20917/asterisk ###过滤出1521的连接,并排序第4列的字段,即local address [root@109-com1 asterisk]# netstat -nap|grep 1521 |sort -k 4 Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name ###持续观察命令输出,-d 高亮显示变化 [root@coreserv ~]# watch -d 'netstat -an|grep 10001' [root@coreserv ~]# watch -d 'asterisk -rx "fltcs show client"' [root@com1 ~]# watch -d 'ipvsadm -l --stats' [root@com1 ~]# watch uptime [root@com1 ~]# watch -t uptime [root@com1 ~]# watch -d -n 1 netstat -ntlp [root@com1 ~]# watch -d 'ipvsadm -l --stats' [root@com1 ~]# watch -d 'netstat -an|grep 10000' [root@com1 ~]# tcpdump port 50001 udp [root@com1 ~]# tcpdump tcp port 1521 -c 20 -vv -w udp.pcap [root@com1 ~]# netstat -anp|grep 41934 ###监测goface的文件 [root@com1 ~]# watch -d ’ls -l | fgrep goface’ [root@com1 ~]# watch -t -differences=cumulative uptime ###监控mail [root@com1 ~]# watch -n 60 from ###监测磁盘inode和block数目变化情况 [root@com1 ~]# watch -n 1 'df -i;df' ###测试http连接的请求时间 [root@CentOS5 dev]# curl -o /dev/null -s -w '%{time_connect}:%{time_starttransfer}:%{time_total}' http://www.vmware.com
电影字幕
Dialogue: 0,0:00:11.00,0:00:20.00,Default,,0000,0000,0000,,翻译:Duck two 基吉星团 Candice Emma 海鱼 N城际以北 吭哧 lalala sorgenfri 以诺 杂食季 轻音 N校对:杳杳 CC西 william2568
Dialogue: 0,0:01:28.75,0:01:30.95,Default,,0000,0000,0000,,这是一次电话线路自动测试N{fnMicrosoft YaHeifs142a&HF0&4a&H32&}This is an automated test of your digital phone line.{
}
Dialogue: 0,0:01:31.13,0:01:32.96,Default,,0000,0000,0000,,抱歉打扰了N{fnMicrosoft YaHeifs142a&HF0&4a&H32&}Sorry for the interruption.{
}
Dialogue: 0,0:01:34.21,0:01:35.55,Default,,0000,0000,0000,,查理 维克多 威士忌N{fnMicrosoft YaHeifs142a&HF0&4a&H32&}Charlie. Victor. Whiskey.{
}
匹配每一行直到Default之前的内容,notepad中先替换成1,不能直接删除
^([^t]*)t
匹配每一行大括号里的内容,并删除之
{\[^{}]*}
[root@localhost ~]# lsmod |wc -l 59 [root@localhost ~]# modprobe -l|wc -l 1973 [root@localhost ~]# modprobe -l|grep ipvs kernel/net/netfilter/ipvs/ip_vs.ko kernel/net/netfilter/ipvs/ip_vs_rr.ko kernel/net/netfilter/ipvs/ip_vs_wrr.ko kernel/net/netfilter/ipvs/ip_vs_lc.ko kernel/net/netfilter/ipvs/ip_vs_wlc.ko kernel/net/netfilter/ipvs/ip_vs_lblc.ko kernel/net/netfilter/ipvs/ip_vs_lblcr.ko kernel/net/netfilter/ipvs/ip_vs_dh.ko kernel/net/netfilter/ipvs/ip_vs_sh.ko kernel/net/netfilter/ipvs/ip_vs_sed.ko kernel/net/netfilter/ipvs/ip_vs_nq.ko kernel/net/netfilter/ipvs/ip_vs_ftp.ko kernel/net/netfilter/ipvs/ip_vs_pe_sip.ko [root@localhost ~]# modprobe -l|grep kvm kernel/arch/x86/kvm/kvm.ko kernel/arch/x86/kvm/kvm-intel.ko kernel/arch/x86/kvm/kvm-amd.ko [root@localhost ~]# modprobe -l|grep ipta kernel/net/ipv4/netfilter/iptable_filter.ko kernel/net/ipv4/netfilter/iptable_mangle.ko kernel/net/ipv4/netfilter/iptable_nat.ko kernel/net/ipv4/netfilter/iptable_raw.ko kernel/net/ipv4/netfilter/iptable_security.ko
3.
[root@localhost ~]# which passwd /usr/bin/passwd [root@localhost ~]# whereis passwd passwd: /usr/bin/passwd /etc/passwd /usr/share/man/man1/passwd.1.gz /usr/share/man/man5/passwd.5.gz [root@localhost ~]# locate passwd /etc/passwd /etc/passwd- /etc/pam.d/passwd /etc/security/opasswd /lib64/security/pam_passwdqc.so /lib64/security/pam_unix_passwd.so [root@localhost ~]# find / -name passwd /selinux/class/passwd /selinux/class/passwd/perms/passwd /usr/bin/passwd /etc/pam.d/passwd /etc/passwd [root@localhost ~]# mkdir wode [root@localhost ~]# locate wode [root@localhost ~]# updatedb [root@localhost ~]# locate wode /root/wode [root@localhost ~]# type type type is a shell builtin [root@localhost ~]# type cd cd is a shell builtin [root@localhost ~]# type if if is a shell keyword [root@localhost ~]# type ssh ssh is /usr/bin/ssh [root@localhost ~]# type -p ssh /usr/bin/ssh [root@localhost ~]# type ls ls is aliased to `ls --color=auto' [root@localhost ~]# type cp cp is aliased to `cp -i' [root@localhost wode]# ls -altr [root@localhost wode]# ls -alt 总用量 140 drwxr-xr-x. 2 root root 4096 2月 27 12:53 . dr-xr-x---. 7 root root 4096 2月 27 12:53 .. -rw-r--r--. 1 root root 219 2月 17 02:12 fi -rw-r--r--. 1 root root 97 2月 16 13:02 ee -rw-r--r--. 1 root root 97 2月 16 13:02 dd -rw-r--r--. 1 root root 122479 2月 16 11:02 aa [root@localhost ~]# du -ab --max-depth=1|sort -n 18 ./.bash_logout 58 ./.lesshst 66 ./.xauth1RcH8v 100 ./.cshrc 129 ./.tcshrc 176 ./.bash_profile 176 ./.bashrc 219 ./si 586 ./.sqlite_history 1160 ./.mysql_history ###查找文件内容 [root@localhost ~]# find / -name "*.c" | xargs grep "printf" [root@localhost ~]# find / -name "*.h" | xargs ls -alt|more [root@localhost ~]# find / -name "*.c" | xargs grep "printf"|more [root@localhost ~]# find ./ ! -type d ./.lesshst ./.sqlite_history ./.gconfd/saved_state ./.bashrc
2.
[root@Firewall ~]# snmpwalk -v 2c -c public localhost [root@Firewall ~]# iptables -I INPUT -p UDP --dport 161 -j ACCEPT [root@Firewall ~]# lsof -i:161 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME snmpd 19624 root 8u IPv4 4621955 UDP *:snmp [root@109-com1 asterisk]# lsof -Pnl +M -i4|grep 40002 asterisk 16858 0 9u IPv4 1603908 0t0 UDP *:40002 [root@109-com1 asterisk]# lsof -Pnl +M -i4|grep LISTEN|grep 10000 asterisk 16858 0 154u IPv4 1604159 0t0 TCP *:10000 (LISTEN) ###-O n 以数字显示 [root@coreserv ~]# snmpwalk -c 123456 -O n -v 2c 192.168.2.254 ###samba用户首先是系统用户,修改samba用户密码 [root@fileserv samba]# smbpasswd lizongbin ###nagios相关操作 [root@CentOS5 dev]# htpasswd -c /usr/local/nagios/htpasswd.users 用户名 新密码 [root@rac02 cache-bin]# java -jar ~/cache-monitor.jar localhost 10003 ###过滤配置文件 [root@coreserv ~]# less /etc/php.ini|grep -v "^;"|grep -v "^$"
###删除每行前导空格
[root@coreserv ~]# sed -e ‘s/^[ /t]*//g’ ###去掉每行结尾的空格 [root@coreserv ~]# sed -e ‘s/[ ]*$//g’ 文件名
###sed怎么删除最后3行?
tac file|sed 1,3d|tac
sed '$d' file|sed '$d' |sed '$d'
grep "<80>" 精确匹配80,而不是8005或808都匹配,
[root@8a2serv com1_bak]# crontab -l */60 * * * * /usr/sbin/ntpdate 192.168.2.1 && /sbin/clock -w > /dev/null 2>&1 0 */1 * * * sh /etc/asterisk/logger.sh 10 12 */1 * * find /u01/asterisk/messages-201* -ctime +3 | xargs rm -f [root@Firewall my]# wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm [root@Firewall my]# rpm -ivh rpmforge-release-0.5.2-2.el5.rf.i386.rpm [root@Firewall my]# yum install ntop [root@Firewall my]# ntop & [root@Firewall ~]# vi /etc/iptables_fw.sh [root@Firewall ~]# iptables -A INPUT -p tcp --dport 3000 -j ACCEPT [root@Firewall ~]# iptables -A OUTPUT -p tcp --sport 3000 -j ACCEPT [root@Firewall ~]# sh /etc/iptables_fw.sh [root@coreserv s]# tar czf gosh.tar.gz gosh [root@coreserv s]# scp -P 2002 gosh.tar.gz 192.168.2.101:~/ [root@8a2serv ~]# fuser -k /dev/pts/* 断开所有用户的连接 [root@test1 ~]# fuser -u /usr/sbin/sshd /usr/sbin/sshd: 2438e(root) 3754e(root) 6066e(root) [root@test1 ~]# fuser -v /usr/sbin/sshd USER PID ACCESS COMMAND /usr/sbin/sshd: root 2438 ...e. sshd root 3754 ...e. sshd root 6066 ...e. sshd [root@test1 ~]# ps -ef|grep ssh root 2438 1 0 08:27 ? 00:00:00 /usr/sbin/sshd root 3754 2438 0 09:02 ? 00:00:00 sshd: root@pts/0 root 6066 2438 0 16:40 ? 00:00:00 sshd: root@pts/1 root 6144 6070 0 16:45 pts/1 00:00:00 grep ssh [root@test1 ~]# fuser 10001/tcp -v USER PID ACCESS COMMAND 10001/tcp: root 2946 F.... asterisk [root@test1 ~]# fuser 50001/tcp -v [root@test1 ~]# fuser 50001/udp -v USER PID ACCESS COMMAND 50001/udp: root 2808 F.... java
1.网络
[root@225-oth ~]# ss -lnup|grep 50001
UNCONN 0 0 :::50001 :::* users:(("java",31662,30))
[root@225-oth ~]# ss -lnp|grep 10003
LISTEN 0 50 :::10003 :::* users:(("java",31662,31))
[root@250-shiyan ~]# ss -lnu State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 *:748 *:* UNCONN 0 0 *:44015 *:* UNCONN 0 0 *:111 *:* UNCONN 0 0 *:54901 *:* UNCONN 0 0 *:767 *:* UNCONN 0 0 *:56448 *:* UNCONN 0 0 *:2049 *:* UNCONN 0 0 *:161 *:* UNCONN 0 0 *:49698 *:* UNCONN 0 0 *:42720 *:* UNCONN 0 0 :::748 :::* UNCONN 0 0 :::111 :::* [root@250-shiyan ~]# ss -ln State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::111 :::* LISTEN 0 128 *:111 *:* LISTEN 0 128 *:46992 *:* LISTEN 0 128 :::22 :::* LISTEN 0 128 *:22 *:* LISTEN 0 128 *:52279 *:* LISTEN 0 128 *:51768 *:* LISTEN 0 100 ::1:25 :::* LISTEN 0 100 127.0.0.1:25 *:* [root@109-com1 ~]# ss -s Total: 457 (kernel 470) TCP: 276 (estab 268, closed 0, orphaned 3, synrecv 0, timewait 0/0), ports 74 Transport Total IP IPv6 * 470 - - RAW 0 0 0 UDP 77 77 0 TCP 276 274 2 INET 353 351 2 FRAG 0 0 0 [root@109-com1 ~]# ss -on|grep -v "1521"|more State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.2.215:10000 117.136.25.137:36837 timer:(keepalive,75min,0) ESTAB 0 0 192.168.2.215:10000 117.136.25.182:52393 timer:(keepalive,53min,0) ESTAB 0 0 192.168.2.215:10000 117.136.25.142:50951 timer:(keepalive,113min,0) ESTAB 0 20 192.168.2.215:10000 117.136.25.137:48439 timer:(on,1.236ms,0) ESTAB 0 0 192.168.2.215:10000 117.136.25.179:17432 timer:(keepalive,66min,0) [root@109-com1 ~]# ss -pn|more State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.2.215:10000 117.136.25.137:36837 users:(("asterisk",17765,330)) ESTAB 0 0 192.168.2.215:10000 117.136.25.182:52393 users:(("asterisk",17765,268)) ESTAB 0 0 192.168.2.109:58313 192.168.2.2:1521 users:(("asterisk",17765,68)) ESTAB 0 0 192.168.2.215:10000 117.136.25.142:50951 users:(("asterisk",17765,257)) FIN-WAIT-1 0 1 192.168.2.215:10000 223.104.11.175:52946 ESTAB 0 736 192.168.2.109:22 192.168.2.80:52721 users:(("sshd",17621,3)) [root@250-shiyan ~]# service network restart Shutting down interface eth0: [ OK ] Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: Determining if ip address 192.168.2.250 is already in use for device eth0... [ OK ] [root@localhost ~]# ifconfig eth1 Link encap:Ethernet HWaddr 00:0C:29:75:34:A8 [root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 HWADDR=00:0C:29:75:34:A5 [root@localhost ~]# cat /etc/udev/rules.d/70-persistent-net.rules # PCI device 0x8086:0x100f (e1000) SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0c:29:75:34:a8", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0" [root@localhost ~]# ifup eth0 up [root@localhost ~]# route add default gw 172.16.1.126 [root@localhost ~]# ifconfig eth0 192.168.2.128/24 up 简单快速临时配置ip [root@localhost ~]# ip link set eth0 up [root@localhost ~]# ip addr add 172.16.1.40/25 dev eth0 [root@localhost ~]# ip route add default via 172.16.1.126 dev eth0 [root@Firewall ~]# netstat -ntpl 查看所有监听端口 Active Internet connections (only servers) [root@Firewall ~]# netstat -natlp 查看已建立连接 Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
[root@084-monitor newmonitor]# cat log
192.168.2.223 1521 27758/tnslsnr
192.168.2.220 1521 3535/tnslsnr
192.168.2.2 1521 9815/tnslsnr
192.168.2.2 1521 9815/tnslsnr
192.168.2.1 1521 27467/tnslsnr
192.168.2.1 1521 18372/tnslsnr
192.168.2.1 1521 18372/tnslsnr
192.168.2.224 10000 14024/asterisk
192.168.2.224 10001 14024/asterisk
192.168.2.224 40006
192.168.2.224 40004
192.168.2.224 40001