[svc]linux常用手头命令-md版

相关代码

centos7修改网卡名字

net.ifnames=0 biosdevname=0

man手册中文

参考:http://www.kernel.org/pub/linux/docs/man-pages/
http://blog.csdn.net/gatieme/article/details/51656707

yum install man-pages-zh-CN -yecho 'LANG="zh_CN.UTF-8"' >> ~/.bashrcecho 'LANGUAGE="zh_CN:zh"' >> ~/.bashrcsource ~/.bashrc

stress压测工具

[root@n1 kubernetes]# yum install stress -y[root@n1 kubernetes]# stress -hstress: FAIL: [70121] (244) unrecognized option: -h[root@n1 kubernetes]# stress --help`stress' imposes certain types of compute stress on your systemUsage: stress [OPTION [ARG]] ... -?, --help         show this help statement     --version      show version statement -v, --verbose      be verbose -q, --quiet        be quiet -n, --dry-run      show what would have been done -t, --timeout N    timeout after N seconds     --backoff N    wait factor of N microseconds before work starts -c, --cpu N        spawn N workers spinning on sqrt() -i, --io N         spawn N workers spinning on sync() -m, --vm N         spawn N workers spinning on malloc()/free()     --vm-bytes B   malloc B bytes per vm worker (default is 256MB)     --vm-stride B  touch a byte every B bytes (default is 4096)     --vm-hang N    sleep N secs before free (default none, 0 is inf)     --vm-keep      redirty memory instead of freeing and reallocating -d, --hdd N        spawn N workers spinning on write()/unlink()     --hdd-bytes B  write B bytes per hdd worker (default is 1GB)Example: stress --cpu 8 --io 4 --vm 2 --vm-bytes 128M --timeout 10sNote: Numbers may be suffixed with s,m,h,d,y (time) or B,K,M,G (size).

安装python-ldap

参考: https://stackoverflow.com/questions/4768446/i-cant-install-python-ldap

yum install python-devel openldap-devel

nginx配置安全检查工具

pip install gixygixy /usr/local/nginx/conf/nginx.conf可以检查到以下一些问题:- ssrf 服务端请求伪造- HTTP Splitting 响应拆分- 错误的 referrer/origin 验证- 错误使用 add_header 指令- Host 头信息伪造- Referer 验证中允许为空- 响应头中使用多行形式

禁用ipv6

参考: https://linux.cn/article-4935-1.html

vi /etc/sysctl.confnet.ipv6.conf.all.disable_ipv6 = 1net.ipv6.conf.default.disable_ipv6 = 1net.ipv6.conf.lo.disable_ipv6 = 1sysctl -psysctl -w net.ipv6.conf.all.disable_ipv6=1sysctl -w net.ipv6.conf.default.disable_ipv6=1

curl命令-网站如果3次不是200或301则报警

curl -o /dev/null -s -w "%{http_code}" baidu.com-k/--insecure   允许不使用证书到SSL站点-H/--header     自定义头信息传递给服务器-I/--head       只显示请求头信息-w/--write-out [format] 什么输出完成后-s/--silent     静默模式。不输出任何东西-o/--output     把输出写到该文件中

linux正则

参考: http://blog.csdn.net/Hello_Hwc/article/details/40017833
- 基本

. 匹配任何单个字符* 前面出现0个或者多个^ 以..开始$ 以..结束

• 举个例子

china  :  匹配此行中任意位置有china字符的行^china : 匹配此以china开关的行china$ : 匹配以china结尾的行^china$ : 匹配仅有china五个字符的行[Cc]hina : 匹配含有China或china的行Ch.na : 匹配包含Ch两字母并且其后紧跟一个任意字符之后又有na两个字符的行Ch.*na : 匹配一行中含Ch字符，并且其后跟0个或者多个字符，再继续跟na两字符

• 扩展正则

? : 匹配前面正则表达式的零个或一个扩展+ : 匹配前面正则表达式的一个或多个扩展{n,m}: 前面出现1个或2个或3个| : 匹配|符号前或后的正则表达式( ) : 匹配方括号括起来的正则表达式群

grep

• 参数

-n, --line-number-i, --ignore-case   不区分大小写-r, --recursive     按照目录-o, --only-matching 只显示匹配行中匹配正则表达式的那部分-v, --invert-match  排除-c, --count         统计url出现次数grep -nrgrep -oP

• 过滤ip

192.168.100.100ifconfig|grep -oP "([0-9]{1,3}\.){3}[0-9]{1,3}"

• 过滤邮箱

cat >>tmp.txt<<EOFiher-_@qq.comhelloEOFcat tmp.txt|grep -oP "[a-zA-Z0-9_-]+@[a-zA-Z0-9_-]+(\.[a-zA-Z]+)+"

• 统计baidu关键字的url在这个大文件中出现的次数

$ cat >file.txt<<EOF  wtmp begins Mon Feb 24 14:26:08 2014  192.168.0.1  162.12.0.123  "123"  123""123  njuhwc@163.com  njuhwc@gmil.com 123  www.baidu.com  tieba.baidu.com  www.google.com  www.baidu.com/search/index  EOFgrep -cn ".*baidu.com.*" file.txt  3 

bash自动补全

 yum install bash-com* -y 我在dokcer命令tab可以补全了

nginx json日志格式标准版

参考: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/configmap.md

log-format-upstream: '{ "time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr",    "x-forward-for": "$proxy_add_x_forwarded_for", "request_id": "$request_id", "remote_user":    "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status":    $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri",    "request_query": "$args", "request_length": $request_length, "duration": $request_time,    "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent":    "$http_user_agent" }'

elk启动

nohup /bin/su - elk -c "/usr/local/elasticsearch/bin/elasticsearch" > /data/es/es-start.log 2>&1 &nohup /bin/su - elk -c "/usr/local/kibana/bin/kibana" > /data/es/kibana-start.log 2>&1 &nohup "/usr/local/logstash/bin/logstash -f /data/es/conf/logstash/logstash.conf" > /data/es/logstash-start.log 2>&1 &curl -XDELETE http://192.168.100.204:9200/.monitoring-kibana-6-2017.10.23 健康:http://192.168.100.204:9200/_cat/health?v节点:http://192.168.100.204:9200/_cat/nodes?v查看index:http://192.168.100.204:9200/_cat/indices?v

修改网卡名字

vim /etc/udev/rules.d/70-persistent-net.rulesvim /etc/sysconfig/network-scripts/ifcfg-eth0

sshfs挂载(实现nfs效果)

• 仅需客户端配置(已做客户端sshkey无密访问服务端)

yum install -y sshfs  挂载sshfs -o allow_other,transform_symlinks root@192.168.14.133:/data /data  卸载fusermount -u /data

参考: https://www.91yun.co/archives/8731

我在logging模块里看到的这个注释#---------------------------------------------------------------------------# Configuration classes and functions#---------------------------------------------------------------------------

python搜路径

起因是有人问怎么把函数全局化,不用import即可随处调用os.getcwd() #当前py所在目录b.__file__ #这个模块的路径os.__module__ #这个函数在哪个模块

参考:http://blog.csdn.net/l_b_yuan/article/details/52260646

os.path.abspath(path)  #返回绝对路径  os.path.split(path     #将path分割成目录和文件名二元组返回  os.path.dirname(path)  #返回path的目录。其实就是os.path.split(path)的第一个元素  os.path.basename(path) #返回path最后的文件名  os.path.exists(path)   #如果path存在，返回True；如果path不存在，返回False  os.path.isabs(path)    #如果path是绝对路径，返回True  os.path.isfile(path)   #如果path是一个存在的文件，返回True。否则返回False  os.path.isdir(path)    #如果path是一个存在的目录，则返回True。否则返回False  os.path.getatime(path) #返回path所指向的文件或者目录的最后存取时间  os.path.getmtime(path) #返回path所指向的文件或者目录的最后修改时间   s.path.join(path1[, path2[, ...]])  #将多个路径组合后返回，第一个绝对路径之前的参数将被忽略。  >>> os.path.join('c:\\', 'csv', 'test.csv')  'c:\\csv\\test.csv'  >>> os.path.join('windows\temp', 'c:\\', 'csv', 'test.csv')  'c:\\csv\\test.csv'  >>> os.path.join('/home/aa','/home/aa/bb','/home/aa/bb/c')  '/home/aa/bb/c'  

python env 和 vscode配置

pip install virtualenvpip install virtualenvwrapperpip install virtualenvwrapper-winmkvirtualenv --python==C:\Python27\python.exe py27envexitmkvirtualenv --python==C:\Python34\python.exe py34envworkon{    "workbench.colorTheme": "Solarized Light",    "window.zoomLevel": 1,    "window.menuBarVisibility": "default",    "editor.wordWrap": "on",    "editor.fontSize": 16,    "files.autoSave": "afterDelay",    "terminal.integrated.shell.windows": "C:\\Program Files\\Git\\bin\\bash.exe",    "editor.rulers": [80,120]}

env配置文件

•    ~/.bash_profile：用户每次登录时执行•    ~/.bashrc：每次进入新的Bash环境时执行•    ~/.bash_logout：用户每次退出登录时执行

sedmail发邮件配置

yum install sendmail -ycat >>/etc/mail.rc<<EOFset from=xxx@tt.comset smtp=smtp.exmail.qq.comset smtp-auth-user=xxx@tt.comset smtp-auth-password=123456set smtp-auth=loginEOFsource /etc/mail.rc

• 发消息

echo "test"| mail -s "邮件标题" iher@foxmail.com

• 发文件

mail -s "邮件标题" iher@foxmail.com < /etc/passwd

• 发附件

mail -s "邮件标题" -a /var/log/messages iher@Foxmail.com < /etc/passwd

• 邮件相关目录

C6 postfix /var/spool/postfix/maildropC5 sedmail /var/spool/clientmqueue

注: centos6.5已经不自动安装sendmail了所以没必要走这一步优化

• 写脚本自动清理邮箱

mkdir -p /server/scriptscat /root/shell/spool_clean.sh#!/bin/shfind/var/spool/clientmqueue/-type f -mtime +30|xargs rm-f

echo '*/30 * * * * /bin/sh /server/scripts/spool_clean.sh >/dev/null 2>&1'>>/var/spool/cron/root

locale字符集-面试

• 查本地支持的所有字符集

# locale -a

• 查当前使用的字符集

locale #调取了/etc/sysconfig/i18n

• 系统默认字符集:

export LANG='zh_CN.UTF-8'

监控网卡实时流量

• 监控网卡流量历史流量

yum install sysstatsar -n DEV 1 5  #1s监控1次,共监控5次.sar -n DEV  (-n network)

watch more /proc/net/dev

find干掉超过10天的

• mtime 10天内 10天外

find . -mtime +10 -exec rm -rf {} \;find . -mtime +10|xargs rm -f

测试udp端口是否通-面试

$ nc -vuz 192.168.6.6 53Connection to 192.168.6.6 53 port [udp/domain] succeeded!

实际使用时可以只用-u参数，-u代表udp协议 ，-v代表详细模式，-z代表只监测端口不发送数据。

使用nc+tar传文件

• client发交互式到服务器的console

nc -l -u 8021             --server #可以配置tcpdump -i eth0 port 8021 -nnv抓包nc -u 192.168.6.52 8021   --client #交互式发送消息

• client发文件到服务端console

server: nc -l -u 8021client: nc -u 192.168.6.52 8021 < /etc/hosts

• tar+nc传文件

server： tar -cf - /home/database  | nc -l 5677 #将/home/database文件client： nc 192.168.6.52 5677 | tar -xf -       #传到client的当前目录

生成密码：

openssl rand -hex 8

$mkpasswd -l 16 -s 23Hte^bd-pkylSbf7

echo "ansible"|passwd --stdin ansible #centos7改用户密码

fstab挂载

• fstab挂载硬盘

cat /etc/fstab需挂载的设备                挂载点  fs类型   参数        备份 检查/dev/mapper/centos-data    /data  xfs      defaults    0 0

• nfs挂载(centos7放fstab)

192.168.8.68:/data/backup/no75/confluence/data /data/confluence/  nfs     defaults        0 0

• nfs挂载(centos6放/etc/rc.local里即可)

/usr/bin/mount -t nfs 192.168.8.68:/data/owncloud /data/owncloud-192.168.8.68

• nfs服务端设置:

/data/backup/no75/confluence/data 192.168.8.0/24(rw,sync,no_root_squash)

• (磁盘扩容)关于tmpfs空间满，会影响其中的服务使用吗

Filesystem Size Used Avail Use% Mounted on/dev/sda1 32G 1.3G 29G 5% /tmpfs 16G 16G 0 100% /dev/shmmount -o remount,size=18G /dev/shm

• 只读mount

Mount the file system and make it writeablemount -uw /Make the filesystem read only again.mount -ur /

date命令小结

• 前一天日期

date  +%Y-%m-%d~%H-%M-%S -d "-1 day"

date  "+%Y-%m-%d %H-%M-%S" -d "-1 day"

• 压缩带日期

tar zcvf etc_$(date +%F -d "-1 day").tar.gz /etc/

系统时间优化

• 时区校准

rm -rf /etc/localtime && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && ntpdate ntp1.aliyun.com

• 设置同步时间

/user/sbin/ntpdate ntp1.aliyun.comecho '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2 >&1' >>/var/spool/cron/root

• 手动修改时间

date -s "2016/06/11 22:50"

过滤网卡ip

ifconfig eth0|grep -oP "([0-9]{1,3}\.){3}[0-9]{1,3}"|sed -n '1p'ifconfig|sed -n '2p'|sed -r 's#^.*addr:(.*) Bcast.*$#\1#g'ifconfig|sed -n '2p'|awk -F':' '{print $2}'|awk '{print $1}'

回车擦除^H

echo "stty erase ^H" >>/root/.bash_profilesource /root/.bash_profile

centos7安装nslookup ifconfig

How to install dig, host, and nslookup – bind-utils on CentOS:

yum install bind-utils -y [c6使用nslookup]yum install net-tools -y [c7使用ifconfig]

selinux优化

setenforce 0sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/configgetenforce/etc/init.d/iptables stop

文件描述符优化

ulimit -SHn 65535echo '* - nofile 65536' >>/etc/security/limits.confecho "* soft nproc 65535" >>/etc/security/limits.confecho "* hard nproc 65535" >>/etc/security/limits.confecho "* soft nofile 65535" >>/etc/security/limits.confecho "* hard nofile 65535" >>/etc/security/limits.conf

清除系统版本banner

> /etc/issuse>/etc/redhat-release

添加普通用户并进行sudo授权管理

$ useradd sunsky$ echo "123456"|passwd --stdin sunsky&&history –c$ visudo # 99gg在root ALL=(ALL) ALL  #此行下，添加如下内容sunsky ALL=(ALL) ALLlanny  ALL=(ALL) ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom #仅允许他执行这些命令

ssh慢优化

\cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orised -i 's#\#UseDNS yes#UseDNS no#g' /etc/ssh/sshd_configsed -i 's#GSSAPIAuthentication yes#GSSAPIAuthentication no#g' /etc/ssh/sshd_config/etc/init.d/sshd restartPort 22345PermitRootLogin noPermitEmptyPasswords noUseDNS noListenAddress 192.168.138.24GSSAPIAuthentication no

crt设置超时

export TMOUT=10echo "export TMOUT=10" >>/etc/profilesource /etc/profile

vim安装优化

yum -y install vim-enhancedcat >>/etc/vimrc<<aset nuset cursorlineset nobackupset rulerset autoindentset vb t_vb=set ts=4set expandtaba. /etc/vimrc

rsync安装配置

• rsync server配置(rpm -qa|grep rsync):

cat /usr/local/rsync/rsync.confuid = rootgid = rootuse chroot = nomax connections = 10strict modes = yespid file = /var/run/rsyncd.pidlock file = /var/run/rsync.locklog file = /var/log/rsyncd.log[web]path = /code/pp100web/target/ROOTcomment = web fileignore errorsread only = nowrite only = nohosts allow = 192.168.14.132list = falseuid = rootgid = rootauth users = webusersecrets file = /usr/local/rsync/rsync.passwd

• 重启rsync

kill -HUP `cat /var/run/rsyncd.pid`/usr/bin/rsync --daemon --config=/usr/local/rsync/rsync.confps -ef|grep rsync

• 配置允许同步的的客户端

vim /usr/local/rsync/rsync.confhosts allow = 192.168.14.132,192.168.14.133

注意:密码文件统一600,且普通用户为谁,属主即为谁.

java环境变量(附带tomcat)

export JAVA_HOME=/usr/local/jdkexport PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATHexport CLASSPATH=.$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jarexport TOMCAT_HOME=/usr/local/tomcatexport CATALINA_BASE="/data/tomcat"export PATH=/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/jdk1.7.0_45/bin:/root/bin:/usr/local/jdk1.7.0_45/bin:/root/bin

换源&安装常用软件

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repowget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repoyum clean allyum makecacheyum install lrzsz ntpdate sysstat dos2unix wget telnet tree -y

添加定时任务

crontab -l*/5 * * * * /usr/sbin/ntpdate times.windows.com >/dev/null 2>&1

优化退格键

stty erase "^H" #追加到/etc/profile

优化history:

export HISTTIMEFORMAT="%F %T `whoami` "echo "export HISTTIMEFORMAT="%F %T `whoami` "" >> /etc/profile

优化message:格式

export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg";}'

过滤日志

cat /etc/salt/master |grep -v "#" | sed '/^$/d'grep -nir-i 不区分大小写-n 显示行号-r 查找目录, grep -r 'xx' .

kill服务

/usr/bin/killall -HUP syslogd/bin/kill -USR1 $(cat /var/run/nginx.pid 2>/dev/null) 2>/dev/null || :

禁止ping

echo "net.ipv4.icmp_echo_ignore_all=1">>/etc/sysctl.conftail -1 /etc/sysctl.confsysctl -pecho 1 > /proc/sys/net/ipv4/ip_forward #这样好处可以tab

sysctl -w net.ipv4.ip_forward=1 #好像没写到/etc/sysctl.conf里

sed 在某行（指具体行号）前或后加一行内容

sed -i 'N;4addpdf' a.txtsed -i 'N;4ieepdf' a.txtsed -i 'N;4a44444444444444444444444444testt' 1.log在第四行后加一行http://www.361way.com/sed-process-lines/2263.html

关闭bell:[需reboot]

sed -i 's#^\#set bell-style none#set bell-style none#g' /etc/inputrcecho "modprobe -r pcspkr" > /etc/modprobe.d/blacklist

关掉ctrl+alt+delete关机

\cp /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.conf.baksed -i 's#exec /sbin/shutdown -r now "Control-Alt-Deletepressed"#\#exec /sbin/shutdown -r now "Control-Alt-Deletepressed"#g'

yum groupinstall base -yyum groupinstall core -yyum groupinstall development libs -yyum groupinstall development tools -y

echo高亮显示

echo -e "\033[32m crontab has been added successfully \033[0m"

nfs安装配置

• 服务端&客户端

yum install nfs-utils rpcbind -y

• 服务端:

/etc/init.d/rpcbind startps -ef |grep rpc/etc/init.d/rpcbind statusrpcinfo -p localhost

• 服务端配置共享目录

echo "/data 10.0.0.0/24(rw,sync,no_root_squash)" >> /etc/exportschkconfig rpcbind onchkconfig nfs on

• 客户端挂载

/etc/init.d/rpcbind startchkconfig rpcbind onshowmount -e 10.1.1.10mount -t nfs 10.1.1.10:data /mnt写到/etc/rc.local里

nginx编译安装

• 1.安装依赖

yum install pcre pcre-devel openssl openssl-devel –y

• 2.添加nginx用户

useradd -s /sbin/nologin -M nginx

• 3.编译安装

./configure --user=nginx --group=nginx --prefix=/usr/local/nginx-1.6.2 --with-http_stub_status_module --with-http_ssl_modulemake && make installecho $?ln -s /usr/local/nginx-1.6.2 /usr/local/nginx

• 4.检查nginx.conf语法

/usr/local/sbin/nginx       # -t检查配置文件语法/usr/local/nginx/sbin/nginx # 启动

• 5.添加nginx服务到PATH

echo PATH=/application/nginx/sbin/:$PATH >> /etc/profilesource /etc/profilenetstat -ntulp |grep nginxlsof -i:80curl 192.168.14.151nginx -s stopnginx -s reload

• 7.nginx反代配置nignx.conf

worker_processes auto;events {  multi_accept on;  use epoll;  worker_connections 51200;}error_log stderr notice;worker_rlimit_nofile 65535;http {    include       mime.types;    default_type  application/octet-stream;    server_info  off;    server_tag   off;    server_tokens  off;    server_name_in_redirect off;    client_max_body_size 20m;    client_header_buffer_size 16k;    large_client_header_buffers 4 16k;    sendfile        on;    tcp_nopush     on;    keepalive_timeout  65;    server_tokens on;     gzip  on;    gzip_min_length 1k;    gzip_buffers 4 16k;    gzip_proxied   any;    gzip_http_version 1.1;    gzip_comp_level 3;    gzip_types text/plain application/x-javascript text/css application/xml;    gzip_vary on;    upstream owncloud {        server 127.0.0.1:8000;    }    upstream confluence {        server 127.0.0.1:8090;    }    server {        listen       80;        server_name  owncloud.maotai.org;        location / {            proxy_next_upstream error timeout invalid_header http_500 http_503 http_404 http_502 http_504;            proxy_pass http://owncloud;            proxy_set_header Host $host;            proxy_set_header X-Real-IP $remote_addr;            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        }    }    server {        listen       80;        server_name  confluence.maotai.org;        location / {            proxy_next_upstream error timeout invalid_header http_500 http_503 http_404 http_502 http_504;            proxy_pass http://confluence;            proxy_set_header Host $host;            proxy_set_header X-Real-IP $remote_addr;            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        }    }    server {        listen  80;        server_name status-no189.maotai.org;        location /nginx_status {            stub_status on;            access_log off;        }    }}

徒手生成10M的文件

参考: https://linux.cn/article-4126-1.html

head -c 10M < /dev/urandom > /var/log/log-file# 生成随机字符串 cat /dev/urandom |tr -dc [:alnum:] |head -c 8 

logrotate nginx日志切割

每天3点才切割问题: 参考: http://www.voidcn.com/article/p-tpivuevp-gn.html

cat > /etc/logrotate.d/nginx/usr/local/nginx/logs/*.log {    daily    missingok    rotate 7    dateext    compress    delaycompress    notifempty    sharedscripts    postrotate        if [ -f /usr/local/nginx/logs/nginx.pid ]; then            kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`        fi    endscript}

网卡配置

DEVICE=eth0TYPE=EthernetONBOOT=yesNM_CONTROLLED=yesBOOTPROTO=staticIPADDR=192.168.6.28NETMASK=255.255.255.0GATEWAY=192.168.6.1

修改console提示符

• Ubuntu的promote

export PS1="\[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\u@\h:\w\$"

• centos的promote

export PS1="[\u@\h \W]\$"

yum安装lamp

• yum安装lamp:

yum install -y httpd php php-cli php-common php-pdo php-gdyum install -y httpd php php-cli php-common php-pdo php-gd mysql mysql-server php-mysqlyum install -y httpd php php-ldap php-gd

• php配置:

vim /etc/php.ini729 post_max_size = 16M946 date.timezone = PRC #(中华人民共和国)

批量创建用户脚本

cat adduser.sh#!/bin/bash# Add system userfor ldap in {1..5};doif id user${ldap} &> /dev/null;thenecho "System account already exists"elseadduser user${ldap}echo user${ldap} | passwd --stdin user${ldap} &> /dev/nullecho "user${ldap} system add finish"fidone# chmod +x adduser.sh# ./adduser.sh# id user1uid=502(user1) gid=502(user1) groups=502(user1)

useradd test -u 6000 -g 6000 -s /sbin/nologin -M -d /dev/null

[shell] ∗和@的区别

• 单独的 ∗和@ 没区别
• “∗"和"@”区别如下

[root@node1 ~]# cat test.sh #!/bin/shfor i in "$*";doecho $idone[root@node1 ~]# sh test.sh 1 2 3 41 2 3 4[root@node1 ~]# cat test.sh #!/bin/shfor i in "$@";doecho $idone[root@node1 ~]# sh test.sh 1 2 3 4 512345

[shell] linux exec与重定向

[shell] shell学习之变量

[shell] 定义列表

• 使用小括号为数组赋值
  a=（1 2 3）注意: 默认空格隔开

• 为数组b赋值-方法1

$ b=(bbs www http ftp)$ echo ${b[*]}bbs www http ftp

• 打印出第一个和第三个数据项

$ echo ${b[0]};echo '*******';echo ${b[2]}bbs*******http

注: 记住是小括号，不是大括号

• 为数组b赋值-方法2

name=(alicebobcristindanny)for i in "${!name[@]}";doecho ${name[$i]}done

• 取得数组元素的个数-方法1

length=${#array_name[@]}

• 取得数组元素的个数-方法2

length=${#array_name[*]}

• 取得数组单个元素的长度

lengthn=${#array_name[n]}

优化小结:
一清： 定时清理日志/var/spool/clientsqueue
一精： 精简开机启动服务
一增： 增大文件描述符
两优： linux内核参数的优化、yum源优化
四设：设置系统的字符集、设置ssh登录限制、设置开机的提示信息与内核信息、设置block的大小
七其他：文件系统优化、sync数据同步写入磁盘、不更新时间戳、锁定系统关键文件、时间同步、sudo集权管理、关闭防火墙和selinux

centos一键优化脚本:
- 细节:
- linux生产服务器有关网络状态的优化措施
- linux定时任务Crond之定时任务优化系统案例15
- 一键脚本:
- 较简单:
- 较健全:

本文 centos 6.5 优化 的项有18处:
- 1、centos6.5最小化安装后启动网卡
- 2、ifconfig查询IP进行SSH链接
- 3、更新系统源并且升级系统
- 4、系统时间更新和设定定时任
- 5、修改ip地址、网关、主机名、DNS
- 6、关闭selinux，清空iptables
- 7、创建普通用户并进行sudo授权管理
- 8、修改SSH端口号和屏蔽root账号远程登陆
- 9、锁定关键文件系统（禁止非授权用户获得权限）
- 10、精简开机自启动服务
- 11、调整系统文件描述符大小
- 12、设置系统字符集
- 13、清理登陆的时候显示的系统及内核版本
- 14、内核参数优化
- 15、定时清理/var/spool/clientmqueue
- 16、删除不必要的系统用户和群组
- 17、关闭重启ctl-alt-delete组合键
- 18、设置一些全局变量

优化内核:

\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)cat >>/etc/sysctl.conf<<EOFnet.ipv4.tcp_fin_timeout = 2net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_syncookies = 1net.ipv4.tcp_keepalive_time = 600net.ipv4.ip_local_port_range = 4000 65000net.ipv4.tcp_max_syn_backlog = 16384net.ipv4.tcp_max_tw_buckets = 36000net.ipv4.route.gc_timeout = 100net.ipv4.tcp_syn_retries = 1net.ipv4.tcp_synack_retries = 1net.core.somaxconn = 16384net.core.netdev_max_backlog = 16384net.ipv4.tcp_max_orphans = 16384net.netfilter.nf_conntrack_max = 25000000net.netfilter.nf_conntrack_tcp_timeout_established = 180net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120EOFsysctl -p

注: 以下参数是对centos6.x的iptables防火墙的优化，防火墙不开会有提示，可以忽略不理。
如果是centos5.X需要吧netfilter.nf_conntrack替换成ipv4.netfilter.ip
centos5.X为net.ipv4.ip_conntrack_max = 25000000

net.nf_conntrack_max = 25000000net.netfilter.nf_conntrack_max = 25000000net.netfilter.nf_conntrack_tcp_timeout_established = 180net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120

linux更换内核

参考

CentOS6 内核更换为： 2.6.32-504.3.3.el6.x86_64

rpm -ivh http://soft.91yun.org/ISO/Linux/CentOS/kernel/kernel-firmware-2.6.32-504.3.3.el6.noarch.rpmrpm -ivh http://soft.91yun.org/ISO/Linux/CentOS/kernel/kernel-2.6.32-504.3.3.el6.x86_64.rpm --force

CentOS7 内核更换为： 3.10.0-229.1.2.el7.x86_64

rpm -ivh http://soft.91yun.org/ISO/Linux/CentOS/kernel/kernel-3.10.0-229.1.2.el7.x86_64.rpm --force

查看是否成功

rebootuname -rrpm -qa | grep kernel百度:site:centos.org 你需要的内核site:centos.org kernel-2.6.32-504.3.3.el6.x86_64.rpm