Linux 各种命令

linux查看防火墙状态及开启关闭命令

• 方式一：service方式

#查看防火墙状态[root@localhost /]# service iptables status表格：filterChain INPUT (policy ACCEPT)num  target     prot opt source               destination         1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)num  target     prot opt source               destination         1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num  target     prot opt source               destination         #防火墙开启，关闭防火墙[root@localhost /]# service iptables stopiptables：清除防火墙规则：                                 [确定]iptables：将链设置为政策 ACCEPT：filter                    [确定]iptables：正在卸载模块：                                   [确定][root@localhost /]# [root@localhost /]# [root@localhost /]# service iptables statusiptables：未运行防火墙。#防火墙关闭，开启防火墙[root@localhost /]# service iptables startiptables：应用防火墙规则：                                 [确定][root@localhost /]#

• 方式二：iptables方式

#查看防火墙状态[root@localhost /]# /etc/init.d/iptables status表格：filterChain INPUT (policy ACCEPT)num  target     prot opt source               destination         1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)num  target     prot opt source               destination         1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num  target     prot opt source               destination        #防火墙开启，关闭防火墙[root@localhost /]# /etc/init.d/iptables stopiptables：清除防火墙规则：                                 [确定]iptables：将链设置为政策 ACCEPT：filter                    [确定]iptables：正在卸载模块：                                   [确定][root@localhost /]# [root@localhost /]# [root@localhost /]# /etc/init.d/iptables statusiptables：未运行防火墙。[root@localhost /]##防火墙关闭，开启防火墙[root@localhost /]# /etc/init.d/iptables restartiptables：应用防火墙规则：                                 [确定][root@localhost /]# 

---

添加Linux防火墙端口

[root@localhost /]# vi /etc/sysconfig/iptables# Firewall configuration written by system-config-firewall# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT

编辑iptables文件/etc/sysconfig/iptables，添加如下一行，可以参照已有的已经开启的ssh的22端口

-A INPUT -m state –state NEW -m tcp -p tcp –dport 8080 -j ACCEPT

[root@localhost /]# vi /etc/sysconfig/iptables# Firewall configuration written by system-config-firewall# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibited-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPTCOMMIT

保存后，重启防火墙

[root@localhost /]# service iptables restartiptables：清除防火墙规则：                                 [确定]iptables：将链设置为政策 ACCEPT：filter                    [确定]iptables：正在卸载模块：                                   [确定]iptables：应用防火墙规则：                                 [确定][root@localhost /]# service iptables status表格：filterChain INPUT (policy ACCEPT)num  target     prot opt source               destination         1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8080 Chain FORWARD (policy ACCEPT)num  target     prot opt source               destination         1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num  target     prot opt source               destination 

---

查看某端口是否被占用，以4700为例

[root@iZ23aha612kZ sysconfig]# netstat -lnp|grep 4700udp        0      0 0.0.0.0:4700                0.0.0.0:*                               17736/java

[root@iZ23aha612kZ sysconfig]# netstat -lnp|grep 4702[root@iZ23aha612kZ sysconfig]# 

如果没有任何打印，说明没有被占用。有打印的话，说明被占用了，一般会列出哪个进程占用。

---

查看是否开启了SELinux

SELinux是一个安全体系结构，它通过LSM(Linux Security Modules)框架被集成到Linux Kernel 2.6.x中。它是NSA (United States National Security Agency)和SELinux社区的联合项目。SELinux提供了一种灵活的强制访问控制(MAC)系统，且内嵌于Linux Kernel中。SELinux定义了系统中每个【用户】、【进程】、【应用】和【文件】的访问和转变的权限，然后它使用一个安全策略来控制这些实体(用户、进程、应用和文件)之间的交互，安全策略指定如何严格或宽松地进行检查。SELinux对系统用户(system users)是透明的，只有系统管理员需要考虑在他的服务器中如何制定严格的策略。策略可以根据需要是严格的或宽松的。只有同时满足了【标准Linux访问控制】和【SELinux访问控制】时，主体才能访问客体。

• 遇到的问题

  linux本机下使用php index.php 可以查看运行结果，但是 在我的windows浏览器下报错：[Mon Nov 06 10:18:33 2017] [error] [client 192.168.0.81] PHP Warning: mysql_connect(): Can’t connect to MySQL server on ‘127.0.0.1’ (13) in /var/www/html/index.php on line 9

[root@localhost html]# cat index.php ----Hello, World!!!---2017/11/06<?php$link=mysql_connect('127.0.0.1','cdms','cdms');if($link)echo "scuess";elseecho "fail";?>---[root@localhost html]# php index.php----Hello, World!!!---2017/11/06scuess---

• 原因

#发现 httpd_can_network_connect --> off#getsebool命令是用来查询SElinux策略内各项规则的布尔值。SELinux的策略与规则管理相关命令：seinfo命令、sesearch命令、getsebool命令、setsebool命令、semanage命令。[root@localhost html]# getsebool -a | grep httpdallow_httpd_anon_write --> offallow_httpd_mod_auth_ntlm_winbind --> offallow_httpd_mod_auth_pam --> offallow_httpd_sys_script_anon_write --> offhttpd_builtin_scripting --> onhttpd_can_check_spam --> offhttpd_can_network_connect --> offhttpd_can_network_connect_cobbler --> offhttpd_can_network_connect_db --> offhttpd_can_network_memcache --> offhttpd_can_network_relay --> offhttpd_can_sendmail --> offhttpd_dbus_avahi --> onhttpd_enable_cgi --> onhttpd_enable_ftp_server --> offhttpd_enable_homedirs --> offhttpd_execmem --> offhttpd_manage_ipa --> offhttpd_read_user_content --> offhttpd_run_stickshift --> offhttpd_setrlimit --> offhttpd_ssi_exec --> offhttpd_tmp_exec --> offhttpd_tty_comm --> onhttpd_unified --> onhttpd_use_cifs --> offhttpd_use_gpg --> offhttpd_use_nfs --> offhttpd_use_openstack --> offhttpd_verify_dns --> off

• 解决问题

[root@localhost html]# setsebool httpd_can_network_connect 1

• 查看是否开启了SELinux

##如果SELinux status参数为enabled即为开启状态[root@localhost html]# /usr/sbin/sestatus -vSELinux status:                 enabledSELinuxfs mount:                /selinuxCurrent mode:                   enforcingMode from config file:          enforcingPolicy version:                 24Policy from config file:        targetedProcess contexts:Current context:                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023Init context:                   system_u:system_r:init_t:s0/sbin/mingetty                  system_u:system_r:getty_t:s0/usr/sbin/sshd                  unconfined_u:system_r:sshd_t:s0-s0:c0.c1023File contexts:Controlling term:               unconfined_u:object_r:user_devpts_t:s0/etc/passwd                     system_u:object_r:etc_t:s0/etc/shadow                     system_u:object_r:shadow_t:s0/bin/bash                       system_u:object_r:shell_exec_t:s0/bin/login                      system_u:object_r:login_exec_t:s0/bin/sh                         system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0/sbin/agetty                    system_u:object_r:getty_exec_t:s0/sbin/init                      system_u:object_r:init_exec_t:s0/sbin/mingetty                  system_u:object_r:getty_exec_t:s0/usr/sbin/sshd                  system_u:object_r:sshd_exec_t:s0[root@localhost html]# [root@localhost html]# [root@localhost html]# [root@localhost html]# [root@localhost html]# [root@localhost html]###也可以用这个命令检查，如果为Enforcing即为开启状态[root@localhost html]# getenforceEnforcing

1. 临时关闭（不用重启机器），设置SELinux 成为 Permissive模式，setenforce 1 设置SELinux 成为 Enforcing模式

[root@localhost html]# setenforce 0[root@localhost html]# [root@localhost html]# getenforcePermissive[root@localhost html]#

2.可以通过修改SELinux的配置文件开启或关闭它（需要重启机器）：

修改/etc/selinux/config 文件

找到：
SELINUX=enforcing
修改成:
SELINUX=disabled
重启一下，就OK。

---

ll命令 显示文件 年 月 日 时 分 秒

• 下面是默认的ll命令显示：

[root@localhost src]# ll总用量 1676-rw-r--r--. 1 root root    2381 1月  23 2017 index.html-rw-r--r--. 1 root root   37052 7月   3 2011 python-iniparse-0.3.1-2.1.el6.noarch.rpm-rw-r--r--. 1 root root   87660 5月  12 2016 python-urlgrabber-3.9.1-11.el6.noarch.rpmdrwxr-xr-x. 3 root root    4096 9月  28 13:59 secureCRT-rw-r--r--. 1 root root  492020 9月  28 11:27 wget-1.12-1.4.el6.x86_64.rpm-rw-r--r--. 1 root root 1042364 3月  23 2017 yum-3.2.29-81.el6.centos.noarch.rpm-rw-r--r--. 1 root root   33524 3月  23 2017 yum-plugin-fastestmirror-1.1.30-40.el6.noarch.rpm

• 设置显示样式

[root@localhost src]# alias ll='ls -lh  --time-style=+"%Y-%m-%d %H:%M:%S"'[root@localhost src]# ll总用量 1.7M-rw-r--r--. 1 root root  2.4K 2017-01-23 21:28:24 index.html-rw-r--r--. 1 root root   37K 2011-07-03 12:42:38 python-iniparse-0.3.1-2.1.el6.noarch.rpm-rw-r--r--. 1 root root   86K 2016-05-12 18:50:34 python-urlgrabber-3.9.1-11.el6.noarch.rpmdrwxr-xr-x. 3 root root  4.0K 2017-09-28 13:59:43 secureCRT-rw-r--r--. 1 root root  481K 2017-09-28 11:27:36 wget-1.12-1.4.el6.x86_64.rpm-rw-r--r--. 1 root root 1018K 2017-03-23 23:04:15 yum-3.2.29-81.el6.centos.noarch.rpm-rw-r--r--. 1 root root   33K 2017-03-23 23:00:06 yum-plugin-fastestmirror-1.1.30-40.el6.noarch.rpm

• 按日期排序

[root@localhost src]# ll -t总用量 1.7Mdrwxr-xr-x. 3 root root  4.0K 2017-09-28 13:59:43 secureCRT-rw-r--r--. 1 root root  481K 2017-09-28 11:27:36 wget-1.12-1.4.el6.x86_64.rpm-rw-r--r--. 1 root root 1018K 2017-03-23 23:04:15 yum-3.2.29-81.el6.centos.noarch.rpm-rw-r--r--. 1 root root   33K 2017-03-23 23:00:06 yum-plugin-fastestmirror-1.1.30-40.el6.noarch.rpm-rw-r--r--. 1 root root  2.4K 2017-01-23 21:28:24 index.html-rw-r--r--. 1 root root   86K 2016-05-12 18:50:34 python-urlgrabber-3.9.1-11.el6.noarch.rpm-rw-r--r--. 1 root root   37K 2011-07-03 12:42:38 python-iniparse-0.3.1-2.1.el6.noarch.rpm

Linux添加字体

• 查看当前系统的字体

[root@localhost ~]# cd /usr/share/fonts[root@localhost fonts]# fc-list :lang=zhAR PL UMing TW:style=LightAR PL UMing HK:style=LightAR PL UMing CN:style=LightAR PL UKai TW MBE:style=BookAR PL UKai CN:style=BookAR PL UKai HK:style=BookAR PL UKai TW:style=Book文泉驿正黑,文泉驛正黑,WenQuanYi Zen Hei:style=Regular文泉驿等宽正黑,文泉驛等寬正黑,WenQuanYi Zen Hei Mono:style=RegularAR PL UMing TW MBE:style=Light文泉驿点阵正黑,文泉驛點陣正黑,WenQuanYi Zen Hei Sharp:style=Regular[root@localhost fonts]# 

• 新建一个自定义的字体文件夹，把从Windows系统fonts目录下拷贝过来的字体文件直接mv进来，就能看到安装成功了

[root@localhost fonts]# [root@localhost fonts]# [root@localhost fonts]# [root@localhost fonts]# mkdir /usr/share/fonts/my_fonts[root@localhost fonts]#[root@localhost fonts]# cd my_fonts/[root@localhost my_fonts]# mv /usr/local/src/黑体.ttf ./[root@localhost my_fonts]# fc-list :lang=zhAR PL UMing TW:style=LightAR PL UMing HK:style=LightAR PL UMing CN:style=LightAR PL UKai TW MBE:style=Book黑体,SimHei:style=RegularAR PL UKai CN:style=BookAR PL UKai HK:style=BookAR PL UKai TW:style=Book文泉驿正黑,文泉驛正黑,WenQuanYi Zen Hei:style=Regular文泉驿等宽正黑,文泉驛等寬正黑,WenQuanYi Zen Hei Mono:style=RegularAR PL UMing TW MBE:style=Light文泉驿点阵正黑,文泉驛點陣正黑,WenQuanYi Zen Hei Sharp:style=Regular

• 刷新系统即刻生效，输入命令：sudo fc-cache -fv

[root@localhost my_fonts]# [root@localhost my_fonts]# [root@localhost my_fonts]#sudo fc-cache -fv/usr/share/fonts: caching, new cache contents: 0 fonts, 5 dirs/usr/share/fonts/cjkuni-ukai: caching, new cache contents: 4 fonts, 0 dirs/usr/share/fonts/cjkuni-uming: caching, new cache contents: 4 fonts, 0 dirs/usr/share/fonts/default: caching, new cache contents: 0 fonts, 2 dirs/usr/share/fonts/default/Type1: caching, new cache contents: 35 fonts, 0 dirs/usr/share/fonts/default/ghostscript: caching, new cache contents: 13 fonts, 0 dirs/usr/share/fonts/my_fonts: caching, new cache contents: 1 fonts, 0 dirs/usr/share/fonts/wqy-zenhei: caching, new cache contents: 3 fonts, 0 dirs/usr/share/X11/fonts/Type1: skipping, no such directory/usr/share/X11/fonts/TTF: skipping, no such directory/usr/local/share/fonts: skipping, no such directory/root/.fonts: skipping, no such directory/var/cache/fontconfig: cleaning cache directory/root/.fontconfig: not cleaning non-existent cache directoryfc-cache: succeeded

---