Linux 各种命令
来源:互联网 发布:海错图笔记2 知乎 编辑:程序博客网 时间:2024/05/22 03:10
linux查看防火墙状态及开启关闭命令
- 方式一:service方式
#查看防火墙状态[root@localhost /]# service iptables status表格:filterChain INPUT (policy ACCEPT)num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination #防火墙开启,关闭防火墙[root@localhost /]# service iptables stopiptables:清除防火墙规则: [确定]iptables:将链设置为政策 ACCEPT:filter [确定]iptables:正在卸载模块: [确定][root@localhost /]# [root@localhost /]# [root@localhost /]# service iptables statusiptables:未运行防火墙。#防火墙关闭,开启防火墙[root@localhost /]# service iptables startiptables:应用防火墙规则: [确定][root@localhost /]#
- 方式二:iptables方式
#查看防火墙状态[root@localhost /]# /etc/init.d/iptables status表格:filterChain INPUT (policy ACCEPT)num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination #防火墙开启,关闭防火墙[root@localhost /]# /etc/init.d/iptables stopiptables:清除防火墙规则: [确定]iptables:将链设置为政策 ACCEPT:filter [确定]iptables:正在卸载模块: [确定][root@localhost /]# [root@localhost /]# [root@localhost /]# /etc/init.d/iptables statusiptables:未运行防火墙。[root@localhost /]##防火墙关闭,开启防火墙[root@localhost /]# /etc/init.d/iptables restartiptables:应用防火墙规则: [确定][root@localhost /]#
添加Linux防火墙端口
[root@localhost /]# vi /etc/sysconfig/iptables# Firewall configuration written by system-config-firewall# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT
编辑iptables文件/etc/sysconfig/iptables,添加如下一行,可以参照已有的已经开启的ssh的22端口
-A INPUT -m state –state NEW -m tcp -p tcp –dport 8080 -j ACCEPT
[root@localhost /]# vi /etc/sysconfig/iptables# Firewall configuration written by system-config-firewall# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibited-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPTCOMMIT
保存后,重启防火墙
[root@localhost /]# service iptables restartiptables:清除防火墙规则: [确定]iptables:将链设置为政策 ACCEPT:filter [确定]iptables:正在卸载模块: [确定]iptables:应用防火墙规则: [确定][root@localhost /]# service iptables status表格:filterChain INPUT (policy ACCEPT)num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080 Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination
查看某端口是否被占用,以4700为例
[root@iZ23aha612kZ sysconfig]# netstat -lnp|grep 4700udp 0 0 0.0.0.0:4700 0.0.0.0:* 17736/java
[root@iZ23aha612kZ sysconfig]# netstat -lnp|grep 4702[root@iZ23aha612kZ sysconfig]#
如果没有任何打印,说明没有被占用。有打印的话,说明被占用了,一般会列出哪个进程占用。
查看是否开启了SELinux
SELinux是一个安全体系结构,它通过LSM(Linux Security Modules)框架被集成到Linux Kernel 2.6.x中。它是NSA (United States National Security Agency)和SELinux社区的联合项目。SELinux提供了一种灵活的强制访问控制(MAC)系统,且内嵌于Linux Kernel中。SELinux定义了系统中每个【用户】、【进程】、【应用】和【文件】的访问和转变的权限,然后它使用一个安全策略来控制这些实体(用户、进程、应用和文件)之间的交互,安全策略指定如何严格或宽松地进行检查。SELinux对系统用户(system users)是透明的,只有系统管理员需要考虑在他的服务器中如何制定严格的策略。策略可以根据需要是严格的或宽松的。只有同时满足了【标准Linux访问控制】和【SELinux访问控制】时,主体才能访问客体。
遇到的问题
linux本机下使用php index.php 可以查看运行结果,但是 在我的windows浏览器下报错:[Mon Nov 06 10:18:33 2017] [error] [client 192.168.0.81] PHP Warning: mysql_connect(): Can’t connect to MySQL server on ‘127.0.0.1’ (13) in /var/www/html/index.php on line 9
[root@localhost html]# cat index.php ----Hello, World!!!---2017/11/06<?php$link=mysql_connect('127.0.0.1','cdms','cdms');if($link)echo "scuess";elseecho "fail";?>---[root@localhost html]# php index.php----Hello, World!!!---2017/11/06scuess---
- 原因
#发现 httpd_can_network_connect --> off#getsebool命令是用来查询SElinux策略内各项规则的布尔值。SELinux的策略与规则管理相关命令:seinfo命令、sesearch命令、getsebool命令、setsebool命令、semanage命令。[root@localhost html]# getsebool -a | grep httpdallow_httpd_anon_write --> offallow_httpd_mod_auth_ntlm_winbind --> offallow_httpd_mod_auth_pam --> offallow_httpd_sys_script_anon_write --> offhttpd_builtin_scripting --> onhttpd_can_check_spam --> offhttpd_can_network_connect --> offhttpd_can_network_connect_cobbler --> offhttpd_can_network_connect_db --> offhttpd_can_network_memcache --> offhttpd_can_network_relay --> offhttpd_can_sendmail --> offhttpd_dbus_avahi --> onhttpd_enable_cgi --> onhttpd_enable_ftp_server --> offhttpd_enable_homedirs --> offhttpd_execmem --> offhttpd_manage_ipa --> offhttpd_read_user_content --> offhttpd_run_stickshift --> offhttpd_setrlimit --> offhttpd_ssi_exec --> offhttpd_tmp_exec --> offhttpd_tty_comm --> onhttpd_unified --> onhttpd_use_cifs --> offhttpd_use_gpg --> offhttpd_use_nfs --> offhttpd_use_openstack --> offhttpd_verify_dns --> off
- 解决问题
[root@localhost html]# setsebool httpd_can_network_connect 1
- 查看是否开启了SELinux
##如果SELinux status参数为enabled即为开启状态[root@localhost html]# /usr/sbin/sestatus -vSELinux status: enabledSELinuxfs mount: /selinuxCurrent mode: enforcingMode from config file: enforcingPolicy version: 24Policy from config file: targetedProcess contexts:Current context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023Init context: system_u:system_r:init_t:s0/sbin/mingetty system_u:system_r:getty_t:s0/usr/sbin/sshd unconfined_u:system_r:sshd_t:s0-s0:c0.c1023File contexts:Controlling term: unconfined_u:object_r:user_devpts_t:s0/etc/passwd system_u:object_r:etc_t:s0/etc/shadow system_u:object_r:shadow_t:s0/bin/bash system_u:object_r:shell_exec_t:s0/bin/login system_u:object_r:login_exec_t:s0/bin/sh system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0/sbin/agetty system_u:object_r:getty_exec_t:s0/sbin/init system_u:object_r:init_exec_t:s0/sbin/mingetty system_u:object_r:getty_exec_t:s0/usr/sbin/sshd system_u:object_r:sshd_exec_t:s0[root@localhost html]# [root@localhost html]# [root@localhost html]# [root@localhost html]# [root@localhost html]# [root@localhost html]###也可以用这个命令检查,如果为Enforcing即为开启状态[root@localhost html]# getenforceEnforcing
- 临时关闭(不用重启机器),设置SELinux 成为 Permissive模式,setenforce 1 设置SELinux 成为 Enforcing模式
[root@localhost html]# setenforce 0[root@localhost html]# [root@localhost html]# getenforcePermissive[root@localhost html]#
2.可以通过修改SELinux的配置文件开启或关闭它(需要重启机器):
修改/etc/selinux/config 文件
找到:
SELINUX=enforcing
修改成:
SELINUX=disabled
重启一下,就OK。
ll命令 显示文件 年 月 日 时 分 秒
- 下面是默认的ll命令显示:
[root@localhost src]# ll总用量 1676-rw-r--r--. 1 root root 2381 1月 23 2017 index.html-rw-r--r--. 1 root root 37052 7月 3 2011 python-iniparse-0.3.1-2.1.el6.noarch.rpm-rw-r--r--. 1 root root 87660 5月 12 2016 python-urlgrabber-3.9.1-11.el6.noarch.rpmdrwxr-xr-x. 3 root root 4096 9月 28 13:59 secureCRT-rw-r--r--. 1 root root 492020 9月 28 11:27 wget-1.12-1.4.el6.x86_64.rpm-rw-r--r--. 1 root root 1042364 3月 23 2017 yum-3.2.29-81.el6.centos.noarch.rpm-rw-r--r--. 1 root root 33524 3月 23 2017 yum-plugin-fastestmirror-1.1.30-40.el6.noarch.rpm
- 设置显示样式
[root@localhost src]# alias ll='ls -lh --time-style=+"%Y-%m-%d %H:%M:%S"'[root@localhost src]# ll总用量 1.7M-rw-r--r--. 1 root root 2.4K 2017-01-23 21:28:24 index.html-rw-r--r--. 1 root root 37K 2011-07-03 12:42:38 python-iniparse-0.3.1-2.1.el6.noarch.rpm-rw-r--r--. 1 root root 86K 2016-05-12 18:50:34 python-urlgrabber-3.9.1-11.el6.noarch.rpmdrwxr-xr-x. 3 root root 4.0K 2017-09-28 13:59:43 secureCRT-rw-r--r--. 1 root root 481K 2017-09-28 11:27:36 wget-1.12-1.4.el6.x86_64.rpm-rw-r--r--. 1 root root 1018K 2017-03-23 23:04:15 yum-3.2.29-81.el6.centos.noarch.rpm-rw-r--r--. 1 root root 33K 2017-03-23 23:00:06 yum-plugin-fastestmirror-1.1.30-40.el6.noarch.rpm
- 按日期排序
[root@localhost src]# ll -t总用量 1.7Mdrwxr-xr-x. 3 root root 4.0K 2017-09-28 13:59:43 secureCRT-rw-r--r--. 1 root root 481K 2017-09-28 11:27:36 wget-1.12-1.4.el6.x86_64.rpm-rw-r--r--. 1 root root 1018K 2017-03-23 23:04:15 yum-3.2.29-81.el6.centos.noarch.rpm-rw-r--r--. 1 root root 33K 2017-03-23 23:00:06 yum-plugin-fastestmirror-1.1.30-40.el6.noarch.rpm-rw-r--r--. 1 root root 2.4K 2017-01-23 21:28:24 index.html-rw-r--r--. 1 root root 86K 2016-05-12 18:50:34 python-urlgrabber-3.9.1-11.el6.noarch.rpm-rw-r--r--. 1 root root 37K 2011-07-03 12:42:38 python-iniparse-0.3.1-2.1.el6.noarch.rpm
Linux添加字体
- 查看当前系统的字体
[root@localhost ~]# cd /usr/share/fonts[root@localhost fonts]# fc-list :lang=zhAR PL UMing TW:style=LightAR PL UMing HK:style=LightAR PL UMing CN:style=LightAR PL UKai TW MBE:style=BookAR PL UKai CN:style=BookAR PL UKai HK:style=BookAR PL UKai TW:style=Book文泉驿正黑,文泉驛正黑,WenQuanYi Zen Hei:style=Regular文泉驿等宽正黑,文泉驛等寬正黑,WenQuanYi Zen Hei Mono:style=RegularAR PL UMing TW MBE:style=Light文泉驿点阵正黑,文泉驛點陣正黑,WenQuanYi Zen Hei Sharp:style=Regular[root@localhost fonts]#
- 新建一个自定义的字体文件夹,把从Windows系统fonts目录下拷贝过来的字体文件直接mv进来,就能看到安装成功了
[root@localhost fonts]# [root@localhost fonts]# [root@localhost fonts]# [root@localhost fonts]# mkdir /usr/share/fonts/my_fonts[root@localhost fonts]#[root@localhost fonts]# cd my_fonts/[root@localhost my_fonts]# mv /usr/local/src/黑体.ttf ./[root@localhost my_fonts]# fc-list :lang=zhAR PL UMing TW:style=LightAR PL UMing HK:style=LightAR PL UMing CN:style=LightAR PL UKai TW MBE:style=Book黑体,SimHei:style=RegularAR PL UKai CN:style=BookAR PL UKai HK:style=BookAR PL UKai TW:style=Book文泉驿正黑,文泉驛正黑,WenQuanYi Zen Hei:style=Regular文泉驿等宽正黑,文泉驛等寬正黑,WenQuanYi Zen Hei Mono:style=RegularAR PL UMing TW MBE:style=Light文泉驿点阵正黑,文泉驛點陣正黑,WenQuanYi Zen Hei Sharp:style=Regular
- 刷新系统即刻生效,输入命令:sudo fc-cache -fv
[root@localhost my_fonts]# [root@localhost my_fonts]# [root@localhost my_fonts]#sudo fc-cache -fv/usr/share/fonts: caching, new cache contents: 0 fonts, 5 dirs/usr/share/fonts/cjkuni-ukai: caching, new cache contents: 4 fonts, 0 dirs/usr/share/fonts/cjkuni-uming: caching, new cache contents: 4 fonts, 0 dirs/usr/share/fonts/default: caching, new cache contents: 0 fonts, 2 dirs/usr/share/fonts/default/Type1: caching, new cache contents: 35 fonts, 0 dirs/usr/share/fonts/default/ghostscript: caching, new cache contents: 13 fonts, 0 dirs/usr/share/fonts/my_fonts: caching, new cache contents: 1 fonts, 0 dirs/usr/share/fonts/wqy-zenhei: caching, new cache contents: 3 fonts, 0 dirs/usr/share/X11/fonts/Type1: skipping, no such directory/usr/share/X11/fonts/TTF: skipping, no such directory/usr/local/share/fonts: skipping, no such directory/root/.fonts: skipping, no such directory/var/cache/fontconfig: cleaning cache directory/root/.fontconfig: not cleaning non-existent cache directoryfc-cache: succeeded
阅读全文
0 0
- linux 各种命令集锦
- linux各种解压命令
- linux 下各种命令
- Linux各种解压命令
- linux命令---各种括号
- linux各种命令
- linux各种解压命令
- Linux各种命令
- linux 的各种命令
- 常用Linux各种命令
- Linux 各种命令
- linux 新学的各种命令
- linux查看各种信息命令
- linux 各种打包命令整理
- linux 下各种解压缩命令
- linux 下各种解压缩命令
- 随手记,linux各种命令
- linux的各种命令汇总
- 获取网络json解析中的图片
- 上下行参考信号RS
- uploadify 图片上传demo
- eMMC分区详解
- linux开启防火墙,开放80端口,开放mysql的3306端口,开放svn的3609端口,开放tomcat的8080端口。
- Linux 各种命令
- docker 和 主机 文件互拷
- Jetty安装与部署
- 网页读取json
- Android 6.0 获取拨打电话的权限
- SVN:SVN常用命令汇总
- apt-get update 异常 Temporary failure resolving
- C++ primer 练习
- Educational Codeforces Round 28 B: Math Show