常用linux手头命令

过滤ip

ifconfig eth0|grep -oP "([0-9]{1,3}\.){3}[0-9]{1,3}"|sed -n '1p'

ifconfig|sed -n '2p'|sed -r 's#^.*addr:(.*) Bcast.*$#\1#g'

ifconfig|sed -n '2p'|awk -F':' '{print $2}'|awk '{print $1}'

 

回车擦除^H;

echo "stty erase ^H" >>/root/.bash_profile

source /root/.bash_profile

 

How to install dig, host, and nslookup – bind-utils on CentOS:

yum install bind-utils -y [c6使用nslookup]

yum install net-tools -y [c7使用ifconfig]

 

 

生成密码:

openssl rand -hex 8

 

yum install http php php-dap php-gd -y

 

0

selinux优化

setenforce 0

sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

getenforce

/etc/init.d/iptables stop

 

文件描述符:

ulimit -SHn 65535

echo '* - nofile 65536' >>/etc/security/limits.conf

 

echo "* soft nproc 65535" >>/etc/security/limits.conf

echo "* hard nproc 65535" >>/etc/security/limits.conf

echo "* soft nofile 65535" >>/etc/security/limits.conf

echo "* hard nofile 65535" >>/etc/security/limits.conf

 

> /etc/issuse

>/etc/redhat-release

 

添加普通用户并进行sudo授权管理vi /etc/sudoers

[root@c64 ~]# useradd sunsky

[root@c64 ~]# echo "123456"|passwd --stdin sunsky&&history –c

[root@c64 ~]# visudo # 99gg

在root ALL=(ALL) ALL此行下，添加如下内容

sunsky ALL=(ALL) ALL

lanny ALL=(ALL) ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

 

清理邮件:

/var/spool/clientsqueue/

yum -y install mutt 发邮件

1,

设置密码

echo "ansible"|passwd --stdin ansible

 

1,ssh慢优化

\cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ori

sed -i 's#\#UseDNS yes#UseDNS no#g' /etc/ssh/sshd_config

sed -i 's#GSSAPIAuthentication yes#GSSAPIAuthentication no#g' /etc/ssh/sshd_config

/etc/init.d/sshd restart

 

 

Port 22345

PermitRootLogin no

PermitEmptyPasswords no

UseDNS no

ListenAddress 192.168.138.24

GSSAPIAuthentication no

 

 

crt设置超时:

export TMOUT=10

echo "export TMOUT=10" >>/etc/profile

source /etc/profile

 

修改主机名:

 

vim安装:

yum -y install vim-enhanced

cat >>/etc/vimrc<<a

set nu

set cursorline

set nobackup

set ruler

set autoindent

set vb t_vb=

set ts=4

set expandtab

a

. /etc/vimrc

 

 

rsync

ps -ef|grep rsync #查看rsync配置文件

#修改完后重启

kill -HUP `cat /var/run/rsyncd.pid`

/usr/bin/rsync --daemon --config=/usr/local/rsync/rsync.conf

ps -ef|grep rsync

允许的主机:

vim /usr/local/rsync/rsync.conf

hosts allow = 120.25.241.112,192.168.5.50

注意:密码文件统一600,且普通用户为谁,属主即为谁.

 

rsync server配置:

uid = root

gid = root

use chroot = no

max connections = 10

strict modes = yes

pid file = /var/run/rsyncd.pid

lock file = /var/run/rsync.lock

log file = /var/log/rsyncd.log

[web]

path = /code/pp100web/target/ROOT

comment = web file

ignore errors

read only = no

write only = no

hosts allow = 120.25.241.112

list = false

uid = root

gid = root

auth users = webuser

secrets file = /usr/local/rsync/rsync.passwd

 

 

java环境变量(附带tomcat):

export JAVA_HOME=/usr/local/jdk

export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH

export CLASSPATH=.$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jar

export TOMCAT_HOME=/usr/local/tomcat

export CATALINA_BASE="/data/tomcat"

 

export PATH=/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/jdk1.7.0_45/bin:/root/bin:/usr/local/jdk1.7.0_45/bin:/root/bin

通过salt:

再次创建新的append.sls

[root@data-1-1 salt]# more states/init/append.sls

/etc/profile:

file.append:

- text: "export JAVA_HOME=/usr/java/jdk1.7.0_51"

- text: "export PATH=$JAVA_HOME/binPATH"

 

 

换源:

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

yum clean all

yum makecache

yum install lrzsz ntpdate sysstat dos2unix wget telnet tree -y

定时任务:

crontab

*/5 * * * * /usr/sbin/ntpdate times.windows.com >/dev/null 2>&1

时间优化:

rm -rf /etc/localtime && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && ntpdate time-nw.nist.gov

 

ntpdate time-nw.nist.gov

echo '*/5 * * * * /usr/sbin/ntpdate time-nw.nist.gov >/dev/null 2 >&1' >>/var/spool/cron/root

 

修改时间:date -s "2016/06/11 22:50"

 

/user/sbin/ntpdate 接服务器地址

time.nist.gov

time-nw.nist.gov

time-a.nist.gov

time-b.nist.gov

 

优化退格键:

stty erase "^H"

 

优化history:

export HISTTIMEFORMAT="%F %T `whoami` "

echo "export HISTTIMEFORMAT="%F %T `whoami` "" >> /etc/profile

 

优化message:格式

export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg";}'

 

 

 

过滤日志:

cat /etc/salt/master |grep -v "#" | sed '/^$/d'

 

 

php配置:

vim /etc/php.ini

date.timezone = Asia/Shanghai

 

 

/usr/bin/killall -HUP syslogd

/bin/kill -USR1 $(cat /var/run/nginx.pid 2>/dev/null) 2>/dev/null || :

 

 

禁止ping:

echo "net.ipv4.icmp_echo_ignore_all=1">>/etc/sysctl.conf

tail -1 /etc/sysctl.conf

sysctl -p

echo 1 > /proc/sys/net/ipv4/ip_forward #这样好处可以tab

 

一步搞定:

sysctl -w net.ipv4.ip_forward=1

 

 

二、在某行（指具体行号）前或后加一行内容

 

sed -i 'N;4addpdf' a.txt

sed -i 'N;4ieepdf' a.txt

sed -i 'N;4a44444444444444444444444444testt' 1.log 在第四行后加一行

http://www.361way.com/sed-process-lines/2263.html

 

 

清理邮箱:

C6 postfix /var/spool/postfix/maildrop

C5 sedmail /var/spool/clientmqueue

 

#centos6.5已经不自动安装sendmail了所以没必要走这一步优化

mkdir -p /server/scripts

vi /server/scripts/spool_clean.sh

#!/bin/sh

find/var/spool/clientmqueue/-type f -mtime +30|xargs rm-f

添加到定时任务.

echo '*/30 * * * * /bin/sh /server/scripts/spool_clean.sh >/dev/null 2>&1'>>/var/spool/cron/root

 

 

优化小结:

一清： 定时清理日志/var/spool/clientsqueue

一精： 精简开机启动服务

一增： 增大文件描述符

两优： linux内核参数的优化、yum源优化

四设：设置系统的字符集、设置ssh登录限制、设置开机的提示信息与内核信息、设置block的大小

七其他：文件系统优化、sync数据同步写入磁盘、不更新时间戳、锁定系统关键文件、时间同步、sudo集权管理、关闭防火墙和selinux

 

 

centos一键优化脚本:

细节:http://oldboy.blog.51cto.com/2561410/1336488

网络状态优化:http://oldboy.blog.51cto.com/2561410/1184228

定时任务优化:http://oldboy.blog.51cto.com/2561410/1216730

一键脚本:

较简单: http://mofansheng.blog.51cto.com/8792265/1710247

较健全: http://chocolee.blog.51cto.com/8158455/1424587

 

本文 centos 6.5 优化 的项有18处:http://www.lvtao.net/server/centos-server-setup.html

1、centos6.5最小化安装后启动网卡

2、ifconfig查询IP进行SSH链接

3、更新系统源并且升级系统

4、系统时间更新和设定定时任

5、修改ip地址、网关、主机名、DNS

6、关闭selinux，清空iptables

7、创建普通用户并进行sudo授权管理

8、修改SSH端口号和屏蔽root账号远程登陆

9、锁定关键文件系统（禁止非授权用户获得权限）

10、精简开机自启动服务

11、调整系统文件描述符大小

12、设置系统字符集

13、清理登陆的时候显示的系统及内核版本

14、内核参数优化

15、定时清理/var/spool/clientmqueue

16、删除不必要的系统用户和群组

17、关闭重启ctl-alt-delete组合键

18、设置一些全局变量

 

优化内核:

\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)

cat >>/etc/sysctl.conf<<EOF

net.ipv4.tcp_fin_timeout = 2

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_keepalive_time = 600

net.ipv4.ip_local_port_range = 4000 65000

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.tcp_max_tw_buckets = 36000

net.ipv4.route.gc_timeout = 100

net.ipv4.tcp_syn_retries = 1

net.ipv4.tcp_synack_retries = 1

net.core.somaxconn = 16384

net.core.netdev_max_backlog = 16384

net.ipv4.tcp_max_orphans = 16384

net.netfilter.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_tcp_timeout_established = 180

net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120

net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60

net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120

EOF

sysctl -p

 

#以下参数是对centos6.x的iptables防火墙的优化，防火墙不开会有提示，可以忽略不理。

#如果是centos5.X需要吧netfilter.nf_conntrack替换成ipv4.netfilter.ip

#centos5.X为net.ipv4.ip_conntrack_max = 25000000

net.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_tcp_timeout_established = 180

net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120

net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60

net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120

 

 

关闭bell:[需reboot]

sed -i 's#^\#set bell-style none#set bell-style none#g' /etc/inputrc

echo "modprobe -r pcspkr" > /etc/modprobe.d/blacklist

 

 

 

关掉ctrl+alt+delete关机:

\cp /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.conf.bak

sed -i 's#exec /sbin/shutdown -r now "Control-Alt-Deletepressed"#\#exec /sbin/shutdown -r now "Control-Alt-Deletepressed"#g'

 

 

yum groupinstall base -y

yum groupinstall core -y

yum groupinstall development libs -y

yum groupinstall development tools -y

 

 

高亮显示:

echo -e "\033[32m crontab has been added successfully \033[0m"

 

 

nfs配置:

服务端&客户端

yum install nfs-utils rpcbind -y

服务端:

/etc/init.d/rpcbind start

ps -ef |grep rpc

/etc/init.d/rpcbind status

rpcinfo -p localhost

配置共享:

echo "/data 10.0.0.0/24(rw,sync,no_root_squash)" >> /etc/exports

chkconfig rpcbind on

chkconfig nfs on

 

客户端:

/etc/init.d/rpcbind start

chkconfig rpcbind on

showmount -e 10.1.1.10

mount -t nfs 10.1.1.10:data /mnt

 

 

sudoers:=all

/sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig,/sbin/mii-tool,/bin/rpm, /usr/bin/up2date, /usr/bin/yum,/sbin/service, /sbin/chkconfig,/usr/bin/updatedb,/sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount,/usr/sbin/visudo, /bin/chown, /bin/chmod,/bin/chgrp,/bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall,/sbin/modprobe,/sbin/mount /mnt/cdrom, /sbin/umount, /mnt/cdrom

 

 

 

svn管理:

Svn添加用户示例：

#添加完用户，配置好权限，重启http生效

htpasswd /home/svn/auth/authz.conf username

加权限： vi /home/svn/auth/access.conf

svn配置文件目录 /home/svn/auth

 

备份:

cp /etc/salt/minion /etc/salt/minion.lanny.$(date +%F)

 

 

yum安装lamp:

yum install -y httpd php php-cli php-common php-pdo php-gd

yum install -y httpd php php-cli php-common php-pdo php-gd mysql mysql-server php-mysql

yum install -y httpd php php-ldap php-gd

 

 

 

nginx编译安装:

1,安装依赖

yum install pcre pcre-devel openssl openssl-devel –y

2,

useradd -s /sbin/nologin -M nginx

3,编译安装

./configure --user=nginx --group=nginx --prefix=/application/nginx-1.6.2 --with-http_stub_status_module --with-http_ssl_module

make && make install

echo $?

ln -s /application/nginx-1.6.2/ /application/nginx

3,检查

/application/nginx/sbin/nginx -t 检查语法

/application/nginx/sbin/nginx #启动

4,优化

echo PATH=/application/nginx/sbin/:$PATH >> /etc/profile

source /etc/profile

 

netstat -ntulp |grep nginx

lsof -i:80

curl 192.168.14.151

nginx -s stop

nginx -s reload

 

 

 

 

•    ~/.bash_profile：用户每次登录时执行

•    ~/.bashrc：每次进入新的Bash环境时执行

•    ~/.bash_logout：用户每次退出登录时执行

 

 

uname -rm

 

 

 

使用rpmbuild将源码包编译成rpm包来进行安装

rpmbuild -tb openvpn-2.2.2.tar.gz

 

 

 

 

Mount the file system and make it writeable

mount -uw /

 

Make the filesystem read only again.

mount -ur /

 

 

 

 

 

批量创建用户:

# vim adduser.sh

#!/bin/bash

# Add system user

for ldap in {1..5};do

if id user${ldap} &> /dev/null;then

echo "System account already exists"

else

adduser user${ldap}

echo user${ldap} | passwd --stdin user${ldap} &> /dev/null

echo "user${ldap} system add finish"

fi

done

# chmod +x adduser.sh

# ./adduser.sh

# id user1

uid=502(user1) gid=502(user1) groups=502(user1)

 

 

 

useradd test -u 6000 -g 6000 -s /sbin/nologin -d /dev/null

 

家目录

系统默认字符集:

export LANG='zh_CN.UTF-8'

 

 

网卡配置:

DEVICE=eth0

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=static

IPADDR=192.168.6.28

NETMASK=255.255.255.0

GATEWAY=192.168.6.1

 

 

 

 

扩容磁盘:

关于tmpfs空间满，会影响其中的服务使用吗

Filesystem Size Used Avail Use% Mounted on

/dev/sda1 32G 1.3G 29G 5% /

tmpfs 16G 16G 0 100% /dev/shm

 

mount -o remount,size=18G /dev/shm

 

 

php时区修改:

729 post_max_size = 16M

946 date.timezone = PRC (中华人民共和国)

 

修改提示符:

全路径:

py@lanny:~/t/day2$ echo $PS1

\[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\u@\h:\w\$