linux基础

生产centos7初始化

# 1、关闭selinux     # selinux是一种sl的控制，防止使用中被拦截
sed -i 's#SELINUX=enconfig#SELINUX=disabled#g' /etc/selinux/config

setenforce 0         # 配置临时生效无需重启

# 2、关闭无用服务
systemctl stop firewalld.service                     # 停止firewalld防火墙
systemctl disabled firewalld.service               # 禁止开机启动firewalld防火墙
systemctl stop postfix.service                      # 停止邮件服务
systemctl disable postfix.service                  # 禁止开机启动邮件服务
systemctl stop NetworkManager.service        # 停止网络管理器
systemctl disable NetworkManager.service     # 禁止开机启动网络管理器

#3、清空系统内核参数配置文件
echo > /etc/sysctl.conf

#4、编辑内核参数配置文件（优化内核参数）

 # Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536

# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296

vm.swappiness = 1
net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 655350
net.ipv4.tcp_synack_retries = 2
net.ipv4.conf.lo.arp_announce = 2
fs.file-max = 3241750
fs.nr_open = 2097152
net.ipv4.ip_conntrack_max = 999999
net.ipv4.netfilter.ip_conntrack_max = 999999
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 6
net.ipv4.tcp_keepalive_intvl = 10
net.core.rmem_max = 1024123000
net.core.wmem_max = 167772160
net.ipv4.tcp_wmem = 4096	4096	16777216
net.ipv4.tcp_rmem = 4096	4096	16777216
net.ipv4.tcp_mem = 50576 64768 98152
net.core.netdev_max_backlog = 65535
net.core.somaxconn = 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.ip_local_port_range = 30000 65000
vm.overcommit_memory = 1
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_no_metrics_save = 1
net.netfilter.nf_conntrack_max = 2097152
net.netfilter.nf_conntrack_tcp_timeout_established = 600
vm.max_map_count=131072
net.ipv4.tcp_congestion_control = htcp
net.ipv4.tcp_mtu_probing = 1
net.netfilter.nf_conntrack_max = 2097152
net.netfilter.nf_conntrack_tcp_timeout_established = 432000

# 4、加载内核配置
sysctl -p

#5、修改文件描述符limit(默认打开文件是1024需要调整)
修改 /etc/security/limits.conf 和 /etc/security/limits.d/20-nproc.conf

 # cat /etc/security/limits.conf  将以下内容添加到limits.conf文件中    重启服务器生效
* soft nofile 1048576
* hard nofile 1048576
* hard nproc  1048576
* soft nproc  1048576
* soft core   1048576
* hard core   1048576

# cat /etc/security/limits.d/20-nproc.conf  将以下内容添加到20-nproc.conf文件中
* soft nofile 1048576
* hard nofile 1048576
* hard nproc  1048576
* soft nproc  1048576
* soft core   1048576
* hard core   1048576

# 设置临时limit
ulimit -n 1048576

#5、更新DNS
vim /etc/resolv.conf 
nameserver 114.114.114.114
nameserver 223.5.5.5

#6、更新yum源
yum -y install wget

curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-6.10.repo
#非阿里云ECS用户会出现 Couldn't resolve host 'mirrors.cloud.aliyuncs.com' 信息，不影响使用。用户也可自行修改相关配置: eg:
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo

wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo

yum install -y vim tree wget net-tools nmap bash-completion lrzsz tcpdump ethtool iperf      # 安装linux上常用工具

#7、时间同步
 unlink /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

ntpdate ntp1.aliyun.com      # 同步阿里云时钟

# 8、SSH远程连接说明配置
[root@i-r68us7wu ~]# vi /etc/ssh/sshd_config 
PermitRootLogin yes
[root@i-r68us7wu ~]# systemctl restart sshd

Linux

# 数据库物理备份及恢复
# 先创建目录
 mkdir backup
# 停止数据库
systemctl stop mysql

# 打成tar.gz包
tar cJf backup/mysql.tar.gz /var/lib/mysql/

#解压
tar xf /backup/mysql.tar.gz -C /

#软连接
ln -s 源文件  目标原链接文件  #多用于软件升级 企业代码发布 不方便目录移动。 可以实现快速回滚

# 硬连接
ln 源文件 硬连接文件     # 给文件设置硬连接防止重要文件被删除

# 非交互式修改密码
echo "123" | passwd --stdin user

# 生成随机加密密码
echo $RANDOM | md5sum | cut -c 1-10

echo $(echo $RANDOM |md5sum |cut -c 5-14) |tee pass.txt| passwd --stdin user    # 生成随机8位加密密码，保存到pass.txt.并设置密码

# 日志审计
tail -f /var/log/secure

# 日志安全审计
1、安装sudo rsyslog
yum install -y sudo rsyslog
2、检查安装是否成功
rpm -qa rsyslog
3、 配置sudo日志路径
echo "Defaults logfile=/var/log/sudo.log" >> /etc/sudoers
4、查看是否有文件
ll /var/log/sudo.log
5、检查sudo
visudo -c
6、打开日志服务
echo "local2.debug /var/log/sudo.log" >> /etc/rsyslog.conf
7、重启rsyslog
systemctl daemon-reload
systemctl restart rsyslog
8、用户的sudo操作存在日志/var/log/sudo.log里边

# 权限属性
# 查看文件属性
lsattr
1、只能追加内容，不能覆盖和删除
chattr +a file_a
echo "b" >> file_a    #追加
2、加锁无法写入和删除
charre +i file_i

系统进程管理

1、概念
进程是已经启动的可执行程序的运行实例
组成：
分配内存，已分配内存的地址空间
安全属性，进程的运行身份和权限
进程代码，运行一个或多个线程

静态程序，二进制文件，静态/bin/ls, /user/sbin/sshd
动态进程，程序运行的过程，有生命周期及运行状态

运行环境:
局部和全局变量
当前的调度上下文
分配给进程使用的系统资源，例如文件描述符，网络端口等
给进程分配对的pid, ppid

2、过程
创建阶段：系统调用fork()或者exec()来创建进程
就绪阶段：创建进程后，被系统放进就绪队列中，等待分配cpu
运行阶段：cpu分配完成后，进程开始执行，此时变成运行状态
阻塞阶段：当进程在执行过程中遇到某些阻塞事件时，例如等待I/O操作完成，进程会进入阻塞状态，此时进程不占用cpu资源
结束阶段：当进程完成任务或者被终止时，它会被系统回收，这个阶段会被标记为僵尸进程，直到父进程调用wait()或者waitpid()用来回收进程资源，最终被彻底销毁

注意⚠️:进程的生命周期并不时线形的，进程可以在不同的阶段进行转换，例如在运行阶段时，进程可能会因为等待I/O操作进入阻塞状态，等待I/O操作完成再回到运行状态

# 查看进程
ps aux | less

#根据cpu排序
ps aux --sort %cpu | less
ps aux --sort -%cpu | less

# 自定义字段
ps axo user,pid,ppid,%mem,command | grep nginx

# 显示子进程
ps auxf |grep nginx

# 查看指定的进程
ps aux | egrep sshd

# 过滤进程pid
pgrep sshd
pidof sshd

#查看进程树
pstree

# 后台运行任务
nohup sleep 3000 &

#nohup & 会将日志输出到指定文件中
nohup ./test.sh > test.log &       

# 标准输出与标准错误输出重定向
nohup ./test.sh > test.log 2>&1 &