Linux-13
xxxx
访问日志前十
本机连接的ip数前十
ss -nt | tr -s " " : | cut -d : -f6
ss -nt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.36.73:22 192.168.36.1:57236
ESTAB 0 52 192.168.36.73:22 192.168.36.1:57462
awk 'BEGIN{FS="[[:space:]]+|:"} NR!=1 {ip[$(NF-2)]++ } END { for(i in ip ) { print ip[i],i } }' ss.log | sort -nr -k 1 | head
netstat -tun
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.36.73:22 192.168.36.1:57236 ESTABLISHED
tcp 0 52 192.168.36.73:22 192.168.36.1:57462 ESTABLISHED
netstat -tun | awk 'BEGIN{FS="[[:space:]]+|:"} {print $(NF-2)} '
ifconfig eth0 | awk 'NR==2 {print $2}'
ifconfig eth0 | sed -nr '/ inet / s/.*inet ([0-9.]+[0-9]+) .*/\1/p'
随机数
openssl rand -base64 6
cat /dev/urandom | head -10 | md5sum
uuidgen
取出目录名或基名
echo /etc/sysconfig/network-scripts/ | sed -r 's#(.*/)([^/]+)/?$#\2#'
network-scripts
echo /etc/sysconfig/network-scripts/ | sed -r 's#(.*/)([^/]+)/?$#\1#'
/etc/sysconfig/
匹配ip 地址
ifconfig ens33 | grep "\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}" -o
ifconfig eth0 |sed -nr '2s/[^0-9]+([0-9.]+).*/\1/p'
统计/etc/fstab 件中每个单词出现的次数?
cat fstab | grep -w "\<[[:alpha:]]\+\>" -o | sort | uniq -c | sort -rn
echo /etc/sysconfig/network-scripts/ | sed -r 's#(.*/)([^/]+)/?#\2#'
ifconfig ens33 | sed -rn -e '2s/inet//' -e 's/netmask.*$//p'
ifconfig ens33 | sed -rn '2s/[^0-9]+([0-9.]+).*/\1/p'
对目录进行备份
ls . | sed -nr 's/(.*)(.bk)$/mv \1\2 \1/p' | bash
ls *.js | xargs -t -I '{}' mv {} {}.backup
改回原名
ls | awk -F . '{print "mv " $1"."$2"."$3 " " $1"."$2 }' |bash
扫描磁盘变动
echo "- - -" > /sys/class/scsi_host/host2/scan
echo "- - -" > /sys/class/scsi_host/host0/scan
# ls /sys/class/scsi_host/
host0 host1 host2
命令的动态链接查看
ldd `which --skip-alias mv ` | sed -nr 's@.*(/.*/.*) .*@\1@p'
内核参数管理
vim /etc/sysctl.conf
sysctl -p
清除缓冲缓存 free -h cache buffer
/proc/sys/vm/drop_caches 清除缓存 buffer cache
To free pagecache, use echo 1 > /proc/sys/vm/drop_caches
to free dentries and inodes, use echo 2 > /proc/sys/vm/drop_caches;
to free pagecache, dentries and inodes, use echo3 >/proc/sys/vm/drop_caches.
脚本
启动脚本
#!/bin/sh
#chkconfig:- 96 07
#description
[ -f /etc/rc.d/init.d/`basename $0` ] || mv /app/script/`basename $0` /etc/rc.d/init.d/`basename $0`&>/dev/null
chkconfig --add `basename $0`
###start
start () {
touch /var/lock/subsys/`basename $0`
. /etc/init.d/functions
action "`basename $0` start successful!" true
}
stop () {
rm /var/lock/subsys/`basename $0`
. /etc/init.d/functions
action "`basename $0` is stopped" true
}
restart () {
stop
start
}
status () {
if [ -f /var/lock/subsys/`basename $0` ];then
. /etc/init.d/functions
action "`basename $0` is running" true
else
action "`basename $0` is stopped" true
fi
}
case $1 in
start)
if [ -f /var/lock/subsys/`basename $0` ];then
echo "`basename $0` is running"
else
start
fi ;;
stop)
if [ -f /var/lock/subsys/`basename $0` ];then
stop
else
echo "`basename $0` has been stopped before"
fi ;;
restart)
if [ -f /var/lock/subsys/`basename $0` ];then
stop
start
else
start
fi ;;
status)
status ;;
esac
关闭selinux
if [ "$#" -eq 0 ]
then
echo "usage : $0 on or $0 off "
exit
fi
if [[ "$1" =~ ^[oO][Nn]$ ]]
then
sed -ri.bk '/^SELINUX=/s/(SELINUX=)(.*)/\1enforcing/' /etc/selinux/config
setenforce 1
elif [[ "$1" =~ ^[oO][fF][Ff]$ ]]
then
sed -ri.bk '/^SELINUX=/s/(SELINUX=)(.*)/\1disabled/' /etc/selinux/config
setenforce 0
else
echo "input on or off"
fi
获取某个命令的链接库
bincopy(){
if which $1 &> /dev/null ;then
local bin_cmd=`which --skip-alias $1`
local dir_cmd=`dirname $bin_cmd `
[ -d ${chroot}${dir_cmd} ] || mkdir -pv ${chroot}${dir_cmd}
[ -f ${chroot}${bin_cmd} ] || { cp $bin_cmd ${chroot}${dir_cmd}; action
"cp $bin_cmd ${chroot}${dir_cmd}" ; }
return 0
else
echo "$1 is not found"
return 1
fi
}
libcopy(){
ldd $(which --skip-alias $1)|grep -Eo "/[^[:space:]]+" |while read line ;do
local lib_dir=`dirname $line`
[ -d ${chroot}${lib_dir} ] || mkdir -pv ${chroot}${lib_dir}
[ -f ${chroot}${line} ] || { cp $line ${chroot}${lib_dir}; action "cp
$line ${chroot}${lib_dir}" ; }
done
}
source /etc/init.d/functions
chroot=/mnt/sysroot
[ -d $chroot ] || mkdir -pv $chroot
while : ;do
read -p "please input a command you want to copy:" cmd
[[ $cmd =~ ^q(uit)?$ ]] && break
bincopy $cmd
if [ $? -eq 0 ]; then
libcopy $cmd
fi
获取链接库
ldd /bin/mv | grep -Eo "/.* "
一键优化
centos7_optimiz.sh
#!/bin/sh
#Author: NoteD
#Date: 2017-05-3
#Remark: Centos 7 system optimization script
# Shell variables #
script_logdir="/var/log/"
shell_name=$(basename $0)
shell_logfile="$script_logdir/${shell_name}.log"
# System variables
create_basdir="/data/ "
local_repo_name="cobbler-config.repo"
install_basesoft="gcc gcc-c++ ntp lrzsz tree telnet dos2unix sysstat sysstat iptraf ncurses-devel openssl-devel zlib-devel OpenIPMI-tools nmap screen nfs-utils"
system_user="ding"
user_id="2017"
system_user_password="ding@)!&"
ssh_port="52020"
ntp_server="202.120.2.101"
ctrlaltdel="/usr/lib/systemd/system/ctrl-alt-del.target"
# Set Check shell
system_user_check=`cat /etc/passwd |grep ${system_user} |wc -l`
system_openfile_check=`ulimit -a |grep "open files"|awk '{print $4}'`
system_kernel_check=`grep "NoteD" /etc/sysctl.conf|wc -l`
ntpdate_check=`grep "ntpdate" /var/spool/cron/root|wc -l`
check_shell=`grep "PS1" /etc/profile|wc -l`
# Load function
. ./custom_fun.sh
. ./public_fun.sh
# Exec
function_check_uid
function_create_basedir
function_set_repo
function_install_basesoft
function_create_user
function_set_openfile
function_disable_ctlaltdel
function_disable_selinux
function_set_ssh
function_disable_ipv6
function_set_kernel
function_set_ntp
function_set_shell
function_set_vim
custom_fun.sh
#Customize Function: Create basedir
function_create_basedir(){
mkdir -p ${create_basdir}
function_writelog_judgment "[create basedir]"
}
#Customize Function: set yum repo
function_set_repo(){
#clean OS default repo
mkdir /etc/yum.repos.d/old && mv /etc/yum.repos.d/C* /etc/yum.repos.d/old/
if [ ! -f "/etc/yum.repos.d/${local_repo_name}" ];then
#add repo
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
function_writelog_judgment "[add aliyun mirrors base]"
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
function_writelog_judgment "[add aliyun mirrors epel]"
#rpm -ivh http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/zabbix-release-3.0-1.el7.noarch.rpm
fi
# update system soft
yum clean all
yum -y update
function_writelog_judgment "[update system]"
}
#Customize Function: install base soft
function_install_basesoft(){
yum -y install ${install_basesoft}
function_writelog_judgment "[install basesoft]"
}
#Customize Function: create user
function_create_user(){
if [ ${system_user_check} -eq 0 ];then
#add default user
useradd ${system_user} -u ${user_id}
function_writelog_judgment "[add user ${system_user}]"
echo "${system_user_password}" | passwd --stdin ${system_user} && history -c
function_writelog_judgment "[set ${system_user} password]"
#set sudo authority
echo "" >> /etc/sudoers
echo "#set sudo authority" >> /etc/sudoers
echo "${system_user} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
fi
function_writelog_judgment "[set user sudo]"
}
#Customize Function: set open file
function_set_openfile(){
if [ ${system_openfile_check} -lt 65535 ];then
#set the file limit
cat >> /etc/security/limits.conf << EOF
* soft nofile 65535
* hard nofile 65535
EOF
fi
function_writelog_judgment "[set system openfile]"
}
#Customize Function: disable server
function_disable_ctlaltdel(){
if [ -f ${ctrlaltdel} ];then
#disable control-alt-delete
mv /usr/lib/systemd/system/ctrl-alt-del.target /usr/lib/systemd/system/ctrl-alt-del.target.bak
function_writelog_judgment "[disable ctrl+alt+del]"
fi
}
function_disable_selinux(){
#disable selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
function_writelog_judgment "[disable selinux]"
}
#Customize Function: set ssh
function_set_ssh(){
#set ssh
\cp /etc/ssh/sshd_config /etc/ssh/sshd_config.`date +%F`
sed -i "s/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/" /etc/ssh/sshd_config
sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config
sed -i "s%#PermitRootLogin yes%PermitRootLogin no%g" /etc/ssh/sshd_config
sed -i "s%#PermitEmptyPasswords no%PermitEmptyPasswords no%g" /etc/ssh/sshd_config
#sed -i "s%#Port 22%Port ${ssh_port} %g" /etc/ssh/sshd_config
function_writelog_judgment "[set ssh]"
}
#Customize Function: disable ipv6
function_disable_ipv6(){
if [ `ip addr|grep inet6|wc -l ` -gt 0 ]; then
sed -i 's%^IPV6INIT="yes"%IPV6INIT="no"%g' /etc/sysconfig/network-scripts/ifcfg-eth0
#sed -i 's%^IPV6INIT="yes"%IPV6INIT="no"%g' /etc/sysconfig/network-scripts/ifcfg-eth1
#sed -i 's%^IPV6INIT="yes"%IPV6INIT="no"%g' /etc/sysconfig/network-scripts/ifcfg-eth2
#sed -i 's%^IPV6INIT="yes"%IPV6INIT="no"%g' /etc/sysconfig/network-scripts/ifcfg-eth3
echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network
fi
function_writelog_judgment "[disable ipv6]"
}
#Customize Function: set kernel
function_set_kernel(){
if [ ${system_kernel_check} -eq 0 ];then
#tune kernel parametres
cat >> /etc/sysctl.conf << EOF
#20170914 NoteD update
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_fin_timeout = 30
vm.swappiness=10
vm.max_map_count = 262144
net.ipv6.conf.all.disable_ipv6=1
EOF
/sbin/sysctl -p
function_writelog_judgment "[set sysctl]"
fi
}
#Customize Function: set ntp
function_set_ntp(){
if [ ${ntpdate_check} -eq 0 ]; then
echo "* 4 * * * /usr/sbin/ntpdate ${ntp_server}> /dev/null 2>&1" >> /var/spool/cron/root
fi
function_writelog_judgment "[add ntp]"
}
#Customize Function: set shell
function_set_shell(){
if [ ${check_shell} -eq 0 ]; then
#modify PS1
echo 'export PS1="[ \033[01;33m\u\033[0;36m@\033[01;34m\h \033[01;31m\w\033[0m ]\033[0m \n#"' >> /etc/profile
function_writelog_judgment "[set shell]"
fi
}
#Customize Function: set vim
function_set_vim(){
if [ ! -f /root/.vimrc ]; then
#modify vimrc
cat >> /root/.vimrc << EOF
syntax enable
syntax on
set ruler
set number
set cursorline
set cursorcolumn
set hlsearch
set incsearch
set ignorecase
set nocompatible
set wildmenu
set paste
set expandtab
set tabstop=2
set shiftwidth=4
set softtabstop=4
set gcr=a:block-blinkon0
set guioptions-=l
set guioptions-=L
set guioptions-=r
set guioptions-=R
highlight CursorLine cterm=NONE ctermbg=black ctermfg=green guibg=NONE guifg=NONE
highlight CursorColumn cterm=NONE ctermbg=black ctermfg=green guibg=NONE guifg=NONE
EOF
cp /root/.vimrc /home/${system_user}/
fi
function_writelog_judgment "[set vim]"
}
public_fun.sh(部分函数未使用)
#Public Function: judgment lockfile
function_create_lockfile(){
if [ -f $shell_lockfile ];then
function_writelog_simple "[Warning] The script is running! please wait."
exit
else
echo $$ > $shell_lockfile
fi
}
#Public Function: directly_delete shell lockfile
function_delete_lockfile(){
rm -f ${shell_lockfile} && exit 1
}
#Public Function: judgment after delete shell lockfile
function_judgment_delete_lockfile(){
if [ $? -ne 0 ];then
function_delete_lockfile
exit
fi
}
#Public Function: judgment and write Log
function_writelog_judgment(){
if [ $? -eq 0 ];then
log_info=$1
echo "$(date "+%Y-%m-%d") $(date "+%H-%M-%S") [Note]: ${shell_name} : ${log_info} executed sucessfully" >> ${shell_logfile}
else
echo "$(date "+%Y-%m-%d") $(date "+%H-%M-%S") [Error]: ${shell_name} : ${log_info} executed failed" |tee -a ${shell_logfile}
exit
fi
}
#Public Function: simple write Log
function_writelog_simple(){
log_info=$1
echo "$(date "+%Y-%m-%d") $(date "+%H-%M-%S") : ${shell_name} : ${log_info} " >> ${shell_logfile}
}
#Public Function: judgment UID
function_check_uid(){
if [ $UID -eq 0 ];then
return 0
else
echo "Please use root run script."
exit 1
fi
}
function_check_network(){
if [ `curl -s -w %{http_code} http://www.baidu.com -o /dev/null` -ne 200 ];then
function_writelog_simple "network "
exit
else
echo $$ > $shell_lockfile
fi
}
expect 自动脚本
相关命令
spawn:启动新的进程
send:用于向进程发送字符串
expect:从进程接收字符串
interact:允许用户交互
exp_continue 匹配多个字符串在执行动作后加此命令
expect eof 好像没有什么用
单一分支模式语法
expect “hi” {send “You said hi\n"}
多分支模式语法:
expect "hi" { send "You said hi\n" } \
"hehe" { send "Hehe yourself\n" } \
"bye" { send "Good bye\n" }
实际应用:
spawn ssh root@$ip
6 expect {
7 "yes/no" { send "yes\r" ; exp_continue }
8 "password" { send "$passwd\r" ; }
9 # "root" { send "hostname \r " }
10 # "root" { send " ifconfig \r " }
11 }
12 expect "root" {send "ifconfig \n " }
13 expect "root" {send "hostname \n " }
14 interact
实际,如果12行为
expect {
"hi" { send "You said hi\n" }
"hehe" { send "Hehe yourself\n" }
"bye" { send "Good bye\n" }
}
无法正常工作,
为
expect {
"hi" { send "You said hi\n" ; exp_continue }
"hehe" { send "Hehe yourself\n" ; exp_continue }
"bye" { send "Good bye\n" }
}
也无法工作,可能是只有一个 ; exp_continue 结构可行
但是此结构语句后接
12 expect "root" {send "ifconfig \n " }
13 expect "root" {send "hostname \n " }
是可行的。
ssh 密钥分发
user=root
password=centos
ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa
rpm -q expect &> /dev/null || yum -y install expect &> /dev/null
while read ip;do
expect <<EOF
set timeout 20
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub $user@$ip
expect {
"yes/no" { send "yes\n";exp_continue }
"password" { send "$password\n" }
}
expect eof
EOF
done < hostlist.txt
自编
user="root"
password="redhat"
[ ! -e ~/.ssh/id_rsa ] && ( read -t 5 -p "not exist id_rsa; want to create?(y/n) : " answer ; \
[ ! "${answer:-"n"}" == "n" ] && ( ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa &> /dev/null ) || exit )
rpm -q expect &> /dev/null || yum -y install expect &> /dev/null
while true ; do
read -t 20 -p " input your ip : " ip
expect <<EOF
set timeout 20
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub $user@$ip
expect {
"yes/no" { send "yes\n";exp_continue }
"password" { send "$password\n" }
}
expect eof
EOF
done
浙公网安备 33010602011771号