注:总是记不得Linux命令,放在这里吧,随时查
2006-12-9
cat /etc/issue //show OS issue
dmesg //print or control the kernel ring buffer,可用于查看启动故障
wget -c [url]ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz[/url] //下载chkrootkit
tar -xzvf chkrootkit.tar.gz
wget [url]http://downloads.rootkit.nl/rkhunter-1.2.8.tar.gz[/url] //下载rkhunter
md5sum rkhunter-1.2.8.tar.gz //MD5 check
lsof -n -p 1584 //查看PID 1584对应的运行文件
nc localhost 31338 //查看监听端口对应的运行程序
今日用nessus3.0扫描公司的一台centos服务器,竟然发现原未对外开放的服务全部端口大开。急忙ssh进入。查看iptables,发现多出下面一
句这么危险的命令
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT
立刻禁止。
iptables命令集
iptables -F
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 80 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 22 -j ACCEPT
iptables -A INPUT -p udp --destination-port 22 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 21 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 20 -j ACCEPT
iptables -A INPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -m udp --sport 53 -j ACCEPT
iptables -A INPUT -p tcp -i eth1 -j ACCEPT
iptables -A INPUT -p udp -i eth1 -j ACCEPT
iptables -A INPUT -p icmp -i eth1 -j ACCEPT
iptables -A INPUT -p tcp --syn -i eth0 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -j DROP
iptables -A INPUT -p udp -i eth0 -j DROP
iptables -A INPUT -p icmp -i eth0 -j DROP
iptables -A INPUT -p tcp -m multiport --dport 1521,1158,5801,5802 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -F //清空所有配置
iptables -P INPUT DROP //默认全部拒绝
iptables -D INPUT 1 //删除INPUT第一个规则
service iptables save //将内存中的iptables规则保存到/etc/sysconfig/iptables
2006-12-16
stat filename //display file or filesystenm status
lsof //list open files
strings /usr/bin/login | grep crypt //find strings
strings /sbin/ifconfig | grep PROMISC //检查ifconfig文件是否被修改
2006-12-20
rdesktop -f 192.168.1.10:33333 //登录windows服务器远程桌面
snmpwalk -v2c -c public 192.168.1.10 system //测试192.168.1.10上的snmp是否通
2006-12-23
tcpdump -w filename.tcpdump //抓包到文件
2007-4-27
mkdir //make directories
ls //list directory contents
ll //ls -l
shutdown -h //halt after shutdown
shutdown -r //reboot after shutdown
df //report filesystem disk space usage
du -sm /* //estimate file space usage
more
less
rpm -qa | grep cron //判断系统是否已经安装cron相关的包
rpm -ql vixie-cron //list files in package
rpm -ivh //install packets
/etc/init.d/crond start //service start
/etc/init.d/crond stop //service stop
/etc/init.d/crond restart //service restart
pgrep //show process;look up or signal processes based on name and other attributes
pkill //kill process;look up or signal processes based on name and other attributes
cron 配置计划任务的书写格式
/etc/crontab
第一段应该定义的是:分钟,表示每个小时的第几分钟来执行。范围是从0-59
第二段应该定义的是:小时,表示从第几个小时来执行,范围是从0-23
第三段应该定义的是:日期,表示从每个月的第几天执行,范围从1-31
第四段应该定义的是:月,表示每年的第几个月来执行,范围从1-12
第五段应该定义的是:周,表示每周的第几天执行,范围从0-6,其中 0表示星期日。
每六段应该定义的是:用户名,也就是执行程序要通过哪个用户来执行,这个一般可以省略;
第七段应该定义的是:执行的命令和参数。
2007-5-1
/etc/sysconfig/network-scripts/ifcfg-eth0 //网卡属性
ifdown eth0
ifup eth0
/etc/sysconfig/network //设置网关或路由
/etc/resolv.conf //dns设置
ifconfig eth0 down
ifconfig eth0 up
chkconfig --level 2345 iptables off
service iptables stop
service iptables start
/etc/init.d/iptables stop //自动运行服务文件夹
2007-5-8
useradd
userdel -r public //del public user and home folder
usermod -G wheel public //public user join to wheel group
adsl-setup //PPPoE connetion
newaliases //recreate aliasesdb
echo test | mail root //send test email to root
updatedb //run locate database upgrade
which //shows the full path of (shell) commands
whereis //locate the binary,source,and manual page files for a command
rm -rf pub //delete pub directory and subdirectory and files
rpm -qa | grep gcj
yum -y remove java-1.4.2-gcj-compat //remove gcj software
chown root:root test.txt //change owner to root;change file owner and group
chmod 700 test.txt //change attribe is 700
source /etc/profile //使环境变量生效
//让Tomcat作为系统服务自动启动
vi /etc/rc.d/init.d/tomcat
chmod 755 /etc/rc.d/init.d/tomcat
chkconfig --add tomcat
chkconfig tomcat on
chkconfig --list tomcat
/etc/rc.d/init.d/tomcat start
chgrp //change group ownership
chattr +i//change file attributes
lsattr //show file attributes
//mount cdrom floppy
mkdir /mnt/dvd
mount /dev/cdrom /mnt/dvd
umount /mnt/dvd
mkdir /mnt/floppy
mount /dev/fd0 /mnt/floppy
umount /mnt/floppy
umask //设置用户文件和目录的文件创建缺省屏蔽值
//mount USB
fdisk -l //查看外挂设备号
mkdir /mnt/usb
mount -t msdos /dev/sdb1 /mnt/usb //FAT格式
mount -t vfat /dev/sda1 /mnt/usb //FAT32格式
configuration file
/etc/pam.d/su //su configuration file
/etc/login.defs //login user configuration file
/etc/aliases //setup aliase and root forward email
/etc/updatedb.conf //locate database configuration file
/etc/yum.repos.d/dag.repo
/etc/httpd/conf/httpd.conf //Apache configuration file
/etc/sysconfig/iptables //iptables configuration file
/etc/profile //环境变量文件
/usr/local/tomcat/conf/web.xml //Tomcat configuration file
/usr/local/tomcat/conf/server.xml
/etc/my.cnf //mysql configuration file
/etc/postfix/main.cf //postfix配置文件
/usr/lib/sasl2/smtpd.conf //SMTP认证配置文件
/etc/sysconfig/saslauthd //SMTP认证配置文件
/etc/skel/ // 用户模板文件夹
/etc/dovecot.conf //Dovecot 的配置文件,pop3/imap4
/lib/modules/`uname -r`/kernel/fs //核心所支持文件系统
2007-6-12
host -t mx sina.com//DNS lookup utility
saslpasswd2 //设置SMTP认证密码
touch //change file timestamps
modprobe //program to add and remove modules from the Linux Kernel