系统相关

1 Ubuntu14.04相关 2 安装 - VMware 3 Install Ubuntu 4 Continue 5 Install Now 6 Continue 7 Shanghai 8 Continue 9 用户名/登录账号设置 - Continue10 Restart now

内核相关

1 查看内核版本2 uname -r

网络相关

sysctl -w net.ipv4.ip_forward=1  #临时开启路由转发service network restart #重启网络配置永久开启路由转发修改/etc/sysctl.conf文件将 net.ipv4.ip_forward=0改为net.ipv4.ip_forward=1

快捷键

1 Ctrl + Alt + t   -   打开终端

源相关：

1 更新源：sudo apt-get update 2 修改源：/etc/apt/sources.list 3 源整理： 4 源1（系统默认） 5 deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse 6 deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse 7 deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse 8 deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse 9 deb http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse10 deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse11 deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse12 deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse13 deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse14 deb-src http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse15 deb http://archive.canonical.com/ubuntu/ xenial partner16 deb http://extras.ubuntu.com/ubuntu/ xenial main17 源2：18 deb http://old-releases.ubuntu.com/ubuntu/ raring main universe restricted multiverse19 deb-src http://old-releases.ubuntu.com/ubuntu/ raring main universe restricted multiverse20 deb http://old-releases.ubuntu.com/ubuntu/ raring-security main universe restricted multiverse21 deb-src http://old-releases.ubuntu.com/ubuntu/ raring-security main universe restricted multiverse22 deb http://old-releases.ubuntu.com/ubuntu/ raring-updates main universe restricted multiverse23 deb-src http://old-releases.ubuntu.com/ubuntu/ raring-updates main universe restricted multiverse24 deb http://old-releases.ubuntu.com/ubuntu/ raring-backports main restricted universe multiverse25 deb-src http://old-releases.ubuntu.com/ubuntu/ raring-backports main restricted universe multiverse26 deb http://old-releases.ubuntu.com/ubuntu/ raring-proposed main restricted universe multiverse27 deb-src http://old-releases.ubuntu.com/ubuntu/ raring-proposed main restricted universe multiverse28 源3（东北大学）：29 deb-src http://mirror.neu.edu.cn/ubuntu/ xenial main restricted #Added by software-properties30 deb http://mirror.neu.edu.cn/ubuntu/ xenial main restricted31 deb-src http://mirror.neu.edu.cn/ubuntu/ xenial restricted multiverse universe #Added by software-properties32 deb http://mirror.neu.edu.cn/ubuntu/ xenial-updates main restricted33 deb-src http://mirror.neu.edu.cn/ubuntu/ xenial-updates main restricted multiverse universe #Added by software-properties34 deb http://mirror.neu.edu.cn/ubuntu/ xenial universe35 deb http://mirror.neu.edu.cn/ubuntu/ xenial-updates universe36 deb http://mirror.neu.edu.cn/ubuntu/ xenial multiverse37 deb http://mirror.neu.edu.cn/ubuntu/ xenial-updates multiverse38 deb http://mirror.neu.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse39 deb-src http://mirror.neu.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse #Added by software-properties40 deb http://archive.canonical.com/ubuntu xenial partner41 deb-src http://archive.canonical.com/ubuntu xenial partner42 deb http://mirror.neu.edu.cn/ubuntu/ xenial-security main restricted43 deb-src http://mirror.neu.edu.cn/ubuntu/ xenial-security main restricted multiverse universe #Added by software-properties44 deb http://mirror.neu.edu.cn/ubuntu/ xenial-security universe45 deb http://mirror.neu.edu.cn/ubuntu/ xenial-security multiverse46 源4（清华大学）：47 # deb cdrom:[Ubuntu 16.04 LTS _Xenial Xerus_ - Release amd64 (20160420.1)]/ xenial main restricted48 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial main restricted49 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates main restricted50 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial universe51 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates universe52 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial multiverse53 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates multiverse54 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse55 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security main restricted56 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security universe57 deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security multiverse58 源5（阿里云）:59 # deb cdrom:[Ubuntu 16.04 LTS _Xenial Xerus_ - Release amd64 (20160420.1)]/ xenial main restricted60 deb-src http://archive.ubuntu.com/ubuntu xenial main restricted #Added by software-properties61 deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted62 deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted multiverse universe #Added by software-properties63 deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted64 deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted multiverse universe #Added by software-properties65 deb http://mirrors.aliyun.com/ubuntu/ xenial universe66 deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe67 deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse68 deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse69 deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse70 deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse #Added by software-properties71 deb http://archive.canonical.com/ubuntu xenial partner72 deb-src http://archive.canonical.com/ubuntu xenial partner73 deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted74 deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted multiverse universe #Added by software-properties75 deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe76 deb http://mirrors.aliyun.com/ubuntu/ xenial-security multiverse

 域名-IP转换：

1 /etc/resolv.conf2 8.8.8.8 Google DNS

Apache：

安装：sudo apt install apache2 重启：/etc/init.d/apache2 restart  默认配置文件路径：/etc/apache2/apache2.conf查看版本：apachectl -v查看/修改端口 /etc/apache2/ports.conf 默认页面路径 /var/www/html

Python相关

1 安装  ​sudo apt-get install python-pip2 检测  pip -V

工具相关

1 VMware Tools2 安装3 虚拟机安装Vmware Tools4 解压 5 cd 到 目录6 sudo su 切换 root权限7 ./vmware-install.pl8 回车 all the time9 重启

Docker相关

1 安装 sudo apt install docker.io2 查看版本 - docker -v 3 启动docker后台服务  - sudo service docker start

ElasticSearch相关

安装wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.5.0.zipunzip elasticsearch-5.5.0.zipmv elasticsearch-5.5.0 /data/home/es/lcoalcd elasticsearch-5.5.0/bin./elasticsearch添加账号groupadd testesuseradd testes -g elasticsearch  chown -R testes:elasticsearch elasticsearch-5.5.0增删改查1、数据写入：HTTP method：POSTURL：http://127.0.0.1:9200/index-docs-name/data-type-name -d "{jsonstr}"返回：{
    "_index":"index-name","_type":"typename","_id":"idstr","_version":"1","created":"true"}2、数据获取:HTTP method ：GETURL：http://127.0.0.1:9200/index-docs-name/data-type-name/id返回：数据的json结构3、数据删除:HTTP method ：DELETEURL：http://127.0.0.1:9200/index-docs-name/data-type-name/id或者：http://127.0.0.1:9200/index-docs-name（可以使用通配符）删除多个文档4、数据更新:（1）全量再次写入HTTP method：POSTURL：http://127.0.0.1:9200/index-docs-name/data-type-name/id -d "{jsonstr}"返回：{
    "_index":"index-name","_type":"typename","_id":"idstr","_version":"1","created":"true"}（2）局部更新：HTTP method：POSTURL：http://127.0.0.1:9200/index-docs-name/data-type-name/id/_update -d "{jsonstr}"5、数据查询（1）全文搜索HTTP method : GETURL : http://127.0.0.1:9200[/index-docs-name/data-type-name]/_search[?q=xxx] -d "{json}"（2）聚合请求:在查询的search输入的结构体中写聚合语句即可。新建模板 请求方式--PUT请求地址a.b.c.d:9200/_template/your_temp_name模板：{"template":"whoisinfo",#模板名，索引名字一样自动适配。"order":"7",#模板号"state":"open","settings": {"index": {"creation_date": "1491451435658","number_of_shards": "5",#自己控制"number_of_replicas": "1",#自己控制"uuid": "0GCKTzVTRAaw-z47TfCaZQ","version": {"created": "2030399"}}}"mapping":{"domain":{#这里是这个模板下第n类数据的样子"properties":{"colunm_name":{"index":"not_analyzed""type":"date/string……""format":"strict_date_optional_time||epoch_millis"#这里是时间格式}}}}}索引与映射（一）、映射1、创建Method : PUTURL : http://127.0.0.1:9200/index-docs-name/_mappind -d "{jsonstr}"2、新增字段Method : PUTURL : http://127.0.0.1:9200/index-docs-name/_mappind/mapping-name -d "{jsonstr}"3、删除映射会删除数据Method : DELETEURL : http://127.0.0.1:9200/index-docs-name/_mappind/mapping-name 4、获取映射Method : GETURL : http://127.0.0.1:9200/index-docs-name/_mappind/mapping-name（二）常见的字段定义type 数据类型index 是否分词（not_analyzed）format 格式多重索引 "name":{"type":"xxxxx""fields"::{
    "xxx":"xxxx"}}分页查询创建Elasticsearch对象es = Elasticsearch([{
    'host':'192.168.1.103','port':9200}])创建分页机制resp = es.search(index, body=query, scroll="24h",size=10000)24h 是scrollid 有效时间scroll_id = resp['_scroll_id'] id就是标识total = resp["hits"]["total"] 总量获取数据resp = es.scroll(scroll_id=scroll_id, scroll="24h")rdoc = resp["hits"]["hits"]scroll_id = resp['_scroll_id']rdoc是每个数据项字典结构体的listLogStash安装#step-one：依赖于java jdk 所以预先安装JDK1、下载jdk 首选1.72、tar xzvf jdk-7u55-linux-x86.tar.gz3、mkdir /usr/lib/jvm 4、mv jdk1.7.0_55 /usr/lib/jvm/5、gedit ~/.bashrc在末尾输入一下内容并保存退出export JAVA_HOME=/usr/lib/jvm/jdk1.7.0_55export JRE_HOME=${JAVA_HOME}/jreexport CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/libexport PATH=${JAVA_HOME}/bin:$PATH6、source ~/.bashrc（多个账户下）#step-two：安装logstash1、方法1--源代码安装wget https://download.elastic.co/logstash/logstash/logstash-1.5.1.tar.gztar zxvf logstash-1.5.1.tar.gzmv logstash-1.5.1 logstashcd ./logstash/测试语句：bin/logstash -e 'input { stdin { } } output { stdout {} }'配置测试语句：bin/logstash -e 'input { stdin { } } output { stdout { codec => rubydebug } }'2、方法2--elasticsearch官方仓库安装wget -O http://packages.elasicsearch.org/GPG-KEY-elasticsearch | apt-key add -cat >> /etc/apt/sources.listdeb http//packages.elasticsearch.org/logstash/1.5/debian stable mainapt-get updateapt-get install logstash按照logstash配置文件运行logstashbin/logstash -f logstash.conf配置文件logstash.conf示例input {stdin{ }}output{stdout{ codec => rubydebug }elasticsearch { embedded => true }}配置语法：1、第一个概念：区段，也就是上文中的input 或者output都是一个区段#区段之内定义键值对#2、数据类型 （1）布尔型 true 和 false（2）字符串 "hostname"（3）数值 514（4）数组 [] 类似python中的队列（5）哈希 match => { key1 => "value1" , key2 => "value2" }3、语法规则（1）字段读取支持倒序下标 例如a[-1]（2）条件判断if / else if / else（3）判断操作符 != , == , < ,> ,<= ,>= ,=~ ,!~ ,in ,not in , and ,or ,nand ,xor, !{}4、命令行参数-e 执行-f 配置文件-l 错误日志的输出文件-P 加载插件\--verbose 输出一定到调试日志--debug 输出更多调试信息logstash的处理过程|filtername |xxx
      
       
        outputname >elasticsearchlogstash处理的是事件，事件的流转过程;输入 -》 过滤 -》 输出plugin命令：查看本机有多少插件可用 plugin list安装插件 plugin install xxxx升级插件 plugin update xxxlogstash运行1、服务模式services logstash start2、nohup模式nohup logstash -f ./logstash.conf &3、screen模式(避免用户退出命令行到哦之程序退出screen -dmS elksc1screen -r elksc1screen list标准输出入input {stdin{add_field => {
    "key" => "value"}codec => plaintags => {
    "add"}标签type => "std"类型}}文件输入input { file {path => ["fiel1","file2",...]type => "systen"start_position => "beginning"duqushujuweizhi #discover_interval 每隔多久去检查下path选的下新文件 默认15s#execlude 排出文件 list#sincedb/sincedb_write_interval#start_interval 每隔多久监听下新文件 }}TCP 输入：input {tcp {port => 8888mode => serverssl_enable => false}}网络导入旧数据时候常用 与nc配合nc 127.0.0.1 8888 < olddatasyslog输入：input {syslog {port => "514"}}collectd输入：input {collectd {port => 25289type => colletced}}Codec1、jsoncodec => "json"注意对于nginx日志 可以把-替换成02、多行事件编码codec => multiline {pattern => "^\["negate => truewaht => "previous"}3、网络流编码：codec => netflow {definitions => "/opt/logstash-1.4.2/lib/logstash/codec/netflow/netflow.yaml"version => [5]}时间处理：filter {gork { match => ["message","%{HTTPDATE:logdate}"]}date {match => ["logdate","dd/MMM/yyyy:HH:mm:ss Z"]}}gork 正则捕获语法gork {match => {"message"=> "%{WORD} {NUMBER:request_time:float} %{WORD}"}}match => {
    "message"=>"%{SYSLOGBASE} %{DATA:message}"}
       
      

 

计划任务

crontab -lls -alh /var/spool/cronls -al /etc/ | grep cronls -al /etc/cron*cat /etc/cron*cat /etc/at.allowcat /etc/at.denycat /etc/cron.allowcat /etc/cron.denycat /etc/crontabcat /etc/anacrontabcat /var/spool/cron/crontabs/root

不安全的文件/文件夹权限配置

cat ~/.bash_historycat ~/.nano_historycat ~/.atftp_historycat ~/.mysql_historycat ~/.php_history

明文用户名/密码搜索

#删除用户   userdel 用户名 #根据uid反查用户名  getent passwd 0

grep -i user [filename]grep -i pass [filename]grep -C 5 "password" [filename]find . -name "*.php" -print0 | xargs -0 grep -i -n "var $password"

日志相关

/bin/systemctl restart rsyslog.service   -- NewStart Carrier Grade Server Linux release 5/centos7  #重启日志服务

常见问题1：

1 Linux下出现Read-only file system2 mount -o remount rw /

常见问题2：

userdel: cannot open /etc/passwd -》chattr -i  /etc/passwd /etc/shadow /etc/group /etc/gshadow

 

程序名/端口/进程：

通过进程id查看占用的端口:netstat -nap | grep 2708 通过PID查看进程：ps -aux |grep -v grep|grep 28990

关闭端口    sudo iptables -A INPUT -p tcp --dport $PORT -j DROP"    sudo iptables -A OUTPUT -p tcp --dport $PORT -j DROP"   或者  lsof -i :8080|grep -v "PID"|awk '{print "kill -9",$2}'|sh

防火墙相关

禁止所有的ip访问本机的固定端口    iptables -I INPUT -p tcp --dport 80 -j DROP                         启用所有的ip访问本机的固定端口    iptables -I INPUT -p tcp --dport 80 -j ACCEPT                         允许指定IP访问本机固定端口（需要先禁止所有的ip访问固定端口）    iptables -I INPUT -s 192.168.1.123 -p tcp --dport 22 -j ACCEPT                        禁止某个IP地址的PING    iptables –A Filter –p icmp –s 192.168.0.1 –j DROP                         只允许PING 202.96.134.133 其它公网IP都不许PING    "iptables -A Filter -p icmp -s 192.168.100.200 -d 202.96.134.133 -j ACCEPTiptables -A Filter -p icmp -j DROP"                        备份iptables    cp /etc/sysconfig/iptables /var/tmp                        保存iptables    service iptables save                        重启防火墙    service iptables restart                        服务器只开启收发邮件功能    "iptables -I Filter -m mac --mac-source 00:0F:EA:25:51:37 -j DROPiptables -I Filter -m mac --mac-source 00:0F:EA:25:51:37 -p udp --dport 53 -j ACCEPTiptables -I Filter -m mac --mac-source 00:0F:EA:25:51:37 -p tcp --dport 25 -j ACCEPTiptables -I Filter -m mac --mac-source 00:0F:EA:25:51:37 -p tcp --dport 110 -j ACCEPT"                        只允许访问指定网址    "iptables -A Filter -p udp --dport 53 -j ACCEPTiptables -A Filter -p tcp --dport 53 -j ACCEPTiptables -A Filter -d www.3322.org -j ACCEPTiptables -A Filter -d img.cn99.com -j ACCEPTiptables -A Filter -j DROP"                        指定时间上网    "iptables -A Filter -s 10.10.10.253 -m time --timestart 6:00 --timestop 11:00 --days Mon,Tue,Wed,Thu,Fri,Sat,Sun -j DROPiptables -A Filter -m time --timestart 12:00 --timestop 13:00 --days Mon,Tue,Wed,Thu,Fri,Sat,Sun -j ACCEPTiptables -A Filter -m time --timestart 17:30 --timestop 8:30 --days Mon,Tue,Wed,Thu,Fri,Sat,Sun -j ACCEPT"                        基于MAC，只能收发邮件，其它都拒绝    "iptables -I Filter -m mac --mac-source 00:0A:EB:97:79:A1 -j DROPiptables -I Filter -m mac --mac-source 00:0A:EB:97:79:A1 -p tcp --dport 25 -j ACCEPTiptables -I Filter -m mac --mac-source 00:0A:EB:97:79:A1 -p tcp --dport 110 -j ACCEPT"                        禁用QQ防火墙配置    "iptables -A Filter -p udp --dport ! 53 -j DROPiptables -A Filter -d 218.17.209.0/24 -j DROPiptables -A Filter -d 218.18.95.0/24 -j DROPiptables -A Filter -d 219.133.40.177 -j DROP"                        禁用MSN配置    "iptables -A Filter -p udp --dport 9 -j DROPiptables -A Filter -p tcp --dport 1863 -j DROPiptables -A Filter -p tcp --dport 80 -d 207.68.178.238 -j DROPiptables -A Filter -p tcp --dport 80 -d 207.46.110.0/24 -j DROP"