forked from fomalhaut1998/hexo-theme-Fomalhaut
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsearch.xml
2782 lines (1335 loc) · 690 KB
/
search.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0" encoding="utf-8"?>
<search>
<entry>
<title>三剑客-sed</title>
<link href="/posts/c9de9d82.html"/>
<url>/posts/c9de9d82.html</url>
<content type="html"><![CDATA[<h1>替换</h1><p>在Linux系统中,可以使用sed命令来替换文件中的文本内容。要将所有的“kylin”替换为“ikun”,可以使用以下命令:</p><figure class="highlight nginx"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="attribute">sed</span> -i <span class="string">'s/kun/ikun/g'</span> filename</span><br></pre></td></tr></table></figure><p>将上面的 <code>filename</code> 替换为实际的文件名,这个命令将直接修改这个文件,将其中所有的“kylin”替换为“ikun”。</p><p>解释一下命令中的选项和参数:</p><ul><li><code>-i</code>:表示直接修改文件内容,而不是输出到终端或另一个文件中。</li><li><code>s/kun/ikun/g</code>:这是一个正则表达式,表示将“kylin”替换为“ikun”。其中,<code>s</code>表示替换操作,<code>/</code>是分隔符,<code>g</code>表示全局替换,即将每个匹配的“kun”都替换为“ikun”。</li></ul><p>请注意,在使用sed命令修改文件内容时,建议先备份原文件,以防止意外修改导致数据丢失。</p><h1>增加</h1><p>在Linux系统中,可以使用sed命令来修改GRUB引导参数,以添加 <code>net.ifnames=1 biosdevname</code> 选项。要在quiet选项后增加这个选项,可以使用以下命令:</p><figure class="highlight gradle"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sudo sed -i <span class="string">'s/quiet/quiet net.ifnames=1 biosdevname/g'</span> <span class="regexp">/etc/</span><span class="keyword">default</span>/grub</span><br></pre></td></tr></table></figure><p>这个命令将修改 <code>/etc/default/grub</code> 文件,将其中的 <code>quiet</code> 选项替换为 <code>quiet net.ifnames=1 biosdevname</code>,并保存修改后的文件。</p><p>解释一下命令中的选项和参数:</p><ul><li><code>sudo</code>:表示使用管理员权限来执行命令。</li><li><code>-i</code>:表示直接修改文件内容,而不是输出到终端或另一个文件中。</li><li><code>s/quiet/quiet net.ifnames=1 biosdevname/g</code>:这是一个正则表达式,表示将 <code>quiet</code> 替换为 <code>quiet net.ifnames=1 biosdevname</code>。其中,<code>s</code>表示替换操作,<code>/</code>是分隔符,<code>g</code>表示全局替换,即将每个匹配的 <code>quiet</code> 都替换为 <code>quiet net.ifnames=1 biosdevname</code>。</li><li><code>/etc/default/grub</code>:指定要修改的GRUB配置文件的路径。</li></ul><h1>删除</h1><p>在Linux系统中,可以使用sed命令来删除文件中的特定文本行。要删除文件中的 <code>modprobe.blacklist=nouveau</code> 行,可以使用以下命令:</p><figure class="highlight nginx"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="attribute">sed</span> -i <span class="string">'/modprobe.blacklist=nouveau/d'</span> filename</span><br></pre></td></tr></table></figure><p>将上面的 <code>filename</code> 替换为实际的文件名,这个命令将直接修改这个文件,将其中所有包含 <code>modprobe.blacklist=nouveau</code> 的行删除。</p><p>解释一下命令中的选项和参数:</p><ul><li><code>-i</code>:表示直接修改文件内容,而不是输出到终端或另一个文件中。</li><li><code>/modprobe.blacklist=nouveau/d</code>:这是一个正则表达式,表示删除所有包含 <code>modprobe.blacklist=nouveau</code> 的行。其中,<code>/</code>是分隔符,<code>d</code>表示删除匹配的行。</li></ul><p>请注意,在使用sed命令修改文件内容时,建议先备份原文件,以防止意外修改导致数据丢失。</p>]]></content>
<categories>
<category> 分类 </category>
</categories>
<tags>
<tag> 暂存 </tag>
</tags>
</entry>
<entry>
<title>Linux好用命令之wall</title>
<link href="/posts/c4b461e0.html"/>
<url>/posts/c4b461e0.html</url>
<content type="html"><![CDATA[<h1>使用方式</h1><ul><li>向所有终端广播</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">wall "hello"</span><br></pre></td></tr></table></figure><ul><li>排除邮件前面的头条文本</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">wall -n "hello"</span><br></pre></td></tr></table></figure><ul><li>给组发信息</li></ul><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">wall -g <span class="built_in">test</span> <span class="string">"hello"</span></span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> linux命令 </category>
</categories>
<tags>
<tag> linux命令 </tag>
</tags>
</entry>
<entry>
<title>centos修改网卡名</title>
<link href="/posts/63943f11.html"/>
<url>/posts/63943f11.html</url>
<content type="html"><![CDATA[<h1>需求</h1><p>centos6系统使用的网卡名都是eth开头的,而centos7以上都是以设备类型来划分的,如果使用不习惯或者有其他xp兴趣可以根据自己的喜好来修改</p><h1>参数解释</h1><h2 id="net-ifnames">net.ifnames</h2><p>用于控制Linux系统中网络接口的命名规则,在不同发行版上有不同的命名方式,该参数有三种选项</p><ul><li>0:使用传统的命名,一般来说安装系统的时候使用这个参数就可以了,但难免会碰到一样的机器网卡物理位置一样但实际每台机器顺序可能不一样的问题</li><li>1:使用基于连接的命名方式</li><li>2:使用基于路径的命名方式</li></ul><h3 id="biosdevname">biosdevname</h3><p><code>biosdevname</code> 参数是用于控制Linux系统中网络接口命名的一种机制。当该参数启用时,Linux系统会在命名网络接口时使用BIOS提供的设备名称,而不是使用传统的基于总线、插槽和端口的命名方式。</p><p>启用<code>biosdevname</code>参数的主要作用是简化网络接口的管理和配置,特别是在具有多个网络接口的系统中。使用BIOS提供的设备名称可以使网络管理员更容易识别和区分不同的网络接口,并更容易地配置和管理网络接口。</p><p>请注意,启用<code>biosdevname</code>参数可能会导致Linux系统中网络接口的命名方式发生变化,因此在启用该参数之前,建议备份网络接口的配置文件。此外,该参数需要BIOS支持,因此不是所有的系统都支持该参数</p><h1>centos6修改</h1><h2 id="移除优先级高的udev规则">移除优先级高的udev规则</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">mv /lib/udev/rules.d/75-persistent-net-generator.rules /tmp</span><br></pre></td></tr></table></figure><h2 id="修改udev规则">修改udev规则</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/udev/rules.d/70-persistent-net.rules</span><br></pre></td></tr></table></figure><p>修改内容如下,其中ATTR除是mac地址,NAME是你要修改的网卡名</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ACTION=="add", SUBSYSTEM=="net", DRIVERS=="?*", ATTR{address}=="00:0c:29:2c:ad:8e", NAME="eth1"</span><br></pre></td></tr></table></figure><h1>centos7 修改</h1><h2 id="修改引导">修改引导</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/default/grub</span><br></pre></td></tr></table></figure><p>在GRUB_CMDLINE_LINUX除加入<code>net.ifnames=1 bisodevname=0</code>选项并用<code>grub2-mkconfig</code>重新生成grub</p><h2 id="修改udev规则-2">修改udev规则</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/udev/rules.d/70-persistent-net.rules</span><br></pre></td></tr></table></figure><p>修改内容如下,其中ATTR除是mac地址,NAME是你要修改的网卡名</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ACTION=="add", SUBSYSTEM=="net", DRIVERS=="?*", ATTR{address}=="00:0c:29:2c:ad:8e", NAME="eth1"</span><br></pre></td></tr></table></figure><h2 id="修改配置文件">修改配置文件</h2><p>根据使用的网络管理器(NetworkManager或者Network)来修改配置文件,将网卡名替换掉</p><h2 id="重启验证">重启验证</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">reboot</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 网络管理 </category>
</categories>
<tags>
<tag> 网络管理 </tag>
</tags>
</entry>
<entry>
<title>Linux好用命令之auditctl</title>
<link href="/posts/ee30c79.html"/>
<url>/posts/ee30c79.html</url>
<content type="html"><![CDATA[<ul><li>列出规则</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">auditctl -l</span><br></pre></td></tr></table></figure><ul><li>写入规则</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">auditctl -w 目录的绝对路径</span><br></pre></td></tr></table></figure><ul><li>删除规则</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">audictl -W 目录的绝对路径</span><br></pre></td></tr></table></figure><ul><li>审计状态</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">auditctl -s</span><br></pre></td></tr></table></figure><ul><li>查看效果</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ausearch -f 目录的绝对路径</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> linux命令 </category>
</categories>
<tags>
<tag> linux命令 </tag>
</tags>
</entry>
<entry>
<title>Linux好用命令之devtoolset</title>
<link href="/posts/d171c710.html"/>
<url>/posts/d171c710.html</url>
<content type="html"><![CDATA[<h1>前言</h1><p>CentOS/RHEL Linux 发行版以稳定性著称,所有的软件都要尽可能 stable,导致的一个结果就是基础软件的版本非常的低,比如 CentOS 6.7(15年发布) 中 gcc 版本还是 4.4.7(12年的版本)。这对开发来说就不是很友好,比如我们想用 C++ 11 中的某个特性,就必须自己编译一个高版本的 gcc 出来,但是这会有另外一个问题,开发环境不好维护,如果自己有多台电脑或者多个人合作的项目,每台机器上都要自己编一份,维护起来就比较麻烦。</p><h1>解决办法</h1><p>devtoolset + scl<br>在centos7上默认gcc是4.8.5,如果需要gcc10可以安装devtoolset-10版本来支持,其他版本也如此</p><h1>devtoolset-7依赖关系</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">先装这2两个依赖</span></span><br><span class="line">devtoolset-7-runtime-7.1-4.ky3.kb1.x86_64.rpm</span><br><span class="line">devtoolset-7-binutils-2.28-11.ky3.kb1.x86_64.rpm</span><br><span class="line">devtoolset-7-gcc-7.3.1-5.15.ky3.kb1.x86_64.rpm</span><br><span class="line">devtoolset-7-libstdc++-devel-7.3.1-5.15.ky3.kb1.x86_64.rpm</span><br><span class="line">devtoolset-7-gcc-c++-7.3.1-5.15.ky3.kb1.x86_64.rpm</span><br></pre></td></tr></table></figure><h1>切换</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">scl enable devtoolset-10 bash </span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> linux命令 </category>
</categories>
<tags>
<tag> linux命令 </tag>
</tags>
</entry>
<entry>
<title>Linux好用命令之ethtool</title>
<link href="/posts/c0d4357c.html"/>
<url>/posts/c0d4357c.html</url>
<content type="html"><![CDATA[<h1>命令简介</h1><p>查看网口信息</p><h1>查看网卡信息</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ethtool eth0</span><br></pre></td></tr></table></figure><ul><li>网卡信息如下<br>可以看出网卡的很多信息,包括网卡速率是百兆还是千兆</li></ul><figure class="highlight txt"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br></pre></td><td class="code"><pre><span class="line">Settings for enp2s0:</span><br><span class="line"> Supported ports: [ TP MII ]</span><br><span class="line"> Supported link modes: 10baseT/Half 10baseT/Full</span><br><span class="line"> 100baseT/Half 100baseT/Full</span><br><span class="line"> 1000baseT/Half 1000baseT/Full</span><br><span class="line"> Supported pause frame use: Symmetric Receive-only</span><br><span class="line"> Supports auto-negotiation: Yes</span><br><span class="line"> Supported FEC modes: Not reported</span><br><span class="line"> Advertised link modes: 10baseT/Half 10baseT/Full</span><br><span class="line"> 100baseT/Half 100baseT/Full</span><br><span class="line"> 1000baseT/Half 1000baseT/Full</span><br><span class="line"> Advertised pause frame use: Symmetric Receive-only</span><br><span class="line"> Advertised auto-negotiation: Yes</span><br><span class="line"> Advertised FEC modes: Not reported</span><br><span class="line"> Link partner advertised link modes: 10baseT/Half 10baseT/Full</span><br><span class="line"> 100baseT/Half 100baseT/Full</span><br><span class="line"> 1000baseT/Full</span><br><span class="line"> Link partner advertised pause frame use: Symmetric</span><br><span class="line"> Link partner advertised auto-negotiation: Yes</span><br><span class="line"> Link partner advertised FEC modes: Not reported</span><br><span class="line"> Speed: 1000Mb/s #当前速率</span><br><span class="line"> Duplex: Full </span><br><span class="line"> Auto-negotiation: on</span><br><span class="line"> master-slave cfg: preferred slave</span><br><span class="line"> master-slave status: slave</span><br><span class="line"> Port: Twisted Pair</span><br><span class="line"> PHYAD: 0</span><br><span class="line"> Transceiver: external</span><br><span class="line"> MDI-X: Unknown</span><br><span class="line"> Supports Wake-on: pumbg</span><br><span class="line"> Wake-on: d</span><br><span class="line"> Link detected: yes #是否连通物理网线</span><br></pre></td></tr></table></figure><h1>把网卡指示灯打开</h1><p>在网卡支持这种功能的前提下,使用此命令会使网卡的指示灯闪烁,但需要注意,有些系统会持续闪烁,但有些版本会闪烁几秒</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ethtool -p eth0</span><br></pre></td></tr></table></figure><h1>查看网卡驱动程序信息</h1><p>查询指定的网络设备以获取相关的驱动程序信息。</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ethtool -i eth0</span><br></pre></td></tr></table></figure><p>如下</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">driver: e1000</span><br><span class="line">version: 7.3.21-k8-NAPI</span><br><span class="line">firmware-version: </span><br><span class="line">expansion-rom-version: </span><br><span class="line">bus-info: 0000:02:01.0</span><br><span class="line">supports-statistics: yes</span><br><span class="line">supports-test: yes</span><br><span class="line">supports-eeprom-access: yes</span><br><span class="line">supports-register-dump: yes</span><br><span class="line">supports-priv-flags: no</span><br></pre></td></tr></table></figure><h1>列出网络接口统计信息</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ethtool -S eth0</span><br></pre></td></tr></table></figure><h1>设置网络接口速度</h1><p>eth0自适应100、1000,指定他是百兆</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ethtool -s eth0 speed 1000 duplex full autoneg off</span><br></pre></td></tr></table></figure><h1>重置网卡到自适应模式</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ethtool -r eth0</span><br></pre></td></tr></table></figure><h1>将ethtool的设置跟随网卡</h1><p>写在ifcfg-ethX配置里面</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ETHTOOL_OPTS="speed 100 deplex full autoneg off"</span><br></pre></td></tr></table></figure><h1>查看错误信息</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ethtool -S eth0 | grep error</span><br></pre></td></tr></table></figure><p>同时,使用<code>ifconfig</code> 也可以看错误信息</p><h2 id="错误信息">错误信息</h2><ul><li>RX errors<br>表示总的收包的错误数量,这包括 too-long-frames 错误,Ring Buffer 溢出错误,crc 校验错误,帧同步错误,fifo overruns 以及 missed pkg 等等</li><li>RX dropped<br>表示数据包已经进入了 Ring Buffer,但是由于内存不够等系统原因,导致在拷贝到内存的过程中被丢弃</li><li>RX overruns<br>表示了 fifo 的 overruns,这是由于 Ring Buffer(aka Driver Queue) 传输的 IO 大于 kernel 能够处理的 IO 导致的,而 Ring Buffer 则是指在发起 IRQ 请求之前的那块 buffer。很明显,overruns 的增大意味着数据包没到 Ring Buffer 就被网卡物理层给丢弃了(就是ring buffer满之后先有drop收到的,再overrun没收的),而 CPU 无法即使的处理中断是造成 Ring Buffer 满的原因之一</li><li>RX frame<br>表示 misaligned 的 frames</li></ul><h2 id="rx-crc-errors">rx_crc_errors</h2><p>在大多数情况下,增加rx_crc_errors的值意味着该问题出在网络模型的第1层,当在接口上接收到数据包时,它将经历数据完整性检查,这称为循环冗余检查。 如果数据包在该检查中失败,则将其标记为rx_crc_errors<br>1.更换电缆。<br>2.检查交换机配置。<br>3.更换网络接口卡。</p><h1>查看网卡</h1>]]></content>
<categories>
<category> linux命令 </category>
</categories>
<tags>
<tag> linux命令 </tag>
</tags>
</entry>
<entry>
<title>Linux好用命令之expect</title>
<link href="/posts/a5a7ce3.html"/>
<url>/posts/a5a7ce3.html</url>
<content type="html"><![CDATA[<h1>作用</h1><p>交互式自动输入</p><h1>安装</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install -y expect</span><br></pre></td></tr></table></figure><h1>简单示例</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">cat expect.sh </span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">!/usr/bin/expec</span></span><br><span class="line">set timeout 20</span><br><span class="line">spawn ssh [email protected]</span><br><span class="line">expect "root"</span><br><span class="line">send "paic1234\n"</span><br><span class="line">interact</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> linux命令 </category>
</categories>
<tags>
<tag> linux命令 </tag>
</tags>
</entry>
<entry>
<title>Linux好用命令之nmcli</title>
<link href="/posts/6ad86d1e.html"/>
<url>/posts/6ad86d1e.html</url>
<content type="html"><![CDATA[<h1>NetworkManager</h1><ol><li>NetworkManager服务是管理和监控网络设置的守护进程,Centos7之前的版本都是通过network.service管理网络配置</li><li>到了Centos7就同时支持network.service和NetworkManager.service</li><li>在RHEL 8/Centos 8上已废弃network.service(默认不安装),只能通过NetworkManager进行网络配置。</li><li>NetworkManager主要管理2个对象 <code>Connection</code>(网卡连接配置) 和 <code>Device</code>(网卡设备),他们之间是多对一的关系,但是同一时刻只能有一个Connection对于Device才生效</li></ol><h1>启动方法</h1><p>启动+开机自启动</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl enable --now NetworkManager</span><br></pre></td></tr></table></figure><h1>三种方法配置网络</h1><ol><li>通过nmcli connection add命令配置,会自动生成ifcfg文件</li><li>手动配置ifcfg文件,通过nmcli connection reload来加载生效</li><li>手动配置ifcfg文件,通过传统network.service来加载生效</li></ol><h1>nmcli基操</h1><p>NetworkManager在系统中的管理工具为nmcli,这个命令<code>嘎嘎好用</code></p><h2 id="查看所有连接">查看所有连接</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection show </span><br></pre></td></tr></table></figure><h2 id="查看所有激活的连接">查看所有激活的连接</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection show --active</span><br></pre></td></tr></table></figure><h2 id="查看指定的网口的连接">查看指定的网口的连接</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection show eth0</span><br></pre></td></tr></table></figure><h2 id="关闭连接">关闭连接</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection down eth0</span><br></pre></td></tr></table></figure><h2 id="启用连接">启用连接</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection up eth0</span><br></pre></td></tr></table></figure><h1>nmcli配置网络实例-dhcp</h1><h2 id="新增连接">新增连接</h2><ul><li>创建一个连接名<code>dachui</code>,使用ens33设备</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection add con-name dachui type Ethernet ifname ens33</span><br></pre></td></tr></table></figure><h2 id="展示创建后的效果">展示创建后的效果</h2><p>(实在不想配图)<br>可以看出只有一个行<code>NAME</code>是ens33是激活的(因为激活的连接在终端显示绿色,或者用–active可以看出来)</p><figure class="highlight txt"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">NAME UUID TYPE DEVICE </span><br><span class="line">ens33 c96bc909-188e-ec64-3a96-6a90982b08ad ethernet ens33 </span><br><span class="line">dachui 4b27c0d3-17d5-434b-90d1-5ac57a0f6147 ethernet -- </span><br><span class="line">ens34 94aea789-efb3-ef4c-81b0-e8b18ecc9797 ethernet -- </span><br></pre></td></tr></table></figure><h2 id="查看dachui的配置">查看<code>dachui</code>的配置</h2><p>如果不加<code>grep</code>,他会显示很多信息,但我们只需要关注ipv4的信息</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection show dachui | grep ipv4</span><br></pre></td></tr></table></figure><h2 id="配置展示">配置展示</h2><p>可以看出第一行<code>ipv4.method</code>的是<code>auto</code>,他代表<code>dachui</code>这个连接是用<code>dhcp</code>的方式获取ip的</p><figure class="highlight txt"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br></pre></td><td class="code"><pre><span class="line">ipv4.method: auto</span><br><span class="line">ipv4.dns: --</span><br><span class="line">ipv4.dns-search: --</span><br><span class="line">ipv4.dns-options: ""</span><br><span class="line">ipv4.dns-priority: 0</span><br><span class="line">ipv4.addresses: --</span><br><span class="line">ipv4.gateway: --</span><br><span class="line">ipv4.routes: --</span><br><span class="line">ipv4.route-metric: -1</span><br><span class="line">ipv4.route-table: 0 (unspec)</span><br><span class="line">ipv4.routing-rules: --</span><br><span class="line">ipv4.ignore-auto-routes: 否</span><br><span class="line">ipv4.ignore-auto-dns: 否</span><br><span class="line">ipv4.dhcp-client-id: --</span><br><span class="line">ipv4.dhcp-timeout: 0 (default)</span><br><span class="line">ipv4.dhcp-send-hostname: 是</span><br><span class="line">ipv4.dhcp-hostname: --</span><br><span class="line">ipv4.dhcp-fqdn: --</span><br><span class="line">ipv4.never-default: 否</span><br><span class="line">ipv4.may-fail: 是</span><br><span class="line">ipv4.dad-timeout: -1 (default)</span><br></pre></td></tr></table></figure><h2 id="激活dhcp">激活dhcp</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli con show ens33 | grep IP4</span><br></pre></td></tr></table></figure><ul><li>激活的结果<br>可以看出这边ipv4的地址已经自动获取了</li></ul><figure class="highlight txt"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">IP4.ADDRESS[1]: 192.168.42.135/24</span><br><span class="line">IP4.GATEWAY: 192.168.42.2</span><br><span class="line">IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 192.168.42.2, mt = 102</span><br><span class="line">IP4.ROUTE[2]: dst = 192.168.42.0/24, nh = 0.0.0.0, mt = 102</span><br><span class="line">IP4.DNS[1]: 192.168.42.2</span><br><span class="line">IP4.DOMAIN[1]: localdomain</span><br></pre></td></tr></table></figure><h1>nmcli配置网络实例-static</h1><p>刚才是展示的新增一个连接,使用默认的<code>dhcp</code>方式配置网络,但实际项目中需要使用静态ip的方式,配置静态的手段有很多,可以对现在有<code>连接</code>进行系iu改,也可以再创建一个<code>连接</code>并且同时指定他的ip地址</p><h2 id="一次性创建">一次性创建</h2><p>乍一看命令<code>嘎嘎</code>长,其实很简单</p><ul><li><code>嘎嘎</code>长的命令,其实可以更长</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection add con-name dachui-static type ethernet ifname ens33 ipv4.method manual ipv4.address 192.168.42.5/24 ipv4.gateway 192.168.42.2</span><br></pre></td></tr></table></figure><blockquote><p>我拆开两部分分析</p></blockquote><ol><li>创建连接,指定模式<br>这边就是创建了<code>dahcui-static</code>的连接,使用<code>type</code>指定此连接为<code>ethernet</code>(以太网),并且设备是<code>ens33</code></li></ol><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection add con-name dachui-static type ethernet ifname ens33</span><br></pre></td></tr></table></figure><ol start="2"><li>配置网络要素<br>一个ip地址至少需要指定一个<code>ip</code>和<code>子网掩码</code>才可以生效,网关也是需要配置的,还有指定是手动</li></ol><figure class="highlight apache"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="attribute">ipv4</span>.method manual ipv4.address <span class="number">192.168.42.5</span>/<span class="number">24</span> ipv4.gateway <span class="number">192.168.42.2</span></span><br></pre></td></tr></table></figure><ul><li>激活连接</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection up dachui-static</span><br></pre></td></tr></table></figure><ul><li>验证</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection up dachui-static | grep IP4</span><br></pre></td></tr></table></figure><blockquote><p>输出为下面的</p></blockquote><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">IP4.ADDRESS[1]: 192.168.42.5/24</span><br><span class="line">IP4.GATEWAY: 192.168.42.2</span><br><span class="line">IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 192.168.42.2, mt = 102</span><br><span class="line">IP4.ROUTE[2]: dst = 192.168.42.0/24, nh = 0.0.0.0, mt = 102</span><br><span class="line">IP4.DNS[1]: 192.168.42.2</span><br><span class="line">IP4.DOMAIN[1]: localdomain</span><br></pre></td></tr></table></figure><h2 id="编辑连接">编辑连接</h2><p>如果之前是创建好了多个连接,但是需要修改,可以通过modify的方法</p><ul><li>提示一点<br>如果要修改,请看好原先的<code>连接</code>是<code>自动获取</code>还是<code>手动获取</code>,如果是自动,需要改模式</li></ul><blockquote><p>可以一并加入修改的,我只是拆开提示一下,遇到过一次改了半天没生效,一看连接方式是dhcp</p></blockquote><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection modify dachui-static ipv4.method manual </span><br></pre></td></tr></table></figure><ul><li>修改ip<br>也可以修改其他的,在输入<code>dachui-static</code>之后按<code>tap</code>会列举出所有的<code>配置项</code>,然后根据语法修改</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection modify dachui-static ipv4.address 192.168.42.200/24</span><br></pre></td></tr></table></figure><ul><li>重启网卡<br>修改之后需要激活一下才能生效</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection up dachui-static</span><br></pre></td></tr></table></figure><blockquote><p>这样一个基本的nmlci创建连接就结束了</p></blockquote><h1>其他基操</h1><h2 id="增加路由">增加路由</h2><p>内网环境下,机器可能有多个网段,那么加路由肯定是必须的,比如我这需要访问<code>10.10.10.0/24</code>的机器,那么通过如下方法进行配置</p><ul><li>加路由</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection modify dachui-static +ipv4.routes "10.10.10.0/24 192.168.42.2"</span><br></pre></td></tr></table></figure><ul><li>激活看信息</li></ul><ol><li>配置信息</li></ol><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">IP4.ROUTE[5]: dst = 10.10.10.0/24, nh = 192.168.42.2, mt = 102</span><br></pre></td></tr></table></figure><ol start="2"><li>路由信息</li></ol><ul><li>route展示</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">route -n</span><br></pre></td></tr></table></figure><ul><li>输出结果</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">Destination Gateway Genmask Flags Metric Ref Use Iface</span><br><span class="line">0.0.0.0 192.168.42.2 0.0.0.0 UG 102 0 0 ens33</span><br><span class="line">10.10.10.0 192.168.42.2 255.255.255.0 UG 102 0 0 ens33</span><br></pre></td></tr></table></figure><h2 id="删除路由">删除路由</h2><p>学会增加,也要学会删除</p><ul><li><code>乍一看</code>是不是一样的?其实将<code>+</code>改成<code>-</code>,然后<code>重新激活</code>就可以了</li></ul><blockquote><p>所以修改的逻辑很简单的,<code>+</code>就增加,<code>-</code>就是删除,<code>什么都不加</code>就是修改</p></blockquote><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection modify dachui-static -ipv4.routes "10.10.10.0/24 192.168.42.2"</span><br></pre></td></tr></table></figure><h2 id="增加ip">增加ip</h2><p>有时候需要在一个连接上加多个ip地址</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection modify dachui-static +ipv4.addresses 2.2.2.2/16</span><br></pre></td></tr></table></figure><h2 id="删除连接">删除连接</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection delete dachui-static</span><br></pre></td></tr></table></figure><h2 id="网卡开机自启动">网卡开机自启动</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nmcli connection modify dachui-static autoconnect yes</span><br></pre></td></tr></table></figure><h1>nmtui</h1><p>其实nmcli的玩法有很多,但其实还有一个工具<code>nmtui</code>,他是<code>NetworkManager-tui</code>的一个工具,通过字符图形化配置网络</p>]]></content>
<categories>
<category> linux命令 </category>
</categories>
<tags>
<tag> linux命令 </tag>
</tags>
</entry>
<entry>
<title>Linux好用命令之systemctl</title>
<link href="/posts/5154c07a.html"/>
<url>/posts/5154c07a.html</url>
<content type="html"><![CDATA[<h1>systemd</h1><p>是一个用于linux的系统与服务管理器,内核启动后拉起的第一个进程,即init进程(用户空间1号进程),启动和维护各种用户开机的服务</p><h2 id="查看系统systemd的service情况">查看系统systemd的service情况</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl list-units --type service</span><br></pre></td></tr></table></figure><h2 id="解析systemd启动过程中的性能数据">解析systemd启动过程中的性能数据</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">systemd-analyze #系统启动时间总览</span><br><span class="line">systemd-analyze plot > p.svg#生成plot图</span><br><span class="line">systemd-analyze critical-chain xxx.service #某服务依赖关系中耗时最长的链条</span><br></pre></td></tr></table></figure><h1>systemctl</h1><h2 id="查看系统单元">查看系统单元</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">systemctl</span><br><span class="line">systemctl list-units</span><br></pre></td></tr></table></figure><h2 id="查看运行失败的单元">查看运行失败的单元</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl --failed</span><br></pre></td></tr></table></figure><h2 id="查看系统中安装的服务">查看系统中安装的服务</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl list-unit-files</span><br></pre></td></tr></table></figure><h2 id="启停查">启停查</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">systemctl start httpd</span><br><span class="line">systemctl stop httpd</span><br><span class="line">systemctl status httpd</span><br></pre></td></tr></table></figure><h2 id="设置启动模式-图形-命令行">设置启动模式(图形/命令行)</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">systemctl get-default</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">开机启动图形界面</span></span><br><span class="line">systemctl set-default graphical.target</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">字符界面模式</span></span><br><span class="line">systemctl set-default multi-user.target</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> linux命令 </category>
</categories>
<tags>
<tag> linux命令 </tag>
</tags>
</entry>
<entry>
<title>shell编程</title>
<link href="/posts/e5954c2f.html"/>
<url>/posts/e5954c2f.html</url>
<content type="html"><![CDATA[<h2 id="1-终端打印">1.终端打印</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">1.输出特殊符号需要转义</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">2.使用<span class="built_in">printf</span>带格式输出</span></span><br><span class="line">printf "%-5s %-10s %-4s\n" No Name Mark</span><br><span class="line">printf "%-5s %-10s %-4.2f\n" 1 Sarath 80.3456</span><br><span class="line">printf "%-5s %-10s %-4.2f\n" 2 James 90.9989</span><br><span class="line">printf "%-5s %-10s %-4.2f\n" 3 Jeff 77.564</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">3.输出颜色</span></span><br><span class="line">字体颜色:重置=0,黑色=30,红色=31,绿色=32,黄色=33,蓝</span><br><span class="line">色=34,洋红=35,青色=36,白色=37</span><br><span class="line">底色:重置=0,黑色=40,红色=41,绿色=42,黄色=43,</span><br><span class="line">蓝色=44,洋红=45,青色=46,白色=47</span><br><span class="line">echo -e "\e[1;31m This is red text \e[0m"</span><br></pre></td></tr></table></figure><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">1.查看这个进程的变量</span></span><br><span class="line">cat /proc/$(pgrep java)/environ | tr '\0' '\n'</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">pgrep java 查看java进程的pid</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash"><span class="built_in">tr</span> <span class="string">'\0'</span> <span class="string">'\n'</span> 格式化输出</span></span><br></pre></td></tr></table></figure><h2 id="2-环境变量">2.环境变量</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line">var=value ##变量赋值,没有空格</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">1.输出变量</span></span><br><span class="line">echo $(var) #$()这个可以省略,但为了更好的显示建议加</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">2.变量长度</span></span><br><span class="line"><span class="meta prompt_">echo$</span><span class="language-bash">{<span class="comment">#var}</span></span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">3.输出当前用的哪种shell</span></span><br><span class="line">echo $SHELL</span><br><span class="line">echo $0</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">4.检查是否是超户</span></span><br><span class="line">if [ $UID -ne 0 ]; then</span><br><span class="line">echo Non root user. Please run as root.</span><br><span class="line">else</span><br><span class="line">echo Root user</span><br><span class="line">fi</span><br></pre></td></tr></table></figure><h2 id="3-使用函数添加变量">3.使用函数添加变量</h2><h2 id="4-shell的数学运算">4.shell的数学运算</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">法1:定义的是字符串,使用<span class="built_in">let</span>直接计算</span></span><br><span class="line">no1=4</span><br><span class="line">no2=5</span><br><span class="line">let result=no1+no2</span><br><span class="line">echo $result</span><br><span class="line">let no1++</span><br><span class="line">let no1--</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">法2:操作符[]</span></span><br><span class="line">result=$[ no1 + no2 ]</span><br><span class="line">result=$[ $no1 + no2 ]</span><br></pre></td></tr></table></figure><h2 id="5-文件描述符和重定向">5.文件描述符和重定向</h2><p>0 —— stdin(标准输入)<br>1 —— stdout(标准输出)<br>2 —— stderr(标准错误)</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">将错误和正确分别写进文件</span></span><br><span class="line">cat a1 2> stderr.txt 1> stdout.txt</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">将命令的报错丢弃</span></span><br><span class="line">cat 1 2>/dev/null</span><br></pre></td></tr></table></figure><h2 id="6-别名alias">6.别名alias</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">alias ifconfig='ip a | grep ens'</span><br><span class="line">ifconfig</span><br></pre></td></tr></table></figure><h2 id="7-时间">7.时间</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br></pre></td><td class="code"><pre><span class="line">date --date "Jan 20 2001" +%A</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">星期</span> </span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">a(例如:Sat)</span></span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">A(例如:Saturday</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">月</span> </span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">b(例如:Nov)</span></span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">B(例如:November)</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">日</span> </span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">d(例如:31)</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">固定格式日期(mm/dd/yy)</span> </span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">D(例如:10/18/10)</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">年</span></span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">y(例如:10)</span></span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">Y(例如:2010)</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">小时</span></span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">I或%H(例如:08)</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">分钟</span></span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">M(例如:33)</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">秒</span></span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">S(例如:10)</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">纳秒</span></span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">N(例如:695208515)</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">Unix纪元时(以秒为单位)</span></span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">s(例如:1290049486)</span></span><br></pre></td></tr></table></figure><h2 id="8-shell的调试">8.shell的调试</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">1.使用vscode远程调试</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">2.bash -x a.sh</span></span><br></pre></td></tr></table></figure><h2 id="9-函数">9.函数</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">1.1定义方式a</span></span><br><span class="line">function fname()</span><br><span class="line">{</span><br><span class="line">statements;</span><br><span class="line">}</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">1.2.定义方式b</span></span><br><span class="line">fname()</span><br><span class="line">{</span><br><span class="line">statements;</span><br><span class="line">}</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">2.使用方式</span></span><br><span class="line">fname #只需要使用函数名</span><br><span class="line">fname argv1 argv2 #传参数</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">3.函数返回值</span></span><br><span class="line">echo $? #输出函数返回值</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">4.1实例a</span></span><br><span class="line">fname()</span><br><span class="line">{</span><br><span class="line">echo $1, $2; #访问参数1和参数2 $n就是第n个参数</span><br><span class="line">echo "$@";#所有参数</span><br><span class="line">echo "$*"; #类似于$@,但是参数被作为单个实体</span><br><span class="line">return 0; #返回值</span><br><span class="line">}</span><br><span class="line">fname 1 2</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">4.2实例b</span></span><br><span class="line">CMD="ifconfig" #command指代你要检测退出状态的目标命令</span><br><span class="line"><span class="meta prompt_">$</span><span class="language-bash">CMD > /dev/null</span></span><br><span class="line">if [ $? -eq 0 ];</span><br><span class="line">then</span><br><span class="line">echo "$CMD executed successfully"</span><br><span class="line">else</span><br><span class="line">echo "$CMD terminated unsuccessfully"</span><br><span class="line">fi</span><br></pre></td></tr></table></figure><h2 id="10-将命令序列的输出读入变量">10.将命令序列的输出读入变量</h2><h2 id="11-read读入输入值">11.read读入输入值</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">read -p "Enter input:" var #显示提示信息</span><br><span class="line">read -s var #用无回显的方式读取密码</span><br></pre></td></tr></table></figure><h2 id="12-字段分隔符和迭代器">12.字段分隔符和迭代器</h2><h2 id="13-if…else">13.if…else</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash"><span class="comment">#1.if..else</span></span></span><br><span class="line">if condition;</span><br><span class="line">then</span><br><span class="line">commands;</span><br><span class="line">fi</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash"><span class="comment">#1.if..else if..else</span></span></span><br><span class="line">if condition;</span><br><span class="line">then</span><br><span class="line">commands;</span><br><span class="line">else if condition; then</span><br><span class="line">commands;</span><br><span class="line">else</span><br><span class="line">commands;</span><br><span class="line">fi</span><br></pre></td></tr></table></figure><h2 id="14-比较测试">14.比较测试</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">1.计算条件</span></span><br><span class="line">[ $var -eq 0 ] #当 $var 等于 0 时,返回真</span><br><span class="line">[ $var -ne 0 ] #当 $var 为非 0 时,返回真</span><br><span class="line">-eq:等于</span><br><span class="line">-ne:不等于</span><br><span class="line">-gt:大于</span><br><span class="line">-lt:小于</span><br><span class="line">-ge:大于或等于</span><br><span class="line">-le:小于或等于</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">2.文件系统条件</span></span><br><span class="line">fpath="/etc/passwd"</span><br><span class="line">if [ -e $fpath ]; then</span><br><span class="line">echo File exists;</span><br><span class="line">else</span><br><span class="line">echo Does not exist;</span><br><span class="line">fi</span><br><span class="line">[ -f $var ]:如果给定的变量包含正常的文件路径或文件名,则返回真。</span><br><span class="line">[ -x $var ]:如果给定的变量包含的文件可执行,则返回真。</span><br><span class="line">[ -d $var ]:如果给定的变量包含的是目录,则返回真。</span><br><span class="line">[ -e $var ]:如果给定的变量包含的文件存在,则返回真。</span><br><span class="line">[ -c $var ]:如果给定的变量包含的是一个字符设备文件的路径,则返回真。</span><br><span class="line">[ -b $var ]:如果给定的变量包含的是一个块设备文件的路径,则返回真。</span><br><span class="line">[ -w $var ]:如果给定的变量包含的文件可写,则返回真。</span><br><span class="line">[ -r $var ]:如果给定的变量包含的文件可读,则返回真。</span><br><span class="line">[ -L $var ]:如果给定的变量包含的是一个符号链接,则返回真。</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">3.字符串比较</span></span><br><span class="line">[[ $str1 = $str2 ]]</span><br><span class="line">[[ $str1 == $str2 ]]</span><br><span class="line">[[ $str1 != $str2 ]]</span><br><span class="line">[[ $str1 > $str2 ]] #如果str1的字母序比str2大,则返回真</span><br><span class="line">[[ -z $str1 ]]:如果str1包含的是空字符串,则返回真。</span><br><span class="line">[[ -n $str1 ]]:如果str1包含的是非空字符串,则返回真。</span><br></pre></td></tr></table></figure><h2 id="15-命令">15.命令</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">1.<span class="built_in">cat</span></span> </span><br><span class="line">cat -n a.txt #显示行号</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">2.xargs</span></span><br><span class="line">command | xargs#接收到的数据重新格式化</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">3.<span class="built_in">tr</span></span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">4.<span class="built_in">md5sum</span></span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">5.加密指令</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">6.排序</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">7.临时文件名</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">8.分隔文件</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">9.批量重命名</span></span><br></pre></td></tr></table></figure><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">10.生成文件</span></span><br><span class="line">dd if=/dev/zero of=junk.data bs=1M count=1#bs代表以字节为单位的块大小(block size),count代表需要被</span><br><span class="line">复制的块数</span><br><span class="line">https://www.cnblogs.com/licheng/archive/2008/03/21/1116492.htm</span><br></pre></td></tr></table></figure><h2 id="16-文本文件的交集与差集">16.文本文件的交集与差集</h2><h2 id="17-查找并删除重复文件">17.查找并删除重复文件</h2><h2 id="18-文件权限、所有权和粘滞位">18.文件权限、所有权和粘滞位</h2><h2 id="19-创建不可修改的文件">19.创建不可修改的文件</h2><h2 id="20-批量生成空白文件">20.批量生成空白文件</h2><h2 id="21-查找符号链接及其指向目标">21.查找符号链接及其指向目标</h2><h2 id="22-列举文件类型统计信息">22.列举文件类型统计信息</h2><h2 id="23-使用环回文件">23.使用环回文件</h2><h2 id="24-生成-ISO-文件及混合型-ISO">24.生成 ISO 文件及混合型 ISO</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">1.制作iso</span></span><br><span class="line">cat /dev/cdrom > image.iso #不好</span><br><span class="line">dd if=/dev/cdrom of=image.iso #最好的方法</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">mkisofs命令用于创建ISO文件系统。可以用cdrecord之类的工具将mkisofs的输出文件直接刻录到CD-ROM或DVD-ROM上</span></span><br><span class="line">mkisofs -V "Label" -o image.iso source_dir/</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">2.isohybrid</span></span><br><span class="line">isohybrid image.iso</span><br><span class="line">dd if=image.iso of=/dev/sdb1</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">3.用命令行刻录ISO</span></span><br><span class="line">cdrecord -v dev=/dev/cdrom image.iso -speed 8</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">4.操作光驱器</span></span><br><span class="line">eject #弹开</span><br><span class="line">eject -t ##合上</span><br></pre></td></tr></table></figure><h1>25.统计文件的行数、单词数和字符数</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">1.统计行数</span></span><br><span class="line">wc -l file</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">2.统计单词数</span></span><br><span class="line">wc -w file</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">3.统计字符数</span></span><br><span class="line">wc -c file</span><br><span class="line">echo -n 1234 | wc -c #-n用于避免echo添加额外的换行符</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">4.不加参数</span></span><br><span class="line">wc file #文件的行数、单词数和字符数</span><br></pre></td></tr></table></figure><h1>26.tree目录</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">1.输出符合类型的文件</span></span><br><span class="line">tree /opt -P "*.sh"</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">2.打印目录树和大小</span></span><br><span class="line">tree -h</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">tree命令可以生成HTML输出</span></span><br><span class="line">tree PATH -H http://localhost -o out.html</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 知识点 </category>
</categories>
<tags>
<tag> shell </tag>
</tags>
</entry>
<entry>
<title>perl过滤mac地址</title>
<link href="/posts/56f58a69.html"/>
<url>/posts/56f58a69.html</url>
<content type="html"><![CDATA[<ul><li>下载包</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">https://cpan.metacpan.org/authors/id/A/AB/ABIGAIL/Regexp-Common-2017060201.tar.gz</span><br></pre></td></tr></table></figure><ul><li>安装包</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">tar xf Regexp-Common-2017060201.tar.gz </span><br><span class="line">cd Regexp-Common-2017060201/</span><br><span class="line">perl Makefile.PL</span><br><span class="line">make install</span><br></pre></td></tr></table></figure><ul><li>过滤指定网口mac地址</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ifconfig eth0 |perl -MRegexp::Common=net -lnE 'say $& if /$RE{net}{MAC}/g'</span><br></pre></td></tr></table></figure><ul><li>过滤指定网卡IPv4</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ifconfig eth1 |perl -MRegexp::Common=net -lnE 'say $& if /$RE{net}{IPv4}/g'</span><br></pre></td></tr></table></figure><ul><li>过滤指定网卡IPv6</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ifconfig eth1 |perl -MRegexp::Common=net -lnE 'say $& if /$RE{net}{IPv6}/g'</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 知识点 </category>
</categories>
<tags>
<tag> 基操 </tag>
</tags>
</entry>
<entry>
<title>nfs搭建</title>
<link href="/posts/941a0cef.html"/>
<url>/posts/941a0cef.html</url>
<content type="html"><![CDATA[<h1>环境</h1><ul><li>节点server,充当nfs服务端,ip是192.168.42.141</li><li>节点client,充当nfs客户端,ip是192.168.42.0/24下的,可以ping通</li><li>机器均关闭selinux(我不用)</li><li>机器均关闭firewalld (我也不用)</li></ul><h1>服务端配置</h1><ul><li>安装软件</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install -y nfs-utils rpcbind</span><br></pre></td></tr></table></figure><ul><li>创建服务端nfs目录</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">mkdir /mnt/nfs-server</span><br><span class="line">chmod 777 /mnt/nfs-server</span><br></pre></td></tr></table></figure><ul><li>配置/etc/exports文件</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">下面是放开192.168.42.0/24网段</span></span><br><span class="line">/mnt/nfs-server 192.168.42.0/24(rw,sync,no_root_squash)</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">也可以放开所有的网段,写法如下</span></span><br><span class="line">/mnt/nfs-server *(ro)</span><br></pre></td></tr></table></figure><ul><li>查看服务端NFS共享目录</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">showmount -e</span><br></pre></td></tr></table></figure><ul><li>设置服务端自启动</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">systemctl enable nfs-server rpcbind</span><br><span class="line">systemctl start nfs-server rpcbind</span><br></pre></td></tr></table></figure><ul><li>检测nfs端口是否正常</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">lsof -i:111</span><br></pre></td></tr></table></figure><ul><li>防火墙配置</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">关闭防火墙,</span></span><br><span class="line">systemctl disable --now firewalld</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">不关闭防火墙的就自己配置吧</span></span><br></pre></td></tr></table></figure><h1>客户端配置</h1><ul><li>安装软件</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install -y nfs-utils</span><br></pre></td></tr></table></figure><ul><li>设置nfs挂载目录</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">mkdir /mnt/nfs-data</span><br></pre></td></tr></table></figure><ul><li>检查server的nfs共享目录</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">showmount -e 192.168.42.141</span><br></pre></td></tr></table></figure><ul><li>手动挂载</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">mount 192.168.42.141:/home/nfs-server /mnt/nfs-data</span><br></pre></td></tr></table></figure><ul><li>查看挂载</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">df -Th</span><br></pre></td></tr></table></figure><ul><li>写入fstab</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">写入fstab设置开机自动挂载</span></span><br><span class="line">/mnt/nfs-server /mnt/nfs-data nfs defaults,_netdev 0 0 </span><br></pre></td></tr></table></figure><ul><li>测试fstab</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">先卸载手动挂载的</span></span><br><span class="line">umount /mnt/nfs-data</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">执行mount -a</span></span><br><span class="line">mount -a</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">查看挂载</span></span><br><span class="line">df -Th</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 安装部署 </category>
</categories>
<tags>
<tag> 安装部署 </tag>
</tags>
</entry>
<entry>
<title>Linux快速查找库文件位置</title>
<link href="/posts/3a97f081.html"/>
<url>/posts/3a97f081.html</url>
<content type="html"><![CDATA[<p>ldconfig -p | grep lib_name</p><p>ldconfig -p 会打印出当前系统已经安装的动态库信息,然后使用 grep 找你的 lib 即可<br><a href="https://blog.csdn.net/bjbz_cxy/article/details/108517003">https://blog.csdn.net/bjbz_cxy/article/details/108517003</a></p>]]></content>
<categories>
<category> 知识点 </category>
</categories>
<tags>
<tag> 库文件 </tag>
</tags>
</entry>
<entry>
<title>GRUB了解</title>
<link href="/posts/1be27d0f.html"/>
<url>/posts/1be27d0f.html</url>
<content type="html"><![CDATA[<h1>什么是GRUB</h1><ol><li>一个来自GNU的多操作系统启动程序</li><li>计算机读取到第一个扇区的512字节找到gurb之后,由用户选择哪个系统</li></ol><h1>boot下文件</h1><ol><li>vmlinux文件</li><li>initramfs虚拟文件系统<br>linux内核启动前,GRUB会将虚拟文件系统加载到内存,内核启动时,会在访问真正的根文件系统之前先访问该内存中的虚拟文件系统,虚拟文件系统的目的是为访问真正的根文件扫清障碍,最主要的目的是加载根文件系统存储介质的驱动模块</li></ol><h1>GRUB用法</h1><ul><li>安装GRUB</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">grub2-install /dev/sda</span><br></pre></td></tr></table></figure><ul><li>生成配置文件</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">grub2-mkconfig -o /boot/grub2/grub.cfg</span><br></pre></td></tr></table></figure><ul><li>常用命令</li></ul><ol><li>insmod 插入模块</li><li>lsmod 显示已经加载的</li><li>set</li></ol><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">set root=(hd0,msdos1) #设置根目录</span><br><span class="line">set default=0 #设置默认菜单</span><br><span class="line">set timout=5 #设置超时</span><br><span class="line">set prefix=(hd0,msdos1)/EFI/grub</span><br></pre></td></tr></table></figure><ol start="4"><li>linux 加载linux内核</li><li>initrd 加载初始化RAM数据模块</li><li>boot</li></ol>]]></content>
<categories>
<category> 知识点 </category>
</categories>
<tags>
<tag> grub </tag>
</tags>
</entry>
<entry>
<title>grub的相关操作</title>
<link href="/posts/b72ca0dc.html"/>
<url>/posts/b72ca0dc.html</url>
<content type="html"><![CDATA[<h1>grubby操作</h1><ul><li>查看默认引导内核</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">grubby --default-kernel</span><br></pre></td></tr></table></figure><ul><li>查看所有内核</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">grubby --info=ALL</span><br></pre></td></tr></table></figure><ul><li>修改</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">grubby --set-default /boot/vmlinuz-4.18.0-80.11.2.el8_0.x86_64\</span><br></pre></td></tr></table></figure><h1>查看可引导的内核数量</h1><ul><li>UEFI</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">awk -F\' '$1=="menuentry " {print $2}' /boot/efi/EFI/kylin/grub.cfg</span><br></pre></td></tr></table></figure><ul><li>LEGACY</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">cat /boot/grub2/grub.cfg |grep menuentry</span><br></pre></td></tr></table></figure><h1>修改引导顺序</h1><ul><li>使用命令修改</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">grub2-set-default 'KylinSec OS Linux (6.2.0-rc1) 3 (Core)'</span><br></pre></td></tr></table></figure><ul><li>使用数字修改</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">grub2-set-default 0</span><br></pre></td></tr></table></figure><ul><li>查看修改启动项的结果</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">grub2-editenv list</span><br></pre></td></tr></table></figure><ul><li>生成grub.cfg</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">uefi</span></span><br><span class="line">grub2-mkconfig -o /boot/efi/EFI/kylin/grub.cfg </span><br></pre></td></tr></table></figure><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">bios</span></span><br><span class="line">grub2-mkconfig -o /boot/grub2/grub.cfg</span><br></pre></td></tr></table></figure><h1>查看vmlinux参数</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">grubby --info=/boot/vmlinuz-6.2.0-rc1</span><br></pre></td></tr></table></figure><h1>centos6的修改</h1><ol><li>查看/etc/grub.conf文件,确认系统内核的情况,如下图所示系统存在2个内核的现象。从上往下内核版本依次是2.6.32-573.18.1.el6.x86_64和2.6.32-431.23.3.el6.x86_64。</li><li>在grub.conf文件中决定开机使用哪个内核版本做启动的参数是default,默认值为0,代表从最新的内核启动。代表启动的内核版本从上往下依次是0、1、2等。</li><li>如果要选择从旧版内核,即系统最开始的内核启动,则把default值改为1 ,然后重启服务器从新的内核进行引导</li></ol>]]></content>
<categories>
<category> 知识点 </category>
</categories>
<tags>
<tag> grub </tag>
</tags>
</entry>
<entry>
<title>linux统计实时网速的方法</title>
<link href="/posts/a9e5246.html"/>
<url>/posts/a9e5246.html</url>
<content type="html"><![CDATA[<h1>noload</h1><p>通过nload命令来统计网速<br>-t 刷新时间间隔 500ms<br>-u b/k/m/g 网速单位 依次字节/KB/MB/GB</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nload eth0 -u g -m </span><br></pre></td></tr></table></figure><h1>sar</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sar -n DEV 1 100</span><br></pre></td></tr></table></figure><h1>ifconfig</h1><p>RX: 接收流量<br>TX: 发送流量<br>计算方法:(<strong>KB</strong> = 数值/1000) (<strong>MB</strong> = 数值/100000)</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">watch -n 1 ifconfig </span><br></pre></td></tr></table></figure><h1>iftop</h1>]]></content>
<categories>
<category> 网络管理 </category>
</categories>
<tags>
<tag> 网速 </tag>
</tags>
</entry>
<entry>
<title>网络连接数量查看</title>
<link href="/posts/acb02ade.html"/>
<url>/posts/acb02ade.html</url>
<content type="html"><![CDATA[<h2 id="查看哪些IP连接本机">查看哪些IP连接本机</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">netstat -an</span><br></pre></td></tr></table></figure><h2 id="查看TCP连接数">查看TCP连接数</h2><ul><li>统计80端口连接数</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">netstat -nat|grep -i "80"|wc -l</span><br></pre></td></tr></table></figure><ul><li>统计httpd协议连接数</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ps -ef|grep httpd|wc -l</span><br></pre></td></tr></table></figure><ul><li>统计已连接上的,状态为“established</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">netstat -na|grep ESTABLISHED|wc -l</span><br></pre></td></tr></table></figure><ul><li>查出哪个IP地址连接最多,将其封了</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">netstat -na|grep ESTABLISHED|awk {print $5}|awk -F: {print $1}|sort|uniq -c|sort -r +0n</span><br><span class="line">netstat -na|grep SYN|awk {print $5}|awk -F: {print $1}|sort|uniq -c|sort -r +0n</span><br></pre></td></tr></table></figure><ul><li>查看apache前并发访问数</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">netstat -an | grep ESTABLISHED | wc -l</span><br></pre></td></tr></table></figure><ul><li>查看有多少个进程数</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ps aux|grep httpd|wc -l</span><br></pre></td></tr></table></figure><h1>字段解释</h1><p>TIME_WAIT 8947 等待足够的时间以确保远程TCP接收到连接中断请求的确认<br>FIN_WAIT1 15 等待远程TCP连接中断请求,或先前的连接中断请求的确认<br>FIN_WAIT2 1 从远程TCP等待连接中断请求<br>ESTABLISHED 55 代表一个打开的连接<br>SYN_RECV 21 再收到和发送一个连接请求后等待对方对连接请求的确认<br>CLOSING 2 没有任何连接状态<br>LAST_ACK 4 等待原来的发向远程TCP的连接中断请求的确认</p><h1>TCP连接状态详解</h1><p>LISTEN: 侦听来自远方的TCP端口的连接请求<br>SYN-SENT: 再发送连接请求后等待匹配的连接请求<br>SYN-RECEIVED:再收到和发送一个连接请求后等待对方对连接请求的确认<br>ESTABLISHED: 代表一个打开的连接<br>FIN-WAIT-1: 等待远程TCP连接中断请求,或先前的连接中断请求的确认<br>FIN-WAIT-2: 从远程TCP等待连接中断请求<br>CLOSE-WAIT: 等待从本地用户发来的连接中断请求<br>CLOSING: 等待远程TCP对连接中断的确认<br>LAST-ACK: 等待原来的发向远程TCP的连接中断请求的确认<br>TIME-WAIT: 等待足够的时间以确保远程TCP接收到连接中断请求的确认<br>CLOSED: 没有任何连接状态</p>]]></content>
<categories>
<category> 网络管理 </category>
</categories>
<tags>
<tag> 网络连接数 </tag>
</tags>
</entry>
<entry>
<title>网卡改名脚本使用</title>
<link href="/posts/74b3b75a.html"/>
<url>/posts/74b3b75a.html</url>
<content type="html"><![CDATA[<h1>问题</h1><ul><li>网卡名要按照客户需求改</li></ul><h1>解决</h1><h2 id="1-修改grub">1.修改grub</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/default/grub</span><br></pre></td></tr></table></figure><ul><li>添加 net.ifnames=1 biosdevname=0 如下图所示</li></ul><p><img src="images/%E5%9B%BE%E5%BA%93/image-20220331170233957.png" alt="image-20220331170233957"></p><h2 id="2-重建">2.重建</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">grub2-mkconfig -o /boot/grub2/grub.cfg</span><br></pre></td></tr></table></figure><p><img src="images/%E5%9B%BE%E5%BA%93/image-20220331170404356.png" alt="image-20220331170404356"></p><h2 id="3-执行脚本">3.执行脚本</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">./ifcfg_cluster_manage create /var/log/ifcfg_cluster_manage.log</span><br></pre></td></tr></table></figure><ul><li>在/etc/udev/rules.d/会生成70-persistent-net.rules配置,修改网卡名和/etc/sysconfig/network-scripts/下面的配置一致就可以了</li></ul>]]></content>
<categories>
<category> 网络管理 </category>
</categories>
<tags>
<tag> 网卡改名 </tag>
</tags>
</entry>
<entry>
<title>网卡多队列</title>
<link href="/posts/2e0e8049.html"/>
<url>/posts/2e0e8049.html</url>
<content type="html"><![CDATA[<p><a href="https://www.bbsmax.com/A/6pdDbDgkJw/">https://www.bbsmax.com/A/6pdDbDgkJw/</a><br><a href="https://www.cnblogs.com/mauricewei/p/10502300.html">https://www.cnblogs.com/mauricewei/p/10502300.html</a></p><h1>什么是网卡多队列</h1><p>如果在多核 CPU 的服务器上,网卡内部会有多个 Ring Buffer,NIC 负责将传进来的数据分配给不同的 Ring Buffer,同时触发的 IRQ 也可以分配到多个 CPU 上,这样存在多个 Ring Buffer 的情况下 Ring Buffer 缓存的数据也同时被多个 CPU 处理,就能提高数据的并行处理能力</p><p>通常情况下,一张网卡会有一个队列用来接发收网络数据包,我们所说的一个队列你也可以理解成一个处理数据包的进程。</p><p>但是随着时代的发展,网卡支持的流量带宽越来越大,如果还是使用一个队列来接收网络数据包,必然容易造成数据包阻塞和单cpu处理不过来。于是出现了一批高端的智能网卡,这些网卡可以支持使用多个队列来接发收数据包。比如1822网卡</p><p>队列个数也可以根据情况设置,一个队列可以理解是一个处理数据包的进程,多个队列对应多个进程,这些进程可以分散到不同的cpu去处理,这样就缓解了单cpu的执行压力。</p><p>哪么网卡收到数据包后交给哪个队列处理呢?网卡驱动会根据数据包的源目的IP等五元组信息计算一个hash值,然后交由对应的队列处理。</p><h1>查看网卡是否支持</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ethtool -l eth0</span><br></pre></td></tr></table></figure><ul><li>如下</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"></span><br><span class="line">[root@localhost ~]# ethtool -l eth0</span><br><span class="line">Channel parameters for eth0:</span><br><span class="line">Pre-set maximums:</span><br><span class="line">RX: 0</span><br><span class="line">TX: 0</span><br><span class="line">Other: 0</span><br><span class="line">Combined: 2 #大于1 表示支持多队列</span><br><span class="line">Current hardware settings:</span><br><span class="line">RX: 0</span><br><span class="line">TX: 0</span><br><span class="line">Other: 0</span><br><span class="line">Combined: 2 #当前的多队列数量,大于1标识开启了</span><br></pre></td></tr></table></figure><h1>调整</h1><ul><li><h3 id="调整-Ring-Buffer-队列数量">调整 Ring Buffer 队列数量</h3></li></ul><p>注意,设置的队列数的前提是网卡首先要支持多队列,且不能超过网卡支持的最大的队列数。当网卡驱动比较老旧的时候,也有可能会设置失败,建议将网卡驱动先升级至最新版本</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ethtool -L eth1-combined 16</span><br></pre></td></tr></table></figure><ul><li><h3 id="调整-Ring-Buffer-队列大小">调整 Ring Buffer 队列大小</h3></li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">ethtool -G eth0 rx 4096</span><br><span class="line">````</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">网卡收到的数据包统计</span></span><br><span class="line">- ### 网卡收到的数据包统计</span><br><span class="line">```shell</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">RX 就是收到数据,TX 是发出数据</span></span><br><span class="line">ethtool -S em1 | more</span><br></pre></td></tr></table></figure><ul><li><h3 id="带有-drop-字样的统计和-fifo-errors-的统计">带有 drop 字样的统计和 fifo_errors 的统计</h3></li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">发送队列和接收队列 drop 的数据包数量显示在这里。并且所有 queue_drops 加起来等于 rx_fifo_errors。所以总体上能通过 rx_fifo_errors 看到 Ring Buffer 上是否有丢包。如果有的话一方面是看是否需要调整一下每个队列数据的分配,或者是否要加大 Ring Buffer 的大小</span></span><br><span class="line">ethtool -S em1 | grep -iE "error|drop"</span><br></pre></td></tr></table></figure><ul><li>查看ring buf大小</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">RX 和 TX 最大是 4096,当前值为 256 。队列越大丢包的可能越小,但数据延迟会增加</span></span><br><span class="line">ethtool -g eth0</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">结果如下</span></span><br><span class="line">Ring parameters for eth0:</span><br><span class="line">Pre-set maximums:</span><br><span class="line">RX: 2048</span><br><span class="line">RX Mini: 0</span><br><span class="line">RX Jumbo: 0</span><br><span class="line">TX: 2048</span><br><span class="line">Current hardware settings:</span><br><span class="line">RX: 2048</span><br><span class="line">RX Mini: 0</span><br><span class="line">RX Jumbo: 0</span><br><span class="line">TX: 2048</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 网络管理 </category>
</categories>
<tags>
<tag> 多队列 </tag>
</tags>
</entry>
<entry>
<title>端口转发</title>
<link href="/posts/c0e91c93.html"/>
<url>/posts/c0e91c93.html</url>
<content type="html"><![CDATA[<p>有时,两个主机A、C之间网络并不互通,但A和B互通,B和C互通,这种情况下,我们可以利用B主机做一个端口转发,使得主机A可以访问主机C上的网络服务。</p><p>能够实现端口转发的软件有很多,如iptables、socat、portmap、rinetd等,而ssh也是常见的一个,用法如下:</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">ssh本地端口转发,在A机器上执行,会在A机开启2001端口,并将此端口数据发到B机,B机又转发到C机的80端口</span></span><br><span class="line">ssh -fgN -L2001:host_c:80 work@host_b</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">ssh远端端口转发,在B机器上执行,在A机开启22333端口(由A机sshd服务打开),将A机22333端口流量通过B机(中转机)转到C机的80端口上</span></span><br><span class="line">ssh -fgN -R 22333:host_c:80 work@host_a</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">ssh远端动态端口转发,在B机器上执行,会在A机开启2222端口开放socks代理服务,被代理的数据会发到B机,B机又转发到任何B机能访问的网络服务上</span></span><br><span class="line">ssh -fgN -R 2222 work@host_a</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">ssh本地动态端口转发,在A机器上执行,会在A机开启2222端口开放socks代理服务,被代理的数据会发到B机,B机又转发到任何B机能访问的网络服务上</span></span><br><span class="line">ssh -Nfg -D 2222 work@host_b</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">A机通过本机socks代理,登录到C机</span></span><br><span class="line">ssh -o ProxyCommand='ncat --proxy 127.0.0.1:2222 --proxy-type socks5 %h %p' work@host_c</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">A机通过B机ssh登录C机,其实就是两次ssh登录过程</span></span><br><span class="line">ssh -t work@host_b 'ssh work@host_c'</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 网络管理 </category>
</categories>
<tags>
<tag> 端口转发 </tag>
</tags>
</entry>
<entry>
<title>日志分割</title>
<link href="/posts/59127654.html"/>
<url>/posts/59127654.html</url>
<content type="html"><![CDATA[<h1>memory日志太大了</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">3.2系统</span></span><br><span class="line">vim /etc/logrotate.d/memory</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">rotate设置小一点</span></span><br><span class="line">service crond restart</span><br></pre></td></tr></table></figure><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">3.3</span></span><br><span class="line">systemctl stop kylin-memory-monitor.service</span><br><span class="line">systemctl disable kylin-memory-monitor.service</span><br></pre></td></tr></table></figure><h1>创建一个日志测试logrotate</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">1.创建一个10M日志文件</span></span><br><span class="line">touch /var/log/test-log</span><br><span class="line">head -c 10M < /dev/urandom > /var/log/test-log</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">2.创建日志管理文件</span></span><br><span class="line">vim /etc/logrotate.d/test-log</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容如下</span></span><br><span class="line">/var/log/test-log {</span><br><span class="line"> weekly #每周转储</span><br><span class="line"> rotate 10 #保留10个备份,对于第11个归档,时间最久的会被删除</span><br><span class="line"> compress #gzip压缩转储的备份文件</span><br><span class="line"> delaycompress #转储的日志文件到下一次转储时才压缩</span><br><span class="line"> missingok #任何错误将被忽略,例如“文件无法找到</span><br><span class="line"> notifempty #日志为空不轮询</span><br><span class="line"> create 644 root root</span><br><span class="line"> postrotate #在所有其它指令完成后,postrotate和endscript里面指定的命令将被执行</span><br><span class="line"> /usr/bin/killall -HUP rsyslogd</span><br><span class="line"> endscript</span><br><span class="line">}</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">3.手动运行logrotate</span></span><br><span class="line">logrotate /etc/logrotate.d/test-log</span><br><span class="line">grep 'test-log' /var/lib/logrotate/logrotate.status #查看轮训的操作</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 日志 </category>
</categories>
<tags>
<tag> 日志分割 </tag>
</tags>
</entry>
<entry>
<title>lvm分区-缩小</title>
<link href="/posts/47785311.html"/>
<url>/posts/47785311.html</url>
<content type="html"><![CDATA[<h1>删除lv给其他分区扩容</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">查看卷组名</span></span><br><span class="line">df -h </span><br><span class="line">umount /dev/mapper/删除的卷组</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">修改fstab</span></span><br><span class="line">vim /etc/fstab </span><br><span class="line">lvremove /dev/mapper/删除的卷组 </span><br><span class="line">lvextend -l +100%FREE /dev/mapper/扩容的卷组</span><br><span class="line">resize2fs /dev/mapper/扩容的卷组 </span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">如果不能umount</span> </span><br><span class="line">fuser -m /home/d5000/hg/var</span><br><span class="line">ps -aux | grep pid</span><br><span class="line">kill -9 pid</span><br><span class="line">fuser -mkvi /home/d5000/hg/var</span><br></pre></td></tr></table></figure><h1>缩减某个分区给其他扩容</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">umount **** #要缩减分区的挂载点</span><br><span class="line">e2fsck -f /dev/mapper/VolGroup-LogVol02 #检查需要被缩减的</span><br><span class="line">resize2fs -p /dev/mapper/VolGroup-LogVol02 250G #减少文件系统最大到250G</span><br><span class="line">lvreduce -L -250G /dev/mapper/VolGroup-LogVol02 #减少250G</span><br><span class="line">vgdisplay</span><br><span class="line">lvextend -l +100%FREE /dev/mapper/VolGroup-LogVol00 #给需要扩容的分区拉升</span><br><span class="line">e2fsck -f /dev/mapper/VolGroup-LogVol00</span><br><span class="line">resize2fs /dev/mapper/VolGroup-LogVol00</span><br><span class="line">mount -a</span><br><span class="line">df -h</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 磁盘管理 </category>
</categories>
<tags>
<tag> lvm </tag>
</tags>
</entry>
<entry>
<title>lvm分区-删除</title>
<link href="/posts/c2f93c19.html"/>
<url>/posts/c2f93c19.html</url>
<content type="html"><![CDATA[<h1>卸载需要删除的分区</h1><ul><li>删除磁盘前需要确认已经umount,否则会失败</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">查看分区和挂载点信息</span></span><br><span class="line">df -h</span><br></pre></td></tr></table></figure><ul><li>挂载点信息如下</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">文件系统 容量 已用 可用 已用% 挂载点</span><br><span class="line">/dev/mapper/kylinsec-root 26G 7.1G 18G 30% /</span><br><span class="line">/dev/sda1 976M 198M 712M 22% /boot</span><br><span class="line">/dev/mapper/test_vg-home_kylin 380M 2.3M 354M 1% /home/kylin</span><br></pre></td></tr></table></figure><ul><li>首先需要卸载<code>/home/kylin</code></li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">umount /home/kylin</span><br></pre></td></tr></table></figure><h1>查看逻辑卷信息</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">lvdisplay</span><br></pre></td></tr></table></figure><ul><li>只截取了home_kylin的信息</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line">--- Logical volume ---</span><br><span class="line">LV Path /dev/test_vg/home_kylin</span><br><span class="line">LV Name home_kylin</span><br><span class="line">VG Name test_vg</span><br><span class="line">LV UUID bA2Rjo-YS01-vTAd-Ze1f-DdwP-lvaf-ugZt7N</span><br><span class="line">LV Write Access read/write</span><br><span class="line">LV Creation host, time ceshi, 2022-05-31 10:08:19 +0800</span><br><span class="line">LV Status available</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">open 1</span></span><br><span class="line">LV Size 400.00 MiB</span><br><span class="line">Current LE 100</span><br><span class="line">Segments 1</span><br><span class="line">Allocation inherit</span><br><span class="line">Read ahead sectors auto</span><br><span class="line">- currently set to 8192</span><br><span class="line">Block device 253:2</span><br><span class="line"></span><br><span class="line"></span><br></pre></td></tr></table></figure><ul><li>使用lvremove删除此分区</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">lvremove 后面接的是LV Path对应的名字</span></span><br><span class="line">lvremove /dev/test_vg/home_kylin</span><br></pre></td></tr></table></figure><ul><li>确认/etc/fstab是否有相关的信息,将与这块磁盘的信息删除</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">cat /etc/fstab</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 磁盘管理 </category>
</categories>
<tags>
<tag> lvm </tag>
</tags>
</entry>
<entry>
<title>lvm分区-扩容</title>
<link href="/posts/fe1e1d04.html"/>
<url>/posts/fe1e1d04.html</url>
<content type="html"><![CDATA[<h1>利用剩余空闲扩容</h1><ul><li>查看空闲空间</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vgdisplay</span><br></pre></td></tr></table></figure><ul><li>内容如下<br>可以看出Free PE有3839块,其中一块pe是4m,那么Free Pe的大小就是3839*4=15356m</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line">--- Volume group ---</span><br><span class="line"> VG Name vg_test</span><br><span class="line"> System ID </span><br><span class="line"> Format lvm2</span><br><span class="line"> Metadata Areas 1</span><br><span class="line"> Metadata Sequence No 2</span><br><span class="line"> VG Access read/write</span><br><span class="line"> VG Status resizable</span><br><span class="line"> MAX LV 0</span><br><span class="line"> Cur LV 1</span><br><span class="line"> Open LV 1</span><br><span class="line"> Max PV 0</span><br><span class="line"> Cur PV 1</span><br><span class="line"> Act PV 1</span><br><span class="line"> VG Size <20.00 GiB</span><br><span class="line"> PE Size 4.00 MiB</span><br><span class="line"> Total PE 5119</span><br><span class="line"> Alloc PE / Size 1280 / 5.00 GiB</span><br><span class="line"> Free PE / Size 3839 / <15.00 GiB</span><br><span class="line"> VG UUID GDHYHs-f1Yd-vmop-dLWR-VlRQ-h8ju-S5Tkr4</span><br></pre></td></tr></table></figure><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">给vg卷组扩容</span></span><br><span class="line">vgextend vg_name /dev/sdb</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">给具体分区扩容,具体分区可以<span class="built_in">df</span> -Th看出来</span></span><br><span class="line">lvextend -L +200M /dev/mapper/vg_home</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">lvextend -l +100%FREE /dev/mapper/vg_home</span></span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 磁盘管理 </category>
</categories>
<tags>
<tag> lvm </tag>
</tags>
</entry>
<entry>
<title>lvm分区-创建</title>
<link href="/posts/b174c19e.html"/>
<url>/posts/b174c19e.html</url>
<content type="html"><![CDATA[<h1>创建lvm分区</h1><ul><li>系统中加入了一块新的磁盘,利用新的磁盘创建分区</li></ul><h2 id="1-查看磁盘">1.查看磁盘</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">lsblk</span><br></pre></td></tr></table></figure><ul><li>可以看到如下,其中sdb是新插入的磁盘</li></ul><figure class="highlight ini"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT</span><br><span class="line">sda 8:0 0 30G 0 disk </span><br><span class="line">├─sda1 8:1 0 1G 0 part /boot</span><br><span class="line">└─sda2 8:2 0 29G 0 part </span><br><span class="line"> ├─kylinsec-root 253:0 0 26G 0 lvm /</span><br><span class="line"> └─kylinsec-swap 253:1 0 3G 0 lvm <span class="section">[SWAP]</span></span><br><span class="line">sdb 8:16 0 1G 0 disk </span><br><span class="line">sr0 11:0 1 1024M 0 rom </span><br></pre></td></tr></table></figure><h2 id="2-创建物理卷">2.创建物理卷</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">pvcreate /dev/sdb</span><br></pre></td></tr></table></figure><h2 id="3-创建卷组">3.创建卷组</h2><p>使用sdb硬盘,创建出一块名为<code>test_vg</code>的卷组设备</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vgcreate test_vg /dev/sdb</span><br></pre></td></tr></table></figure><h2 id="4-创建逻辑卷">4.创建逻辑卷</h2><p>在已有的卷组中(test_vg)创建一个逻辑卷(home_nice),大小为400G</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">lvcreate -n home_kylin -L 400G test_vg</span><br></pre></td></tr></table></figure><p>如果需要使用所有的空间可以这么写</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">lvcreate -n home_kylin -l +100%FREE test_vg</span><br></pre></td></tr></table></figure><h2 id="5-格式化逻辑卷">5.格式化逻辑卷</h2><p>首先需要获取逻辑卷的路径</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">lsblk -p</span><br></pre></td></tr></table></figure><ul><li>其中<code>/dev/mapper/test_vg-home_kylin</code>是刚创建的逻辑卷</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">lsblk -p的信息</span> </span><br><span class="line">NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT</span><br><span class="line">/dev/sda 8:0 0 30G 0 disk </span><br><span class="line">├─/dev/sda1 8:1 0 1G 0 part /boot</span><br><span class="line">└─/dev/sda2 8:2 0 29G 0 part </span><br><span class="line"> ├─/dev/mapper/kylinsec-root 253:0 0 26G 0 lvm /</span><br><span class="line"> └─/dev/mapper/kylinsec-swap 253:1 0 3G 0 lvm [SWAP]</span><br><span class="line">/dev/sdb 8:16 0 1G 0 disk </span><br><span class="line">└─/dev/mapper/test_vg-home_kylin 253:2 0 400M 0 lvm </span><br><span class="line">/dev/sr0 11:0 1 1024M 0 rom </span><br></pre></td></tr></table></figure><ul><li>使用mkfs进行格式化</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">示例中使用的是ext4文件系统,还可以选择xfs等其他文件系统</span></span><br><span class="line">mkfs.ext4 /dev/mapper/test_vg-home_kylin</span><br></pre></td></tr></table></figure><h2 id="6-挂载磁盘到系统">6.挂载磁盘到系统</h2><p>提供了2种方式,6.1是临时挂载,6.2是永久挂载,推荐使用<code>永久挂载</code>方式</p><h2 id="6-1临时挂载磁盘">6.1临时挂载磁盘</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">创建一个临时的目录</span></span><br><span class="line">mkdir /home/kylin</span><br></pre></td></tr></table></figure><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">挂载逻辑卷</span></span><br><span class="line">mount /dev/mapper/test_vg-home_kylin /home/kylin</span><br></pre></td></tr></table></figure><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">查看挂载信息</span></span><br><span class="line">df -Th</span><br></pre></td></tr></table></figure><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">挂载的信息如下</span></span><br><span class="line">文件系统 容量 已用 可用 已用% 挂载点</span><br><span class="line">/dev/mapper/kylinsec-root 26G 7.0G 18G 29% /</span><br><span class="line">devtmpfs 1.9G 0 1.9G 0% /dev</span><br><span class="line">tmpfs 2.0G 0 2.0G 0% /dev/shm</span><br><span class="line">tmpfs 2.0G 13M 2.0G 1% /run</span><br><span class="line">tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup</span><br><span class="line">/dev/sda1 976M 198M 712M 22% /boot</span><br><span class="line">tmpfs 393M 28K 393M 1% /run/user/0</span><br><span class="line">/dev/mapper/test_vg-home_kylin 380M 2.3M 354M 1% /home/data</span><br></pre></td></tr></table></figure><h2 id="6-2将磁盘永久挂载到系统">6.2将磁盘永久挂载到系统</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">需要修改/etc/fstab文件</span></span><br><span class="line">vim /etc/fstab</span><br></pre></td></tr></table></figure><ul><li>方法1:使用路径挂载</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">在/etc/fstab最后加入,其中ext4是文件系统类型,需要和格式化(mkfs)时的保持一致</span></span><br><span class="line">/dev/mapper/test_vg-home_kyin /home/kylin ext4 defaults 1 1</span><br></pre></td></tr></table></figure><ul><li>方法2:使用UUID挂载</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">使用blkid查看磁盘的UUID</span></span><br><span class="line">blkid</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">结果如下(只截取了需要的内容)</span></span><br><span class="line">/dev/mapper/test_vg-home_kylin: UUID="e98054f6-b74b-49fb-9c9d-04fd53c831b0" TYPE="ext4" </span><br><span class="line"></span><br></pre></td></tr></table></figure><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">将/dev/mapper/test_vg-home_kylin的UUID值加入就可以了</span></span><br><span class="line">UUID=e98054f6-b74b-49fb-9c9d-04fd53c831b0 / ext4 defaults 1 1</span><br></pre></td></tr></table></figure><p>验证fstab修改是否正确,如果已经临时挂载了,需要先将挂载的磁盘umount,才能验证</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">mount -a</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 磁盘管理 </category>
</categories>
<tags>
<tag> lvm </tag>
</tags>
</entry>
<entry>
<title>lvm缩减分区给其他分区扩容</title>
<link href="/posts/f1dd7c95.html"/>
<url>/posts/f1dd7c95.html</url>
<content type="html"><![CDATA[<h1>缩减某个分区给其他扩容</h1><ul><li>缩减</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">umount /home/test #取消挂载</span><br><span class="line">e2fsck -f /dev/mapper/VolGroup-LogVol02 #检查需要被缩减的文件系统</span><br><span class="line">resize2fs -p /dev/mapper/VolGroup-LogVol02 200G #缩小到文件系统的200G</span><br><span class="line">lvreduce -L 200G /dev/mapper/VolGroup-LogVol02 #减少到200G</span><br></pre></td></tr></table></figure><ul><li>扩容</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">vgdisplay #查看vg</span><br><span class="line">lvextend -l +100%FREE /dev/mapper/VolGroup-LogVol00 #给需要扩容的分区扩容</span><br><span class="line">e2fsck -f /dev/mapper/VolGroup-LogVol00 #检查需要被缩减的文件系统</span><br><span class="line">resize2fs /dev/mapper/VolGroup-LogVol00 #扩大文件系统的大小</span><br><span class="line">mount -a #挂载文件系统</span><br><span class="line">df -h #检查分区</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 磁盘管理 </category>
</categories>
<tags>
<tag> lvm </tag>
</tags>
</entry>
<entry>
<title>磁盘调度算法更改</title>
<link href="/posts/11e6e6a1.html"/>
<url>/posts/11e6e6a1.html</url>
<content type="html"><![CDATA[<h1>修改磁盘调度算法为deadline</h1><ul><li>修改grub.conf配置文件</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/grub.conf</span><br></pre></td></tr></table></figure><ul><li>在quiet后添加参数</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">elevator=deadline</span><br></pre></td></tr></table></figure><ul><li>重启生效</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">reboot</span><br></pre></td></tr></table></figure><ul><li>校验是否生效</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">dmesg | grep -i scheduler</span><br></pre></td></tr></table></figure><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">cat /sys/block/sda/queue/scheduler</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 磁盘管理 </category>
</categories>
<tags>
<tag> 磁盘管理 </tag>
</tags>
</entry>
<entry>
<title>Linux Kernel编译的基本步骤</title>
<link href="/posts/e0dd0b18.html"/>
<url>/posts/e0dd0b18.html</url>
<content type="html"><![CDATA[<h1>下载源码包</h1><p>主页 <a href="https://www.kernel.org/">https://www.kernel.org/</a><br>各种版本 <a href="https://mirrors.edge.kernel.org/pub/linux/kernel/">https://mirrors.edge.kernel.org/pub/linux/kernel/</a><br>以你发行版的常规通用内核启动系统,然后把所有日常使用中涉及到的程序、游戏、图形界面、视频硬解码全部跑一遍,包括KVM虚拟机、PCI显卡直通,并且插上所有的硬件(包括鼠标、键盘、外接显示器、USB、移动硬盘、摄像头、蓝牙、WiFi等)</p><h1>解压内核源码包</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">tar -xvf linux-4.19.90.tar.xz -C /usr/src/kernels/</span><br><span class="line">cd /usr/src/kernels/linux-4.19.90</span><br></pre></td></tr></table></figure><h1>配置内核</h1><h2 id="手动配置">手动配置</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">默认第一种</span></span><br><span class="line">make menuconfig #终端图形化配置内核</span><br><span class="line">make xconfig #页面图形化配置</span><br><span class="line">make gconfig #gtk图形化配置内核</span><br></pre></td></tr></table></figure><h2 id="自动配置">自动配置</h2><p>让机器自动化配置驱动,跳出的提示中不确定的建议选Y,免得漏掉驱动</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">make localyesconfig</span><br></pre></td></tr></table></figure><h1>优化参数(可以选,需要自己斟酌)</h1><ol><li>cd进入内核源码目录,禁用kernel debug</li></ol><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sed -i '/select DEBUG_KERNEL/d' ./init/Kconfig</span><br></pre></td></tr></table></figure><ol start="2"><li>以Clang启动内核配置界面<br>使用Clang(LLVM)编译器编译</li></ol><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">make LLVM=1 LLVM_IAS=1 menuconfig</span><br></pre></td></tr></table></figure><h1>编译</h1><ul><li>普通编译</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">make -j num</span><br></pre></td></tr></table></figure><ul><li>clang优化</li></ul><figure class="highlight text"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">make LLVM=1 LLVM_IAS=1 -jN </span><br></pre></td></tr></table></figure><h1>安装</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">安装内核模块</span></span><br><span class="line">make modules_install</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">安装内核</span></span><br><span class="line">make install </span><br></pre></td></tr></table></figure><h1>配置引导</h1><figure class="highlight text"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">grub-mkconfig -o /boot/grub/grub.cfg</span><br></pre></td></tr></table></figure><h1>打成RPM和DEB包</h1><ul><li>make的选项</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">make help </span><br></pre></td></tr></table></figure><ul><li>RPM</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">make -j12 rpm-pkg</span><br></pre></td></tr></table></figure><ul><li>DEB</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">make -j12 deb-pkg</span><br></pre></td></tr></table></figure><h1>翻阅教程</h1><p><a href="https://www.iyunw.cn/archives/centos-nei-he-bian-yi-sheng-ji/">https://www.iyunw.cn/archives/centos-nei-he-bian-yi-sheng-ji/</a><br><a href="https://blog.51cto.com/tiankefeng/1393082">https://blog.51cto.com/tiankefeng/1393082</a><br><a href="https://xugaoxiang.com/2020/05/25/how-to-build-linux-kernel/">https://xugaoxiang.com/2020/05/25/how-to-build-linux-kernel/</a><br><a href="https://zhuanlan.zhihu.com/p/603301187">https://zhuanlan.zhihu.com/p/603301187</a></p>]]></content>
<categories>
<category> 编译 </category>
</categories>
<tags>
<tag> 内核 </tag>
</tags>
</entry>
<entry>
<title>c语言相关,编译等知识</title>
<link href="/posts/506189b5.html"/>
<url>/posts/506189b5.html</url>
<content type="html"><![CDATA[<h1>Hello World</h1><ul><li>创建helloworld.c文件</li></ul><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string"><stdio.h></span></span></span><br><span class="line"><span class="type">int</span> <span class="title function_">main</span><span class="params">()</span></span><br><span class="line">{</span><br><span class="line"> <span class="built_in">puts</span>(<span class="string">"Hello World"</span>);</span><br><span class="line"> <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">}</span><br></pre></td></tr></table></figure><ul><li>编译(一步到位)</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">gcc helloworld.c -o helloworld </span><br></pre></td></tr></table></figure><ul><li>执行</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">./helloworld</span><br></pre></td></tr></table></figure><ul><li>使用makefile编译</li></ul><figure class="highlight makefile"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">hello:</span></span><br><span class="line">gcc hello.c -o hello</span><br></pre></td></tr></table></figure><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">make</span><br></pre></td></tr></table></figure><h1>编译的流程</h1><ol><li>【编译】将源文件©变成目标文件(o)</li></ol><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">会生成hello.o文件</span></span><br><span class="line">gcc -c hello.c</span><br></pre></td></tr></table></figure><ol start="2"><li>【链接】将目标文件(o)变成可执行文件(二进制)</li></ol><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">生成可执行文件hello</span></span><br><span class="line">gcc hello.o -o hello</span><br></pre></td></tr></table></figure><h1>头文件</h1><h2 id="作用">作用</h2><p>在include的地方,把里的内容原封不动的复制到引用该头文件的地方,头文件里一般包括宏定义, 全局变量, 函数原型声明。</p><ul><li>引用方式</li></ul><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string"><stdio.h></span></span></span><br><span class="line">或</span><br><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string">"main.h"</span></span></span><br></pre></td></tr></table></figure><h2 id="常见报错">常见报错</h2><p>编译的时候常见xxx.h没有找到,一般都是代码里面引用了该头文件,但系统里面没有安装</p><ul><li>文件在哪里</li></ul><ol><li>存放在xxx-devel包里面</li><li>内核里面kernel-headers里面</li><li>等等。。</li></ol><h1>静态链接和动态链接</h1><h2 id="对比">对比</h2><ol><li>静态链接在链接的时候,就把所依赖的第三方库函数都打包到了一起,导致最终的可执行文件非常大,动态链接在链接的时候并不将那些库文件直接拿过来,而是在运行时,发现用到某些库中的某些函数时,再从这些第三方库中读取自己所需的方法。</li><li>编译后但是还未链接的二进制机器码文件目标文件Object File,例如别人写的第三方库,这些库里面包含了一些函数,直接调用而不用自己写,在编译构建自己的可执行文件时,使用静态链接的方式,其实就是将所需的静态库与目标文件打包到一起。最终的可执行文件除了有自己的程序外,还包含了这些第三方的静态库,可执行文件比较臃肿。</li><li>动态链接不将所有的第三方库都打包到最终的可执行文件上,而是只记录用到了哪些动态链接库,在运行时才将那些第三方库装载(Load)进来。装载是指将磁盘上的程序和数据加载到内存上。</li></ol><h1>动态链接库</h1><h2 id="库文件">库文件</h2><pre><code>不同操作系统的动态链接库文件格式稍有不同Linux称之为共享目标文件(Shared Object),后缀是so,Windows的动态链接库(Dynamic Link Library)文件后缀为`.dll`</code></pre><h2 id="案例">案例</h2><p>将这几个文件编译成一个动态库:<a href="http://libtest.so">libtest.so</a></p><ul><li>so_test.h</li></ul><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="keyword">ifndef</span> _SO_TEST_H_ </span></span><br><span class="line"><span class="meta">#<span class="keyword">define</span> _SO_TEST_H_ </span></span><br><span class="line"><span class="type">void</span> <span class="title function_">test_a</span><span class="params">()</span>; </span><br><span class="line"><span class="type">void</span> <span class="title function_">test_b</span><span class="params">()</span>; </span><br><span class="line"><span class="type">void</span> <span class="title function_">test_c</span><span class="params">()</span>; </span><br><span class="line"><span class="meta">#<span class="keyword">endif</span> <span class="comment">/* _SO_TEST_H_ */</span></span></span><br></pre></td></tr></table></figure><ul><li>test_a.c</li></ul><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string"><stdio.h></span></span></span><br><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string">"so_test.h"</span></span></span><br><span class="line"><span class="type">void</span> <span class="title function_">test_a</span><span class="params">()</span> </span><br><span class="line">{ </span><br><span class="line"><span class="built_in">printf</span>(<span class="string">"this is in test_a \n"</span>);</span><br><span class="line">}</span><br></pre></td></tr></table></figure><ul><li>test_b.c</li></ul><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string"><stdio.h></span></span></span><br><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string">"so_test.h"</span></span></span><br><span class="line"><span class="type">void</span> <span class="title function_">test_b</span><span class="params">()</span> { <span class="built_in">printf</span>(<span class="string">"this is in test_b \n"</span>); }</span><br></pre></td></tr></table></figure><ul><li>编译so</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">-fPIC是位置无关码,-shared是按照共享库的方式来链接</span></span><br><span class="line">gcc test_a.c test_b.c -fPIC -shared -o libtest.so</span><br></pre></td></tr></table></figure><ul><li>生成主程序main.c<br>将main.c与动态库libtest.so链接生成执行文件main</li></ul><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string"><stdio.h></span></span></span><br><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string">"so_test.h"</span> </span></span><br><span class="line"><span class="type">int</span> <span class="title function_">main</span><span class="params">(<span class="type">void</span>)</span> { test_a(); test_c(); test_b(); <span class="keyword">return</span> <span class="number">0</span>; }</span><br></pre></td></tr></table></figure><ul><li>编译主程序</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">-L参数:指明要链接的so库所在路径(如-L. 表示当前路径, -L../so 表示当前路径的上一层目录的so子文件夹中)</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">-l参数:指明要连接的库的名字,如-ltest 表示要链接libtest.so库</span></span><br><span class="line">gcc main.c -L. -ltest -o main</span><br></pre></td></tr></table></figure><ul><li>运行主程序<br>错误原因:<a href="http://xn--mainlibtest-mx9qw7n9vkjpeyqr05rc3m8ugumndrgu8nj30fmgo7yutw8ftw9c.so">在执行main程序的时候发现它动态链接了libtest.so</a>,<a href="http://xn--libaston-i20mf9brxu9mdx2ovjqfzbx5x2l2a400e588d5jp.so">于是会去固定目录尝试加载libaston.so</a>,如果加载失败则会打印以上错误信息。</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">error while loading shared libraries: libaston.so: cannot open shared object file: No such file or directory</span><br></pre></td></tr></table></figure><ul><li>解决找不到so的问题</li></ul><ol><li>解决方法一:<br>将libtest.so放到固定目录下就可以了,这个固定目录一般是/usr/lib目录。(cp <a href="http://libtest.so">libtest.so</a> /usr/lib即可)</li><li>解决方法二:<br>使用环境变量LD_LIBRARY_PATH。将libtest.so所在目录导出到LD_LIBRARY_PATH即可。<br>如:export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/mnt/hgfs/winshare/so_test</li></ol><h2 id="缺点">缺点</h2><pre><code>- 如果将一份目标文件移植到一个新的操作系统上,而新的操作系统缺少相应的共享库,程序将无法运行,必须在操作系统上安装好相应的库才行- 共享库必须按照一定的开发和升级规则升级,不能突然重构所有的接口,且新库文件直接覆盖老库文件,否则程序将无法运行。</code></pre><h2 id="查看可执行文件引用的库文件">查看可执行文件引用的库文件</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ldd a.out</span><br></pre></td></tr></table></figure><h2 id="命名">命名</h2><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">#lib是前缀,这是一个约定俗成的规则。x为主版本号(Major Version),y为次版本号(Minor Version),z为发布版本号(Release Version)。</span><br><span class="line">libname.so.x.y.z</span><br><span class="line"><span class="number">1.</span>Major Version表示重大升级,不同Major Version之间的库是不兼容的。Major Version升级后,或者依赖旧Major Version的程序需要更新代码,重新编译,才可以在新的Major Version上运行;或者操作系统保留旧Major Version,使得老程序依然能运行。 </span><br><span class="line"><span class="number">2.</span>Minor Version表示增量更新,一般是增加了一些新接口,原来的接口不变。所以,在Major Version相同的情况下,Minor Version从高到低是兼容的。</span><br><span class="line"><span class="number">3.</span>Release Version表示库的一些bug修复,性能改进等,不添加任何新的接口,不改变原来的接口。</span><br></pre></td></tr></table></figure><h2 id="查找过程">查找过程</h2><ol><li>Linux的动态链接库绝大多数都在<code>/lib</code>和<code>/usr/lib</code>下,操作系统也会默认去这两个路径下搜索动态链接库。另外,<code>/etc/ld.so.conf</code>文件里可以配置路径,<code>/etc/ld.so.conf</code>文件会告诉操作系统去哪些路径下搜索动态链接库。这些位置的动态链接库很多,如果链接器每次都去这些路径遍历一遍,非常耗时,Linux提供了<code>ldconfig</code>工具,这个工具会对这些路径的动态链接库按照SONAME规则创建软连接,同时也会生成一个缓存Cache到<code>/etc/ld.so.cache</code>文件里,链接器根据缓存可以更快地查找到各个<code>.so</code>文件。每次在<code>/lib</code>和<code>/usr/lib</code>这些路径下安装了新的库,或者更改了<code>/etc/ld.so.conf</code>文件,都需要调用<code>ldconfig</code>命令来做一次更新,重新生成软连接和Cache。但是<code>/etc/ld.so.conf</code>文件和<code>ldconfig</code>命令最好使用root账户操作。非root用户可以在某个路径下安装库文件,并将这个路径添加到<code>/etc/ld.so.conf</code>文件下,再由root用户调用一下<code>ldconfig</code></li><li>对于非root用户,另一种方法是使用<code>LD_LIBRARY_PATH</code>环境变量。<code>LD_LIBRARY_PATH</code>存放着若干路径。链接器会去这些路径下查找库。非root可以将某个库安装在了一个非root权限的路径下,再将其添加到环境变量中</li><li>总结<ol><li><code>LD_LIBRARY_PATH</code>环境变量中的路径</li><li><code>/etc/ld.so.cache</code>缓存文件</li><li><code>/usr/lib</code>和<code>/lib</code></li></ol></li></ol><h2 id="关于软连接">关于软连接</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">例如ldd看到的libc.so.6</span></span><br><span class="line">libc.so.6 => /lib64/libc.so.6</span><br></pre></td></tr></table></figure><p>其实这里的<code>libc.so.6</code>是一个软链接,实际上链接到了/lib64/libc.so.6 -> <a href="http://libc-2.17.so">libc-2.17.so</a><br>因为不同的Major Version之间不兼容,而Minor Version和Release Version都是向下兼容的,软连接会指向Major Version相同,Minor Version和Release Version最高的<code>.so</code>文件上。</p><h1>gcc编译选项</h1><ol><li>使用GCC编译链接时,有两个参数需要注意,一个是<code>-l</code>(小写的L),一个是<code>-L</code>(大写的L)</li><li>Linux有个约定速成的规则,假如库名是name,那么动态链接库文件名就是<code>libname.so</code></li><li>在使用GCC编译链接时,<code>-lname</code>来告诉GCC使用哪个库</li><li>链接时,GCC的链接器<code>ld</code>就会前往<code>LD_LIBRARY_PATH</code>环境变量、<code>/etc/ld.so.cache</code>缓存文件和<code>/usr/lib</code>和<code>/lib</code>目录下去查找<code>libname.so</code></li><li>我们也可以用<code>-L/path/to/library</code>的方式,让链接器<code>ld</code>去<code>/path/to/library</code>路径下去找库文件<br>如果动态链接库文件在<code>/path/to/library</code>,库名叫name,编译链接的方式如下:</li></ol><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">gcc -L/path/to/library -lname myfile.c</span><br></pre></td></tr></table></figure><h1>编译遇到过的报错</h1><ul><li>未定义的引用<br><a href="http://xn--xx-qh5cy36e3w2ay7ppeh.so">编译时遇到xx.so</a>:对‘xxx’未定义的引用,C/C++编译为<code>obj</code>文件的时候并不需要函数的具体实现,只要有函数的原型即可。但是在链接为可执行文件的时候就必须要具体的实现了。如果错误是<code>未声明的引用</code>,那就是找不到函数的原型,通常是相关的头文件未包含,<code>缺少了函数的具体实现,那么就给它这个函数的实现就好了</code></li></ul>]]></content>
<categories>
<category> 编译 </category>
</categories>
<tags>
<tag> 编译等基础知识 </tag>
</tags>
</entry>
<entry>
<title>pam加固</title>
<link href="/posts/6167a74.html"/>
<url>/posts/6167a74.html</url>
<content type="html"><![CDATA[<h1>加固内容</h1><ul><li>系统服务</li><li>文件权限</li><li>内核参数</li><li>授权认证</li><li>账号口令</li></ul><h1>账户口令加固</h1><h2 id="屏蔽帐户">屏蔽帐户</h2><ul><li>说明<br>除了用户帐户外,其他账号称为系统帐户。系统帐户仅系统内部使用,禁止用于登录系统或其他操作</li><li>实现<br>将系统帐户的Shell修改为/sbin/nologin</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">usermod -s /sbin/nologin systemaccountname</span><br></pre></td></tr></table></figure><h2 id="限制使用su命令的帐户">限制使用su命令的帐户</h2><ul><li>说明<br>su命令用于在不同帐户之间切换。为了增强系统安全性,有必要对su命令的使用权进行控制,只允许root和wheel群组的帐户使用su命令,限制其他帐户使用。</li><li>实现<br>su命令的使用控制通过修改/etc/pam.d/su文件实现</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">auth required pam_wheel.so use_uid</span><br></pre></td></tr></table></figure><blockquote><p>use_uid是基于当前帐户的uid</p></blockquote><h2 id="设置口令复杂度">设置口令复杂度</h2><ul><li>说明<br>密码复杂度</li><li>实现<br>/etc/pam.d/password-auth和/etc/pam.d/system-auth文件中的pam_pwquality.so和pam_pwhistory.so模块实现</li><li>设置举例</li></ul><ol><li>口令长度至少8个字符。</li><li>口令必须包含如下至少3种字符的组合:<ul><li>至少一个小写字母</li><li>至少一个大写字母</li><li>至少一个数字</li><li>至少一个特殊字符:`~!@#$%^&*()-_=+|[{}];:'",<.>/?和空格</li></ul></li><li>口令不能和帐号或者帐号的倒写一样。</li><li>不能修改为过去5次使用过的旧口令</li></ol><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">password requisite pam_pwquality.so minlen=8 minclass=3 enforce_for_root try_first_pass local_users_only retry=3 dcredit=0 ucredit=0 lcredit=0 ocredit=0 </span><br><span class="line">password required pam_pwhistory.so use_authtok remember=5 enforce_for_root</span><br><span class="line"></span><br></pre></td></tr></table></figure><ul><li>配置项说明<br>pam_pwquality.so说明</li></ul><ol><li>minlen=8 口令长度至少包含8个字符</li><li>minclass=3 口令至少包含大写字母、小写字母、数字和特殊字符中的任意3种</li><li>ucredit=0 口令包含任意个大写字母</li><li>lcredit=0 口令包含任意个小写字母</li><li>dcredit=0 口令包含任意个数字</li><li>ocredit=0 口令包含任意个特殊字符</li><li>retry=3 每次修改最多可以尝试3次</li><li>enforce_for_root 本设置对root帐户同样有效<br>pam_pwhistory.so说明</li><li>remember=5 口令不能修改为过去5次使用过的旧口令</li><li>enforce_for_root 本设置对root帐户同样有效</li></ol><h2 id="设置口令有效期">设置口令有效期</h2><ul><li>说明<br>出于系统安全性考虑,建议设置口令有效期限,且口令到期前通知用户更改口令,login.defs是设置用户帐号限制的文件,可配置口令的最大过期天数、最大长度约束等。该文件里的配置对root用户无效,如果/etc/shadow文件里有相同的选项,则以/etc/shadow配置为准,即/etc/shadow的配置优先级高于/etc/login.defs。口令过期后用户重新登录时,提示口令过期并强制要求修改,不修改则无法进入系统</li><li>实现</li></ul><p>口令有效期的设置通过修改/etc/login.defs文件实现</p><table><thead><tr><th><strong>加固项</strong></th><th><strong>加固项说明</strong></th><th>建议加固</th></tr></thead><tbody><tr><td>PASS_MAX_DAYS</td><td>口令最大有效期</td><td>90</td></tr><tr><td>PASS_MIN_DAYS</td><td>两次修改口令的最小间隔时间</td><td>0</td></tr><tr><td>PASS_WARN_AGE</td><td>口令过期前开始提示天数</td><td>7</td></tr></tbody></table><h2 id="设置口令的加密算法">设置口令的加密算法</h2><ul><li>说明</li></ul><p>出于系统安全考虑,口令不允许明文存储在系统中,应该加密保护。在不需要还原口令的场景,必须使用不可逆算法加密。设置口令的加密算法为sha512,通过上述设置可以有效防范口令泄露,保证口令安全。</p><ul><li>实现</li></ul><p>口令的加密算法设置通过修改/etc/pam.d/password-auth和/etc/pam.d/system-auth文件实现,添加如下配置:</p><figure class="highlight mipsasm"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">password sufficient pam_unix.so <span class="keyword">sha512 </span><span class="keyword">shadow </span>nullok try_first_pass use_authtok</span><br></pre></td></tr></table></figure><h2 id="登录失败超过三次后锁定">登录失败超过三次后锁定</h2><ul><li>说明</li></ul><p>为了保障用户系统的安全,建议用户设置口令出错次数的阈值(建议3次),以及由于口令尝试被锁定用户的自动解锁时间(建议300秒)。</p><p>用户锁定期间,任何输入被判定为无效,锁定时间不因用户的再次输入而重新计时;解锁后,用户的错误输入记录被清空。通过上述设置可以有效防范口令被暴力破解,增强系统的安全性。</p><ul><li>实现</li></ul><p>口令复杂度的设置通过修改/etc/pam.d/password-auth和/etc/pam.d/system-auth文件实现,设置口令最大的出错次数3次,系统锁定后的解锁时间为300秒的配置如下:</p><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">auth required pam_faillock.so preauth audit <span class="attribute">deny</span>=3 even_deny_root <span class="attribute">unlock_time</span>=300</span><br><span class="line">auth [<span class="attribute">default</span>=die] pam_faillock.so authfail audit <span class="attribute">deny</span>=3 even_deny_root <span class="attribute">unlock_time</span>=300</span><br><span class="line">auth sufficient pam_faillock.so authsucc audit <span class="attribute">deny</span>=3 even_deny_root <span class="attribute">unlock_time</span>=300</span><br></pre></td></tr></table></figure><p>pam_faillock.so说明</p><table><thead><tr><th>authfail</th><th>捕获用户登录失败的事件。</th></tr></thead><tbody><tr><td>deny=3</td><td>用户连续登录失败次数超过3次即被锁定。</td></tr><tr><td>unlock_time=300</td><td>普通用户自动解锁时间为300秒(即5分钟)。</td></tr><tr><td>even_deny_root</td><td>同样限制root帐户。</td></tr></tbody></table><h2 id="加固su命令">加固su命令</h2><ul><li>说明</li></ul><p>为了增强系统安全性,防止使用“su”切换用户时将当前用户环境变量带入其他环境</p><ul><li>实现</li></ul><p>通过修改/etc/login.defs实现,配置如下:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ALWAYS_SET_PATH=yes</span><br></pre></td></tr></table></figure><h1>授权认证</h1><h2 id="设置网络远程登录的警告信息">设置网络远程登录的警告信息</h2><ul><li>说明</li></ul><p>设置网络远程登录的警告信息,用于在登录进入系统之前向用户提示警告信息,明示非法侵入系统可能受到的惩罚,吓阻潜在的攻击者。同时也可以隐藏系统架构及其他系统信息,避免招致对系统的目标性攻击。</p><ul><li>实现</li></ul><p>该设置可以通过修改/etc/issue.net文件的内容实现。将/etc/issue.net文件原有内容替换为如下信息</p><figure class="highlight inform7"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">fbi <span class="keyword">open</span> the <span class="keyword">door</span></span><br></pre></td></tr></table></figure><h2 id="禁止通过-Ctrl-Alt-Del-重启系统">禁止通过"Ctrl+Alt+Del"重启系统</h2><ul><li>说明</li></ul><p>操作系统默认能够通过“Ctrl+Alt+Del”进行重启,建议禁止该项特性,防止因为误操作而导致数据丢失。</p><ul><li>实现</li></ul><ol><li><p>删除两个ctrl-alt-del.target文件,参考命令如下:</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">rm -f /etc/systemd/system/ctrl-alt-del.target</span><br><span class="line">rm -f /usr/lib/systemd/system/ctrl-alt-del.target</span><br></pre></td></tr></table></figure></li><li><p>修改/etc/systemd/system.conf文件,将#CtrlAltDelBurstAction=reboot-force修改为CtrlAltDelBurstAction=none</p></li><li><p>重启systemd,使修改生效,参考命令如下</p></li></ol><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl daemon-reexec</span><br></pre></td></tr></table></figure><h2 id="设置终端的自动退出时间">设置终端的自动退出时间</h2><ul><li>说明</li></ul><p>无人看管的终端容易被侦听或被攻击,可能会危及系统安全。因此建议设置终端在停止运行一段时间后能够自动退出。</p><ul><li>实现</li></ul><p>自动退出时间由/etc/profile文件的TMOUT字段(单位为秒)控制,在/etc/profile的尾部添加如下配置:</p><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">export</span> <span class="attribute">TMOUT</span>=300</span><br></pre></td></tr></table></figure><h2 id="设置用户的默认umask值为077">设置用户的默认umask值为077</h2><ul><li>说明</li></ul><p>umask值用于为用户新创建的文件和目录设置缺省权限。如果umask的值设置过小,会使群组用户或其他用户的权限过大,给系统带来安全威胁。因此设置所有用户默认的umask值为0077,即用户创建的目录默认权限为700,文件的默认权限为600。umask值代表的是权限的“补码”,umask值和权限的换算方法请参见<a href="https://docs.openeuler.org/zh/docs/22.03_LTS/docs/SecHarden/%E9%99%84%E5%BD%95.html">umask值含义</a>。</p><ul><li>实现</li></ul><ol><li><p>分别在/etc/bashrc文件和/etc/profile.d/目录下的所有文件中加入“umask 0077”</p></li><li><p>设置/etc/bashrc文件和/etc/profile.d/目录下所有文件的属主为root,群组为root</p></li></ol><h2 id="设置GRUB2加密口令">设置GRUB2加密口令</h2><ul><li>说明</li></ul><p>GRUB是GRand Unified Bootloader的缩写,它是一个操作系统启动管理器,用来引导不同系统(如Windows、Linux),GRUB2是GRUB的升级版。</p><p>系统启动时,可以通过GRUB2界面修改系统的启动参数。为了确保系统的启动参数不被任意修改,需要对GRUB2界面进行加密,仅在输入正确的GRUB2口令时才能修改启动参数。</p><ul><li>实现</li></ul><ol><li>使用grub2-mkpasswd-pbkdf2命令生成加密的口令</li></ol><p>口令一样但每次sha512的结果都是不一样的</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">输入口令:</span><br><span class="line">Reenter password: </span><br><span class="line">PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.645FBE11264234D074717D8761ECF8A722086CFF45AAE026A50DBF0E0C7EA2A23BD791D0249123CDC9DD105BC2C63938D867F367C0D8E83744D8ADCED1A04766.CE644C471EB3FBEA46F85F6596490F2FF769129D53462A9035B9D399FD6ED83604BFBD775D890A08C3A00CA532A507172A44D1437B97F9711911B49E44760A43</span><br></pre></td></tr></table></figure><ol start="2"><li>使用vi工具打开grub.cfg的开始位置追加如下字段</li></ol><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">set superusers="root"</span><br><span class="line">password_pbkdf2 root grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08</span><br></pre></td></tr></table></figure><blockquote><ul><li>不同模式下grub.cfg文件所在路径不同:x86架构的UEFI模式下路径为/boot/efi/EFI/版本/grub.cfg,legacy BIOS模式下路径为/boot/grub2/grub.cfg;aarch64架构下路径为/boot/efi/EFI/版本/grub.cfg。</li><li>superusers字段用于设置GRUB2的超级管理员的帐户名。</li><li>password_pbkdf2字段后的参数,第1个参数为GRUB2的帐户名,第2个为该帐户的加密口令</li></ul></blockquote><h2 id="安全单用户模式">安全单用户模式</h2><ul><li>说明</li></ul><p>单用户模式是以root权限进入系统,如不设置密码,将存在较大安全隐患。</p><ul><li>实现</li></ul><p>该设置可以通过修改/etc/sysconfig/init文件内容实现。将SINGLE选项配置为SINGLE=/sbin/sulogin。</p><h2 id="禁止交互式启动">禁止交互式启动</h2><ul><li>说明</li></ul><p>使用交互式引导,控制台用户可以禁用审计、防火墙或其他服务,削弱了系统安全性。用户可以禁止使用交互式引导,提升安全性。</p><ul><li>说明</li></ul><p>该设置可以通过修改/etc/sysconfig/init文件内容实现。将PROMPT选项配置为PROMPT=no。</p><h1>系统服务</h1><h2 id="加固ssh">加固ssh</h2><ul><li>说明</li></ul><p>SSH(Secure Shell)是目前较可靠,专为远程登录会话和其他网络服务提供安全性保障的协议</p><ul><li>实现</li></ul><p>加固操作如下:</p><ol><li>服务端配置文件/etc/ssh/sshd_config,在该文件中修改或添加对应加固项及其加固值并且重启服务</li><li>客户端配置文件/etc/ssh/ssh_config,在该文件中修改或添加对应加固项及其加固值并且重启服务</li></ol><h3 id="服务端加固项说明">服务端加固项说明</h3><table><thead><tr><th><strong>加固项</strong></th><th><strong>加固项说明</strong></th><th><strong>加固建议</strong></th></tr></thead><tbody><tr><td>Protocol</td><td>设置使用SSH协议的版本</td><td>2</td></tr><tr><td>SyslogFacility</td><td>设置SSH服务的日志类型。加固策略将其设置为“AUTH”,即认证类日志</td><td>AUTH</td></tr><tr><td>LogLevel</td><td>设置记录sshd日志消息的层次</td><td>VERBOSE</td></tr><tr><td>X11Forwarding</td><td>设置使用SSH登录后,能否使用图形化界面</td><td>no</td></tr><tr><td>MaxAuthTries</td><td>最大认证尝试次数</td><td>3</td></tr><tr><td>PubkeyAuthentication</td><td>设置是否允许公钥认证</td><td>yes</td></tr><tr><td>RSAAuthentication</td><td>设置是否允许只有RSA安全验证</td><td>yes</td></tr><tr><td>IgnoreRhosts</td><td>设置是否使用rhosts文件和shosts文件进行验证。rhosts文件和shosts文件用于记录可以访问远程计算机的计算机名及关联的登录名</td><td>yes</td></tr><tr><td>RhostsRSAAuthentication</td><td>设置是否使用基于rhosts的RSA算法安全验证。rhosts文件记录可以访问远程计算机的计算机名及关联的登录名</td><td>no</td></tr><tr><td>HostbasedAuthentication</td><td>设置是否使用基于主机的验证。基于主机的验证是指已信任客户机上的任何用户都可以使用SSH连接</td><td>no</td></tr><tr><td>PermitRootLogin</td><td>是否允许root帐户直接使用SSH登录系统</td><td>no</td></tr><tr><td>PermitEmptyPasswords</td><td>设置是否允许用口令为空的账号登录</td><td>no</td></tr><tr><td>PermitUserEnvironment</td><td>设置是否解析 ~/.ssh/environment和~/.ssh/authorized_keys中设定的环境变量</td><td>no</td></tr><tr><td>Ciphers</td><td>设置SSH数据传输的加密算法</td><td><a href="mailto:aes128-ctr,aes192-ctr,aes256-ctr,[email protected]">aes128-ctr,aes192-ctr,aes256-ctr,[email protected]</a><a href="mailto:,[email protected]">,[email protected]</a><a href="mailto:,[email protected]">,[email protected]</a></td></tr><tr><td>ClientAliveCountMax</td><td>设置超时次数。服务器发出请求后,客户端没有响应的次数达到一定值,连接自动断开</td><td>0</td></tr><tr><td>Banner</td><td>指定登录SSH前后显示的提示信息的文件</td><td>/etc/issue.net</td></tr><tr><td>MACs</td><td>设置SSH数据校验的哈希算法</td><td><a href="mailto:hmac-sha2-512,[email protected]">hmac-sha2-512,[email protected]</a><a href="mailto:,hmac-sha2-256,[email protected]">,hmac-sha2-256,[email protected]</a></td></tr><tr><td>StrictModes</td><td>设置SSH在接收登录请求之前是否检查用户HOME目录和rhosts文件的权限和所有权</td><td>yes</td></tr><tr><td>UsePAM</td><td>使用PAM登录认证</td><td>yes</td></tr><tr><td>AllowTcpForwarding</td><td>设置是否允许TCP转发</td><td>no</td></tr><tr><td>Subsystem sftp /usr/libexec/openssh/sftp-server</td><td>sftp日志记录级别,记录INFO级别以及认证日志。</td><td>-l INFO -f AUTH</td></tr><tr><td>AllowAgentForwarding</td><td>设置是否允许SSH Agent转发</td><td>no</td></tr><tr><td>GatewayPorts</td><td>设置是否允许连接到转发客户端端口</td><td>no</td></tr><tr><td>PermitTunnel</td><td>Tunnel设备是否允许使用</td><td>no</td></tr><tr><td>KexAlgorithms</td><td>设置SSH密钥交换算法</td><td><a href="mailto:curve25519-sha256,[email protected]">curve25519-sha256,[email protected]</a>,diffie-hellman-group-exchange-sha256</td></tr><tr><td>LoginGraceTime</td><td>限制用户必须在指定的时限内认证成功,0 表示无限制。默认值是 60 秒。</td><td>60</td></tr></tbody></table><h3 id="客户单加固项说明">客户单加固项说明</h3><table><thead><tr><th><strong>加固项</strong></th><th><strong>加固项说明</strong></th><th><strong>加固建议</strong></th></tr></thead><tbody><tr><td>KexAlgorithms</td><td>设置SSH密钥交换算法</td><td>ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256</td></tr><tr><td>VerifyHostKeyDNS</td><td>是否使用DNS或者SSHFP资源记录验证HostKey</td><td>ask</td></tr></tbody></table><h3 id="其他加固">其他加固</h3><ul><li>SSH服务仅侦听指定IP地址</li></ul><p>出于安全考虑,建议用户在使用SSH服务时,仅在必需的IP上进行绑定侦听,而不是侦听0.0.0.0,可修改/etc/ssh/sshd_config文件中的ListenAddress配置项</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ListenAddress 192.168.1.100</span><br></pre></td></tr></table></figure><ul><li>限制SFTP用户向上跨目录访问(有问题)</li></ul><p>SFTP是FTP over SSH的安全FTP协议,对于访问SFTP的用户建议使用专用账号,只能上传或下载文件,不能用于SSH登录,同时对SFTP可以访问的目录进行限定,防止目录遍历攻击,所以创建特殊账户sftpgroup为示例用户组,sftpuser为示例用户名。</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">创建SFTP用户组</span></span><br><span class="line">groupadd sftpgroup</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">创建SFTP根目录</span></span><br><span class="line">mkdir /sftp</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">修改SFTP根目录属主和权限</span></span><br><span class="line">chown root:root /sftp</span><br><span class="line">chmod 755 /sftp</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">创建SFTP用户</span></span><br><span class="line">useradd -g sftpgroup -s /sbin/nologin sftpuser</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">设置SFTP用户的口令</span></span><br><span class="line">passwd sftpuser</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">创建SFTP用户上传目录</span></span><br><span class="line">mkdir /sftp/sftpuser</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">修改SFTP用户上传目录属主和权限</span></span><br><span class="line">chown root:root /sftp/sftpuser</span><br><span class="line">chmod 777 /sftp/sftpuser</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">创建SFTP用户上传目录</span></span><br><span class="line">mkdir /sftp/sftpuser/sftpupload</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">修改SFTP用户上传目录的属主</span></span><br><span class="line">chown sftpuser:sftpgroup /sftp/sftpuser/sftpupload</span><br></pre></td></tr></table></figure><p>修改/sshd_config</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f AUTH</span></span><br><span class="line">Subsystem sftp internal-sftp -l INFO -f AUTH</span><br><span class="line"></span><br><span class="line"> Match Group sftpgroup </span><br><span class="line"> ChrootDirectory /sftp/%u </span><br><span class="line"> ForceCommand internal-sftp</span><br></pre></td></tr></table></figure><h1>文件权限</h1><h2 id="删除无主文件">删除无主文件</h2><ul><li>说明</li></ul><p>系统管理员在删除用户/群组时,存在着忘记删除该用户/该群组所拥有文件的问题。如果后续新创建的用户/群组与被删除的用户/群组同名,则新用户/新群组会拥有部分不属于其权限的文件,建议将此类文件删除。</p><ul><li>实现</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">删除用户ID不存在的文件</span></span><br><span class="line">find / -nouser</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">删除群组ID不存在的文件</span></span><br><span class="line">find / -nogroup</span><br></pre></td></tr></table></figure><h2 id="处理空链接文件">处理空链接文件</h2><ul><li>说明</li></ul><p>无指向的空链接文件,可能会被恶意用户利用,影响系统安全性。建议用户删除无效的空链接文件,提高系统安全性.需要用户根据实际情况处理空链接</p><ul><li>实现</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">find dirname -type l -follow 2>/dev/null</span><br></pre></td></tr></table></figure><h2 id="设置守护进程的umask值">设置守护进程的umask值</h2><ul><li>说明</li></ul><p>umask值用来为新创建的文件和目录设置缺省权限。如果没有设定umask值,则生成的文件具有全局可写权限,存在一定的风险。守护进程负责系统上某个服务,让系统可以接受来自用户或者是网络客户的要求。为了提高守护进程所创建文件和目录的安全性,建议设置其umask值为0027。umask值代表的是权限的“补码”,umask值和权限的换算方法请参见 “附录 > umask值含义”</p><ul><li>实现</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">在配置文件/etc/sysconfig/init中新增一行:umask 0027。</span><br></pre></td></tr></table></figure><h2 id="为全局可写目录添加粘滞位属性">为全局可写目录添加粘滞位属性</h2><ul><li>说明</li></ul><p>任意用户可以删除、修改全局可写目录中的文件和目录,为了确保全局可写目录中的文件和目录不会被任意删除,需要为全局可写目录添加粘滞位属性。</p><ul><li>实现</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">搜索全局可写目录。</span></span><br><span class="line">find / -type d -perm -0002 ! -perm -1000 -ls | grep -v proc</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">为全局可写目录添加粘滞位属性。<span class="built_in">dirname</span> 为实际查找到的目录名。</span></span><br><span class="line">chmod +t dirname</span><br></pre></td></tr></table></figure><h2 id="删除非授权文件的全局可写属性">删除非授权文件的全局可写属性</h2><ul><li>说明</li></ul><p>全局可写文件可被系统中的任意用户修改,影响系统完整性。</p><ul><li>实现</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">列举系统中所有的全局可写文件。</span></span><br><span class="line">find / -type d ( -perm -o+w ) | grep -v proc</span><br><span class="line">find / -type f ( -perm -o+w ) | grep -v proc</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">查看步骤1列举的所有文件(粘滞位位的文件和目录可以排除在外),删除文件或去掉其全局可写权限。使用以下命令去掉权限,其中filename为对应文件名</span></span><br><span class="line">chmod o-w filename</span><br></pre></td></tr></table></figure><h2 id="限制at命令的使用权限">限制at命令的使用权限</h2><ul><li>说明</li></ul><p>at命令用于创建在指定时间自动执行的任务。为避免任意用户通过at命令安排工作,造成系统易受攻击,需要指定可使用该命令的用户。</p><ul><li>实现</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">删除/etc/at.deny文件</span></span><br><span class="line">rm -f /etc/at.deny</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">创建/etc/at.allow文件</span></span><br><span class="line">touch /etc/at.allow</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">将/etc/at.allow的文件属主改为root:root</span></span><br><span class="line">chown root:root /etc/at.allow</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">控制/etc/at.allow的文件权限,仅root可操作</span></span><br><span class="line">chmod og-rwx /etc/at.allow</span><br></pre></td></tr></table></figure><h2 id="限制cron命令的使用权限">限制cron命令的使用权限</h2><ul><li>说明</li></ul><p>cron命令用于创建例行性任务。为避免任意用户通过cron命令安排工作,造成系统易受攻击,需要指定可使用该命令的用户</p><ul><li>实现</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">删除/etc/cron.deny文件。</span></span><br><span class="line">rm -f /etc/cron.deny</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">创建/etc/cron.allow文件</span></span><br><span class="line">touch /etc/cron.allow</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">将/etc/cron.allow的文件属主改为root:root。</span></span><br><span class="line">chown root:root /etc/cron.allow</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">控制/etc/cron.allow的文件权限,仅root可操作</span></span><br><span class="line">chmod og-rwx /etc/cron.allow</span><br></pre></td></tr></table></figure><h2 id="限制sudo命令的使用权限">限制sudo命令的使用权限</h2><ul><li>说明</li></ul><p>sudo命令用于普通用户以root权限执行命令。为了增强系统安全性,有必要对sudo命令的使用权进行控制,只允许root使用sudo命令,限制其他帐户使用</p><ul><li>实现</li></ul><p>sudo命令的使用控制通过修改/etc/sudoers文件实现,需要注释掉如下配置行:</p><figure class="highlight ada"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">#%wheel <span class="keyword">ALL</span>=(<span class="keyword">ALL</span>) <span class="keyword">ALL</span></span><br></pre></td></tr></table></figure><h1>内核参数</h1><h2 id="加固内核参数">加固内核参数</h2><ul><li>说明</li></ul><p>内核参数决定配置和应用特权的状态。内核提供用户可配置的系统控制,这一系统控制可微调或配置,该功能特性可通过控制各种可配置的内核参数,来提高操作系统的安全特性。比如:通过微调或配置网络选项,可有效提高系统的安全性。</p><ul><li>实现</li></ul><p>加固项写入/etc/sysctl.conf文件中</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">net.ipv4.icmp_echo_ignore_broadcasts = 1 </span><br><span class="line">net.ipv4.conf.all.rp_filter = 1 </span><br><span class="line">net.ipv4.conf.default.rp_filter = 1 </span><br></pre></td></tr></table></figure><ul><li>加固参数如下</li></ul><table><thead><tr><th style="text-align:left"><strong>加固项</strong></th><th style="text-align:left"><strong>加固项说明</strong></th><th style="text-align:left"><strong>加固建议</strong></th></tr></thead><tbody><tr><td style="text-align:left">net.ipv4.icmp_echo_ignore_broadcasts</td><td style="text-align:left">是否接受ICMP广播报文。加固策略为不接受。</td><td style="text-align:left">1</td></tr><tr><td style="text-align:left">net.ipv4.conf.all.rp_filter</td><td style="text-align:left">验证数据包使用的实际源地址是否与路由表相关,以及使用该特定源IP地址的数据包是否通过接口获取其响应。加固策略为启用该项。</td><td style="text-align:left">1</td></tr><tr><td style="text-align:left">net.ipv4.conf.default.rp_filter</td><td style="text-align:left">1</td><td style="text-align:left">是</td></tr><tr><td style="text-align:left">net.ipv4.ip_forward</td><td style="text-align:left">IP Forwarding可阻止未授权的IP数据包渗透至网络。加固策略为禁用该特性。</td><td style="text-align:left">0</td></tr><tr><td style="text-align:left">net.ipv4.conf.all.accept_source_route</td><td style="text-align:left">accept_source_route指允许数据包的发送者指定数据包的发送路径,以及返回给发送者的数据包所走的路径。加固策略为禁用该特性。</td><td style="text-align:left">0</td></tr><tr><td style="text-align:left">net.ipv4.conf.default.accept_source_route</td><td style="text-align:left">0</td><td style="text-align:left">是</td></tr><tr><td style="text-align:left">net.ipv4.conf.all.accept_redirects</td><td style="text-align:left">是否发送ICMP重定向报文。加固策略为禁止发送。</td><td style="text-align:left">0</td></tr><tr><td style="text-align:left">net.ipv4.conf.default.accept_redirects</td><td style="text-align:left">0</td><td style="text-align:left">是</td></tr><tr><td style="text-align:left">net.ipv6.conf.all.accept_redirects</td><td style="text-align:left">0</td><td style="text-align:left">是</td></tr><tr><td style="text-align:left">net.ipv6.conf.default.accept_redirects</td><td style="text-align:left">0</td><td style="text-align:left">是</td></tr><tr><td style="text-align:left">net.ipv4.conf.all.send_redirects</td><td style="text-align:left">是否将ICMP重定向报文发送至其他主机。只有当主机作为路由时,应启用该策略。加固策略为禁用该项。</td><td style="text-align:left">0</td></tr><tr><td style="text-align:left">net.ipv4.conf.default.send_redirects</td><td style="text-align:left">0</td><td style="text-align:left">是</td></tr><tr><td style="text-align:left">net.ipv4.icmp_ignore_bogus_error_responses</td><td style="text-align:left">忽略伪造的ICMP数据包,不会将其记录到日志,将节省大量的硬盘空间。加固策略为启用该项。</td><td style="text-align:left">1</td></tr><tr><td style="text-align:left">net.ipv4.tcp_syncookies</td><td style="text-align:left">SYN Attack是一种通过占用系统资源迫使系统重启的DoS攻击。加固策略为开启TCP-SYN cookie保护。</td><td style="text-align:left">1</td></tr><tr><td style="text-align:left">kernel.dmesg_restrict</td><td style="text-align:left">加固dmesg信息,仅允许管理员查看。</td><td style="text-align:left">1</td></tr><tr><td style="text-align:left">kernel.sched_autogroup_enabled</td><td style="text-align:left">该选项决定内核是否对线程进行自动分组调度。开启后调度组之间互相竞争时间片,调度组内的线程再竞争调度组分配到的时间片。加固策略为不启用该项。</td><td style="text-align:left">0</td></tr><tr><td style="text-align:left">kernel.sysrq</td><td style="text-align:left">禁用魔术键。说明:建议禁用魔术键,避免由于直接发送命令到内核对系统造成影响,增强内核安全性。</td><td style="text-align:left">0</td></tr><tr><td style="text-align:left">net.ipv4.conf.all.secure_redirects</td><td style="text-align:left">设置系统是接收来自任何主机的ICMP重定向消息还是从默认网关列表中的网关处接收ICMP重定向消息。加固策略为采用前者。</td><td style="text-align:left">0</td></tr><tr><td style="text-align:left">net.ipv4.conf.default.secure_redirects</td><td style="text-align:left">0</td><td style="text-align:left">是</td></tr></tbody></table><h2 id="其他加固建议">其他加固建议</h2><ul><li><p>net.ipv4.icmp_echo_ignore_all:忽略ICMP请求。</p><p>出于安全考虑,建议开启此项(当前默认值为0,开启将值设为1)。</p><p>但开启后会忽略所有接收到的icmp echo请求的包(会导致机器无法ping通),建议用户根据实际组网场景决定是否开启此项。</p></li><li><p>net.ipv4.conf.all.log_martians/net.ipv4.conf.default.log_martians:对于仿冒/源路由/重定向数据包开启日志记录。</p><p>出于安全考虑,建议开启此项(当前默认值为0,开启将值设为1)。</p><p>但是开启后会记录带有不允许的地址的数据到内核日志中,存在冲日志风险,建议用户根据实际使用场景决定是否开启此项。</p></li><li><p>net.ipv4.tcp_timestamps:关闭tcp_timestamps。</p><p>出于安全考虑,建议关闭tcp_timestamps(当前默认值为1,关闭将值设为0)。</p><p>但是关闭此项会影响TCP超时重发的性能,建议用户根据实际使用场景决定是否关闭此项。</p></li><li><p>net.ipv4.tcp_max_syn_backlog:决定了SYN_RECV状态队列的数量。</p><p>该参数决定了SYN_RECV状态队列的数量,超过这个数量,系统将不再接受新的TCP连接请求,一定程度上可以防止系统资源耗尽。建议由用户根据实际使用场景配置合适的值。</p></li></ul><h1>selinux配置</h1>]]></content>
<categories>
<category> 安全加固 </category>
</categories>
<tags>
<tag> pam </tag>
</tags>
</entry>
<entry>
<title>Linux显示框架</title>
<link href="/posts/412cf25e.html"/>
<url>/posts/412cf25e.html</url>
<content type="html"><![CDATA[<h1>什么是窗口系统</h1><h2 id="窗口系统设计思路">窗口系统设计思路</h2><ol><li>采用cs架构,s是display server管理所有输入设备和输出的显示设备(<a href="http://xn--X-ch1b.org">如X.org</a> server),c是client负责运算</li><li>应用程序作为dispaly server的一个client,在自己的窗口中运行,并绘制自己的GUI</li><li>client的绘图请求,都会提交给display server,display server响应且处理这些请求并以一定的规则混合叠加,在有限的输出资源上显示多个应用程序的GUI</li><li>display server protocol可以是基于网络的,甚至是网络透明(network transparent),例如X11,wayland,quartz</li></ol><h2 id="窗口系统组成">窗口系统组成</h2><p>窗口系统只提供实现GUI环境的基本框架,仅仅实现了点线面,其他的UI等基本元素则是第三方提供。这些应用程序主要包括窗口管理器(window manager)、GUI工具集(GUI widget toolkit)、桌面环境</p><ul><li>窗口管理器<br>负责控制应用程序窗口(application windows)的布局和外观,并将最终显示图形传递给X或者kernel</li><li>GUI工具集<br>在窗口之上的进一步封装,比如X,他通过xlib提供给应用程序的API,只能绘画出点线面,要组成复杂的应用程序,还有很多任务,在一些特定的操作系统,会在X的基础上,封装出一些便利的GUI接口,方便应用程序使用,比如GTK+和QT(xcb)</li><li>桌面环境<br>是应用程序级的封装,提供一系列界面一致操作一致的应用程序,比如GNOME,MATE,KDE,DDE,KIRAN,UKUI</li><li>构成图<br><img src="images/%E7%AA%97%E5%8F%A3%E7%B3%BB%E7%BB%9F%E6%9E%B6%E6%9E%84%E5%9B%BE.png" alt=""></li><li>X和wayland的架构区别</li></ul><ol><li>x server流程<br><img src="images/x%E7%9A%84%E6%B5%81%E7%A8%8B.png" alt=""></li><li>wayland流程<br><img src="images/wayland%E6%B5%81%E7%A8%8B.png" alt=""></li></ol><h1>evdev</h1><h1>术语</h1><ul><li>Display<br>多屏工作站,有单个xserver驱动的一个或多个显示器组成,包含屏幕的x信息</li><li>crtc<br>screenCRCT处于DRM结构中的核心位置,将图显处理器中的时序控制部分抽象成CRCT,配置resolution,depth,polarity,porch,refresh rate等</li><li>monitor(output)<br>显示器</li><li>screen<br>显示框最小单位,一块物理屏幕分为若干screen或多个显示器为一个screen</li><li>marco<br>Marco是一个最小的X窗口管理器,使用GTK+绘制窗口框架。它面向非技术用户,旨在很好地集成MATE桌面。马可是一个普通的窗口经理,适合你的成年人;许多窗口管理器就像棉花糖-弗罗特循环,马可就像<br>干杯。它缺少一些传统UNIX或其他技术用户可能期望的功能;这些用户可能希望调查其他有用信息可与MATE一起使用或作为独立窗口管理器使用的窗口管理器。Marco支持一些高级但常见的功能,如窗口着色/向上滚动、窗口/边缘捕捉、垂直和水平最大化、,始终在顶部,倾斜/鼠标聚焦和提升,以及更多。。。嗯,不是很多,但更多。</li></ul>]]></content>
<categories>
<category> 知识点 </category>
</categories>
<tags>
<tag> linux图形显示 </tag>
</tags>
</entry>
<entry>
<title>平均负载</title>
<link href="/posts/da482b46.html"/>
<url>/posts/da482b46.html</url>
<content type="html"><![CDATA[<h1>什么是平均负载</h1><p>平均负载(也称为平均系统负载)是一个重要的指标,指示 Linux 服务器上的队列中是否有多个任务。平均负载可以是高或低,具体取决于服务器拥有的内核数、集成到系统服务器的 CPU 数以及负载平均数本身。</p><h1>平均负载的作用</h1><p>刚开始系统管理的人经常将平均负载与 CPU 百分比混淆。但是,虽然 CPU 百分比是特定时间系统性能的主动度量,但负载平均值显示了系统性能在不同时间范围内如何演变。平均负载为我们提供了系统未来可能表现的图片。</p><h1>如何查看负载</h1><p>我们可以使用各种工具来监视平均负载,比如uptime,例如正常运行时间或顶部命令行。顾名思义,正常运行时间为我们提供了系统运行的时间长度,以及更多信息,例如过去 1、5 和 15 分钟的用户数量或负载平均值。</p><ul><li>uptime</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">09:48:45 up 186 days, 13:59, 2 users, load average: 0.01, 0.02, 0.05</span><br></pre></td></tr></table></figure><p>在这里我们可以看到服务器已经启动并运行了186天;有一个人在使用服务器;过去 1、5 和 15 分钟的平均负载分别为 0.01、0.02和 0.05。</p><ul><li>top<br>使用 top(进程表)命令,我们可以获取系统中当前正在运行的进程的列表以及 CPU 和内存中的资源利用率统计信息。</li></ul><h1>如何判断负载变高</h1><h2 id="简单分析">简单分析</h2><p>平均负载为 2.97,而当前服务器只有一个 CPU。我们可以通过使用 lscpu 获取服务器中的 CPU 数量,当负载平均值低于 Linux 服务器中的 CPU 数量时,平均负载被认为是理想的。例如,Linux 服务器中只有1个 CPU,最好是平均负载低于 1。过去 1、5 和 15 分钟的平均负载分别为 0.01、0.02和 0.05,因此我们无需担心</p><p>在系统负荷方面,多核CPU与多个CPU效果类似,所以考虑系统负荷的时候,必须考虑这台电脑有几个CPU、每个CPU有几个核心。然后,把系统负荷除以总的核心数,只要每个核心的负荷不超过1.0,就表明电脑正常运行</p><h2 id="单核负载注意">单核负载注意</h2><p>Load < 0.7时:系统很闲,马路上没什么车,要考虑多部署一些服务<br>0.7 < Load < 1时:系统状态不错,马路可以轻松应对<br>Load == 1时:系统马上要处理不多来了,赶紧找一下原因<br>Load > 1时:马路已经非常繁忙了,进入马路的每辆汽车都要无法很快的运行</p><h2 id="三个时间点负载如何看-单核">三个时间点负载如何看(单核)</h2><ul><li>观察<br>通常我们先看15分钟load,如果load很高,再看1分钟和5分钟负载,查看是否有下降趋势。<br>1分钟负载值 > 1,那么我们不用担心,但是如果15分钟负载都超过1,我们要赶紧看看发生了什么事情。<br>如果只有1分钟的系统负荷大于1.0,其他两个时间段都小于1.0,这表明只是暂时现象,问题不大。<br>如果15分钟内,平均系统负荷大于1.0(调整CPU核心数之后),表明问题持续存在,不是暂时现象。所以,你应该主要观察"15分钟系统负荷”,将它作为电脑正常运行的指标。</li><li>总结<br>1分钟Load>1,5分钟Load<1,15分钟Load<1:短期内繁忙,中长期空闲,初步判断是一个“抖动”,或者是“拥塞前兆”<br>1分钟Load>1,5分钟Load>1,15分钟Load<1:短期内繁忙,中期内紧张,很可能是一个“拥塞的开始”<br>1分钟Load>1,5分钟Load>1,15分钟Load>1:短、中、长期都繁忙,系统“正在拥塞”<br>1分钟Load<1,5分钟Load>1,15分钟Load>1:短期内空闲,中、长期繁忙,不用紧张,系统“拥塞正在好转”</li></ul><h1>分析负载变高的原因</h1><p>要解决高负载平均问题,我们需要了解其背后的原因。由于下面提到的三个原因,往往会发生高负载平均值。</p><h2 id="服务器中执行的线程数量较多">服务器中执行的线程数量较多</h2><p>服务器上可能有一个应用程序是使用并发模型(如 Akka 或 goroutines)实现的。一方面,这将提高应用程序的性能,因为它可以同时处理多个请求,但是,另一方面,这将导致系统中执行大量线程。为了解决这个问题,我们需要增加服务器中的 CPU 数量(尽管增加了成本)或优化正在运行的应用程序以减少线程数量</p><h2 id="缺少-RAM-迫使服务器使用交换内存">缺少 RAM 迫使服务器使用交换内存</h2><p>高负载平均背后的另一个可能原因是缺少 RAM。当系统检测到没有足够的内存用于运行进程时,它会转向使用交换内存。使用交换内存的问题在于,处理器队列中必然有多个进程要等待,这将导致高负载平均值。为了解决这个问题,我们必须找到优化服务器中运行的应用程序以节省内存的方法。如果这没有帮助,剩下的唯一解决方案就是向服务器添加更多 RAM</p><h2 id="大量-I-O-流量">大量 I/O 流量</h2><p>由于系统中有大量 I/O 请求,也可能会出现高平均负载。对于大量 I/O 请求,系统将不可避免地遇到高延迟,这反过来将导致高负载平均值。要查看这是否是高负载平均问题的根源,我们可以使用命令行工具 iostat 并确定具有过多 I/O 流量的分区。这将使我们能够安全地停止导致问题的进程</p><h1>参考链接</h1><p><a href="https://www.site24x7.com/blog/load-average-what-is-it-and-whats-the-best-load-average-for-your-linux-servers">https://www.site24x7.com/blog/load-average-what-is-it-and-whats-the-best-load-average-for-your-linux-servers</a></p>]]></content>
<categories>
<category> 知识点 </category>
</categories>
<tags>
<tag> 知识点 </tag>
</tags>
</entry>
<entry>
<title>配置linux路由</title>
<link href="/posts/7a4729e2.html"/>
<url>/posts/7a4729e2.html</url>
<content type="html"><![CDATA[]]></content>
<categories>
<category> 网络管理 </category>
</categories>
<tags>
<tag> 网络管理 </tag>
</tags>
</entry>
<entry>
<title>搭建iscsi</title>
<link href="/posts/b511a9e8.html"/>
<url>/posts/b511a9e8.html</url>
<content type="html"><![CDATA[<h1>介绍</h1><p>iscsi技术在工作形势上分为服务端target和客户端initiator</p><h1>IP规划</h1><ul><li>iscsi服务端<br>192.168.110.10<br>192.168.120.10</li><li>iscsi客户端<br>192.168.110.20和192.168.110.21</li></ul><h1>服务器端搭建</h1><h2 id="添加磁盘">添加磁盘</h2><p>使用如下命令扫盘或者重启系统来使lsblk识别添加的磁盘</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">echo "- - -"> /sys/class/scsi_host/host0/scan </span><br><span class="line">echo "- - -"> /sys/class/scsi_host/host1/scan </span><br><span class="line">echo "- - -"> /sys/class/scsi_host/host2/scan </span><br></pre></td></tr></table></figure><h2 id="设置网络">设置网络</h2><p>存储的虚拟机上设置2个ip</p><h2 id="安装包">安装包</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">yum install -y scsi-target-utils</span><br><span class="line">yum install -y targetcli</span><br></pre></td></tr></table></figure><h2 id="编辑配置">编辑配置</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">iqn 名称:iSCSI Qualified Name(iSCSI 合格名称),是 iSCSI 中用于标识目标和逻辑单元的唯一名称。iSCSI 中的 iqn 名称格式为 iqn.<year>-<month>.<domain>:<name>,其中 <year> 和 <month> 表示 iSCSI 标准发布的年份和月份,<domain> 表示组织或者公司的域名,<name> 表示目标或逻辑单元的名称。</span><br></pre></td></tr></table></figure><p>编辑/etc/tgt/targets.conf文件,添加如下内容,/dev/sdb是新添加的用来共享的磁盘<code>,</code>为原生的未经过格式化的盘</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">有几个盘添加几块</span></span><br><span class="line"><target iqn.202303.dev:server.sdb></span><br><span class="line">backing-store /dev/sdb</span><br><span class="line"></target></span><br></pre></td></tr></table></figure><h2 id="管理服务">管理服务</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">启动并自启动</span></span><br><span class="line">systemctl enable --now tgtd.service</span><br></pre></td></tr></table></figure><h1>客户端搭建</h1><h2 id="编辑配置文件">编辑配置文件</h2><p>编辑/etc/iscsi/initiatorname.iscsi添加如下内容</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">InitiatorName=iqn.202303.dev:server.sdb</span><br></pre></td></tr></table></figure><h2 id="启动服务">启动服务</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">systemctl enable --now iscsi.service</span><br><span class="line">systemctl enable --now iscsid.service</span><br><span class="line">systemctl restart iscsi iscsid</span><br></pre></td></tr></table></figure><h1>测试</h1><h2 id="扫描磁盘">扫描磁盘</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">扫描存储虚拟机的2个ip</span></span><br><span class="line">iscsiadm -m discovery -t sendtargets -p 192.168.110.10</span><br><span class="line">iscsiadm -m discovery -t sendtargets -p 192.168.120.10</span><br></pre></td></tr></table></figure><h2 id="登录">登录</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">iscsiadm -m node -T iqn.2023-03.test:server.sdb -l</span><br><span class="line">iscsiadm -m node -T iqn.202303.dev:server.sdc -l</span><br><span class="line">iscsiadm -m node -T iqn.202303.dev:server.sdd -l</span><br></pre></td></tr></table></figure><h2 id="查看">查看</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">lsblk</span><br></pre></td></tr></table></figure><h2 id="安装多路径">安装多路径</h2><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">正常识别</span></span><br><span class="line">mulitpaht -ll</span><br><span class="line">pvcreate /dev/mapper/dbbak </span><br><span class="line">pvcreate /dev/mapper/dbarch </span><br><span class="line">pvcreate /dev/mapper/dbdata </span><br><span class="line">vgcreate dbbak /dev/mapper/dbbak </span><br><span class="line">vgcreate dbarch /dev/mapper/dbarch </span><br><span class="line">vgcreate dbdata /dev/mapper/dbdata </span><br><span class="line">lvcreate dbarch /dev/mapper/dbarch -n dbarch -l num</span><br><span class="line">lvcreate dbbak /dev/mapper/dbbak -n dbbak -l num</span><br><span class="line">lvcreate dbdata /dev/mapper/dbdata -n dbdata -l num</span><br><span class="line">mkfs.ext4 /dev/mapper/dbdata-dbdata</span><br><span class="line">mkfs.ext4 /dev/mapper/dbarch-dbarch</span><br><span class="line">mkfs.ext4 /dev/mapper/dbbak-dbbak</span><br><span class="line">mkdir /dbarch /dbdata /dbbak</span><br><span class="line">mount /dev/mapper/dbdata-dbdata /dbdata</span><br><span class="line">mount /dev/mapper/dbarch-dbarch /dbarch</span><br><span class="line">mount /dev/mapper/dbbak-dbbak /dbbak</span><br></pre></td></tr></table></figure><h1>删除</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">iscsiadm -m session -u</span><br><span class="line">iscsiadm -m node -o delete</span><br></pre></td></tr></table></figure><h1>targetcli配置服务端</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum -y install targetd</span><br></pre></td></tr></table></figure><ul><li>交互式配置</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">targetcli </span><br><span class="line">cd iscsi</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">create an iSCSI target 用create自动生成或者create name指定一个</span></span><br><span class="line">create</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">Creating a block storage object</span></span><br><span class="line">cd /backstores/block </span><br><span class="line">create name=disk_b dev=/dev/sdb</span><br><span class="line">cd /iscsi/目标名/tpg1</span><br><span class="line"></span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 安装部署 </category>
</categories>
<tags>
<tag> iscsi </tag>
</tags>
</entry>
<entry>
<title>将kickstart封装到iso镜像</title>
<link href="/posts/83891c9e.html"/>
<url>/posts/83891c9e.html</url>
<content type="html"><![CDATA[<h1>获得一份镜像数据</h1><ul><li>挂载系统镜像</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">mount centos.iso /mnt</span><br></pre></td></tr></table></figure><ul><li>拷贝到系统某个目录</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">mkdir /iso</span><br><span class="line">cp -rp /mnt/* /iso/</span><br></pre></td></tr></table></figure><h1>修改kickstart脚本</h1><ul><li>在/iso目录下创建一个文件夹来存放脚本</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">mkdir kickstart</span><br></pre></td></tr></table></figure><ul><li>将ks脚本拷贝过来</li></ul><ol><li>可以用自己写的</li><li>可以拿已经安装的/root下的cfg文件</li></ol><h1>修改引导</h1><ul><li>修改isolinux/isolinux.cfg文件</li><li>添加引导</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">cdrom</span></span><br><span class="line">label linux</span><br><span class="line"> menu label ^Install ikun system Standard(CDROM)</span><br><span class="line"> kernel vmlinuz</span><br><span class="line"> append initrd=initrd.img vga=0x314 lang=zh_CN ks=cdrom:/kickstart/test.cfg</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">usb</span></span><br><span class="line">label linux</span><br><span class="line"> menu label ^Install ikun system Standard(USB)</span><br><span class="line"> kernel vmlinuz</span><br><span class="line"> append initrd=initrd.img vga=0x314 lang=zh_CN ks=hd:LABEL=Centos:/kickstart/test.cfg</span><br></pre></td></tr></table></figure><h1>封装镜像</h1><ul><li>封装</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">genisoimage -v -cache-inodes -joliet-long -R -J -T -V Centos -o /opt/Centos-sp1.iso -c isolinux/boot.cat -b isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -eltorito-alt-boot -b images/efiboot.img -no-emul-boot /iso/ </span><br></pre></td></tr></table></figure><ul><li>校验</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">implantisomd5 /opt/Centos-sp1.iso</span><br></pre></td></tr></table></figure><h1>测试</h1><p>虚拟机安装一下, 会发现自动加载了之前的配置,这样以后不同场景可以自己裁剪镜像来定制化</p>]]></content>
<categories>
<category> kickstart </category>
</categories>
<tags>
<tag> kickstart </tag>
</tags>
</entry>
<entry>
<title>kickstart脚本</title>
<link href="/posts/6534009d.html"/>
<url>/posts/6534009d.html</url>
<content type="html"><![CDATA[<h1>文件来源</h1><ol><li>自己写</li><li>从已经安装的系统的/root/anaconda-ks.cfg下获取</li><li>使用kickstart图形化工具编写</li></ol><h1>kickstart图形化工具</h1><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install system-config-kickstart</span><br></pre></td></tr></table></figure><h1>示例</h1><p>centos7最小化</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">version=DEVEL</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">System authorization information</span></span><br><span class="line">auth --enableshadow --passalgo=sha512</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">Use CDROM installation media</span></span><br><span class="line">cdrom</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">Use graphical install</span></span><br><span class="line">graphical</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">Run the Setup Agent on first boot</span></span><br><span class="line">firstboot --enable</span><br><span class="line">ignoredisk --only-use=sda</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">Keyboard layouts</span></span><br><span class="line">keyboard --vckeymap=us --xlayouts='us'</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">System language</span></span><br><span class="line">lang en_US.UTF-8</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">Network information</span></span><br><span class="line">network --bootproto=dhcp --device=ens33 --onboot=off --ipv6=auto --no-activate</span><br><span class="line">network --bootproto=dhcp --device=ens34 --onboot=off --ipv6=auto</span><br><span class="line">network --hostname=localhost.localdomain</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">Root password</span></span><br><span class="line">rootpw --iscrypted $6$2c8X.xl1NNAt5jpm$S8bXrlWiazVianYF4xbPZrOnO0XMiFk7DlPWchNXW8ijqriiDV5UQ6Y6rtKDzpmxB53PUBsktkSs4HFZfHCG40</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">System services</span></span><br><span class="line">services --enabled="chronyd"</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">System timezone</span></span><br><span class="line">timezone America/New_York --isUtc</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">System bootloader configuration</span></span><br><span class="line">bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">Partition clearing information</span></span><br><span class="line">clearpart --none --initlabel</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">Disk partitioning information</span></span><br><span class="line">part pv.156 --fstype="lvmpv" --ondisk=sda --size=19455</span><br><span class="line">part /boot --fstype="xfs" --ondisk=sda --size=1024</span><br><span class="line">volgroup centos --pesize=4096 pv.156</span><br><span class="line">logvol / --fstype="xfs" --grow --maxsize=51200 --size=1024 --name=root --vgname=centos</span><br><span class="line">logvol swap --fstype="swap" --size=2047 --name=swap --vgname=centos</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">packages</span></span><br><span class="line">@^minimal</span><br><span class="line">@core</span><br><span class="line">chrony</span><br><span class="line">kexec-tools</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">end</span></span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">addon com_redhat_kdump --<span class="built_in">enable</span> --reserve-mb=<span class="string">'auto'</span></span></span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">end</span></span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">anaconda</span></span><br><span class="line">pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty</span><br><span class="line">pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok</span><br><span class="line">pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty</span><br><span class="line"><span class="meta prompt_">%</span><span class="language-bash">end</span></span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> kickstart </category>
</categories>
<tags>
<tag> kickstart </tag>
</tags>
</entry>
<entry>
<title>好用的软件</title>
<link href="/posts/3df4b4e4.html"/>
<url>/posts/3df4b4e4.html</url>
<content type="html"><![CDATA[<h1>nice软件(持续更新)</h1><ul><li><a href="https://github.com/kingToolbox/WindTerm">windterm</a></li><li><a href="https://github.com/yang991178/fluent-reader">https://github.com/yang991178/fluent-reader</a></li><li><a href="https://github.com/rustdesk/rustdesk">rustdesk</a></li><li><a href="https://github.com/massCodeIO/massCode">massCode</a></li><li><a href="https://obsidian.md/">obsidian</a></li><li><a href="https://github.com/lyswhut/lx-music-desktop">lx-music-desktop</a></li><li><a href="https://github.com/charmbracelet/glow">glow</a></li><li><a href="https://input.kfsafe.cn/">卡饭</a></li><li><a href="https://github.com/alist-org/alist">alist</a></li><li><a href="https://github.com/purocean/yn">yank note</a></li></ul>]]></content>
<categories>
<category> 分享 </category>
</categories>
<tags>
<tag> 分享 </tag>
</tags>
</entry>
<entry>
<title>博客图片使用记录</title>
<link href="/posts/6b240272.html"/>
<url>/posts/6b240272.html</url>
<content type="html"><![CDATA[<h1>使用记录</h1><h2 id="背景图">背景图</h2><ul><li>9</li><li>19</li><li>29</li><li>39</li></ul><h2 id="文章图">文章图</h2><ul><li>学习目标 1</li><li>好用的软件 2</li><li>crontab 3</li><li>博客图片使用记录 4</li><li>局域网ip冲突解决方法 5</li><li>linux的驱动问题 6</li><li>系统资源异常处理思路 7</li><li>用户被锁定 8</li><li>在Centos中检查RPM包的依赖性 10</li><li>git拉取总是需要密码 11</li><li>inode节点爆满处理 12</li><li>Linux好用命令之at 13</li><li>Linux好用命令之bizp2 14</li><li>Linux好用命令之dd 15</li><li>Linux好用命令之df 16</li><li>Linux好用命令之dnf 17</li><li>Linux好用命令之dos2unix 18</li><li>Linux好用命令之ethtool 20</li><li>Linux好用命令之free 21</li><li>Linux好用命令之gdb 22</li><li>Linux好用命令之git 23</li><li>Linux好用命令之gzip 24</li><li>Linux好用命令之iostat 25</li><li>Linux好用命令之lscpu 26</li><li>Linux好用命令之lsof 27</li><li>Linux好用命令之lspci 28</li><li>Linux好用命令之md5sum 30</li><li>Linux好用命令之netstat 31</li><li>Linux好用命令之nmcli 32</li><li>Linux好用命令之pidstat 33</li><li>Linux好用命令之ps 34</li><li>Linux好用命令之rpm 35</li><li>Linux好用命令之rsync 36</li><li>Linux好用命令之screen 37</li><li>Linux好用命令之strace 38</li><li>Linux好用命令之systemctl 40</li><li>Linux好用命令之tar 41</li><li>Linux好用命令之top 42</li><li>Linux好用命令之ulimit 43</li><li>Linux好用命令之xz 44</li><li>Linux好用命令之yum 45</li><li>Linux好用命令之zip 46</li><li>博客搭建 47</li><li>源码安装软件 48</li><li>centos7安装nvida显卡驱动 49</li><li>code-server搭建 50</li><li>mdadm制作raid测试 51</li><li>pxe+ks安装centos 52</li><li>配置linux路由 53</li><li>配置网络-nmcli 54</li><li>配置bond-network 55</li><li>cpuinfo 56</li><li>limits.conf配置 57</li><li>repo文件解释 58</li><li>查看centos系统引导方式 59</li><li>磁盘测速 60</li><li>多线程压缩与解压 61</li><li>防火墙firewalld 62</li><li>防止误删的操作 63</li><li>计算机容量换算 64</li><li>镜像站合集 65</li><li>配置yum源 66</li><li>增加swap分区 67</li><li>bash和csh的区别 68</li><li>CVE漏洞 69</li><li>dnf插件 70</li><li>fcitx码表 71</li><li>fio测速 72</li><li>linux环境变量 73</li><li>linux机器信息采集 74</li><li>lvm操作 75</li><li>RH442系统调优笔记 76</li><li>kickstart脚本 77</li><li>将kickstart封装到iso镜像 78</li><li>配置linux路由 79</li><li>inux好用命令之auditctl 80</li><li>Linux好用命令之ethtool 81</li><li>Linux好用命令之expect 82</li><li>Linux好用命令之nload 83</li><li>Linux好用命令之systemctl 84</li><li>平均负载 85</li><li>Linux显示框架 86</li><li>linux统计实时网速的方法 87</li><li>网络连接数量查看 88</li><li>网卡改名脚本使用 89</li><li>网卡多队列 90</li><li>端口转发 91</li><li>日志分割 92</li><li>lvm分区-缩小 93</li><li>lvm分区-删除 94</li><li>lvm分区-扩容 95</li><li>lvm分区-创建 96</li><li>lvm缩减分区给其他分区扩容 97</li><li>磁盘调度算法更改 98</li><li>Linux Kernel编译的基本步骤 99</li><li>c语言相关,编译等知识 100</li><li>pam加固 101</li><li>Linux显示框架 102</li><li>平均负载 103</li><li>搭建iscsi 104</li><li>grub的相关操作 105</li><li>GRUB了解 106</li><li>Linux快速查找库文件位置 107</li><li>Linux快速查找库文件位置 108</li><li>nfs搭建 109</li><li>perl过滤mac地址 110</li><li>shell编程 shell编程 111</li><li>centos修改网卡名 112</li><li>linux好用命令之wall 113</li><li>三剑客-sed 114</li></ul>]]></content>
<categories>
<category> 杂记 </category>
</categories>
<tags>
<tag> 杂记 </tag>
</tags>
</entry>
<entry>
<title>2023目标</title>
<link href="/posts/7169e9ad.html"/>
<url>/posts/7169e9ad.html</url>
<content type="html"><![CDATA[<h1>博客目标</h1><ol><li>合并hexo和obsidian的文章,实现obsidian记录,优化之后上hexo</li><li>先把笔记俩者合二为一(结构上,再完善内容)</li></ol>]]></content>
<categories>
<category> 分享 </category>
</categories>
<tags>
<tag> 目标 </tag>
</tags>
</entry>
<entry>
<title>Linux启动流程</title>
<link href="/posts/ae574090.html"/>
<url>/posts/ae574090.html</url>
<content type="html"><![CDATA[<h2 id="上电">上电</h2><h1>BIOS自检</h1><p>检查CPU、内存、主板、键盘,然后初始化,设置硬件参数,最后是引导程序,bios从硬盘扇区读取引导记录</p><h1>引导介质</h1><p>光盘、硬盘、网络引导,硬盘是否可以引导主要取决于mbr(硬盘前446个字节为主引导记录)分区,硬盘前512个字节包含硬盘分区表信息64字节+55aa标记,55aa用于证明引导扇区是否正确,如果前446个字节正确,前512字节有55aa标记,说明可引导,然后加载到内存中</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">dd if=/dev/sda of=mbr2.bin bs=512 count=1</span><br><span class="line">hexdump -c mbr2.bin</span><br></pre></td></tr></table></figure><ol><li>grub2<br>目前使用最多的是grub2</li></ol><ul><li>boot.img<br>是grub启动的第一个img文件,被写入到MBR中,他的作用是读取属于core.img的第一扇区并跳转到他身上,将控制权交给扇区的img,由于体积大小的限制,boot.img无法理解文件系统的结构,因此grub2-install将会吧core.img的位置硬编码到boot.img中,这样一定可以找到core.img</li><li>core.img<br>core.img根据diskboot.img、kernel.img和一系列模块呗grub2-mkimage程序动态创建</li><li>diskboot.img<br>如果启动设备是硬盘,从硬盘启动开始,core.img中的第一个扇区的内容就是diskboot.img,用于读取core.img的剩余内容到内存,将控制权给kernel.img</li><li>kernel.img<br>包含grub的基本运行时环境,设备框架,文件句柄,环境变量,救援模式下的命令行解析器<br><img src="images/grub%E5%85%B3%E7%B3%BB%E5%9B%BE.png" alt=""></li></ul><h1>内核</h1><p>内核启动,进行系统初始化,加载驱动程序,初始化硬件,根文件系统保存在各种设备上,不能将所有驱动都编译进内核</p><ul><li>initrd:动态配置内核临时根文件系统<br>提示一个内压缩过的小型根目录,这个目录包含启动阶段中必须的驱动模块,可执行文件和启动脚本,也包含udevd。当系统启动的时候,BootLoader会把initd读取到内存,然后把initrd文件在内存中的起始地址和大小传给内核,内核在启动初始化的过程中解压initrd文件,然后将解压后的挂载为根目录,然后执行根目录的init脚本,可以在这个脚本中运行initrd文件系统中的udevd,让他自动加载真是文件系统存放设备的驱动程序,以及在/dev目录下建立必要的设备节点,在udevd自动加载磁盘驱动程序总指挥就可以mount到正真的根目录,并切换到这个根目录,利用initrd可以使内核在启动阶段顺利完成各种存储介质的驱动的加载和真实文件系统的挂载</li><li>initrd格式</li></ul><ol><li>image</li></ol><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">dd if=/dev/zero of=initrd.img bs=4k count=1024</span><br><span class="line">mkfs.ext2 -F -m initrd.img </span><br><span class="line">mkdir /mnt/ramdisk</span><br><span class="line">mount -o loop initrd.img /mnt/ramdisk</span><br><span class="line">cp -r /opt/filesystem /mnt/ramdisk</span><br><span class="line">umount /mnt </span><br><span class="line">gzip -9 initrd.img</span><br></pre></td></tr></table></figure><ol><li>cpio</li></ol><h1>引导程序(init,systemd)</h1><h2 id="init">init</h2><p>内核初始化之后执行init进程,内核会在过去曾经使用init的几个地方找他,如果找不到就执行/bin/sh,如果运行失败,系统启动失败,启动成功之后init成为linux的父进程,启动会读取/etc/inittab找到运行级别,也可以在内核给他指定运行级别(single),接着在fstab找到分区信息挂载,然后init驱动/etc/rcx.d执行对应级别的脚本</p><h3 id="init进程的配置文件">init进程的配置文件</h3><ol><li>/etc/init.d/<br>服务启动脚本配置文件存放目录</li><li>/etc/inittab<br>运行级别</li><li>/etc/init/rcS.conf<br>系统初始化配置文件</li><li>/etc/init/rc.conf<br>各个运行级别初始化配置文件</li><li>/etc/init/rcS-sulogin.conf<br>单用户模式启动/sbin/sushell环境的配置文件</li><li>/etc/init/control-alt-delete.conf<br>按下ctrl+alt+delte的热键</li><li>/etc/sysconfig/init<br>tty终端配置文件</li><li>/etc/init/start-ttys.conf<br>配置tty中单开启数量,设备文件</li><li>/etc/init/tty.conf<br>控制tty终端的开启</li></ol><h2 id="systemd">systemd</h2><p>尽可能启动少的进程,尽可能并行启动,减少对shell脚本的依赖,使用target来处理引导和服务管理过程,target文件被分组用于不同的引导单元以及启动同步进程,systemd的执行第一个目标是default.target,是默认执行模板,实际上default.target是执行graphical.target的软链接,可以修改这个软链接改变启动级别,执行default那个之后就是进入递归的处理依赖关系</p><h3 id="systemd的配置文件">systemd的配置文件</h3><ol><li>/etc/systemd/system/default.target</li><li>/etc.systemd/server 系统执行过程中所产生的服务脚本所在目录</li><li>/etc/systemd/system 里面存着不同级别的开机自启服务</li><li>/usr/lib/systemd/system每个服务最主要的启动脚本</li></ol><h3 id="模式">模式</h3><ol><li>0 关机</li><li>1 救援</li><li>2 字符的多用户不可访问网络</li><li>3 字符</li><li>4 没用</li><li>5 图形</li><li>6 重启</li></ol><h2 id="区别">区别</h2><ul><li>init</li></ul><ol start="4"><li>init全是shell脚本完成</li><li>串行启动,只有前一个启动只才会启动后面的</li><li>启动脚本复杂,init进程只是执行启动脚本,不管其他事情,脚本需要自己处理各种情况</li><li>由内核加载运行,PID=1,是系统中第一个进程</li></ol><ul><li>systemd</li></ul><ol start="8"><li>是配置文件的方式,属于应用程序引导</li><li>按需启动,减少资源消耗</li><li>尽可能并行启动</li><li>由内核加载运行,PID=1,是系统中第一个进程,位于/usr/lib/systemd/systemd</li></ol>]]></content>
<categories>
<category> 知识点 </category>
</categories>
<tags>
<tag> 基操 </tag>
</tags>