linux:linux_server_hacks_100_tips
差異處
這裏顯示兩個版本的差異處。
| Both sides previous revision 前次修改 下次修改 | 前次修改 | ||
|
linux:linux_server_hacks_100_tips [2007/03/30 10:57] wenpei 37 |
linux:linux_server_hacks_100_tips [2008/03/28 21:42] (目前版本) wenpei |
||
|---|---|---|---|
| 行 113: | 行 113: | ||
| ssh fromhost.tw "cat really-big-archive.tgz" | tar zpvxf - | ssh fromhost.tw "cat really-big-archive.tgz" | tar zpvxf - | ||
| + | ===== 38 rsync ===== | ||
| + | 連上 fromhost.tw,將裡面的 frompath 檔案複製到本機的 destpath。--delete 參數表若來源的檔案被刪除,目的地的檔案會跟著刪除。 | ||
| + | rsync -ave ssh --delete fromhost.tw:/[frompath] [destpath] | ||
| + | rsync -ave ssh fromhost.tw:/tmp/ /tmp/rsync_test/ | ||
| + | 若用 crontab 跑,可不使用 -v 參數輸出訊息。 | ||
| + | rsync -ae ssh master.machine.com:/usr/local/apache/htdocs/ /usr/local/apache/htdocs/ | ||
| + | |||
| + | ===== 43 ISO、燒錄 ===== | ||
| + | mkisofs:-r 表將 Unix 檔案系統的特有資訊存在光碟上,又保持 ISO9660 的相容性。 | ||
| + | mkisofs -r /home/test/ > /tmp/home.iso | ||
| + | |||
| + | 將光碟片製作成 .iso 檔,bs 需要實際測試,找出理想值。 | ||
| + | dd if=/dev/cdrom of=image.iso bs=10k | ||
| + | |||
| + | 掛載 iso 檔 | ||
| + | mount -o loop,ro -t iso9660 ./image.iso /mnt/cdrom | ||
| + | |||
| + | ===== 45 iptables ===== | ||
| + | 列出所有規則 | ||
| + | iptables -L | ||
| + | |||
| + | 清空所有過濾規則 | ||
| + | iptables -F | ||
| + | |||
| + | 允許 | ||
| + | iptables -A INPUT -t filter -s 1.2.3.0/24 -j ACCEPT | ||
| + | |||
| + | 阻隔 | ||
| + | iptables -A INPUT -t filter -s 5.6.7.8 -j DROP | ||
| + | |||
| + | 可使用的 port - 22 | ||
| + | iptables -A INPUT -t filter -p tcp --dport 22 -j ACCEPT | ||
| + | |||
| + | 剩下的都阻隔掉 | ||
| + | iptables -A INPUT -t filter -p tcp --syn -j DROP | ||
| + | |||
| + | ==== NAT(以 eth0 為連外介面) ==== | ||
| + | echo "1" > /proc/sys/net/ipv4/ip_forward | ||
| + | iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | ||
| + | |||
| + | ==== Port forwarding(Destination NAT) ==== | ||
| + | iptables -t nat -A PREROUTING ! -i eth1 -p tcp --destination-port 3389 -j DNAT --to 192.168.1.5:3389 | ||
| + | # eth1 為對內網卡 | ||
| + | |||
| + | ===== 55 watch ===== | ||
| + | -n1 每秒更新一次,-d 標出有變動的文字 | ||
| + | watch -n1 -d 'ps aux | grep tar' | ||
| + | |||
| + | ===== 57 lspf ===== | ||
| + | 查詢哪一個行程佔用 /mnt/cdrom | ||
| + | lsof /mnt/cdrom | ||
| + | |||
| + | 查詢某 PID 或行程名稱開啟的檔案 | ||
| + | lsof -p 345 | ||
| + | lsof -c syslogd | ||
| + | |||
| + | 查詢已開啟的 socket | ||
| + | lsof -i | ||
| + | |||
| + | ===== 60 ngrep ===== | ||
| + | 取得所有 HTTP GET request | ||
| + | ngrep -q GET -d eth0 | ||
| + | |||
| + | bpf filter(Berkeley Packet Filter) | ||
| + | ngrep -qi root@abc.tw port 25 | ||
| + | |||
| + | |||
| + | ===== 61 nmap ===== | ||
| + | 辨識作業系統 | ||
| + | nmap -O abc.tw | ||
| + | |||
| + | 辨識服務的版本 | ||
| + | nmap -sV abc.tw -p 22 | ||
| + | |||
| + | ===== 64 ntop ===== | ||
| + | apt-get install ntop | ||
| + | |||
| + | 開成 daemon,可透過網頁連 port 3000 提供統計資料 | ||
| + | ntop -d | ||
| + | |||
| + | ===== 66 ssh-keygen ===== | ||
| + | 產生一對金鑰,途中可考慮要不要輸入 passphrase | ||
| + | ssh-keygen -t rsa | ||
| + | |||
| + | 產生公鑰:~/.ssh/id_rsa.pub 和私鑰:~/.ssh/id_rsa,將公鑰放入想要遠端的主機 | ||
| + | $ scp ~/.ssh/id_rsa.pub [username]@[server.name]:~/.ssh/ | ||
| + | $ ssh [username]@[server.name] | ||
| + | $ cat ~/.ssh/id_rsa >> ~/.ssh/authorized_keys | ||
| + | |||
| + | 若私鑰遭竊,別人即可輕易登入。 | ||
| + | |||
| + | ==== 遠端命令 ==== | ||
| + | 一個簡單的 ssh-to | ||
| + | <code> | ||
| + | #!/bin/sh | ||
| + | ssh `basename $0` $* | ||
| + | </code> | ||
| + | |||
| + | $ ln -s ssh-to a.sars.tw | ||
| + | $ ln -s ssh-to b.sars.tw | ||
| + | |||
| + | 執行指令即可直接列出遠端主機的狀態 | ||
| + | $ ./a.sars.tw uptime | ||
| + | |||
| + | ===== 68 ssh-agent ===== | ||
| + | $ eval `ssh-agent` | ||
| + | $ ssh-add | ||
| + | |||
| + | /etc/ssh/ssh_config | ||
| + | ForwardAgent yes | ||
| + | |||
| + | ===== 70 X over ssh ===== | ||
| + | 透過 X11 forwardng 執行遠端的程式 | ||
| + | |||
| + | 修改 sshd_config | ||
| + | X11Forwarding yes | ||
| + | |||
| + | $ ssh -X host | ||
| + | |||
| + | ===== 71 ssh forward ===== | ||
| + | ssh -f -N -L110:mailserver:110 -l user mailserver | ||
| + | |||
| + | ===== 72 環境設定檔同步 ===== | ||
| + | movein.sh:(tar 的 -h 表在遠端產生的是普通檔案,而非 link ) | ||
| + | <code> | ||
| + | #!/bin/sh | ||
| + | |||
| + | if [ -z "$1" ]; then echo "Usage: `basename $0` hostname" | ||
| + | exit | ||
| + | fi | ||
| + | |||
| + | cd ~/.skel | ||
| + | tar zhcf - . | ssh $1 "tar zpvxf -" | ||
| + | </code> | ||
| + | |||
| + | 在家目錄下整理需要複製的設定檔 | ||
| + | $ mkdir .skel | ||
| + | $ cd .skel | ||
| + | $ ln -s ../.bashrc .bashrc | ||
| + | $ ln -s /etc/vim/vimrc .vimrc | ||
| + | $ mkdir .ssh | ||
| + | $ cd .ssh | ||
| + | $ ln -s ../../.ssh/id_rsa.pub authorized_keys2 | ||
| + | |||
| + | ===== 75 色彩化日誌 ===== | ||
| + | rcg 使用 Term::ANSIColor 將符合條件的字串改成特定色彩 | ||
| + | |||
| + | less -r 將 ESC sequence 解釋成彩色效果 | ||
| + | |||
| + | 正規式: | ||
| + | \d+\.\d+\.\d+\.\d+\. # IP 位址的表示法 | ||
| + | ^(J|F|M|A|S|O|N|D)\w\w (\d|)\d # 日期字串 | ||
| + | \b\d\d:\d\d:\d\d\b # 時間字串 | ||
| + | |||
| + | ===== 88 Apache Index full files name ===== | ||
| + | IndexOptions FancyIndexing NameWidth=* | ||
| + | IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* | ||
linux/linux_server_hacks_100_tips.1175223465.txt.gz · 上一次變更: 2007/03/30 11:41 (外部編輯)
若無特別註明,本 wiki 上的內容都是採用以下授權方式: CC Attribution-Noncommercial-Share Alike 3.0 Unported
