Server
Linux operation and maintenance through systemctl management service-linux operation and maintenance
Since centOS7, a command for managing services has been added – systemctl, through which the services on the system can be managed very conveniently. Open and close the service through systemctl The following lists the relevant options for opening and closing the service start open the service stop shuts down the service restart restarts the service status checks the service status reload reloads the configuration file (without shutting down the service) enable starts the service at boot disable turn off self-starting at boot Learn through the following cases # View service operating status # systemctl status atd ● atd.service – Job pooling tools Loaded: loaded (/usr/lib/systemd/system/atd.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2020-11-07 16:20:59 CST; 3 days ago Main PID: 3002 (atd) CGroup: /system.slice/atd.service └─3002 /usr/sbin/atd -f Nov 07 16:20:59 iz8vb626ci0aehwsivxaydz systemd[1]: Started Job spooling tools. Nov 07 16:20:59 iz8vb626ci0aehwsivxaydz systemd[1]: Starting Job spooling tools… Through the information shown above, we can get a lot of information. From the second line Loaded, enabled appears to indicate that the service starts automatically after booting. From the running of the third line, we know that the service is running. Let’s demonstrate closing and starting services # systemctl stop atd…
Log files for linux operation and maintenance – common log files, services for managing log files – linux operation and maintenance
Almost all services on linux have log files, and the log files are used to record the running status of the software. Through log files, we can obtain a lot of useful information. For example, through nginx log files, we can count the number of daily IPs and pvs of the website. In addition, if there is a problem with the software operation, we can also locate the source of the error through the log file information. Therefore, the log file is also an important part of the software. Common log files In the Linux system, they are recorded in the /var/log/ directory There are many useful log files. /var/log/cron records information related to scheduled tasks /var/log/dmesg boot kernel information /var/log/btmp records error login information, this file cannot be viewed through vi, you can use the lastb command to view . /var/log/lastlog records the last login of each user, this file cannot be viewed through vi, use the lastlog command to view /var/log/maillog records mail information /var/log/message records important information of the system /var/log/recure Record verification and authorization information, as long as the program involves account and password will be recorded /var/log/wtmp Permanently record user login , Exit information, in…
logrotate log rotation for linux operation and maintenance – rotate nginx logs – linux operation and maintenance
There is a very useful rotation service on the linux system – logrotate. Through this service, log files can be managed in rotation. When the log file is too large, it can be cut into multiple small log files, and can also be compressed. The default log files access.log and error.log of nginx will not be rotated by themselves. Therefore, logrotate is often used to manage nginx logs in rotation. logrotate For the operation of the logrotate program, it is executed daily in the scheduled task of the system. # cat /etc/cron.daily/logrotate #!/bin/sh /usr/sbin/logrotate -s /var/lib/logrotate/logrotate.status … Next, let’s take a look at the logrotate configuration file /etc/logrotate.conf. # View more information through man logrotate # The following is the default configuration weekly <=== defaults to rotate once a week rotate 4 <=== save 4 log files by default create <==== When the rotation is complete, create a new log file dateext <=== add the date before the rotated file name for easy management #compress <=== By default, the rotated files are not compressed. If you want to compress, remove # #Load the files in the /etc/logrotate.d directory include /etc/logrotate.d # The following are the rules for the rotation of…
Some common commands for setting network parameters in linux-linux operation and maintenance
Here are three commands related to network settings: ifconfig: query, set network card and ip, subnet mask, etc. Parameters (need to install the net-tools tool first) ifup, ifdown: start and close the network interface route: view 、Configure routing information ifconfig First look at the ifconfig command ifconfig [network card name] [options] up, down: enable or disable the network interface mtu: set the mtu value netmask: Set the subnet mask broadcast: Set the broadcast address First look at the first example, to view all network cards on the system, just enter the ifconfig command without adding any parameters # ifconfig eth0: flags=4163 mtu 1500 inet 192.168.2.220 netmask 255.255.255.0 broadcast 192.168.2.255 inet6 fe80::1733:cf21:906d:57af prefixlen 64 scopeid 0x20 ether 00:0c:29:84:5b:d0 txqueuelen 1000 (Ethernet) RX packets 9946 bytes 10315936 (9.8 MiB) RX errors 0 dropped 3 overruns 0 frame 0 TX packets 2208 bytes 186213 (181.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 … From the output information of this command, we can get a lot of information, such as network card name, ip address, subnet mask, broadcast address, etc. Let’s continue to look at a few Example # Modify the ip address # ifconfig…
How to troubleshoot network failures in linux-linux operation and maintenance
If the company’s website cannot be opened, if it is because of network problems, how should you troubleshoot. For another example, if the remote connection tool cannot connect to the server or the mysql database, it may be due to network problems. In daily work or study, we often encounter various network problems (because computer networks are too complicated). Now let’s take a look at how to troubleshoot if there is a network problem with the linux server. ping First look at the ping command, which is a tool used to test whether two hosts can communicate normally. The object of ping can be either an IP address or a domain name. This command can be used in both linux and windows cmd mode. The method of use is the same. # ping -c 4 8.210.247.5 PING 8.210.247.5 (8.210.247.5) 56(84) bytes of data. 64 bytes from 8.210.247.5: icmp_seq=1 ttl=64 time=1.54 ms 64 bytes from 8.210.247.5: icmp_seq=2 ttl=64 time=1.48 ms 64 bytes from 8.210.247.5: icmp_seq=3 ttl=64 time=1.46 ms 64 bytes from 8.210.247.5: icmp_seq=4 ttl=64 time=1.48 ms — 8.210.247.5 ping statistics — 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 1.460/1.494/1.548/0.042 ms # ping -c 1 baidu.com…
Software firewall iptables under linux – view and clear rules, define default policies – linux operation and maintenance
A firewall is a way for users to restrict access to certain ip or users to their hosts. There are two types of firewalls, hardware firewalls and software firewalls. Software firewalls are mainly used to filter data packets, and hardware firewalls are mainly used to protect against malicious attacks and filter data packets, such as DDOS attacks. Here, let’s explain the software firewall under linux-iptables. iptables and firewalld Under centOS6, the default software firewall is iptables, and in centos7, it is firewalld. What is the connection between them? In fact, firewalld is a newly packaged software on the original iptables. When learning iptables, it is recommended to close firewalld first, and open iptables yum install iptables-services systemctl stop firewalld systemctl start iptables table and chain of iptables Different of iptables Tables represent different functions, there are 4 tables by default filter (filter) nat (address translation) mangle raw Under different tables, they have their own rule chains: filter (INPUT/OUTPUT/FORWARD) nat (prerouting/output/postouting) The meaning of these chains As follows: INPUT chain – incoming data packets apply the rules in this rule chain OUTPUT chain – apply the rules in this rule chain to outgoing packets FORWARD chain – apply the rules in…
Software firewall iptables under linux – definition and deletion of rules – linux operation and maintenance
The introduction of the ipitables firewall, and how to view the rules and clear the rules, etc. have been described in a previous article. Today, here is a demonstration of how to formulate firewall rules. Because in the work, the rules are mainly formulated for the filter chain, so here we mainly use the fitler chain for demonstration. Preparation Before formulating the rules, we first shut down the firewalld service, open the iptables service, and then clear the existing rules. # systemctl stop firewalld # systemctl start iptables # iptables -F #iptables -X # iptables -Z New rule chain About the addition of iptables Rule chain, there are many options, let’s see the basic usage below: iptables [-t tables] -A|I chain name[-i|o network interface ] [-m state] [–state packet state] \ > [-p network-protocol] [-s source-address –sport port-range] [-d destination-address –dport port-range] \ > -j [ACCEPT|DROP|REJECT] Options and parameters: -A|I The chain name A means to add rules after the existing rules, and I means to insert rules at the front -i|o network interface i means the network interface where the data packet enters , needs to be used in conjunction with the INPUT or PREROUTING chain; o indicates the…
Software firewall iptables under linux – setting of nat table rules – linux operation and maintenance
In addition to the most commonly used filter table, iptables also occasionally uses the nat table. Nat is network address translation, which is used to modify the source ip address or destination ip address. Now let’s look at the process of a simple data packet passing through iptables to the table and chain of the back-end host. 1. Through the PREROUTING chain of the NAT table 2. After routing to determine whether the data packet is going to enter the machine, if not, perform the next step p>3. Pass the FORWARD chain of Filter 4. Pass the POSTROUTING chain of the NAT table, and finally send it out The first step and the last step are related to NAT, that is, PREROUTING chain and POSTROUTING chain. The PREROUTING chain modifies the destination IP, referred to as DNAT POSTROUTING The source IP is modified by the chain, referred to as SNAT DNAT So which scenarios need to use DNAT, and what are the common applications of SNAT? For DNAT, the most common is to map the port of the internal network to the external network, so that other users can access it. In this way, the security of the internal network…
Software firewall iptables under linux – firewall design – linux operation and maintenance
In the previous articles, I have introduced the tables and chains of iptables, and how to add rule chains. Here, I want to share a simple firewall rule with you. Here I mainly set the rules for the input chain of the filter. This article is equivalent to a practical iptables rule to help you deepen and consolidate the knowledge you have learned. The application rules are as follows: Clear the existing rules and clear all the original rules. Set the default policy, set the default policy of the input chain of the filter to drop, and set the others to accept. Trust this machine, for the loopback network card lo must be set to trustworthy. Response data packet, the data packet that responds to the host’s active external request can enter the machine (establish/related) Reject invalid data packets, reject invalid data packets (INVALID) White list, trust certain ip or network addresses, etc. Blacklist, untrusted ip or network address, etc. Allow icmp packets, release icmp packets Open some ports, some service ports must be opened to the outside world, such as 80, 443, 22 and other ports We are going to make 3 shell scripts Files: iptables.rule, iptables.allow (whitelist), iptables.deny…
Introduction to lvm software under linux – the size of the flexible file system – linux operation and maintenance
We often encounter such a situation. With the operation of the system, it is found that the remaining space of a certain partition is insufficient, so the partition needs to be expanded. How to expand it? A common strategy is to Add a new hard disk, and then partition and format a new usable partition. Copy the content of the previous file system to another partition, and then unmount the original partition (if the original file system is mounted in the /www directory) Mount the new partition to the original directory /www, and then copy the previous content to the /www directory. Does the whole process feel troublesome? If the original file system space is very large, dozens of G or even hundreds of G, then it will be a big project quantity. In addition, the previous partition has no use for the time being, and it is also a waste! lvm introduction lvm logical volume is used to solve the above problems Yes, it can be very convenient to scale the size of the file system. For lvm, there are several special terms that need to be known: Physical Volume, referred to as PV: physical volume Volume Group, referred…
