Skip to content

ALinux常用命令2

Jump to bottom
Kervin edited this page Aug 19, 2021 · 36 revisions

一、命令

1. Linux给目录特殊权限(仅有读写rw无删除d权限)

#(+/-a 让文件或目录仅供附加用途)
chattr -R +a soft
#撤销权限
chattr -R -a soft

2. 添加删除用户

userdel -rf administrator
adduser administrator

3. 查看网口带宽

lshw -c network
ethtool p4p1
#带宽参数Speed: 10000Mb/s == 1250 MB/s
Settings for p4p1:
	Supported ports: [ FIBRE ]
	Supported link modes:   1000baseT/Full 
	                        10000baseT/Full 
	Supported pause frame use: Symmetric Receive-only
	Supports auto-negotiation: No
	Advertised link modes:  10000baseT/Full 
	Advertised pause frame use: No
	Advertised auto-negotiation: No
	Speed: 10000Mb/s
	Duplex: Full
	Port: FIBRE
	PHYAD: 1
	Transceiver: internal
	Auto-negotiation: off
	Supports Wake-on: g
	Wake-on: d
	Current message level: 0x00000000 (0)

#千兆模块
rmmod sk98lin
modprobe sk98lin
#万兆模块
rmmod ixgbe
modprobe ixgbe
#查询百兆/千兆网卡
lspci | grep Ethernet  或者 lspci -vvv | grep Ethernet

18:00.0 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme BCM5720 2-port Gigabit Ethernet PCIe
18:00.1 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme BCM5720 2-port Gigabit Ethernet PCIe
19:00.0 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme BCM5720 2-port Gigabit Ethernet PCIe
19:00.1 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme BCM5720 2-port Gigabit Ethernet PCIe
#这是千兆网卡

# (1)先设置自动
ethtool -s eth4 advertise 0x03F
# (2)设置速度
ethtool -s eno4 speed 1000 duplex full
# (3)设置千兆
ethtool -s eth4 advertise 0x020

advertise的值:
0x001    10 Half
0x002    10 Full
0x004    100 Half
0x008    100 Full
0x010    1000 Half(not supported by IEEE standards)
0x020    1000 Full
0x8000   2500 Full(not supported by IEEE standards)
0x800    10000 Full
0x03F    Auto

参考地址: http://blog.chinaunix.net/uid-15145533-id-2775810.html

4. Ubuntu的VMware挂载硬盘

#1)VMware添加硬盘(将虚拟硬盘存储为单个文件)
#2)重启并查看盘符
fdisk -l
#3)格式化硬盘
mkfs -t ext3 /dev/sdb
mkfs -t ext4 /dev/sdb
#4)创建目录挂载硬盘
mkdir -p /share
mount /dev/sdb /share
#5)持久化挂载硬盘
echo '/dev/sdb /share  ext3  defaults    0    1' >> /etc/fstab
echo '/dev/sdb /share  ext4  defaults    0    1' >> /etc/fstab
#6)查看硬盘
df -h
#7)查看磁盘格式化方式
blkid -s TYPE /dev/sda2

二、服务

1. NTP服务

A.第三方ntp服务

service --status-all
apt-get install -y ntp

校时配置(vim /etc/ntp.conf) -> time1-7.aliyun.com ntp.aliyun.com

# more information.
pool time1.aliyun.com iburst
pool time2.aliyun.com iburst
pool time3.aliyun.com iburst
pool time4.aliyun.com iburst
pool time5.aliyun.com iburst
pool time6.aliyun.com iburst
pool time7.aliyun.com iburst
# Use Ubuntu's ntp server as a fallback.
pool ntp.aliyun.com
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 172.21.27.31 nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1

# Needed for adding pool entries
#restrict source notrap nomodify noquery

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust
restrict 172.21.27.0 mask 255.255.255.0 nomodify notrap

server 172.21.27.31

server 127.127.1.0 prefer
fudge 127.127.1.0 stratum 10
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient

B. systemd-timesyncd服务

配置 /etc/systemd/timesyncd.conf

[Time]
NTP=dns.cps5.com
#FallbackNTP=dns.cps5.com
RootDistanceMaxSec=60
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048

RootDistanceMaxSec误差范围内更改本地时间,越大越好,31536000为一年(默认:5 即5秒)

systemctl restart systemd-timesyncd.service
时区问题:

1)时区选择

tzselect

2)时区设置

ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
hwclock --localtime --systohc
echo "Asia/Shanghai" > /etc/timezone
mkdir /etc/sysconfig && echo 'Zone=Asia/Shanghai' > /etc/sysconfig/clock
timedatectl set-local-rtc 0
timedatectl set-ntp 1
hwclock --localtime --systohc
systemctl restart systemd-timesyncd.service
timedatectl

2. Ubuntu的root登录

sudo su
vim /etc/ssh/sshd_config

# 在 sshd_config 文件里的 “Authentication” 部分加上以下内容
PermitRootLogin yes
# 完成以后退出 vim 并保存

service sshd restart # 重启 ssh 服务以应用更改
passwd root # 直接修改 Root 用户的密码
这样重新登陆 ssh 就可以用 Root 登陆了。

3. 添加USB网卡

  • Ubuntu网卡
#查询网卡列表
ls /sys/class/net
#如网卡为eno1,enx00e04c361a14
vim /etc/netplan/50-cloud-init.yaml
#信息如下:
network:
    ethernets:
        eno1:
            dhcp4: true
        enx00e04c361a14:
            dhcp4: true
    version: 2
#应用网卡
netplan --debug apply
# 查询所有网卡信息
networkctl status -a
#查询DNS
systemd-resolve --status 
# 重启网卡
service network-manager restart
systemctl restart systemd-networkd

5. squid代理上网

  • 服务端口配置
yum install -y squid
vim /etc/squid/squid.conf
#cat /etc/squid/squid.conf
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
#http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
#http_access deny all

# Squid normally listens to port 3128
http_port 3128

cache_mem 64 MB

dns_nameservers 1.1.1.1 114.114.114.114


# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

重启服务

systemctl restart squid
  • 客户端配置
echo '##http proxy setting' >> /etc/profile
echo 'export http_proxy=http://172.21.32.31:3128' >> /etc/profile
echo 'export https_proxy=http://172.21.32.31:3128' >> /etc/profile
source /etc/profile

注环境变量设置后apt update不生效,则删除/etc/apt/apt.conf.d/90curtin-aptproxy

Clone this wiki locally