常用命令


sed

命令替换

[root@DS-VM-Node146 ~]# sed  "s#123#`which mysql_config`#" 123
abc=/usr/local/mariadb/bin/mysql_config
mark=/usr/local/mariadb/bin/mysql_config

在123文件中注释掉包含关键字abv的行

[root@DS-VM-linuxEA/opt]# sed '/abv/s/.*/#&/' 123
#-----=abvdax.opp
123
#-=abvdax.opp
mnz==aaaaa

在关键字上面和下面插入一行
在关键字上面插入
sed -i '/request_uri/i\\ limit_req zone=limit burst=50 nodelay;' ag*.conf
在关键字下面插入
sed -i '/request_uri/a\\ limit_req zone=limit burst=50 nodelay;' ag*.conf
在多少行插入
sed -i '11a-A INPUT -s 172.25.0.1 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "jumpserver" -j ACCEPT' /etc/sysconfig/iptables
将包含geoip_country_code的行注释去掉
sed -i '/geoip_country_code/s@^#@@g' ag*.conf

日志处理

0, 列出每小时的访问量
awk -F'"|:' '{S[$2]++}END{for(i in S){print i"\t"S[i]}}' access.log |sort -n
1,列出1小时内每分钟的访问量

awk -F":" '$2 == hour {S[$3]++}END{for(i in S){print i"\t"S[i]}}' hour=`date +%H`  access.log

2,计算当前一分钟内的域名/页面访问量

#############################日志格式#######################################
log_format upstream2 '$proxy_add_x_forwarded_for $remote_user [$time_local] "$request" $http_host'
'$body_bytes_sent $request_body "$http_referer" "$http_user_agent" $ssl_protocol $ssl_cipher'
'$request_time [$status] [$upstream_status] [$upstream_response_time] "$upstream_addr"';
awk -F'"|:' '$2 == hour && $3 == min && /GET/ {S[$8]++}END{for(i in S){print S[i]"\t"i}}' hour=`date +%H` min=`date +%M`  access.log

3, 日志清理

find ./ -name "*.log.*" -mtime +14 -exec rm {} \;
find ./ -name "*.log" -mtime +14 -exec rm {} \;
find ./ -name "*.log" -mtime +14 -exec rm {} \;
find ./ -name "*.txt" -mtime +14 -exec rm {} \;
find ./ -name "*.log" -mtime +7 -exec rm {} \;

如何确定哪个目录占用了大量空间
du -h --max-depth=1 ./
如何动态查看某进程的cpu 内存使用率 和 句柄
lsof -p PID
列出被指定进程名打开的文件
lsof -c ssh

列出端口

ss -an | awk -F"[[:space:]]+|:" '{S[$5]++}END{for(i in S){print S[i]"\t"i}}' | sort -rn |head -n 10

ps

ps aux|sort -k4nr|head -20   # 占用内存
ps aux|sort -k3nr|head -20   # 占用cpu

磁盘扩容

添加硬盘空间:

pvcreate /dev/xvdb && vgextend DSVG /dev/xvdb && lvcreate -l 100%FREE -n data DSVG && mkfs.xfs -f /dev/DSVG/data && echo "$(blkid /dev/DSVG/data|awk '{gsub(/"/,"");print $2}') /data xfs  defaults  0 0" >> /etc/fstab && { [ -d /data ] || mkdir -p /data; } && mount -a && clear && df -hP

文件

文件打开数调整:

echo "* hard nofile 65535" >> /etc/security/limits.conf 
echo "* soft nofile 65535" >> /etc/security/limits.conf 
echo "* soft nproc 65535" >> /etc/security/limits.conf 
echo "* hard nproc 65535" >> /etc/security/limits.conf 
ulimit -u 65535
ulimit -n 65534
ulimit -d unlimited
ulimit -m unlimited
ulimit -s unlimited
ulimit -t unlimited
ulimit -v unlimited

cache清理

清楚缓存
cache释放:

To free pagecache:
echo 1 > /proc/sys/vm/drop_caches
echo 2 > /proc/sys/vm/drop_caches

To free dentries and inodes:
echo 2 > /proc/sys/vm/drop_caches

To free pagecache, dentries and inodes:
echo 3 > /proc/sys/vm/drop_caches

说明,释放前最好sync一下,防止丢数据。
清空swap分区
swapoff -a;swapon -a

数据库bin日志清理:

设置自动清理MySQL binlog日志,配置my.cnf:
expire_logs_days = 10
在运行时修改:

show binary logs;  
show variables like '%log%';  
set global expire_logs_days = 10;

清除之前可以采用相应的备份策略。
手动删除10天前的MySQL binlog日志:

PURGE MASTER LOGS BEFORE DATE_SUB(CURRENT_DATE, INTERVAL 10 DAY); 
show master logs;

数据库授权

1, 授权表查询权限
GRANT SELECT ON 'tabname'.* TO 'username'@'Ipadder' IDENTIFIED BY 'password';
2,授权表所有权限
GRANT ALL PRIVILEGES ON tabname.* To 'username'@'Ipadder' IDENTIFIED BY 'password';
3,授权删改查
GRANT SELECT, UPDATE, DELETE ON `tabname`.* TO 'username'@'Ipadder';
4,刷新授权表
flush privileges;
1,查看所有用户
SELECT USER,PASSWORD,HOST FROM mysql.user;
2,查看用户具体权限
show grants for 'yace'@'17.20.0.1'
3,删除某用户
Delete FROM user where User='yace' and Host='17.30.0.7';
4,刷新授权表
flush privileges;
5,创建表
CREATE DATABASE wordpress charset='utf8';
6,授权表
GRANT ALL ON 'wordpress'.* TO 'wordpress'@'127.0.0.1' IDENTIFIED BY 'password';
7,刷新授权表
flush privileges;

防火墙

windows 防火墙:

netsh advfirewall firewall add rule name="tcp_sync-sql" protocol=TCP dir=in localport=5022 action=allow 
netsh advfirewall firewall add rule name="tcp_sync-sql" protocol=udp dir=in localport=5022 action=allow

linux iptables

iptables -I INPUT 5  -s IP  -p tcp -m tcp -m state --state NEW -m multiport --dports 80,443 -m comment --comment "端口备注" -j ACCEPT

docker

1,目录切换

service docker stop
mv /var/lib/docker /root/data/docker
ln -s /root/data/docker /var/lib/docke

2,日志限制

    logging:
      driver: "json-file"
      options:
        max-size: "20480k"
        max-file: "10"
    logging:
        driver: "json-file"
        options:
            max-size: "1G"

随机密码

PASSW=`echo "$(date +"%s%N"| sha256sum | base64 | head -c 16)"` && echo $PASSW |passwd --stdin root && echo $PASSW

rm

rm -rf [a-z]*
rm -rf [0-9]*

inode

[root@linuxea helm]# echo "Detailed Inode usage for: $(pwd)" ; for d in `find -maxdepth 1 -type d |cut -d\/ -f2 |grep -xv . |sort`; do c=$(find $d |wc -l) ; printf "$c\t\t- $d\n" ; done ; printf "Total: \t\t$(find $(pwd) | wc -l)\n"
Detailed Inode usage for: /root/linuxea/manifests/helm
11      - linuxea
22      - redis
Total:      39
[root@linuxea helm]# du --inodes -S | sort -rh | sed -n \
>         '1,50{/^.\{71\}/s/^\(.\{30\}\).*\(.\{37\}\)$/\1...\2/;p}'
16  ./redis/templates
6   ./redis
6   ./linuxea/templates
6   .
4   ./linuxea
[root@linuxea helm]# find ./ -xdev -printf '%h\n' | sort | uniq -c | sort -k 1 -n
      5 ./linuxea
      5 ./linuxea/templates
      6 ./redis
      8 .
     15 ./redis/templates

发表评论