Linux筆記 -- 暫未分類

L小Ray想有腮發表於2020-10-29

RPM

[root@ansible ~]# ll
total 24640
-rw-r--r--. 1 root root 25228848 Oct 18 16:11 docker-ce-19.03.13-3.el8.x86_64.rpm
[root@ansible ~]# 

docker-ce-19.03.13-3.el8.x86_64:軟體包全名

docker-ce:軟體包名

19.03.13:版本

-3:釋出次數

el8:適用的Linux平臺(el8 = Red Hat Enterprise Linux 8)

x86_64:適用的硬體平臺(noarch = 任何平臺)
  • 查詢
  1. 查詢已安裝
[root@ansible ~]# rpm -qa | head -5
vim-filesystem-8.0.1763-13.el8.noarch
geolite2-city-20180605-1.el8.noarch
libwayland-egl-1.17.0-1.el8.x86_64
libsss_certmap-2.2.3-20.el8.x86_64
libXau-1.0.8-13.el8.x86_64
[root@ansible ~]# 
  1. 查詢已安裝軟體包詳細資訊
[root@ansible ~]# rpm -qi httpd
Name        : httpd
Version     : 2.4.37
Release     : 21.module_el8.2.0+494+1df74eae
Architecture: x86_64
Install Date: Sat 17 Oct 2020 09:40:42 PM CST
Group       : System Environment/Daemons
Size        : 5105137
License     : ASL 2.0
Signature   : RSA/SHA256, Thu 17 Sep 2020 04:11:53 AM CST, Key ID 05b555b38483c65d
Source RPM  : httpd-2.4.37-21.module_el8.2.0+494+1df74eae.src.rpm
Build Date  : Tue 15 Sep 2020 11:42:11 PM CST
Build Host  : x86-02.mbox.centos.org
Relocations : (not relocatable)
Packager    : CentOS Buildsys <bugs@centos.org>
Vendor      : CentOS
URL         : https://httpd.apache.org/
Summary     : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
[root@ansible ~]# 
  1. 查詢未安裝軟體包詳細資訊
[root@ansible ~]# rpm -qip docker-ce-19.03.13-3.el8.x86_64.rpm 
warning: docker-ce-19.03.13-3.el8.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Name        : docker-ce
Epoch       : 3
Version     : 19.03.13
Release     : 3.el8
Architecture: x86_64
Install Date: (not installed)
Group       : Tools/Docker
Size        : 106508672
License     : ASL 2.0
Signature   : RSA/SHA512, Fri 18 Sep 2020 02:49:31 AM CST, Key ID c52feb6b621e9f35
Source RPM  : docker-ce-19.03.13-3.el8.src.rpm
Build Date  : Thu 17 Sep 2020 01:02:24 AM CST
Build Host  : 8b56cb55ab29
Relocations : (not relocatable)
Packager    : Docker <support@docker.com>
Vendor      : Docker
URL         : https://www.docker.com
Summary     : The open-source application container engine
Description :
Docker is a product for you to build, ship and run any application as a
lightweight container.

Docker containers are both hardware-agnostic and platform-agnostic. This means
they can run anywhere, from your laptop to the largest cloud compute instance and
everything in between - and they don't require you to use a particular
language, framework or packaging system. That makes them great building blocks
for deploying and scaling web apps, databases, and backend services without
depending on a particular stack or provider.
[root@ansible ~]# 
  1. 查詢軟體包安裝檔案
[root@ansible ~]# rpm -ql httpd | tail -5
/var/cache/httpd
/var/cache/httpd/proxy
/var/lib/dav
/var/lib/httpd
/var/log/httpd
[root@ansible ~]# 
  1. 查詢檔案所屬軟體包
[root@ansible ~]# rpm -qf /var/log/httpd
httpd-2.4.37-21.module_el8.2.0+494+1df74eae.x86_64
[root@ansible ~]# 
  1. 查詢軟體包的依賴資訊
[root@ansible ~]# rpm -qR openssh | head -5
/bin/sh
/sbin/nologin
audit-libs >= 1.0.8
config(openssh) = 8.0p1-4.el8_1
libc.so.6()(64bit)
[root@ansible ~]# 
  • 解除安裝
  1. 解除安裝軟體包,保留其依賴
[root@ansible ~]# rpm -e httpd --nodeps
[root@ansible ~]# rpm -ql httpd
package httpd is not installed
[root@ansible ~]# 

YUM

  • 查詢
  1. 根據關鍵字查詢
[root@ansible ~]# dnf search mariadb | head -5
Last metadata expiration check: 0:38:41 ago on Sun 18 Oct 2020 03:54:31 PM CST.
======================== Name Exactly Matched: mariadb =========================
mariadb.x86_64 : A very fast and robust SQL database server
======================= Name & Summary Matched: mariadb ========================
mariadb-embedded.x86_64 : MariaDB as an embeddable library
mariadb-server.x86_64 : The MariaDB server and related files
[root@ansible ~]# 
  1. 根據命令查詢
[root@ansible ~]# dnf provides mariadb-server
Last metadata expiration check: 0:39:36 ago on Sun 18 Oct 2020 03:54:31 PM CST.
mariadb-server-3:10.3.17-1.module_el8.1.0+257+48736ea6.x86_64 : The MariaDB server and related files
Repo        : AppStream
Matched from:
Provide    : mariadb-server = 3:10.3.17-1.module_el8.1.0+257+48736ea6

[root@ansible ~]# 

SSH

  • 生成金鑰對
[root@ansible ~]# ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:yiMBFkS3Vx16f3iYDZls8ezQmkvH9b4FQsF93P2C/Bo root@ansible
The key's randomart image is:
+---[RSA 3072]----+
| o+ .   ...oo. .o|
|   o . . ....O. =|
|  o . . . ..O.+.o|
| . . .   . +o%..o|
|    .   S   X.O..|
|     o .   .E*.o |
|    . +     .o  o|
|     . .    .   o|
|               . |
+----[SHA256]-----+
[root@ansible ~]# 
  • 分發公鑰
[root@ansible ~]# sshpass -pabcd1234.. ssh-copy-id -i .ssh/id_rsa.pub root@13.13.13.51 -p 22 -o "StrictHostKeyChecking=no"
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh -p '22' -o 'StrictHostKeyChecking=no' 'root@13.13.13.51'"
and check to make sure that only the key(s) you wanted were added.

[root@ansible ~]# ssh 13.13.13.51
Last login: Sat Oct 17 16:41:34 2020 from 13.13.13.13
[root@master01 ~]# exit
logout
Connection to 13.13.13.51 closed.
[root@ansible ~]# 

SS

ss [options] [ FILTER ]

  • TLUNP
[root@ansible ~]# ss -tlunp
Netid      State        Recv-Q       Send-Q             Local Address:Port             Peer Address:Port                                                       
udp        UNCONN       0            0                        0.0.0.0:5355                  0.0.0.0:*          users:(("systemd-resolve",pid=1202,fd=12))      
udp        UNCONN       0            0                      127.0.0.1:323                   0.0.0.0:*          users:(("chronyd",pid=1003,fd=6))               
udp        UNCONN       0            0                  127.0.0.53%lo:53                    0.0.0.0:*          users:(("systemd-resolve",pid=1202,fd=18))      
udp        UNCONN       0            0                           [::]:5355                     [::]:*          users:(("systemd-resolve",pid=1202,fd=14))      
udp        UNCONN       0            0                          [::1]:323                      [::]:*          users:(("chronyd",pid=1003,fd=7))               
tcp        LISTEN       0            128                      0.0.0.0:22                    0.0.0.0:*          users:(("sshd",pid=1070,fd=5))                  
tcp        LISTEN       0            128                      0.0.0.0:5355                  0.0.0.0:*          users:(("systemd-resolve",pid=1202,fd=13))      
tcp        LISTEN       0            128                         [::]:22                       [::]:*          users:(("sshd",pid=1070,fd=7))                  
tcp        LISTEN       0            128                         [::]:5355                     [::]:*          users:(("systemd-resolve",pid=1202,fd=15))      
[root@ansible ~]# 
OptionExplanation
-t, --tcpDisplay TCP sockets.
-u, --udpDisplay UDP sockets.
-p, --processesShow process using socket.
-n, --numericDo not try to resolve service names.
-l, --listeningDisplay only listening sockets (these are omitted by default).

NMCLI

MAN nmcli | GREP "^CONNECTION MANAGEMENT COMMANDS":

	NetworkManager stores all network configuration as "connections", which are collections of data (Layer2 details, IP 

addressing, etc.) that describe how to create or connect to a network. A connection is "active" when a device uses that 

connection's configuration to create or connect to a network. There may be multiple connections that apply to a device, 

but only one of them can be active on that device at any given time. The additional connections can be used to allow 

quick switching between different networks and configurations.
  • 檢視網路卡裝置
[root@ansible ~]# nmcli device stat
DEVICE  TYPE      STATE         CONNECTION 
ens160  ethernet  connected     ens160     
ens224  ethernet  disconnected  --         
lo      loopback  unmanaged     --         
[root@ansible ~]# nmcli device show ens160
GENERAL.DEVICE:                         ens160
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         00:0C:29:31:35:FC
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     ens160
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/1
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         13.13.100.100/16
IP4.GATEWAY:                            13.13.254.254
IP4.ROUTE[1]:                           dst = 13.13.0.0/16, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 13.13.254.254, mt = 100
IP4.DNS[1]:                             114.114.114.114
IP6.ADDRESS[1]:                         fe80::351e:adf7:fa10:75f/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 100
IP6.ROUTE[2]:                           dst = ff00::/8, nh = ::, mt = 256, table=255
[root@ansible ~]#
  • 檢視網路連線
[root@ansible ~]# nmcli connection show
NAME    UUID                                  TYPE      DEVICE 
ens160  7b5bb1b0-02e3-4c46-a3ae-168aba85a875  ethernet  ens160 
[root@ansible ~]# 
[root@localhost ~]# nmcli connection show ens160 | head -5
connection.id:                          ens160
connection.uuid:                        fc61be57-7301-443b-b4db-357a84015449
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              ens160
[root@localhost ~]# 
  • 新增網路連線
  1. 標準寫法

autoconnect:開機是否自動連線(一塊網路卡同時只能有一個活動的連線)

[root@ansible ~]# nmcli connection add connection.type 802-3-ethernet \
> connection.interface-name ens224 connection.autoconnect yes connection.id ens224
Connection 'ens224' (fac6c7e7-f13d-4031-bc3a-5949466ad32e) successfully added.
[root@ansible ~]#
  1. 簡寫
[root@ansible ~]# nmcli c add type ethernet ifname ens224 autoconnect no con-name dhcp224
Connection 'dhcp224' (cbf75df0-1bb6-4289-8004-8bdb8f9b1d0d) successfully added.
[root@ansible ~]# 
  1. 檢視自動生成的配置檔案
[root@ansible ~]# cd /etc/sysconfig/network-scripts
[root@ansible network-scripts]# cat ifcfg-ens224 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens224
UUID=fac6c7e7-f13d-4031-bc3a-5949466ad32e
DEVICE=ens224
ONBOOT=yes
[root@ansible network-scripts]# diff ifcfg-ens224 ifcfg-dhcp224 
12,13c12,13
< NAME=ens224
< UUID=fac6c7e7-f13d-4031-bc3a-5949466ad32e
---
> NAME=dhcp224
> UUID=cbf75df0-1bb6-4289-8004-8bdb8f9b1d0d
15c15
< ONBOOT=yes
---
> ONBOOT=no
[root@ansible network-scripts]# 
  • 配置網路連線

nmcli connection show [conncetion.id]:檢視當前配置的(或可配置的)引數

[root@ansible ~]# nmcli connection modify ens224 \
> ipv4.method manual ipv4.addresses 172.16.1.100/24
[root@ansible ~]# nmcli connection up ens224
[root@ansible ~]# ip a show ens224
3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:31:35:06 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.100/24 brd 172.16.1.255 scope global noprefixroute ens224
       valid_lft forever preferred_lft forever
    inet6 fe80::5259:16f:4200:affc/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@ansible ~]# 

Firewall Zone

block
	Any incoming network connections are rejected with an icmp-host-prohibited 
message for IPv4 and icmp6-adm-prohibited for IPv6. Only network connections 
initiated from within the system are possible.

dmz
	For computers in your demilitarized zone that are publicly-accessible with limited 
access to your internal network.  Only selected incoming connections are accepted.

drop
	Any incoming network packets are dropped without any notification. Only outgoing 
network connections are possible.

external
	For use on external networks with masquerading enabled, especially for routers. 
You do not trust the other computers on the network to not harm your computer. Only 
selected incoming connections are accepted.

home
	For use at home when you mostly trust the other computers on the network. Only 
selected incoming connections are accepted.

internal
	For use on internal networks when you mostly trust the other computers on the network.
Only selected incoming connections are accepted.

public
	For use in public areas where you do not trust other computers on the network. Only 
selected incoming connections are accepted.

trusted
All network connections are accepted.

work
	For use at work where you mostly trust the other computers on the network. Only selected 
incoming connections are accepted.

相關文章