Linux筆記 -- 暫未分類
RPM
[root@ansible ~]# ll
total 24640
-rw-r--r--. 1 root root 25228848 Oct 18 16:11 docker-ce-19.03.13-3.el8.x86_64.rpm
[root@ansible ~]#
docker-ce-19.03.13-3.el8.x86_64:軟體包全名
docker-ce:軟體包名
19.03.13:版本
-3:釋出次數
el8:適用的Linux平臺(el8 = Red Hat Enterprise Linux 8)
x86_64:適用的硬體平臺(noarch = 任何平臺)
- 查詢
- 查詢已安裝
[root@ansible ~]# rpm -qa | head -5
vim-filesystem-8.0.1763-13.el8.noarch
geolite2-city-20180605-1.el8.noarch
libwayland-egl-1.17.0-1.el8.x86_64
libsss_certmap-2.2.3-20.el8.x86_64
libXau-1.0.8-13.el8.x86_64
[root@ansible ~]#
- 查詢已安裝軟體包詳細資訊
[root@ansible ~]# rpm -qi httpd
Name : httpd
Version : 2.4.37
Release : 21.module_el8.2.0+494+1df74eae
Architecture: x86_64
Install Date: Sat 17 Oct 2020 09:40:42 PM CST
Group : System Environment/Daemons
Size : 5105137
License : ASL 2.0
Signature : RSA/SHA256, Thu 17 Sep 2020 04:11:53 AM CST, Key ID 05b555b38483c65d
Source RPM : httpd-2.4.37-21.module_el8.2.0+494+1df74eae.src.rpm
Build Date : Tue 15 Sep 2020 11:42:11 PM CST
Build Host : x86-02.mbox.centos.org
Relocations : (not relocatable)
Packager : CentOS Buildsys <bugs@centos.org>
Vendor : CentOS
URL : https://httpd.apache.org/
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
[root@ansible ~]#
- 查詢未安裝軟體包詳細資訊
[root@ansible ~]# rpm -qip docker-ce-19.03.13-3.el8.x86_64.rpm
warning: docker-ce-19.03.13-3.el8.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Name : docker-ce
Epoch : 3
Version : 19.03.13
Release : 3.el8
Architecture: x86_64
Install Date: (not installed)
Group : Tools/Docker
Size : 106508672
License : ASL 2.0
Signature : RSA/SHA512, Fri 18 Sep 2020 02:49:31 AM CST, Key ID c52feb6b621e9f35
Source RPM : docker-ce-19.03.13-3.el8.src.rpm
Build Date : Thu 17 Sep 2020 01:02:24 AM CST
Build Host : 8b56cb55ab29
Relocations : (not relocatable)
Packager : Docker <support@docker.com>
Vendor : Docker
URL : https://www.docker.com
Summary : The open-source application container engine
Description :
Docker is a product for you to build, ship and run any application as a
lightweight container.
Docker containers are both hardware-agnostic and platform-agnostic. This means
they can run anywhere, from your laptop to the largest cloud compute instance and
everything in between - and they don't require you to use a particular
language, framework or packaging system. That makes them great building blocks
for deploying and scaling web apps, databases, and backend services without
depending on a particular stack or provider.
[root@ansible ~]#
- 查詢軟體包安裝檔案
[root@ansible ~]# rpm -ql httpd | tail -5
/var/cache/httpd
/var/cache/httpd/proxy
/var/lib/dav
/var/lib/httpd
/var/log/httpd
[root@ansible ~]#
- 查詢檔案所屬軟體包
[root@ansible ~]# rpm -qf /var/log/httpd
httpd-2.4.37-21.module_el8.2.0+494+1df74eae.x86_64
[root@ansible ~]#
- 查詢軟體包的依賴資訊
[root@ansible ~]# rpm -qR openssh | head -5
/bin/sh
/sbin/nologin
audit-libs >= 1.0.8
config(openssh) = 8.0p1-4.el8_1
libc.so.6()(64bit)
[root@ansible ~]#
- 解除安裝
- 解除安裝軟體包,保留其依賴
[root@ansible ~]# rpm -e httpd --nodeps
[root@ansible ~]# rpm -ql httpd
package httpd is not installed
[root@ansible ~]#
YUM
- 查詢
- 根據關鍵字查詢
[root@ansible ~]# dnf search mariadb | head -5
Last metadata expiration check: 0:38:41 ago on Sun 18 Oct 2020 03:54:31 PM CST.
======================== Name Exactly Matched: mariadb =========================
mariadb.x86_64 : A very fast and robust SQL database server
======================= Name & Summary Matched: mariadb ========================
mariadb-embedded.x86_64 : MariaDB as an embeddable library
mariadb-server.x86_64 : The MariaDB server and related files
[root@ansible ~]#
- 根據命令查詢
[root@ansible ~]# dnf provides mariadb-server
Last metadata expiration check: 0:39:36 ago on Sun 18 Oct 2020 03:54:31 PM CST.
mariadb-server-3:10.3.17-1.module_el8.1.0+257+48736ea6.x86_64 : The MariaDB server and related files
Repo : AppStream
Matched from:
Provide : mariadb-server = 3:10.3.17-1.module_el8.1.0+257+48736ea6
[root@ansible ~]#
SSH
- 生成金鑰對
[root@ansible ~]# ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:yiMBFkS3Vx16f3iYDZls8ezQmkvH9b4FQsF93P2C/Bo root@ansible
The key's randomart image is:
+---[RSA 3072]----+
| o+ . ...oo. .o|
| o . . ....O. =|
| o . . . ..O.+.o|
| . . . . +o%..o|
| . S X.O..|
| o . .E*.o |
| . + .o o|
| . . . o|
| . |
+----[SHA256]-----+
[root@ansible ~]#
- 分發公鑰
[root@ansible ~]# sshpass -pabcd1234.. ssh-copy-id -i .ssh/id_rsa.pub root@13.13.13.51 -p 22 -o "StrictHostKeyChecking=no"
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '22' -o 'StrictHostKeyChecking=no' 'root@13.13.13.51'"
and check to make sure that only the key(s) you wanted were added.
[root@ansible ~]# ssh 13.13.13.51
Last login: Sat Oct 17 16:41:34 2020 from 13.13.13.13
[root@master01 ~]# exit
logout
Connection to 13.13.13.51 closed.
[root@ansible ~]#
SS
ss [options] [ FILTER ]
- TLUNP
[root@ansible ~]# ss -tlunp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 0.0.0.0:5355 0.0.0.0:* users:(("systemd-resolve",pid=1202,fd=12))
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=1003,fd=6))
udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=1202,fd=18))
udp UNCONN 0 0 [::]:5355 [::]:* users:(("systemd-resolve",pid=1202,fd=14))
udp UNCONN 0 0 [::1]:323 [::]:* users:(("chronyd",pid=1003,fd=7))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1070,fd=5))
tcp LISTEN 0 128 0.0.0.0:5355 0.0.0.0:* users:(("systemd-resolve",pid=1202,fd=13))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=1070,fd=7))
tcp LISTEN 0 128 [::]:5355 [::]:* users:(("systemd-resolve",pid=1202,fd=15))
[root@ansible ~]#
| Option | Explanation |
|---|---|
| -t, --tcp | Display TCP sockets. |
| -u, --udp | Display UDP sockets. |
| -p, --processes | Show process using socket. |
| -n, --numeric | Do not try to resolve service names. |
| -l, --listening | Display only listening sockets (these are omitted by default). |
NMCLI
MAN nmcli | GREP "^CONNECTION MANAGEMENT COMMANDS":
NetworkManager stores all network configuration as "connections", which are collections of data (Layer2 details, IP
addressing, etc.) that describe how to create or connect to a network. A connection is "active" when a device uses that
connection's configuration to create or connect to a network. There may be multiple connections that apply to a device,
but only one of them can be active on that device at any given time. The additional connections can be used to allow
quick switching between different networks and configurations.
- 檢視網路卡裝置
[root@ansible ~]# nmcli device stat
DEVICE TYPE STATE CONNECTION
ens160 ethernet connected ens160
ens224 ethernet disconnected --
lo loopback unmanaged --
[root@ansible ~]# nmcli device show ens160
GENERAL.DEVICE: ens160
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:31:35:FC
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens160
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/1
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 13.13.100.100/16
IP4.GATEWAY: 13.13.254.254
IP4.ROUTE[1]: dst = 13.13.0.0/16, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 13.13.254.254, mt = 100
IP4.DNS[1]: 114.114.114.114
IP6.ADDRESS[1]: fe80::351e:adf7:fa10:75f/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 100
IP6.ROUTE[2]: dst = ff00::/8, nh = ::, mt = 256, table=255
[root@ansible ~]#
- 檢視網路連線
[root@ansible ~]# nmcli connection show
NAME UUID TYPE DEVICE
ens160 7b5bb1b0-02e3-4c46-a3ae-168aba85a875 ethernet ens160
[root@ansible ~]#
[root@localhost ~]# nmcli connection show ens160 | head -5
connection.id: ens160
connection.uuid: fc61be57-7301-443b-b4db-357a84015449
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: ens160
[root@localhost ~]#
- 新增網路連線
- 標準寫法
autoconnect:開機是否自動連線(一塊網路卡同時只能有一個活動的連線)
[root@ansible ~]# nmcli connection add connection.type 802-3-ethernet \
> connection.interface-name ens224 connection.autoconnect yes connection.id ens224
Connection 'ens224' (fac6c7e7-f13d-4031-bc3a-5949466ad32e) successfully added.
[root@ansible ~]#
- 簡寫
[root@ansible ~]# nmcli c add type ethernet ifname ens224 autoconnect no con-name dhcp224
Connection 'dhcp224' (cbf75df0-1bb6-4289-8004-8bdb8f9b1d0d) successfully added.
[root@ansible ~]#
- 檢視自動生成的配置檔案
[root@ansible ~]# cd /etc/sysconfig/network-scripts
[root@ansible network-scripts]# cat ifcfg-ens224
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens224
UUID=fac6c7e7-f13d-4031-bc3a-5949466ad32e
DEVICE=ens224
ONBOOT=yes
[root@ansible network-scripts]# diff ifcfg-ens224 ifcfg-dhcp224
12,13c12,13
< NAME=ens224
< UUID=fac6c7e7-f13d-4031-bc3a-5949466ad32e
---
> NAME=dhcp224
> UUID=cbf75df0-1bb6-4289-8004-8bdb8f9b1d0d
15c15
< ONBOOT=yes
---
> ONBOOT=no
[root@ansible network-scripts]#
- 配置網路連線
nmcli connection show [conncetion.id]:檢視當前配置的(或可配置的)引數
[root@ansible ~]# nmcli connection modify ens224 \
> ipv4.method manual ipv4.addresses 172.16.1.100/24
[root@ansible ~]# nmcli connection up ens224
[root@ansible ~]# ip a show ens224
3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:31:35:06 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.100/24 brd 172.16.1.255 scope global noprefixroute ens224
valid_lft forever preferred_lft forever
inet6 fe80::5259:16f:4200:affc/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@ansible ~]#
Firewall Zone
block
Any incoming network connections are rejected with an icmp-host-prohibited
message for IPv4 and icmp6-adm-prohibited for IPv6. Only network connections
initiated from within the system are possible.
dmz
For computers in your demilitarized zone that are publicly-accessible with limited
access to your internal network. Only selected incoming connections are accepted.
drop
Any incoming network packets are dropped without any notification. Only outgoing
network connections are possible.
external
For use on external networks with masquerading enabled, especially for routers.
You do not trust the other computers on the network to not harm your computer. Only
selected incoming connections are accepted.
home
For use at home when you mostly trust the other computers on the network. Only
selected incoming connections are accepted.
internal
For use on internal networks when you mostly trust the other computers on the network.
Only selected incoming connections are accepted.
public
For use in public areas where you do not trust other computers on the network. Only
selected incoming connections are accepted.
trusted
All network connections are accepted.
work
For use at work where you mostly trust the other computers on the network. Only selected
incoming connections are accepted.
相關文章
- java筆記-file類Java筆記
- js類的筆記JS筆記
- Linux筆記Linux筆記
- dart2筆記-類Dart筆記
- (Java筆記)BigDecimal類Java筆記Decimal
- 《人類簡史》筆記筆記
- EOL 筆記:核心類解析筆記
- 逆向學習筆記3——暫存器與彙編指令筆記
- Linux 命令筆記Linux筆記
- linux筆記2Linux筆記
- 【Linux】使用筆記Linux筆記
- linux筆記1Linux筆記
- Linux命令筆記Linux筆記
- Linux Hook 筆記LinuxHook筆記
- 類載入讀書筆記筆記
- C++類初學筆記C++筆記
- TS學習筆記(三):類筆記
- 社群使用筆記 - 文章歸類筆記
- Python之元類筆記Python筆記
- Git 的工作區、暫存區、版本庫—— Git 學習筆記 15Git筆記
- 組合語言學習筆記03——暫存器(CPU工作原理)組合語言筆記
- 《組合語言》王爽,學習筆記(標誌暫存器下)組合語言筆記
- linux入門筆記Linux筆記
- Linux命令列筆記Linux命令列筆記
- linux 學習筆記Linux筆記
- Linux筆記 篇(二)Linux筆記
- linux ipc namespace筆記Linuxnamespace筆記
- 筆記linux_06筆記Linux
- 筆記Linux_02筆記Linux
- 筆記Linux_01筆記Linux
- 筆記Linux_05筆記Linux
- 筆記linux_04筆記Linux
- Linux學習筆記Linux筆記
- Linux/Unix筆記本Linux筆記
- Linux fping 筆記Linux筆記
- 抽象類特點 學習筆記抽象筆記
- java學習筆記(包裝類)Java筆記
- 物件與類_知識點筆記物件筆記