Linux systems must know|system-administration-linux-tutorial|ylinux linux tutorial

1. Introduction

Full-stack development not only requires developers to write back-end logic, but also to be familiar with front-end H5, automatic build and deployment, etc.

The content published in the previous chats, some of the Docker deployment, etc. will involve the basic operations of Linux, and the Linux operating system is widely used in server systems, so the author reissues an article on the basics of the Linux operating system. Use and some common knowledge, such as network knowledge, security, general operations, etc., hope to help developers.

The use of Linux operating system mainly includes three major systems: Red Hat, Ubuntu, and CentOS. In Chat, CentOS 7 will be used as the demonstration system. This chat will give a systematic and general description from five aspects: the main system security should be paid attention to, how to better manage the file system, efficient management of the system network, system logs, and 50 routine operations of the Linux system, and the use of What should be paid attention to, which will include the operation of many general commands. It is mainly suitable for developers or junior operation and maintenance engineers or architects, etc. If it is a professional operation and maintenance or architect, it needs to go further.

2. What aspects should be paid attention to in system security

Regarding the security aspects of the Linux operating system, it is mainly the protection of user account security information and the restriction protection of network settings.

This section will focus on how to ensure the security and reliability of the operating system from the aspects of user information security and root user security management restrictions.

2.1 System account management

View users with login privileges:

grep "bash" /etc/passwd

Create the wwt user and set a password:

# add user wwt

useradd wwt

# Set the password for the wwt user wwt

passwd wwt

Check whether password-related files are locked:

lsattr /etc/passwd /etc/shadow

Lock /etc/passwd /etc/shadow and check again that the file is locked:

chattr +i  /etc/passwd /etc/shadow

lsattr /etc/passwd /etc/shadow

When the user is added again, it is prompted that the file cannot be opened, because the password file has been locked, which can play a security role.

useradd zhaoz

When you need to create a user or have related operations, you can unlock the locked file again. After unlocking, check the password file again and it is already unlocked.

chattr -i  /etc/passwd /etc/shadow

lsattr /etc/passwd /etc/shadow

2.2 Password file security

Enter the password file:

vim  /etc/shadow

According to the above document, the maximum validity period of the password can be viewed as 99999.

Enter the password modification file:

vim /etc/login.defs

Change the maximum duration of the password from 99999 to 30 days or something else.

2.3 Limit risks arising from historical orders.

View historical command input:

History

The maximum number of modification history commands stored is 10 or others, and the default history command of the operating system can store up to 1000.\

vim /etc/profile

Update environment variables after modification:

source /etc/profile

Use history again to view the historical command records and find that there are only 10 records

Set the command to clear the history when the user logs out to prevent it from being exploited by attackers. Enter the wwt user directory below:

cd /home/wwt

Open the hidden file list:

ls -a

Modify the .bash_logout file,Add history -c clear operation history clear command::

vim .bash_logout

After saving, after the system user logs out and logs in, the historical operation commands will be cleared to protect the security of the system.

3. How to better manage the file system

There are three commonly used commands df, du and fdisk in the part about disk and file system in the use of Linux system. This section mainly focuses on these three basic commands.

3.1 df command

The df command is mainly used to check the usage of the file system. Use --help to check that the command has the following parameters. Here are some commonly used items for description.

List all filesystems directly using the df command:

df

Visually display system capacity:

df -h

List all specially formatted files present in the operating system:

df -aT

Show the usage under a shelf:

df -h /home

3.2 du command

The du command is also used to view capacity-related information, which is similar to the df command but different. The difference is that the du command is mainly used to view the related usage of files and directories.

Like df, you can use du directly to view all, but when you use the du command, you can list all files and directories. Because Linux has too many directory levels, it is generally not possible to directly view all of them. Because there are too many file directories, here is the Do not display the execution result of the du command.

du

Use the du -a command to list the capacity of a file directory:

du -a

Check the occupancy of files under a certain directory, here is a list of the occupancy of all files under the / root directory.

du -sm /*

3.3 fdisk disk operation command

After learning the commands of df and du, as a developer, if the Docker sucker is full of the system, you can quickly locate the problem and operate, or delete abnormal files or adjust the movement, etc. The fdisk command is mainly biased towards The contents related to disk partitions are introduced. Here are some general introductions.

The first is to check the partition status of the disk and list the device status of all partitions:

fdisk -l

One of the most commonly used is to mount a file system to another partition to solve the corresponding operating system exception when the file system is full. Be sure to back up the file systems that need to be mounted to other partitions first. Regarding how to mount existing file systems such as /home files or others to other system partitions, you can refer to this blog to save space:

4. Efficient management system network

On the CentOS 7 operating system, the commands on the network part have changed a lot from the previous system version, such as the use of ifconfig to view network information, etc., which can no longer be used. If you need to use it, use CentOS 7 The yum command can be installed.

Ifconfig

4.1 ip command related operations

Use the ip addr command to view information about network addresses:

ip addr

Use ip -s link to perform statistics on network interface information

ip -s link

Display routing table information

ip route show

For the convenience of viewing, we can use the following command to format the route just to make it clearer

ip route show|column -t

5. System log

In the CentOS 7 system systemd has very powerful functions of processing data and recording logs, and the log files of the system are generally stored in the /var/log/journal directory. For all kinds of problems, we certainly know the importance of logs and how convenient it can bring us to solve problems.

Generally, log related viewing can be performed through journalctl. Use journalctl to view all logs, of course not all viewing in general, because the number is too large.

Journalctl

Use journalctl -b to view the startup log:

journalctl -b

Under normal circumstances, the situation in the system log is that the file system system is full, we can solve it by deleting the corresponding useless files, or adjusting the file partition mentioned above. Regarding the management of the log service, we can use this software rsyslog to operate, of course, the system is installed by default. Use the following command to see if the software is installed:

rpm -qa|grep rsyslog

In general, when downloading and using this software, you need to modify its configuration file /etc/rsyslog.conf:

vi /etc/rsyslog.conf

After opening the above configuration file, the left side of each line is the module that needs to perform the logging operation, and the right side is the directory file corresponding to the log saving. If you want to save all the logs, you can add the following configuration, but in general, it is not recommended to save all of them. Because too many logs generated in this way may cause the disk to be full and so on.

*.*                                    /var/log/all.log

After setting according to your needs, you need to restart the log software:

/etc/init.d/rsyslog restart

Original article, please indicate the source for reprinting：http://127.0.0.1:8000/system-administration-linux-tutorial/linux-systems-must-know/