Chinaunix首页 | 论坛 | 博客
  • 博客访问: 738994
  • 博文数量: 235
  • 博客积分: 4309
  • 博客等级: 中校
  • 技术积分: 2325
  • 用 户 组: 普通用户
  • 注册时间: 2011-01-17 11:25
个人简介

If you don\\\\\\\\\\\\\\\'t wanna do it, you find an EXCUSE; if you do, you\\\\\\\\\\\\\\\'ll find a WAY :-)

文章分类

全部博文(235)

文章存档

2014年(3)

2013年(2)

2012年(31)

2011年(199)

分类: BSD

2011-10-11 22:08:15

"I'm an egotistical bastard, and I name all my projects after myself. 
First Linux, now git."  ~ Linus Torvalds
1: 系统工具
  1. netstat -w 5 -d (displays how many packets and bytes your system is processing)
  2. netstat -na -f inet (view open network connections)
  3. netstat -nb -f inet (display only connections with foreign systems)
  4. netstat -m (An mbuf is a chunk of kernel memory used for networking)
  5. netstat -s -f inet -p tcp (display system-wide statistics for each network protocol)
  6. sockstat -4 (lists ports listening to the network)

  7. vmstat -w 5 -n 1 (
    shows the current virtual memory statistics -n:显示磁盘数)
  8. r:等待CPU b:等待Disk w:swap out( your memory is inadequate for the work )
  9. avm:虚拟内存用量 fre:空闲内存

  10. flt:page falts re:pages reused from cache pi:page in po:page out
  11. fr:how many pages are freed per second
  12. sr:how many pages are scanned per second

  13. da0:磁盘名称
  14. in:IRQ sy:system calls cs:context switches
  1. us:user task sy:system task  id:idle
  2. (Having high fr and flt values can indicate lots of short-lived processes)

  3. top (provides a good overview of system status, displaying information
  4. about CPU, memory, and disk usage)
  5. " m "键  Display either 'cpu'  or  'io' statistics.  Default is  'cpu' 
  1. last pid: 被分配的pid数 load averages:1 5 15 平均负载 up:运行时间 当前时间
  2. 进程数目 和 进程状态 (被分配51039个pid? 程序重启会被重新分配pid!或者 有进程在不停的fork)
  3. CPU开销:user calls 优先级是否调整过 system calls IRQ 空闲时间
  4. wired memory: used for in-kernel data structures

  5. Disk I/O:
  6. # gstat (check disk activity, print statistics about GEOM disks; man 8 gstat)

  7. # man gstat
  8. SEE ALSO
  9.              systat(1), geom(4), iostat(8), vmstat(8)
  10. HISTORY
  11.              A gstat utility appeared in FreeBSD 5.0.

  12. FreeBSD 9.0                     March 12, 2009                     FreeBSD 9.0

  13. diskinfo — get information about disk device

  14. > diskinfo -ctv ada0
  15. ada0
  16. 512         # sectorsize
  17. 500107862016 # mediasize in bytes (465G)
  18. 976773168   # mediasize in sectors
  19. 0           # stripesize
  20. 0           # stripeoffset
  21. 969021       # Cylinders according to firmware.
  22. 16           # Heads according to firmware.
  23. 63           # Sectors according to firmware.
  24. 5VJ9ML6Q     # Disk ident.

  25. I/O command overhead:
  26. time to read 10MB block      0.128603 sec =    0.006 msec/sector

  27. # stat (display file status)
  1. ps -axx (following processes)
  2. ps -ajx (following processes)
  3. ps -aux (following processes)

  4. A buffer is something that has yet to be "written" to disk. A cache is something that has been "read" from the disk and stored for later use.
2:lsof
  1. Show Your Network Connections

  2. # lsof -i (Show all connections with -i)
  3. COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
  4. dhcpcd 6061 root 4u IPv4 4510 UDP *:bootpc
  5. sshd 7703 root 3u IPv6 6499 TCP *:ssh (LISTEN)
  6. sshd 7892 root 3u IPv6 6757 TCP 10.10.1.5:ssh->192.168.1.5:49901 (ESTABLISHED)

  7. # lsof -iTCP (Show only TCP ,works the same for UDP)
  8. COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
  9. sshd 7703 root 3u IPv6 6499 TCP *:ssh (LISTEN)
  10. sshd 7892 root 3u IPv6 6757 TCP 10.10.1.5:ssh->192.168.1.5:49901 (ESTABLISHED)

  11. # lsof -i :22 (-i :port shows all networking related to a given port)
  12. COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
  13. sshd 7703 root 3u IPv6 6499 TCP *:ssh (LISTEN)
  14. sshd 7892 root 3u IPv6 6757 TCP 10.10.1.5:ssh->192.168.1.5:49901 (ESTABLISHED)

  15. # lsof -i@192.168.1.5 (To show connections to a specific host, use @host)
  16. sshd 7892 root 3u IPv6 6757 TCP 10.10.1.5:ssh->192.168.1.5:49901 (ESTABLISHED)

  17. # lsof -i@192.168.1.5:22 (Show connections based on the host and the port using @host:port
  18. sshd 7892 root 3u IPv6 6757 TCP 10.10.1.5:ssh->192.168.1.5:49901 (ESTABLISHED)

  19. # lsof -i| grep LISTEN (Grepping for "LISTEN" shows what ports your system is 
  20. waiting for connections on)
  21. iTunes 400 daniel 16u IPv4 0x4575228 0t0 TCP *:daap (LISTEN)

  22. # lsof -i| grep ESTABLISHED (Grepping for "ESTABLISHED" shows current active connections)
  23. firefox-b 169 daniel 49u IPv4 0t0 TCP 1.2.3.3:1863->1.2.3.4:http (ESTABLISHED)

  24. Working with Users, Processes, and Files
  25. You can also get information on various users, processes, and files on your system using lsof:
  26. # lsof -u daniel (Show what a given user has open using -u)
  27. -- snipped --
  28. Dock 155 daniel txt REG 14,2 2798436 823208 /usr/lib/libicucore.A.dylib
  29. Dock 155 daniel txt REG 14,2 1580212 823126 /usr/lib/libobjc.A.dylib
  30. Dock 155 daniel txt REG 14,2 2934184 823498 /usr/lib/libstdc++.6.0.4.dylib
  31. Dock 155 daniel txt REG 14,2 132008 823505 /usr/lib/libgcc_s.1.dylib
  32. Dock 155 daniel txt REG 14,2 212160 823214 /usr/lib/libauto.dylib
  33. -- snipped --

  34. # lsof -c syslog-ng (See what files and network connections a command is using with -c)
  35. COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
  36. syslog-ng 7547 root cwd DIR 3,3 4096 2 /
  37. syslog-ng 7547 root rtd DIR 3,3 4096 2 /
  38. syslog-ng 7547 root txt REG 3,3 113524 1064970 /usr/sbin/syslog-ng
  39. syslog-ng 7547 root mem REG 0,0 0 [heap]
  40. syslog-ng 7547 root mem REG 3,3 105435 850412 /lib/libpthread-2.4.so
  41. syslog-ng 7547 root mem REG 3,3 1197180 850396 /lib/libc-2.4.so
  42. syslog-ng 7547 root mem REG 3,3 59868 850413 /lib/libresolv-2.4.so
  43. syslog-ng 7547 root mem REG 3,3 72784 850404 /lib/libnsl-2.4.so
  44. syslog-ng 7547 root mem REG 3,3 32040 850414 /lib/librt-2.4.so
  45. syslog-ng 7547 root mem REG 3,3 126163 850385 /lib/ld-2.4.so
  46. -- snipped --

  47. # lsof /var/log/messages (Pointing to a file shows what's interacting with that file)
  48. COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
  49. syslog-ng 7547 root 4w REG 3,3 217309 834024 /var/log/messages

  50. #lsof -p 10075 (The -p switch lets you see what a given process ID has open, which is good 
  51.                  for learning more about unknown processes)
  52. -- snipped --
  53. sshd 10068 root mem REG 3,3 34808 850407 /lib/libnss_files-2.4.so
  54. sshd 10068 root mem REG 3,3 34924 850409 /lib/libnss_nis-2.4.so
  55. sshd 10068 root mem REG 3,3 26596 850405 /lib/libnss_compat-2.4.so
  56. sshd 10068 root mem REG 3,3 200152 509940 /usr/lib/libssl.so.0.9.7
  57. sshd 10068 root mem REG 3,3 46216 510014 /usr/lib/liblber-2.3
  58. sshd 10068 root mem REG 3,3 59868 850413 /lib/libresolv-2.4.so
  59. sshd 10068 root mem REG 3,3 1197180 850396 /lib/libc-2.4.so
  60. sshd 10068 root mem REG 3,3 22168 850398 /lib/libcrypt-2.4.so
  61. sshd 10068 root mem REG 3,3 72784 850404 /lib/libnsl-2.4.so
  62. sshd 10068 root mem REG 3,3 70632 850417 /lib/libz.so.1.2.3
  63. sshd 10068 root mem REG 3,3 9992 850416 /lib/libutil-2.4.so
  64. -- snipped --

  65. # lsof -t -c Mail (The -t option returns just a PID)
  66. 350
  67. # ps aux | grep Mail
  68. daniel 350 0.0 1.5 405980 31452 ?? S Mon07PM 2:50.28 /Applications/Mail.app

  69. Advanced Usage

  70. # lsof -a -u daniel -i @1.1.1.1 (Using-a allows you to combine search terms, so the query 
  71. below says, "show me everything running as daniel connected to 1.1.1.1")
  72. bkdr 1893 daniel 3u IPv6 3456 TCP 10.10.1.10:1234->1.1.1.1:31337 (ESTABLISHED)

  73. # kill -HUP `lsof -t -c sshd` (Using the -t and -c options together you can HUP processes)
  74. # kill -9 `lsof -t -u daniel` (You can also use the -t with -u to kill everything a user has open)

  75. # lsof +L1 (lsof +L1 shows you all open files that have a link count less than 1, 
  76. often indicative of a cracker trying to hide something)
  77. (hopefully nothing)

3: find
  1. Basics
  2. # find . -name "*.jpg" (find by name)
  3. # find . -user daniel (find by user)
  4. # find . -type d (find by type)
  5. # find ~/Movies/ -size +1024M  (find by size)
  6. # find /etc/ -user root -mtime 1 (find by Modification Time)

  7. The checks you can use here are:
  8. -atime: when the file was last accessed
  9. -ctime: when the file's permissions were last changed
  10. -mtime: when the file's data was last modified

  11. -amin: when (in minutes) the file was last accessed
  12. -cmin: when (in minutes) the file's permissions were last changed
  13. -mmin: when (in minutes) the file's data was last modified

  14. # find ~ -perm 777 (find by permissions)
  15. -nouser: shows output that's not associated with an existing userid
  16. -nogroup: shows output not associated with an existing groupid
  17. -links n: file has n links
  18. -newer file: file was modified more recently than file.
  19. -perm mode: file has mode permissions.

  20. Combinations
  21. # find . -user daniel -type f -name *.jpg (find .jpg images files owned by daniel)
  22. # find . -user daniel -type f -name *.jpg ! -name autumn* (!: exclude)
  23. # find /apps/ -user root -type f -amin -2 -name *.rb ( show me all ruby programs in /apps
  24. owned by root that have been accessed in the last two minutes)
  25. Combining find with exec and xargs
    # find /bin/sbin -perm +7000 -exec ls -l {} \; (含有 SGID 或 SUID 或 SBIT 的 列出来!)
    # find /bin/sbin -perm +6000 (具有 SUID 或 SGID 就列出 !)
    # find / -perm -0002 (find all files on your system that are world writable)
    # find / -nouser -print0 | xargs -0 rm  (Collect files that are not owned by valid users and delete them)

    Cookbook Examples Of find in action
    # find ~/Desktop -name "*.jpg" -o -name "*.gif" -o -name "*.png" -print0 | \
    xargs -0 mv --target-directory ~/Pictures  (Clean the images off of your *nix desktop)

    # find /your/webdir/ -type d -print0 | xargs -0 chmod 755
    # find /your/webdir -type f | xargs chmod 644 (Correct the permissions on your web dir)
    # find /etc -mtime -30  (list of files in /etc that have been modified since last month)
4: tr
  1. Basics
  2. # tr a b < originalfile > newfile (all instances of the letter a into the letter b)
  3. # tr 'a-z' 'A-Z' < originalfile > newfile (changing all lowercase to uppercase)
  4. # tr "[:lower:]" "[:upper:]" < originalfile > newfile
  5. # echo "0123456789" | tr '0-9' 'a-z'

  6. Deleting
  7. # tr -d '\r' < windowsfile > nixfile (delete the carriage returns)

  8. Squeezing
  9. # tr -s '\n' < goodfile > betterfile

  10. Cleaning Input
  11. # tr -dc 'a-z A-Z \t \n '\32'' < input > output

  12. Implementing ROT13
  13. # echo "all your base are tired of this meme" | tr 'a-z' 'n-za-m'
阅读(1034) | 评论(0) | 转发(1) |
0

上一篇:PF (Packet Filtering)

下一篇:Tcpdump

给主人留下些什么吧!~~