procps系统和进程监视工具集。。

今天突然想起来还有一个命令sysctl。。以前看教程的时候总会出现这个命令。。也没深究。。今天正好有空来研究一下。。。

rpm -qf `which sysctl`

查询一下这个命令属于哪个rpm包。。。显示结果如下

/bin/ps

/lib/libproc-3.2.7.so

/sbin/sysctl

/usr/bin/free

/usr/bin/pgrep

/usr/bin/pkill

/usr/bin/pmap

/usr/bin/pwdx

/usr/bin/skill

/usr/bin/slabtop

/usr/bin/snice

/usr/bin/tload

/usr/bin/top

/usr/bin/uptime

/usr/bin/vmstat

/usr/bin/w

/usr/bin/watch

经过修整。。。基本上带了这些命令。。。很熟悉。。top,uptime,vmstat,w,watch,free等命令以前基本上都见过。。。。

原来这是一个工具集。。。。以前只顾学习命令。。也不知道这些东东原来都是一个工具集。。。

从简单到复杂挨着看一遍吧。。。。反正闲着也是闲着。。

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

sysctl – configure kernel parameters at runtime

sysctl is used to modify kernel parameters at runtime. The parameters available are those listed under

/proc/sys.

-n   不打印关键字(key name)

-w     改变sysctl设置

-p   从/etc/sysctl.conf文件中读取配置。。。

man pgrep

显示如下:

pgrep,pkill – look up or signal processes based on name and other attributes

参数很多。。记住常用的就行了。。

pgrep [-flvx] [-d delimiter] [-n|-o] [-P ppid,…] [-g pgrp,…]

            [-s sid,…] [-u euid,…] [-U uid,…] [-G gid,…]

            [-t term,…] [pattern]

描述:

pgrep look throught the currently running processes and lists the process IDs which matches the selection criteria to stdout . All the criteria have to match. For example,

顺便练一下英语。。翻译一下

pgrep 通过匹配选择的进程名来观察浏览正在运行中的进程然后列出进程ID并打印输出到标准输出(屏幕)

来几个例子

pgrep -u root sshd

will only list the processes called sshd AND owned by root. On the other hand

pgrep -u root,daemon

will list the processes owned by root or daemon

pkill will send the special signal to each process instead of listing them on stdout

OPTIONS

-d delimiter

Sets the string used to delimit each process ID in the output(by default a newline).(pgrep only)

设置各个进程之间ID分隔符(delimiter)(默认是换行)(只对pgrep有效)

-f

The pattern is normally only matched against the process name. When -f is set, The full command line is used.

没搞懂什么意思。。以后再说啦。。。

-g pqrp,…..

Only match processes in the process group IDs listed. Process group 0 is translated into pgrep’s or own process group.

仅仅匹配所列进程组ID的进程,进程组0翻译成pgrep或者pkill自己进程组

-G gid

Only match process whose real group ID is listed . Either the numerical or symbolical value may be used

匹配真实组ID的进程将被列出

-l

List the process name as well as the processId (pgrep only)

把进程名和ID对应的列出来

-P

Only match processes whose parent process ID is listed

匹配进程的父ID。。。。

-s sid

匹配进程的session id

-u euid 有效用户ID

-U uid 真实用户ID

-v   Negates the matching

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

pmap – report memory map of a process

pmap [ -x | -d ] [ -q ] pids…

pmap -V

   -x   extended       Show the extended format.

       -d   device         Show the device format.

       -q   quiet          Do not display some header/footer lines.

       -V   show version   Displays version of program.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

pwdx – report current working directory of a process

pwdx pids….

pwdx -V

DESCRIPTION

The pwdx command reports the current working directory of a process or processes

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

第四场足球比赛。。。。

不知不觉。。足球赛已经踢到第四场了。。最佳后卫来了。。啥都不怕了。。哈哈。。今天踢得太爽了。。

我和小敏一人进两球。。4-0。。呵呵。。踢得太放松了。。跟上体育课踢得一样。。丢球了也不害怕。。。。呵呵

下半场摔了一跤。。。不过挺值的。。因为进球了。。哈哈

爽。。下一场跟大三的踢。。。估计不好踢。。。再拼一场了。。

BASH 中的字符串处理

得到长度

CODE:
%x=”abcd”

#方法一

%expr length $x

4

# 方法二

%echo ${#x}

4

# 方法三

%expr “$x” : “.*”

4

# expr 的帮助

# STRING : REGEXP anchored pattern match of REGEXP in STRING



查找子串

CODE:
%expr index   $x “b”

2

%expr index   $x “a”

1

%expr index   $x “b”

2

%expr index   $x “c”

3

%expr index   $x “d”

4



得到子字符串

CODE:
# 方法一

# expr <string> startpos length

%expr substr “$x” 1 3

abc

%expr substr “$x” 1 5

abcd

%expr substr “$x” 2 5

bcd

# 方法二

# ${x:pos:lenght}

%echo ${x:1}

bcd

%echo ${x:2}

cd

%echo ${x:0}

abcd

%echo ${x:0:2}

ab

%pos=1

%len=2

%echo ${x:$pos:$len}

bc



匹配正则表达式

CODE:
# 打印匹配长度

%expr match $x “.”

1

%expr match $x “abc”

3

%expr match $x “bc”

0



字符串的掐头去尾

CODE:
%x=aabbaarealwwvvww

%echo “${x%w*w}”

aabbaarealwwvv

%echo “${x%%w*w}”

aabbaareal

%echo “${x##a*a}”

lwwvvww

%echo “${x#a*a}”

bbaarealwwvvww



其中 , # 表示掐头, 因为键盘上 # 在 $ 的左面。

其中 , % 表示%,   因为键盘上 % 在 $ 的右面。

单个的表示最小匹配,双个表示最大匹配。

也就是说,当匹配的有多种方案的时候,选择匹配的最大长度还是最小长度。


字符串的替换


CODE:

%x=abcdabcd

%echo ${x/a/b} # 只替换一个

bbcdabcd

%echo ${x//a/b} # 替换所有

bbcdbbcd



不可以使用 regexp , 只能用 * ? 的文件扩展方式。

/dev/null与/dev/zero的区别与使用

/dev/null,外号叫无底洞,你可以向它输出任何数据,它通吃,并且不会撑着!

/dev/zero,是一个输入设备,你可你用它来初始化文件。

/dev/null,外号叫无底洞,你可以向它输出任何数据,它通吃,并且不会撑着!

/dev/zero,是一个输入设备,你可你用它来初始化文件。



/dev/null——它是空设备,也称为位桶(bit bucket)。任何写入它的输出都会被抛弃。如果不想让消息以标准输出显示或写入文件,那么可以将消息重定向到位桶。

/dev/zero——该设备无穷尽地提供0,可以使用任何你需要的数目——设备提供的要多的多。他可以用于向设备或文件写入字符串0。

$if=/dev/zero of=./test.txt bs=1k count=1

$ ls -l

total 4

-rw-r–r–     1 oracle    dba           1024 Jul 15 16:56 test.txt

eg,

     find / -name access_log   2>/dev/null

这样,一些诸如一些错误信息就不会显示出来。

linux DD的用法(zz)

The basic command is structured as follows:

dd if=<source> of=<target> bs=<byte size>(some power of 2, not less than 512 bytes(ie, 512, 1024, 2048, 4096, 8192, 16384) conv=<conversion>.

Source is the data being read. Target is where the data gets written. If you mess up, and accidently reverse the source and target, you can wipe out a lot of data.


Examples::

Copy one hard disk partition to another hard disk:


dd if=/dev/sda2 of=/dev/sdb2 bs=4096 conv=notrunc,noerror


sda2, sdb2 are partitions. You want to copy sda2 to sdb2. If sdb2 doesn’t exist, dd will start at the beginning of the disk, and create it. Be careful with order of if and of. You can write a blank disk to a good disk if you get confused.

Make an iso image of a CD:


dd if=/dev/hdc of=/home/sam/mycd.iso bs=2048 conv=notrunc


CD sectors are 2048 bytes, so this copies sector for sector. The result will be a hard disk image file of the CD. You can use “chmod a+rwx mycd.iso” to make the image writable. You can mount the image with “mkdir /mnt/mycd”, this line in fstab: “/home/sam/mycd.iso /mnt/mycd iso9660 rw,user,noauto 0 0″, save fstab, “mount -o loop /mnt/mycd”. Then the file system will be viewable as files and directories in the directory /mnt/mycd. You can edit the image as you wish, and the new file will be “/home/sam/mycd.iso” dd does not write to CD’s. You need to use a burning utility, or the cdrdao command

Copy a floppy disk:


dd if=/dev/fd0 of=/home/sam/floppy.image bs=2x80x18b conv=notrunc


The 18b specifies 18 sectors of 512 bytes, the 2x multiplies the sector size by the number of heads, and the 80x is for the cylinders–a total of 1474560 bytes. This issues a single 1474560-byte read request to /dev/fd0 and a single 1474560 write request to /tmp/floppy.image. This makes a hard drive image of the floppy, with bootable info intact.

Copy a hard drive image of a floppy to a floppy:


dd if=/home/sam/floppy.image of=fd0 bs=2x80x18b conv=notrunc

Copy just the MBR and boot sector of a floppy to hard drive image:


dd if=/dev/fd0 of=/home/sam/MBRboot.image bs=512 count=2


This copies the first 2 sectors of the floppy

Cloning an entire hard disk:


dd if=/dev/sda of=/dev/sdb conv=notrunc,noerror


in this example, sda is the source. sdb is the target. Do not reverse the intended source and target. Surprisingly many people do. notrunc means to not truncate. noerror means to keep going if there is an error. Normally dd stops at any error. if you have a question about a hard drive on whether or not it works, you can try to use it as the source drive for the dd command. You should get an error if it is not working. target drives need to be really messed up to give an error in dd.

Copy MBR only of a hard drive:


dd if=/dev/sda of=/home/sam/MBR.image bs=446 count=1


this will copy the first 446 bytes of the hard drive to a file. If you haven’t already guessed, reversing the objects of if and of, in the dd command line reverses the direction of the write.


Wipe a hard drive of all data (you would want to boot from a cd to do this)

http://www.efense.com/helix is a good boot cd


the helix boot environment contains the DoD version of dd called dcfldd. It works the same way, but is has a progress bar.


dd if=/dev/zero of=/dev/sda conv=notrunc


This is useful for getting rid of viruses, DRM trojans and the like.


It would be useful, at this time to interject a tip:


I have several machines, but on the one I use a lot I have two SATA hard drives. They are exactly the same. Before I do anything dangerous, I boot from the helix CD, run


dcfldd if=/dev/sda of=/dev/sdb bs=4096 conv=notrunc,noerror


and copy my present working sda drive system to the sdb drive. If I wreck the installation on sda, I just boot with the helix cd and


dcfldd if=/dev/sdb of=/dev/sda bs=4096 conv=notrunc,noerror


Please note: bs=4096 works fast for machines with at least 128 MB of ram. dd uses a lot of buffers. At bs=4096, on modern machines, the optimal transfer rate is reached for hard drives.

To make a file of 100 random bytes


dd if=/dev/urandom of=/home/sam/myrandom bs=1 count=100


Here, urandom is the linux random byte device. myrandom is a file. Byte size equals 1 and there are 100 of them. Gpg requires a random seed to generate keys. Generating a file of say 4096 random bytes, which can be passed to Gpg, will allow a truly random seed.


Write random data over a file before deleting it:

first do an ls -l to find filesize. In this case it is 3769


ls -l afile

-rw——- … 3769 Nov 2 13:41 <filename>

dd if=/dev/urandom of=<filename> bs=3769 count=1 conv=notrunc


This will write random characters over the entire file.

Copy a disk partition to a file on a different partition. Do not copy a partition to the same partition.


dd if=/dev/sdb2 of=/home/sam/partition.image bs=4096 conv=notrunc,noerror


This will make a file that is an exact duplicate of the sdb2 partition. You can substitue hdb, sda, hda, or whatever the disk is called.

Restore a disk partition from an image file.


dd if=/home/sam/partition.image of=/dev/sdb2 bs=4096 conv=notrunc,noerror


This way you can get a bazonga hard drive and partition it so you can back up your root partition. If you mess up your root partition, you just boot from the helix cd and restore the image.

To covert a file to all uppercase:


dd if=filename of=filename conv=ucase

Copy ram memory to a file:


dd if=/dev/mem of=/home/sam/mem.bin bs=1024


The device /dev/mem is your system memory. You can actually copy any blobk or character device to a file with dd. Memory capture on a fast system, with bs=1024 takes about 60 seconds. Copying a 120 GB HDD takes about an hour. Copying a CD to hard drive takes about 10 minutes. Copying a floppy to a hard drive takes about 2 minutes. With dd, your floppy drive images will not change at all. If you have a bootable DOS diskette, and you save it to your HDD as an image file, when you restore that image to another floppy it will be bootable. dd is an excellent way to make an image of MS Windows XP install CD’s. When you make a copy of such a cd, there is one sector that is of nonstandard length. It is the last sector. dd doesn’t pad this sector, making the copy indistinguishable from the original. If you burn the CD using cdrdao, the resulting disk will be an absolutely exact copy of the original.

Login Problems

看了好长时间login problems 写点总结吧。。。来点英文?呵。。。。

1.If a user can’t log in,use chage to see whether login for the accout is disabled due to password aging settings

2.If login only fails for the root user,try logging in as a normal user and using su to switch to root because /etc/securetty might exist but contain no devices.

3.If at least one user can log in,the global login restrction file /etc/nologin is not the trouble.If all users are having login problems,check for /etc/nologin and look for PAM module problems.

4.If you are still having problems, you could try creating a new user with the default dot configuration files to verify that customization of .bash_profile or some other dot file is not preventing successful logins.

一。/etc/passwd,/etc/shadow and Password Aging

行了。。该弄中文了。。都是从trouble shooting上翻译过来的

如果用户不能登陆,首先确认用户是否存在          文件/etc/passwd

grep “user” /etc/passwd

如果用户存在然后确认文件/etc/shadow

bob:$1$lIDEzDIs$mVFLa6ZVsSolJS8yPc3/o.:12800:0:99999:7:::

一共有九个域。。。上一篇已经写过了。。不复习了

三个命令chage,passwd,and usermod

#chage -l bob
Minimum:    0                    第四个域
Maximum:    99999                第五个域
Warning:    7                    第六个域
Inactive:    -1                  第七个域(account disabled)
Last Change:  Jan 17,2005         第三个域
Password Expires:   never         第三个域+第五个域
Password Inactive:   never       第三个域+第五个域+第七个域
Account Expires:    never        第八个域

根据不能登陆的现象。。第一步可以用chage -l   确定密码没有过期,帐户处于active状态。

常见问题有:

1.密码过期

解决方法:

chage -M 99999 username

把最大修改密码天数改为99999(哼,看你还过期不。。)

2.帐户过期

解决方法:

chage -E -1 username

两个命令

usermod -e 日期 username     //帐户过期时间   跟chage -E一样

usermod -f 天数 username     

Set number of days of inactivity before account login is disabled; same as chage -I

passwd命令

passwd -n   设定两数密码修改最小的天数   同 chage -m

passwd -x    设定密码必须在多少天后修改   同 chage -M

Locking Accounts

usermod -L <username>

Lock the account

usermod -U <username>

Unlock the account

passwd -l <username>

Lock the account

passwd -u <username>

Unlock the account

其实用户被LOCK,也就是在/etc/shadow文件中密码前加一个"!"号

pwck

Linux provides the pwck command to look for /etc/passwd and /etc/shadow problems. This command validates field entries and looks for duplicate lines. No output from pwck means it didn't identify any problems. It will not find all problems, so you might need to inspect the passwd and shadow files line by line to confirm the lines are correct. The following error is caused by user rob not having an entry in /etc/shadow. The pwck command didn't catch it.

passwd rob
Changing password for user rob.
passwd: Authentication token manipulation error
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<font color="#000000" size="2">还有一类问题就是配置文件</font>
<font color="#000000" size="2">两个文件</font>
<font color="#000000" size="2">/etc/securitty     The <tt><font face="新宋体">/etc/securetty</font></tt> file is intended as a method for limiting <a name="iddle2153"/>root logins to a list of <tt><font face="新宋体">tty</font></tt> devices. If <tt><font face="新宋体">/etc/securetty</font></tt> exists, root login is permitted only from those devices.</font>
<font color="#000000" size="2">/etc/nologin       如果有这个文件存在,那么系统只允许root用户登陆</font>
<font color="#000000" size="2">现象:</font>
<font color="#000000" size="4"><pre>Red Hat Linux release 9 (Shrike)
Kernel 2.4.20-8 on an i686

sawnee.somecomp.com login: dave
Password:
Sorry.  System Maintenance in progress. System unavailable until 15:00 on
1/19.

Login incorrect

login:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

问题:

  1. Are PAM modules or libraries missing?

  2. Have PAM modules or libraries been changed?

<p class="docList">Have PAM directory or file permissions been modified?</p><p class="docList">1./etc/pam.d/login文件missing</p><p class="docList">现象:</p><p class="docList"><font color="#ff0000" size="2">Red Hat Linux release 9 (Shrike)
Kernel 2.4.20-8 on an i686

sawnee.somecomp.com login: root
Login incorrect

Login incorrect

Login incorrect
Login incorrect

Red Hat Linux release 9 (Shrike)
Kernel 2.4.20-8 on an i686

sawnee.somecomp.com login:</font></p><p class="docList"> </p><p class="docList"><font color="#000000" size="2">然后它就会用/etc/pam.d/other这个模块验证</font></p><font color="#000000" size="2"><p class="docText">What happens if <tt><font face="新宋体">other</font></tt> is missing too?</p><pre><font color="#ff0000" size="3">Red Hat Linux release 9 (Shrike)
Kernel 2.4.20-8 on an i686
sawnee.somecomp.com login: root
login: PAM Failure, aborting: Critical error - immediate abort

Red Hat Linux release 9 (Shrike)
Kernel 2.4.20-8 on an i686

sawnee.somecomp.com login:</font>
 
<font color="#000000" size="3">直接提示"PAM Failure"</font>
<font color="#000000" size="3">再接着往最坏的地方想.......</font>
<font size="+0"><font color="#ff0000" size="4">Missing </font><a name="iddle1461"/><a name="iddle1516"/><font color="#ff0000" size="4">/etc/pam.d directory</font></font>
<font size="+0"><font color="#000000" size="4">哇哇。。文件夹都没了。。</font></font>
<font size="+0"><font color="#000000" size="4"><pre>#cd /etc
#mkdir pam.d
#chmod 755 pam.d
#cd pam.d
 
Create a file called <tt><font face="新宋体">login</font></tt> with the following entries:
auth     required   pam_permit.so
account  required   pam_permit.so
password required   pam_permit.so
session  required   pam_permit.so
<h4 class="docSection2Title"><a name="iddle1869"/><a name="iddle2427"/><font color="#000000" size="2">Validate Modules</font></h4><p class="docText"><font color="#000000" size="2">The <tt><a name="iddle1262"/><font face="新宋体">rpm</font></tt> command verifies that the files in a package are the same as when they were installed</font><a name="d0e41709"/><font color="#000000" size="2">. If an application isn't acting right, and PAM is suspected, try verifying that the module is the same as when it was delivered. For example,</font><a name="d0e41711"/><a name="d0e41712"/></p><div class="docText"><pre><font color="#000000" size="2">#</font><a name="iddle2159"/><font color="#000000" size="2">rpm -V -f /etc/pam.d/login
.......T c /etc/pam.d/login</font>


The T means the timestamp has changed, and the c indicates /etc/pam.d/login is a configuration file. Please note that the previous syntax verifies the package that delivered the login file and not just the login file itself.

The rpm command is a valuable troubleshooting tool. If you have not read through the rpm(8) man page, you should consider it.

It can be tempting just to verify the PAM packages, but this approach does not prove that the modules are ok. The modules are delivered by the applications that use them. For example:

<font color="#000000" size="2">#rpm -q -f /etc/pam.d/login
util-linux-2.11y-9.progeny.1
#rpm -q -f /etc/pam.d/sshd
openssh-server-3.5p1-11.progeny.2
#rpm -q -f /etc/pam.d/samba
samba-2.2.7a-8.9.0</font>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

还有一类就是shell的问题,涉及到几个文件 In order is:

/etc/.profile

~/.bash_profile

~/.bash_login

~/.profile

这种问题解决的方法最easy了。。。从temp文件中复制一个过来就OK了。。。。

<pre># ls -al /etc/skel
total 52
drwxr-xr-x    4 root    root       4096 Feb 11 05:51 .
drwxr-xr-x   72 root    root       8192 Feb 12 06:41 ..
-rw-r--r--    1 root    root         24 Aug 18 13:23 .bash_logout
-rw-r--r--    1 root    root        191 Aug 18 13:23 .bash_profile
-rw-r--r--    1 root    root        124 Aug 18 13:23 .bashrc
-rw-r--r--    1 root    root       5542 Sep 16  2003 .canna
-rw-r--r--    1 root    root        237 Feb  3 10:55 .emacs
-rw-r--r--    1 root    root        120 Aug 24 08:44 .gtkrc
drwxr-xr-x    3 root    root       4096 Aug 12  2002 .kde
drwxr-xr-x    2 root    root       4096 Feb 11 05:49 .xemacs
-rw-r--r--    1 root    root        220 Nov 28  2002 .zshrc
新建用户的时候就是从这里复制了。。嗯。。挺好。。
<font color="#ff0000">总结: </font>

  • If a user can't log in, use chage to see whether login for the account is disabled due to password aging settings.

  • If login only fails for the root user, try logging in as a normal user and using su to switch to root because /etc/securetty might exist but contain no devices.

  • If at least one user can log in, the global login restriction file /etc/nologin is not the trouble. If all users are having login problems, check for /etc/nologin and look for PAM module problems.

  • If you are still having problems, you could try creating a new user with the default dot configuration files to verify that customization of .bash_profile or some other dot file is not preventing successful logins.


 

 

老外写得就是比国人写得好。。讲得比较详细。。透彻。。而且也比较幽默。。呵