Linux Network System Introduction

# hostname node01 //Change for this login# hostname //Check the host name# vi /etc/hostname //Permanently change# shutdown -r now //Restart the virtual machine after the change

Windows:
		C:\Windows\system32\drivers\etc\hosts
Linux:
		# vi /etc/hosts
		# 192.168.192.100 basenode
		In the future, all virtual machines will need to be configured as hosts files

# ifconfig || # ip addr View the current network card configuration information # yum install net-tools -y Install ifconfig related packages

# netstat View the current network status information # netstat -r || # route core routing table

# ping Check if the target IP is connected # telnet Check if the target IP port is connected # yum install telnet -y

# curl -X GET http://www.baidu.com Identify the resource by specifying a unique location

#Check the firewall status systemctl status firewalld.service      
# Temporarily stop firewall
systemctl stop firewalld.service      
#Disable firewall startup systemctl disable firewalld.service    
firewall-cmd --state ##Check the firewall status to see if it is running
firewall-cmd --reload ##Reload the configuration. For example, after adding rules, you need to execute this command firewall-cmd --get-zones ##List supported zones
firewall-cmd --get-services ##List the supported services. The services in the list are allowed. firewall-cmd --query-service ftp ##Check whether the ftp service is supported. Return yes or no
firewall-cmd --add-service=ftp ##Temporarily open ftp service firewall-cmd --add-service=ftp --permanent ##Permanently open ftp service firewall-cmd --remove-service=ftp --permanent ##Permanently remove ftp service firewall-cmd --add-port=80/tcp --permanent ##Permanently add port 80

Open a port execution process# Add firewall-cmd --zone=public --add-port=80/tcp --permanent
#Reload firewall-cmd --reload
#View firewall-cmd --zone=public --query-port=80/tcp
#Delete firewall-cmd --zone=public --remove-port=80/tcp --permanent

# Hash algorithms are often used in irreversible password storage and information integrity verification.
# Documents, audio and video files, software installation packages, etc. are compared with the old and new summaries to see if they are the same (whether the received files have been modified)
# Username or password is encrypted and stored in the database (most databases do not store key information in plain text, just like many login functions where forgotten passwords cannot be retrieved but can only be reset)

Advantages: The algorithm for generating keys is public, the amount of calculation is small, the encryption speed is fast, the encryption efficiency is high, and the key is relatively scarce. Points: The key shared by both parties, if one party's key is stolen, will affect both parties. If different keys are generated for each customer, the number of keys will be huge, and key management will be stressful. Application scenarios: Login information, user name and password encryption, transmission encryption, instruction encryption

Asymmetric encryption algorithms require a pair of keys (two keys):
Public key (publickey) and private key (privatekey) (abbreviated as public key and private key).
When the public key and private key are generated, they are a pair. Encryption with the public key can only be decrypted with the corresponding private key. Similarly, encryption with the private key can only be decrypted with the corresponding public key.
Representative algorithms are called RSA, ECC, Diffie-Hellman, El Gamal, DSA (for digital signatures)
advantage:
High security (almost impossible to crack)
Disadvantages: Relatively slow encryption and decryption speed, long key, large amount of calculation, low efficiency. Application scenarios: HTTPS (ssl) certificate production, CRS certificate request, financial communication encryption, Bluetooth and other hardware information encryption pairing transmission, key login information verification.

# ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa Generate key# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected] Send public key# ll -a Check whether the .ssh/ folder is generated in 192.168.192.101# cd .ssh/ ——> # cat authorized_keys View the key# scp file [email protected]:~ Send file

[root@basenode ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.192.101 (192.168.192.101)' can't be established.
ECDSA key fingerprint is SHA256:EV00Zl3Snn9UREndOJHXpzfAhDYkB3lLysSjiE/RlRo.
ECDSA key fingerprint is MD5:86:be:05:0d:92:84:79:c0:6f:9b:9a:47:67:64:28:07.
Are you sure you want to continue connecting (yes/no)? yes

Cause:
Cannot determine realm for numeric host
Solution 1--This time ssh -v -o GSSAPIAuthentication=no [email protected]
Solution 2 - Modify the configuration of /etc/ssh/ssh_config file, and this problem will not occur again. Add the following at the end:
StrictHostKeyChecking no
UserKnownHostsFile /dev/null

# ll /etc/localtime View time zone# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime Change time zone to Shanghai# ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime Change time zone to Los Angeles# date View current time# cal 2021 View calendar# date -s '2019-11-11 11:11:11' Modify time

# yum install ntp -y Install time synchronization service # ntpdate cn.ntp.org.cn Automatically synchronize network time center Automatically synchronize network time center Local NTP service:
NTP Server	
# vi /etc/ntp.conf
		#========Permission Control============
	restrict default kod nomodify notrap nopeer noquery Deny IPV4 users restrict -6 default kod nomodify notrap nopeer noquery Deny IPV6 users restrict 210.72.145.44 Authorize the National Time Service Center server to access the local NTP   
	restrict 133.100.11.8 authorizes 133.100.11.8 to access the local NTP
	restrict 127.0.0.1
	restrict -6 ::1
	restrict 192.168.88.2 mask 255.255.255.0 nomodify Local network segment authorized access #=========Source Server===========
	server cn.ntp.org.cn prefer specifies the superior update time server, and this address is used first #=========Difference Analysis===========
	driftfile /var/lib/ntp/drift
	keys /etc/ntp/keys
	
	
# systemctl start ntpd.service Start the local NTP server # ntpdate 192.168.192.101 Synchronize time

# useradd sam add a new user, create a group with the same name and a home directory # password 123 set a password # userdel -r delete a user and delete in cascade mode # usermod -l sam sum modify the username without modifying the home directory and group # usermod -L sam lock the username # usermod -U sam unlock the username # cat /etc/shadow username and password # cat /etc/passwd username, number, group number, home directory, command, directory 6.5 system 0-499 common 500+ 7.6 system 0-999 common 1000+

#su sam switch user

# groupadd lucky creates a group# groupdel lucky deletes a group# groupmod -n bdp lucky modifies the group name# groups checks the group corresponding to the user# groups bdpboy When we create a user, a primary group with the same name is created by default# usermod -g lucky bdpboy (primary group) modifies the user's group# usermod -G lucky bdpls (subsidiary group modifies the user's group

# ll -a View the UGO model of file detailed information permissions u:user File owner g:group File group user o:other Other users rwx
r:read read permission w:write write permission x: execute permission -: no permission

Modify the file permissions to modify the file ownership # chown n1 /var/lucky1
# chown n1:m1 /var/lucky2
When modifying a folder, allow subdirectories to be modified iteratively #chown -R n1:m1 bdp
#chgrp m2 lucky3
When the user's group is modified, you need to log in again to obtain the new group's permissions to modify the file's rwx
# chmod o+w lucky4
# chmod ug+rw lucky4
# chmod ugo-rw lucky4
(Permissions RWX correspond to the numbers 4 2 1 5 = 4+0+1 rx)
# chmod 664 lucky4 ->(rw- rw-r--)

# vim /etc/sudoers
#visudo
Modify Line 99
n1 ALL=(root) /sbin/useradd
n1 ALL=(root) /sbin/*


Use # su n1 to switch users # sudo chkconfig iptables off

grep powerful search tool# cat profile | grep if
# ls / | grep ^t

# Change the position and direction of data output# 0 in 1 out 2 err# ls / 1> lucky standard output# ls / > lucky standard output# ls abcd 2>lucky error output# > replace>> append# ls / 1>> lucky# ls / 1> lucky# Combined use# ls /etc /abc > lucky 2>&1# ls /etc /abc >> lucky 2>&1# Information black hole# ls /etc /abc >> /dev/null 2>&1

Process information# ps -ef# UID PID PPID C STIME TTY TIME CMD# UID user# PID current process number# PPID current process number's parent process number# ps -ef | grep redis# ps -aux# All information# ps -aux --sort -pcpu# top# Current server memory usage background process# Just add an & symbol after the command# ping www.baidu.com >> baidu &# jobs -l# You can view the current background process# But only the current user interface can get it# nohup can prevent the background process from being suspended# nohup ping www.baidu.com >> baidu 2>&1 & Kill the processkill -9