Skip to content

RHEL

常用操作

系统更新

bash
sudo dnf clean all && sudo dnf makecache && sudo dnf update
sudo yum clean all && sudo yum makecache && sudo yum update
sudo dnf clean all && sudo dnf makecache && sudo dnf update
sudo yum clean all && sudo yum makecache && sudo yum update

查看系统信息

bash
# 查看CentOS版本
cat /etc/centos-release
# 查看AlmaLinux版本
cat /etc/almalinux-release
# 查看RockyLinux版本
cat /etc/rocky-release
# 查看CentOS版本
cat /etc/centos-release
# 查看AlmaLinux版本
cat /etc/almalinux-release
# 查看RockyLinux版本
cat /etc/rocky-release

机器名

bash
# 查看当前机器名
hostnamectl
# 修改机器名
sudo hostnamectl set-hostname host.aaa.com
# 查看当前机器名
hostnamectl
# 修改机器名
sudo hostnamectl set-hostname host.aaa.com

SELinux

查看当前状态

bash
getenforce
getenforce

临时关闭

bash
setenforce 0
setenforce 0

永久关闭

bash
sudo sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sudo sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

手工关闭

bash
vi /etc/selinux/config
vi /etc/selinux/config
bash
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

防火墙

常用命令

bash
# 查看版本
firewall-cmd --version
# 重启防火墙
firewall-cmd --reload
# 显示状态
firewall-cmd --state
# 查看所有打开的端口
firewall-cmd --zone=public --list-ports
# 查看区域信息
firewall-cmd --get-active-zones
# 查看指定接口所属区域
firewall-cmd --get-zone-of-interface=eth0
# 拒绝所有包
firewall-cmd --panic-on
# 取消拒绝状态
firewall-cmd --panic-off
# 查看是否拒绝
firewall-cmd --query-panic
# 查看端口状态
firewall-cmd --zone=public --query-port=80/tcp
firewall-cmd --zone=public --query-port=443/tcp
# 查看版本
firewall-cmd --version
# 重启防火墙
firewall-cmd --reload
# 显示状态
firewall-cmd --state
# 查看所有打开的端口
firewall-cmd --zone=public --list-ports
# 查看区域信息
firewall-cmd --get-active-zones
# 查看指定接口所属区域
firewall-cmd --get-zone-of-interface=eth0
# 拒绝所有包
firewall-cmd --panic-on
# 取消拒绝状态
firewall-cmd --panic-off
# 查看是否拒绝
firewall-cmd --query-panic
# 查看端口状态
firewall-cmd --zone=public --query-port=80/tcp
firewall-cmd --zone=public --query-port=443/tcp

系统服务

bash
# 查看防火墙状态
systemctl enable firewalld
# 查看防火墙状态
systemctl status firewalld
# 启动防火墙
systemctl start firewalld
# 启动防火墙
systemctl restart firewalld
# 关闭防火墙
systemctl stop firewalld
# 查看防火墙状态
systemctl enable firewalld
# 查看防火墙状态
systemctl status firewalld
# 启动防火墙
systemctl start firewalld
# 启动防火墙
systemctl restart firewalld
# 关闭防火墙
systemctl stop firewalld

开启常见端口

bash
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=81/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --permanent --zone=public --add-port=8000/tcp
firewall-cmd --permanent --zone=public --add-port=8080/tcp
firewall-cmd --permanent --zone=public --add-port=8081/tcp
firewall-cmd --permanent --zone=public --add-port=8180/tcp
firewall-cmd --permanent --zone=public --add-port=8181/tcp
# MySQL
firewall-cmd --permanent --zone=public --add-port=3306/tcp
firewall-cmd --permanent --zone=public --add-port=3308/tcp
# RabbitMQ
firewall-cmd --permanent --zone=public --add-port=5672/tcp
firewall-cmd --permanent --zone=public --add-port=15672/tcp
# Redis
firewall-cmd --permanent --zone=public --add-port=6379/tcp
# MongoDB
firewall-cmd --permanent --zone=public --add-port=27017/tcp
# Elasticsearch
firewall-cmd --permanent --zone=public --add-port=9200/tcp
firewall-cmd --permanent --zone=public --add-port=9300/tcp
# Kibana
firewall-cmd --permanent --zone=public --add-port=5601/tcp
# Logstash
firewall-cmd --permanent --zone=public --add-port=5044/tcp
# APM Server
firewall-cmd --permanent --zone=public --add-port=8200/tcp
# LibreOffice Online
firewall-cmd --permanent --zone=public --add-port=9980/tcp
firewall-cmd --permanent --zone=public --add-port=9981/tcp
# OnlyOffice Document Server
firewall-cmd --permanent --zone=public --add-port=9880/tcp
firewall-cmd --permanent --zone=public --add-port=9881/tcp
# OnlyOffice Community Server
firewall-cmd --permanent --zone=public --add-port=9780/tcp
firewall-cmd --permanent --zone=public --add-port=9781/tcp
#
firewall-cmd --permanent --zone=public --add-port=62772/tcp
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=81/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --permanent --zone=public --add-port=8000/tcp
firewall-cmd --permanent --zone=public --add-port=8080/tcp
firewall-cmd --permanent --zone=public --add-port=8081/tcp
firewall-cmd --permanent --zone=public --add-port=8180/tcp
firewall-cmd --permanent --zone=public --add-port=8181/tcp
# MySQL
firewall-cmd --permanent --zone=public --add-port=3306/tcp
firewall-cmd --permanent --zone=public --add-port=3308/tcp
# RabbitMQ
firewall-cmd --permanent --zone=public --add-port=5672/tcp
firewall-cmd --permanent --zone=public --add-port=15672/tcp
# Redis
firewall-cmd --permanent --zone=public --add-port=6379/tcp
# MongoDB
firewall-cmd --permanent --zone=public --add-port=27017/tcp
# Elasticsearch
firewall-cmd --permanent --zone=public --add-port=9200/tcp
firewall-cmd --permanent --zone=public --add-port=9300/tcp
# Kibana
firewall-cmd --permanent --zone=public --add-port=5601/tcp
# Logstash
firewall-cmd --permanent --zone=public --add-port=5044/tcp
# APM Server
firewall-cmd --permanent --zone=public --add-port=8200/tcp
# LibreOffice Online
firewall-cmd --permanent --zone=public --add-port=9980/tcp
firewall-cmd --permanent --zone=public --add-port=9981/tcp
# OnlyOffice Document Server
firewall-cmd --permanent --zone=public --add-port=9880/tcp
firewall-cmd --permanent --zone=public --add-port=9881/tcp
# OnlyOffice Community Server
firewall-cmd --permanent --zone=public --add-port=9780/tcp
firewall-cmd --permanent --zone=public --add-port=9781/tcp
#
firewall-cmd --permanent --zone=public --add-port=62772/tcp

关闭端口

bash
firewall-cmd --permanent --zone=public --remove-port=80/tcp
firewall-cmd --permanent --zone=public --remove-port=3306/tcp
firewall-cmd --permanent --zone=public --remove-port=6379/tcp
firewall-cmd --permanent --zone=public --remove-port=80/tcp
firewall-cmd --permanent --zone=public --remove-port=3306/tcp
firewall-cmd --permanent --zone=public --remove-port=6379/tcp

系统缓存占用高

新建脚本

bash
#
mkdir -p /data/app/tools
#
touch /data/app/tools/clear-cache.sh
#
vi /data/app/tools/clear-cache.sh
#
chmod a+x /data/app/tools/clear-cache.sh
#
mkdir -p /data/app/tools
#
touch /data/app/tools/clear-cache.sh
#
vi /data/app/tools/clear-cache.sh
#
chmod a+x /data/app/tools/clear-cache.sh

内容如下

bash
#!/bin/bash
Mem=$(free -m | awk 'NR==2' | awk '{print $4}')
if [ $Mem -gt 1024 ];
then
echo "Service memory capacity is normal!" > /dev/null
else
sync
echo "1" > /proc/sys/vm/drop_caches
echo "2" > /proc/sys/vm/drop_caches
echo "3" > /proc/sys/vm/drop_caches
sync
fi
#!/bin/bash
Mem=$(free -m | awk 'NR==2' | awk '{print $4}')
if [ $Mem -gt 1024 ];
then
echo "Service memory capacity is normal!" > /dev/null
else
sync
echo "1" > /proc/sys/vm/drop_caches
echo "2" > /proc/sys/vm/drop_caches
echo "3" > /proc/sys/vm/drop_caches
sync
fi

新建定时任务

bash
crontab -e
crontab -e
# clear cache
*/30 * * * * /data/app/tools/clear-cache.sh
# clear cache
*/30 * * * * /data/app/tools/clear-cache.sh

HCache

安装

bash
wget https://silenceshell-1255345740.cos.ap-shanghai.myqcloud.com/hcache
chmod +x hcache
mv hcache /usr/local/bin/
wget https://silenceshell-1255345740.cos.ap-shanghai.myqcloud.com/hcache
chmod +x hcache
mv hcache /usr/local/bin/

使用

bash
# 查看使用缓存最多的前10个进程
hcache -top 10
# 查看进程缓存使用
hcache -pid 1397
# 查看使用缓存最多的前10个进程
hcache -top 10
# 查看进程缓存使用
hcache -pid 1397

磁盘性能测试

安装

bash
yum install fio -y
yum install fio -y

随机读

bash
fio -filename=test.file -direct=1 -iodepth 1 -thread -rw=randread -ioengine=psync -bs=16k -size=10G -numjobs=10 -runtime=60 -group_reporting -name=test
fio -filename=test.file -direct=1 -iodepth 1 -thread -rw=randread -ioengine=psync -bs=16k -size=10G -numjobs=10 -runtime=60 -group_reporting -name=test

随机写

bash
fio -filename=test.file -direct=1 -iodepth 1 -thread -rw=randwrite -ioengine=psync -bs=16k -size=10G -numjobs=10 -runtime=60 -group_reporting -name=test
fio -filename=test.file -direct=1 -iodepth 1 -thread -rw=randwrite -ioengine=psync -bs=16k -size=10G -numjobs=10 -runtime=60 -group_reporting -name=test

系统 IO

# 安装
yum install -y sysstat
#
iostat -x 1 10
iostat -x 1
# 查找IO进程
#
yum install -y iotop
#
iotop
# 安装
yum install -y sysstat
#
iostat -x 1 10
iostat -x 1
# 查找IO进程
#
yum install -y iotop
#
iotop