RockyLinux 9.3 練習(三)

vi 使用
-------------------------------------------------------------------------------------------------
一般模式：標記、刪除、搬移、複製
G：移到檔案最後。5G：移到檔案第5行。gg：移到檔案開頭
dd：刪除游標所在之行。5dd 表刪除自游標算起 5 行
yy：拷貝游標所在之行至緩衝區。5yy：拷貝游標所在之處以下 5 行至緩衝區。
p：把緩衝區之資料貼上來
u：復原至上一動作。
‧ : 重覆執行上個指令


編輯模式：
i (insert) 進入編輯模式、ESC離開編輯模式


命令模式：
:wq ( 寫入並離開 vi )。:q! ( 強迫離開並放棄編輯的檔案 )
:set nu (列出行號)  :set nonu (不列出行號)
/pattern (往下尋找pattern字串)，按"n"找下一個符合字串 ，按"N"找上一個符合字串
?pattern (往上尋找pattern字串)，按"n"找上一個符合字串 ，按"N"找下一個符合字串

Firewalld
-------------------------------------------------------------------------------------------------

[kk@BigRocky ~]$ sudo firewall-cmd --state
[sudo] kk 的密碼：
running

[kk@BigRocky ~]$ sudo firewall-cmd --get-zones
block dmz drop external home internal nm-shared public trusted work

[kk@BigRocky ~]$ ls /usr/lib/firewalld/zones
block.xml  dmz.xml  drop.xml  external.xml  home.xml  internal.xml  nm-shared.xml  public.xml  trusted.xml  work.xml

[kk@BigRocky ~]$ sudo firewall-cmd --get-active-zone
public
  interfaces: ens160

[kk@BigRocky ~]$ sudo firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens160
  sources:
  services: cockpit dhcpv6-client ssh
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

[kk@BigRocky ~]$ sudo firewall-cmd --get-services | grep ftp
RH-Satellite-6 RH-Satellite-6-capsule afp amanda-client amanda-k5-client amqp amqps apcupsd audit ausweisapp2 bacula bacula-client bb bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc bittorrent-lsd ceph ceph-mon cfengine checkmk-agent cockpit collectd condor-collector cratedb ctdb dhcp dhcpv6 dhcpv6-client distcc dns dns-over-tls docker-registry docker-swarm dropbox-lansync elasticsearch etcd-client etcd-server finger foreman foreman-proxy freeipa-4 freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp galera ganglia-client ganglia-master git gpsd grafana gre high-availability http http3 https ident imap imaps ipfs ipp ipp-client ipsec irc ircs iscsi-target isns jellyfin jenkins kadmin kdeconnect kerberos kibana klogin kpasswd kprop kshell kube-api kube-apiserver kube-control-plane kube-control-plane-secure kube-controller-manager kube-controller-manager-secure kube-nodeport-services kube-scheduler kube-scheduler-secure kube-worker kubelet kubelet-readonly kubelet-worker ldap ldaps libvirt libvirt-tls lightning-network llmnr llmnr-tcp llmnr-udp managesieve matrix mdns memcache minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nbd netbios-ns netdata-dashboard nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole plex pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy prometheus prometheus-node-exporter proxy-dhcp ps3netsrv ptp pulseaudio puppetmaster quassel radius rdp redis redis-sentinel rpc-bind rquotad rsh rsyncd rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptls snmptls-trap snmptrap spideroak-lansync spotify-sync squid ssdp ssh steam-streaming svdrp svn syncthing syncthing-gui synergy syslog syslog-tls telnet tentacle tftp tile38 tinc tor-socks transmission-client upnp-client vdsm vnc-server wbem-http wbem-https wireguard ws-discovery ws-discovery-client ws-discovery-tcp ws-discovery-udp wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server zerotier

[kk@BigRocky ~]$ ls /usr/lib/firewalld/services | grep ftp
ftp.xml
tftp.xml

>>>>>>>>>>>>>>>>>>>> 將服務加入規則

[kk@BigRocky ~]$ sudo firewall-cmd --zone=public --add-service=ftp
success
[kk@BigRocky ~]$ sudo firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens160
  sources:
  services: cockpit dhcpv6-client ftp ssh
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

>>>>>>>>>>>>>>>>>>>>將埠口加入規則
[kk@BigRocky ~]$ sudo firewall-cmd --zone=public --add-port=8080/tcp
success
[kk@BigRocky ~]$ sudo firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens160
  sources:
  services: cockpit dhcpv6-client ftp ssh
  ports: 8080/tcp
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

>>>>>>>>>>>>>>>>>>>>將服務與埠口移除
[kk@BigRocky ~]$ sudo firewall-cmd --zone=public --remove-service=ftp
success

[kk@BigRocky ~]$ sudo firewall-cmd --zone=public --remove-port=8080/tcp
 

success[kk@BigRocky ~]$ sudo firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens160
  sources:
  services: cockpit dhcpv6-client ssh
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

>>>>>>>>>>>>>>>>>>>>firewalld.service 狀態
[kk@BigRocky ~]$ systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled)
     Active: active (running) since Mon 2024-04-29 13:25:14 CST; 1h 59min ago
       Docs: man:firewalld(1)
   Main PID: 710 (firewalld)
      Tasks: 2 (limit: 48646)
     Memory: 42.5M
        CPU: 2.348s
     CGroup: /system.slice/firewalld.service
             └─710 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid

>>>>>>>>>>>>>>>>>>>>firewalld.service 開機是否啟動
[kk@BigRocky ~]$ systemctl is-enabled firewalld.service
enabled

[kk@BigRocky ~]$ sudo systemctl disable firewalld.service
[sudo] kk 的密碼：
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".

[kk@BigRocky ~]$ systemctl is-enabled firewalld.service
disabled

[kk@BigRocky ~]$ sudo  systemctl enable firewalld.service
Created symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service → /usr/lib/systemd/system/firewalld.service.
Created symlink /etc/systemd/system/multi-user.target.wants/firewalld.service → /usr/lib/systemd/system/firewalld.service.

[kk@BigRocky ~]$ systemctl is-enabled firewalld.service
enabled 

 

>>>>>>>>>>>>>>>>>>>> 停止FirewallD服務
[kk@BigRocky ~]$ sudo systemctl stop firewalld.service
[kk@BigRocky ~]$ systemctl is-active firewalld.service
inactive

[kk@BigRocky ~]$ sudo systemctl start firewalld.service
[kk@BigRocky ~]$ systemctl is-active firewalld.service
active

>>>>>>>>>>>>>>>>>>>> firewalld.service 目錄位置所在
[kk@BigRocky ~]$ ls /usr/lib/systemd/system | grep firewall
firewalld.service

 

詳細使用手冊
-------------------------------------------------------------------------------------------------

# man man
MAN(1) Manual pager utils MAN(1)
NAME
man - an interface to the on-line reference manuals
SYNOPSIS    //摘要
DESCRIPTION
...

【Space】往前捲一個頁面
【b】       往後捲一個頁面

【PageDown】往前捲半個頁面
【PageUp】     往後捲半個頁面

【Enter】往下移行一行

【方向鍵】上下左右

【/關鍵字】往後搜尋關鍵字，【n】同方向繼續搜尋，【N】反方向繼續搜尋
【?關鍵字】往前搜尋關鍵字，【N】同方向繼續搜尋，【n】反方向繼續搜尋

【q】離開


[kk@BigRocky ~]$ man --help

[kk@BigRocky ~]$ man -help

[kk@BigRocky ~]$ man -h

行程
-------------------------------------------------------------------------------------------------

[kk@BigRocky ~]$ ps aux | column -t
USER    PID   %CPU  %MEM  VSZ     RSS    TTY    STAT  START  TIME  COMMAND
kk      1423  0.0   0.0   10140   3508   pts/0  R+    14:39  0:00  ps                                 aux                                                                                                                                   
kk      1424  0.0   0.0   5960    2164   pts/0  R+    14:39  0:00  column                             -t      

 

[kk@BigRocky ~]$ ls /
afs  boot  etc   lib    media  opt   root  sbin  sys  usr
bin  dev   home  lib64  mnt    proc  run   srv   tmp  var

#proc 是一種虛擬文件系統。儲存的是當前核心運行狀態的一系列特殊文件，用戶可以通過這些文件查看有關系統硬體及當前正在運行進程的信息。

[kk@BigRocky ~]$ cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 94
model name      : Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
...

 

#run 程式或服務啟動後會將其 PID 放置於此，正在執行

[kk@BigRocky ~]$ cat /run/sshd.pid
830
 

[kk@BigRocky ~]$ ps aux
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         830  0.0  0.1  15852  9180 ?        Ss   14:21   0:00 sshd: /usr/sb

更新
-------------------------------------------------------------------------------------------------

[kk@BigRocky ~]$ sudo dnf -y update

 

>>>>>>>>>>>>>>>>>>>>讓設備自動定期更新套件

[kk@BigRocky ~]$ sudo vi /etc/dnf/automatic.conf
...

#apply_updates = no
apply_updates = yes

...

 

[kk@BigRocky ~]$ sudo systemctl start dnf-automatic.timer
 

[kk@BigRocky ~]$ sudo systemctl enable dnf-automatic.timer
Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic.timer → /usr/lib/systemd/system/dnf-automatic.timer.
 

[kk@BigRocky ~]$ systemctl status dnf-automatic.timer
● dnf-automatic.timer - dnf-automatic timer
     Loaded: loaded (/usr/lib/systemd/system/dnf-automatic.timer; enabled; pres>
     Active: active (waiting) since Wed 2024-05-01 15:23:30 CST; 54s ago
      Until: Wed 2024-05-01 15:23:30 CST; 54s ago
    Trigger: Thu 2024-05-02 06:57:32 CST; 15h left
   Triggers: ● dnf-automatic.service

>>>>>>>>>>>>>>>>>>>>看更新紀錄，知道那些套件更新

[kk@BigRocky ~]$ cat /var/log/dnf.rpm.log | more
...

2024-05-01T15:17:08+0800 INFO --- logging initialized ---
2024-05-01T15:17:09+0800 SUBDEBUG Installed: dnf-automatic-4.14.0-8.el9.noarch

[kk@BigRocky ~]$ tail -2 /var/log/dnf.rpm.log
2024-05-01T15:17:08+0800 INFO --- logging initialized ---
2024-05-01T15:17:09+0800 SUBDEBUG Installed: dnf-automatic-4.14.0-8.el9.noarch
 

[kk@BigRocky ~]$ cat /var/log/dnf.rpm.log | grep Installed
2024-04-29T13:56:32+0800 SUBDEBUG Installed: protobuf-c-1.3.3-13.el9.x86_64
...
2024-05-01T15:17:09+0800 SUBDEBUG Installed: dnf-automatic-4.14.0-8.el9.noarch

-------------------------------------------------------------------------------------------------