毎日システム構築しているわけではないので、たまにコマンド打とうとするとオプション忘れてて打てないとかないですか?Enterprise Linuxも7系になってから新しいコマンドかなり増えてますし筆者はそんなことばかりです。よく使うんだけど忘れちゃうものを残しておこうかと。
1.ホスト名の設定(hostnamectl)
例:ホスト名をsvwg9999に変更する・
# # hostnamectl set-hostname svwg9999 # uname -n svwg9999 #
2.ネットワークの設定(nmcli)
例:NIC(デバイス)の状態確認
# # nmcli device status DEVICE TYPE STATE CONNECTION enp0s3 ethernet 接続済み enp0s3 lo loopback 管理無し -- #
例:NIC enp0s3 の設定確認
# # nmcli dev show enp0s3 GENERAL.DEVICE: enp0s3 GENERAL.TYPE: ethernet GENERAL.HWADDR: xx:xx:xx:xx:xx:xx GENERAL.MTU: 1500 GENERAL.STATE: 100 (接続済み) GENERAL.CONNECTION: enp0s3 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/1 WIRED-PROPERTIES.CARRIER: オン IP4.ADDRESS[1]: 192.168.1.64/24 IP4.GATEWAY: 192.168.1.1 IP4.ROUTE[1]: dst = 192.168.1.0/24, nh = 0.0.0.0, mt = 100 IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 192.168.1.1, mt = 100 IP4.DNS[1]: 192.168.1.1 IP6.GATEWAY: -- #
例:NIC enp0s3 のIPアドレス(IPv4)を192.168.1.65に変更
# # nmcli con modify enp0s3 ipv4.address 192.168.1.65/24 #
サービスまたはサーバ再起動後に確認
# # nmcli dev show enp0s3 GENERAL.DEVICE: enp0s3 GENERAL.TYPE: ethernet GENERAL.HWADDR: xx:xx::xx:xx:xx GENERAL.MTU: 1500 GENERAL.STATE: 100 (接続済み) GENERAL.CONNECTION: enp0s3 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/2 WIRED-PROPERTIES.CARRIER: オン IP4.ADDRESS[1]: 192.168.1.65/24 IP4.GATEWAY: 192.168.1.1 IP4.ROUTE[1]: dst = 192.168.1.0/24, nh = 0.0.0.0, mt = 100 IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 192.168.1.1, mt = 100 IP4.DNS[1]: 192.168.1.1 IP6.GATEWAY: -- #
例:ネットワーク設定確認
# # nmcli con show enp0s3 connection.id: enp0s3 connection.uuid: 00000dds-ff89-3c35-a268-034dws71567a8 connection.stable-id: -- connection.type: 802-3-ethernet connection.interface-name: enp0s3 connection.autoconnect: はい connection.autoconnect-priority: 0 connection.autoconnect-retries: -1 (default) connection.auth-retries: -1 connection.timestamp: 1554539444 connection.read-only: いいえ connection.permissions: -- connection.zone: public connection.master: -- connection.slave-type: -- connection.autoconnect-slaves: -1 (default) connection.secondaries: -- connection.gateway-ping-timeout: 0 connection.metered: 不明 connection.lldp: default connection.mdns: -1 (default) 802-3-ethernet.port: -- 802-3-ethernet.speed: 0 802-3-ethernet.duplex: -- 802-3-ethernet.auto-negotiate: いいえ 802-3-ethernet.mac-address: -- 802-3-ethernet.cloned-mac-address: -- 802-3-ethernet.generate-mac-address-mask:-- 802-3-ethernet.mac-address-blacklist: -- 802-3-ethernet.mtu: 自動 802-3-ethernet.s390-subchannels: -- 802-3-ethernet.s390-nettype: -- 802-3-ethernet.s390-options: -- 802-3-ethernet.wake-on-lan: default 802-3-ethernet.wake-on-lan-password: -- ipv4.method: manual ipv4.dns: 192.168.1.1 ipv4.dns-search: -- ipv4.dns-options: "" ipv4.dns-priority: 0 ipv4.addresses: 192.168.1.65/24 ipv4.gateway: 192.168.1.1 ipv4.routes: -- ipv4.route-metric: -1 ipv4.route-table: 0 (unspec) ipv4.ignore-auto-routes: いいえ ipv4.ignore-auto-dns: いいえ ipv4.dhcp-client-id: -- ipv4.dhcp-timeout: 0 (default) ipv4.dhcp-send-hostname: はい ipv4.dhcp-hostname: -- ipv4.dhcp-fqdn: -- ipv4.never-default: いいえ ipv4.may-fail: はい ipv4.dad-timeout: -1 (default) ipv6.method: ignore ipv6.dns: -- ipv6.dns-search: -- ipv6.dns-options: "" ipv6.dns-priority: 0 ipv6.addresses: -- ipv6.gateway: -- ipv6.routes: -- ipv6.route-metric: -1 ipv6.route-table: 0 (unspec) ipv6.ignore-auto-routes: いいえ ipv6.ignore-auto-dns: いいえ ipv6.never-default: いいえ ipv6.may-fail: はい ipv6.ip6-privacy: -1 (unknown) ipv6.addr-gen-mode: stable-privacy ipv6.dhcp-duid: -- ipv6.dhcp-send-hostname: はい ipv6.dhcp-hostname: -- ipv6.token: -- proxy.method: none proxy.browser-only: いいえ proxy.pac-url: -- proxy.pac-script: -- GENERAL.NAME: enp0s3 GENERAL.UUID: 00000dds-ff89-3c35-a268-034dws71567a8 GENERAL.DEVICES: enp0s3 GENERAL.STATE: アクティベート済み GENERAL.DEFAULT: はい GENERAL.DEFAULT6: いいえ GENERAL.SPEC-OBJECT: -- GENERAL.VPN: いいえ GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveConnection/2 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings/1 GENERAL.ZONE: public GENERAL.MASTER-PATH: -- IP4.ADDRESS[1]: 192.168.1.65/24 IP4.GATEWAY: 192.168.1.1 IP4.ROUTE[1]: dst = 192.168.1.0/24, nh = 0.0.0.0, mt = 100 IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 192.168.1.1, mt = 100 IP4.DNS[1]: 192.168.1.1 IP6.GATEWAY: -- #
3.firewall系(firewall-cmd)
ほぼ100%の確率でオプションのsyntax忘れる。
例:firewalldの状態確認(systemctlでもいいか)。
# # firewall-cmd --state running #
例:ゾーンのリスト
# # firewall-cmd --get-zones block dmz drop external home internal public trusted work #
例:デフォルトゾーンの確認
# # firewall-cmd --get-default-zone public # <!-- /wp:shortcode --> <!-- wp:paragraph --> <p>例:Activeゾーンの確認</p> <!-- /wp:paragraph --> <!-- wp:shortcode --> # firewall-cmd --get-active-zones public interfaces: enp0s3 #
例:publicゾーンの設定確認
# # firewall-cmd --info-zone=public public (active) target: default icmp-block-inversion: no interfaces: enp0s3 sources: services: ssh dhcpv6-client https http ports: 5601/tcp 80/tcp 443/tcp 9200/tcp 9600/tcp 5044/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: # [/tect] <!-- /wp:shortcode --> <!-- wp:paragraph --> <p>例:publicゾーンにport 5140を許可(恒久設定)</p> <!-- /wp:paragraph --> <!-- wp:shortcode --> # # firewall-cmd --add-port=5140/tcp --zone=public --permanent success # firewall-cmd --reload success # firewall-cmd --list-port --zone=public 5601/tcp 80/tcp 443/tcp 9200/tcp 9600/tcp 5044/tcp 5140/tcp #
4.パケットキャプチャ(tcpdump)
例:インターフェース enp0s3 、port 80,、port 22 以外、192.168.1.65の送受信パケット
# # tcpdump -i enp0s3 port 80 and not port 22 and host 192.168.1.65 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes 00:54:26.020296 IP pc-2503 > svwg9999.http: Flags [S], seq 3873994870, win 65535, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 00:54:26.020348 IP svwg9999.http > pc-2503: Flags [R.], seq 0, ack 3873994871, win 0, length 0 00:54:26.520770 IP pc-2503 > svwg9999.http: Flags [S], seq 3873994870, win 65535, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 00:54:26.520816 IP svwg9999.http > pc-2503: Flags [R.], seq 0, ack 1, win 0, length 0 00:54:27.011976 IP pc-2503 > svwg9999.http: Flags [S], seq 3873994870, win 65535, options [mss 1460,nop,nop,sackOK], length 0 00:54:27.012018 IP svwg9999.http > pc-2503: Flags [R.], seq 0, ack 1, win 0, length 0 ^C 6 packets captured 6 packets received by filter 0 packets dropped by kernel #
忘れたなぁと思ったコマンドは追記していこうかと。
いじょ。