Prakash Subramanian 发布的文章

对于 Linux 系统管理员来说,清楚某个服务是否正确地绑定或监听某个端口,是至关重要的。如果你需要处理端口相关的问题,这篇文章可能会对你有用。

端口是 Linux 系统上特定进程之间逻辑连接的标识,包括物理端口和软件端口。由于 Linux 操作系统是一个软件,因此本文只讨论软件端口。软件端口始终与主机的 IP 地址和相关的通信协议相关联,因此端口常用于区分应用程序。大部分涉及到网络的服务都必须打开一个套接字来监听传入的网络请求,而每个服务都使用一个独立的套接字。

推荐阅读:

套接字是和 IP 地址、软件端口和协议结合起来使用的,而端口号对传输控制协议(TCP)和用户数据报协议(UDP)协议都适用,TCP 和 UDP 都可以使用 0 到 65535 之间的端口号进行通信。

以下是端口分配类别:

  • 0 - 1023: 常用端口和系统端口
  • 1024 - 49151: 软件的注册端口
  • 49152 - 65535: 动态端口或私有端口

在 Linux 上的 /etc/services 文件可以查看到更多关于保留端口的信息。

# less /etc/services
# /etc/services:
# $Id: services,v 1.55 2013/04/14 ovasik Exp $
#
# Network services, Internet style
# IANA services version: last updated 2013-04-10
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, most entries here have two entries
# even if the protocol doesn't support UDP operations.
# Updated from RFC 1700, ``Assigned Numbers'' (October 1994). Not all ports
# are included, only the more common ones.
#
# The latest IANA port assignments can be gotten from
# http://www.iana.org/assignments/port-numbers
# The Well Known Ports are those from 0 through 1023.
# The Registered Ports are those from 1024 through 49151
# The Dynamic and/or Private Ports are those from 49152 through 65535
#
# Each line describes one service, and is of the form:
#
# service-name port/protocol [aliases ...] [# comment]

tcpmux 1/tcp # TCP port service multiplexer
tcpmux 1/udp # TCP port service multiplexer
rje 5/tcp # Remote Job Entry
rje 5/udp # Remote Job Entry
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
systat 11/udp users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote
qotd 17/udp quote
msp 18/tcp # message send protocol (historic)
msp 18/udp # message send protocol (historic)
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp-data 20/udp
# 21 is registered to ftp, but also used by fsp
ftp 21/tcp
ftp 21/udp fsp fspd
ssh 22/tcp # The Secure Shell (SSH) Protocol
ssh 22/udp # The Secure Shell (SSH) Protocol
telnet 23/tcp
telnet 23/udp
# 24 - private mail system
lmtp 24/tcp # LMTP Mail Delivery
lmtp 24/udp # LMTP Mail Delivery

可以使用以下六种方法查看端口信息。

  • ss:可以用于转储套接字统计信息。
  • netstat:可以显示打开的套接字列表。
  • lsof:可以列出打开的文件。
  • fuser:可以列出那些打开了文件的进程的进程 ID。
  • nmap:是网络检测工具和端口扫描程序。
  • systemctl:是 systemd 系统的控制管理器和服务管理器。

以下我们将找出 sshd 守护进程所使用的端口号。

方法 1:使用 ss 命令

ss 一般用于转储套接字统计信息。它能够输出类似于 netstat 输出的信息,但它可以比其它工具显示更多的 TCP 信息和状态信息。

它还可以显示所有类型的套接字统计信息,包括 PACKET、TCP、UDP、DCCP、RAW、Unix 域等。

# ss -tnlp | grep ssh
LISTEN 0 128 *:22 *:* users:(("sshd",pid=997,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=997,fd=4))

也可以使用端口号来检查。

# ss -tnlp | grep ":22"
LISTEN 0 128 *:22 *:* users:(("sshd",pid=997,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=997,fd=4))

方法 2:使用 netstat 命令

netstat 能够显示网络连接、路由表、接口统计信息、伪装连接以及多播成员。

默认情况下,netstat 会列出打开的套接字。如果不指定任何地址族,则会显示所有已配置地址族的活动套接字。但 netstat 已经过时了,一般会使用 ss 来替代。

# netstat -tnlp | grep ssh
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 997/sshd
tcp6 0 0 :::22 :::* LISTEN 997/sshd

也可以使用端口号来检查。

# netstat -tnlp | grep ":22"
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1208/sshd
tcp6 0 0 :::22 :::* LISTEN 1208/sshd

方法 3:使用 lsof 命令

lsof 能够列出打开的文件,并列出系统上被进程打开的文件的相关信息。

# lsof -i -P | grep ssh
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 11584 root 3u IPv4 27625 0t0 TCP *:22 (LISTEN)
sshd 11584 root 4u IPv6 27627 0t0 TCP *:22 (LISTEN)
sshd 11592 root 3u IPv4 27744 0t0 TCP vps.2daygeek.com:ssh->103.5.134.167:49902 (ESTABLISHED)

也可以使用端口号来检查。

# lsof -i tcp:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1208 root 3u IPv4 20919 0t0 TCP *:ssh (LISTEN)
sshd 1208 root 4u IPv6 20921 0t0 TCP *:ssh (LISTEN)
sshd 11592 root 3u IPv4 27744 0t0 TCP vps.2daygeek.com:ssh->103.5.134.167:49902 (ESTABLISHED)

方法 4:使用 fuser 命令

fuser 工具会将本地系统上打开了文件的进程的进程 ID 显示在标准输出中。

# fuser -v 22/tcp
 USER PID ACCESS COMMAND
22/tcp: root 1208 F.... sshd
 root 12388 F.... sshd
 root 49339 F.... sshd

方法 5:使用 nmap 命令

nmap(“Network Mapper”)是一款用于网络检测和安全审计的开源工具。它最初用于对大型网络进行快速扫描,但它对于单个主机的扫描也有很好的表现。

nmap 使用原始 IP 数据包来确定网络上可用的主机,这些主机的服务(包括应用程序名称和版本)、主机运行的操作系统(包括操作系统版本等信息)、正在使用的数据包过滤器或防火墙的类型,以及很多其它信息。

# nmap -sV -p 22 localhost

Starting Nmap 6.40 ( http://nmap.org ) at 2018-09-23 12:36 IST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000089s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.44 seconds

方法 6:使用 systemctl 命令

systemctl 是 systemd 系统的控制管理器和服务管理器。它取代了旧的 SysV 初始化系统管理,目前大多数现代 Linux 操作系统都采用了 systemd。

推荐阅读:

# systemctl status sshd
● sshd.service - OpenSSH server daemon
 Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
 Active: active (running) since Sun 2018-09-23 02:08:56 EDT; 6h 11min ago
 Docs: man:sshd(8)
 man:sshd_config(5)
 Main PID: 11584 (sshd)
 CGroup: /system.slice/sshd.service
 └─11584 /usr/sbin/sshd -D

Sep 23 02:08:56 vps.2daygeek.com systemd[1]: Starting OpenSSH server daemon...
Sep 23 02:08:56 vps.2daygeek.com sshd[11584]: Server listening on 0.0.0.0 port 22.
Sep 23 02:08:56 vps.2daygeek.com sshd[11584]: Server listening on :: port 22.
Sep 23 02:08:56 vps.2daygeek.com systemd[1]: Started OpenSSH server daemon.
Sep 23 02:09:15 vps.2daygeek.com sshd[11589]: Connection closed by 103.5.134.167 port 49899 [preauth]
Sep 23 02:09:41 vps.2daygeek.com sshd[11592]: Accepted password for root from 103.5.134.167 port 49902 ssh2

以上输出的内容显示了最近一次启动 sshd 服务时 ssh 服务的监听端口。但它不会将最新日志更新到输出中。

# systemctl status sshd
● sshd.service - OpenSSH server daemon
 Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
 Active: active (running) since Thu 2018-09-06 07:40:59 IST; 2 weeks 3 days ago
 Docs: man:sshd(8)
 man:sshd_config(5)
 Main PID: 1208 (sshd)
 CGroup: /system.slice/sshd.service
 ├─ 1208 /usr/sbin/sshd -D
 ├─23951 sshd: [accepted]
 └─23952 sshd: [net]

Sep 23 12:50:36 vps.2daygeek.com sshd[23909]: Invalid user pi from 95.210.113.142 port 51666
Sep 23 12:50:36 vps.2daygeek.com sshd[23909]: input_userauth_request: invalid user pi [preauth]
Sep 23 12:50:37 vps.2daygeek.com sshd[23911]: pam_unix(sshd:auth): check pass; user unknown
Sep 23 12:50:37 vps.2daygeek.com sshd[23911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.210.113.142
Sep 23 12:50:37 vps.2daygeek.com sshd[23909]: pam_unix(sshd:auth): check pass; user unknown
Sep 23 12:50:37 vps.2daygeek.com sshd[23909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.210.113.142
Sep 23 12:50:39 vps.2daygeek.com sshd[23911]: Failed password for invalid user pi from 95.210.113.142 port 51670 ssh2
Sep 23 12:50:39 vps.2daygeek.com sshd[23909]: Failed password for invalid user pi from 95.210.113.142 port 51666 ssh2
Sep 23 12:50:40 vps.2daygeek.com sshd[23911]: Connection closed by 95.210.113.142 port 51670 [preauth]
Sep 23 12:50:40 vps.2daygeek.com sshd[23909]: Connection closed by 95.210.113.142 port 51666 [preauth]

大部分情况下,以上的输出不会显示进程的实际端口号。这时更建议使用以下这个 journalctl 命令检查日志文件中的详细信息。

# journalctl | grep -i "openssh\|sshd"
Sep 23 02:08:56 vps138235.vps.ovh.ca sshd[997]: Received signal 15; terminating.
Sep 23 02:08:56 vps138235.vps.ovh.ca systemd[1]: Stopping OpenSSH server daemon...
Sep 23 02:08:56 vps138235.vps.ovh.ca systemd[1]: Starting OpenSSH server daemon...
Sep 23 02:08:56 vps138235.vps.ovh.ca sshd[11584]: Server listening on 0.0.0.0 port 22.
Sep 23 02:08:56 vps138235.vps.ovh.ca sshd[11584]: Server listening on :: port 22.
Sep 23 02:08:56 vps138235.vps.ovh.ca systemd[1]: Started OpenSSH server daemon.

via: https://www.2daygeek.com/how-to-find-out-which-port-number-a-process-is-using-in-linux/

作者:Prakash Subramanian 选题:lujun9972 译者:HankChow 校对:wxy

本文由 LCTT 原创编译,Linux中国 荣誉推出

我们可以就这个已经被广泛讨论的话题写出大量的文章,大多数情况下,因为各种各样的原因,我们都愿意让 包管理器 package manager 来帮我们做这些事情。

每个 Linux 发行版都有自己的包管理器,并且每个都有各自有不同的特性,这些特性包括允许用户执行安装新软件包,删除无用的软件包,更新现存的软件包,搜索某些具体的软件包,以及更新整个系统到其最新的状态之类的操作。

习惯于命令行的用户大多数时间都会使用基于命令行方式的包管理器。对于 Linux 而言,这些基于命令行的包管理器有 yumdnfrpmaptapt-getdpkgpacmanzypper

推荐阅读

作为一个系统管理员你应该清楚地知道:安装包来自何方,具体来自哪个软件仓库,包的具体版本,包的大小,版本,包的源代码 URL,包的许可证信息,等等。

这篇短文将用尽可能简单的方式帮你从随包自带的总结和描述中了解该包的用法。按你所使用的 Linux 发行版的不同,运行下面相应的命令,你能得到你所使用的发行版下的包的详细信息。

YUM 命令:在 RHEL 和 CentOS 系统上获得包的信息

YUM 英文直译是“ 黄狗更新器–修改版 Yellowdog Updater, Modified ”,它是一个开源的基于命令行的包管理器前端实用工具。它被广泛应用在基于 RPM 的系统上,例如:RHEL 和 CentOS。

Yum 是用于在官方发行版仓库以及其他第三方发行版仓库下获取、安装、删除、查询 RPM 包的主要工具。

(LCTT 译注:用 yum info 获取 python 包的信息)

# yum info python
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * epel: epel.mirror.constant.com
Installed Packages
Name        : python
Arch        : x86_64
Version     : 2.6.6
Release     : 66.el6_8
Size        : 78 k
Repo        : installed
From repo   : updates
Summary     : An interpreted, interactive, object-oriented programming language
URL         : http://www.python.org/
License     : Python
Description : Python is an interpreted, interactive, object-oriented programming
            : language often compared to Tcl, Perl, Scheme or Java. Python includes
            : modules, classes, exceptions, very high level dynamic data types and
            : dynamic typing. Python supports interfaces to many system calls and
            : libraries, as well as to various windowing systems (X11, Motif, Tk,
            : Mac and MFC).
            :
            : Programmers can write new built-in modules for Python in C or C++.
            : Python can be used as an extension language for applications that need
            : a programmable interface.
            :
            : Note that documentation for Python is provided in the python-docs
            : package.
            :
            : This package provides the "python" executable; most of the actual
            : implementation is within the "python-libs" package.

YUMDB 命令:查看 RHEL 和 CentOS 系统上的包信息

yumdb info 这个命令提供与 yum info 相类似的的信息,不过它还额外提供了诸如包校验值、包类型、用户信息(由何人安装)。从 yum 3.2.26 版本后,yum 开始在 rpm 数据库外储存额外的信息了(此处如显示 user 表明该包由用户安装,而 dep 说明该包是被作为被依赖的包而被安装的)。

(LCTT 译注:用 yumdb info 来获取 python 包的信息)

# yumdb info python
Loaded plugins: fastestmirror
python-2.6.6-66.el6_8.x86_64
     changed_by = 4294967295
     checksum_data = 53c75a1756e5b4f6564c5229a37948c9b4561e0bf58076bd7dab7aff85a417f2
     checksum_type = sha256
     command_line = update -y
     from_repo = updates
     from_repo_revision = 1488370672
     from_repo_timestamp = 1488371100
     installed_by = 4294967295
     reason = dep
     releasever = 6

RPM 命令:在 RHEL/CentOS/Fedora 系统上查看包的信息

RPM 英文直译为“ 红帽包管理器 Red Hat Package Manager ”,这是一个在 RedHat 以及其变种发行版(如RHEL、CentOS、Fedora、openSUSE、Megeia)下的功能强大的命令行包管理工具。它能让你轻松的安装、升级、删除、查询以及校验你的系统或服务器上的软件。RPM 文件以 .rpm 结尾。RPM 包由它所依赖的软件库以及其他依赖构成,它不会与系统上已经安装的包冲突。

(LCTT 译注:用 rpm -qi 查询 nano 包的具体信息)

# rpm -qi nano
Name        : nano                         Relocations: (not relocatable)
Version     : 2.0.9                             Vendor: CentOS
Release     : 7.el6                         Build Date: Fri 12 Nov 2010 02:18:36 AM EST
Install Date: Fri 03 Mar 2017 08:57:47 AM EST      Build Host: c5b2.bsys.dev.centos.org
Group       : Applications/Editors          Source RPM: nano-2.0.9-7.el6.src.rpm
Size        : 1588347                          License: GPLv3+
Signature   : RSA/8, Sun 03 Jul 2011 12:46:50 AM EDT, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem 
URL         : http://www.nano-editor.org
Summary     : A small text editor
Description :
GNU nano is a small and friendly text editor.

DNF 命令:在 Fedora 系统上查看包信息

DNF 指“ 时髦版的 Yum Dandified yum ”,我们也可以认为 DNF 是下一代的 yum 包管理器(Yum 的一个分支),它在后台使用了 hawkey/libsolv 库。Aleš Kozumplík 在Fedora 18 上开始开发 DNF,在 Fedora 22 上正式最后发布。 dnf 命令用来在 Fedora 22 及以后的系统上安装、更新、搜索以及删除包。它能自动的解决包安装过程中的包依赖问题。

(LCTT 译注: 用 dnf info 查看 tilix 包信息)

$ dnf info tilix
Last metadata expiration check: 27 days, 10:00:23 ago on Wed 04 Oct 2017 06:43:27 AM IST.
Installed Packages
Name         : tilix
Version      : 1.6.4
Release      : 1.fc26
Arch         : x86_64
Size         : 3.6 M
Source       : tilix-1.6.4-1.fc26.src.rpm
Repo         : @System
From repo    : @commandline
Summary      : Tiling terminal emulator
URL          : https://github.com/gnunn1/tilix
License      : MPLv2.0 and GPLv3+ and CC-BY-SA
Description  : Tilix is a tiling terminal emulator with the following features:
             : 
             :  - Layout terminals in any fashion by splitting them horizontally or vertically
             :  - Terminals can be re-arranged using drag and drop both within and between
             :    windows
             :  - Terminals can be detached into a new window via drag and drop
             :  - Input can be synchronized between terminals so commands typed in one
             :    terminal are replicated to the others
             :  - The grouping of terminals can be saved and loaded from disk
             :  - Terminals support custom titles
             :  - Color schemes are stored in files and custom color schemes can be created by
             :    simply creating a new file
             :  - Transparent background
             :  - Supports notifications when processes are completed out of view
             : 
             : The application was written using GTK 3 and an effort was made to conform to
             : GNOME Human Interface Guidelines (HIG).

Zypper 命令:在 openSUSE 系统上查看包信息

zypper 是一个使用 libzypp 库的命令行包管理器。zypper 提供诸如软件仓库访问,安装依赖解决,软件包安装等等功能。

(LCTT 译注: 用 zypper info 查询 nano 包的信息)

$ zypper info nano

Loading repository data...
Reading installed packages...


Information for package nano:
-----------------------------
Repository     : Main Repository (OSS)              
Name           : nano                               
Version        : 2.4.2-5.3                          
Arch           : x86_64                             
Vendor         : openSUSE                           
Installed Size : 1017.8 KiB                         
Installed      : No                                 
Status         : not installed                      
Source package : nano-2.4.2-5.3.src                 
Summary        : Pico editor clone with enhancements
Description    :                                    
    GNU nano is a small and friendly text editor. It aims to emulate
    the Pico text editor while also offering a few enhancements.

Pacman 命令:在 ArchLinux 及 Manjaro 系统上查看包信息

Pacman 意即 包管理器 package manager 实用工具。pacman 是一个用于安装、构建、删除、管理 Arch Linux 上包的命令行工具。它后端使用 libalpm(Arch Linux package Manager(ALPM)库)来完成所有功能。

(LCTT 译注: 用 pacman -Qi 来查询 bash 包信息)

$ pacman -Qi bash
Name            : bash
Version         : 4.4.012-2
Description     : The GNU Bourne Again shell
Architecture    : x86_64
URL             : http://www.gnu.org/software/bash/bash.html
Licenses        : GPL
Groups          : base
Provides        : sh
Depends On      : readline>=7.0  glibc  ncurses
Optional Deps   : bash-completion: for tab completion
Required By     : autoconf  automake  bison  bzip2  ca-certificates-utils  db
                  dhcpcd  diffutils  e2fsprogs  fakeroot  figlet  findutils
                  flex  freetype2  gawk  gdbm  gettext  gmp  grub  gzip  icu
                  iptables  keyutils  libgpg-error  libksba  libpcap  libpng
                  libtool  lvm2  m4  man-db  mkinitcpio  nano  neofetch  nspr
                  nss  openresolv  os-prober  pacman  pcre  pcre2  shadow
                  systemd  texinfo  vte-common  which  xdg-user-dirs  xdg-utils
                  xfsprogs  xorg-mkfontdir  xorg-xpr  xz
Optional For    : None
Conflicts With  : None
Replaces        : None
Installed Size  : 7.13 MiB
Packager        : Jan Alexander Steffens (heftig) 
Build Date      : Tue 14 Feb 2017 01:16:51 PM UTC
Install Date    : Thu 24 Aug 2017 06:08:12 AM UTC
Install Reason  : Explicitly installed
Install Script  : No
Validated By    : Signature

apt-cache 命令:在 Debian/Ubuntu/Mint 系统上查看包信息

apt-cache 命令能显示 apt 内部数据库中的大量信息。这些信息是从 sources.list 中的不同的软件源中搜集而来,因此从某种意义上这些信息也可以被认为是某种缓存。这些信息搜集工作是在运行 apt update 命令时执行的。

(LCTT 译注:用管理员权限查询 apache2 包的信息)

$ sudo apt-cache show apache2
Package: apache2
Priority: optional
Section: web
Installed-Size: 473
Maintainer: Ubuntu Developers 
Original-Maintainer: Debian Apache Maintainers 
Architecture: amd64
Version: 2.4.12-2ubuntu2
Replaces: apache2.2-common
Provides: httpd, httpd-cgi
Depends: lsb-base, procps, perl, mime-support, apache2-bin (= 2.4.12-2ubuntu2), apache2-utils (>= 2.4), apache2-data (= 2.4.12-2ubuntu2)
Pre-Depends: dpkg (>= 1.17.14)
Recommends: ssl-cert
Suggests: www-browser, apache2-doc, apache2-suexec-pristine | apache2-suexec-custom, ufw
Conflicts: apache2.2-common (<< 2.3~)
Filename: pool/main/a/apache2/apache2_2.4.12-2ubuntu2_amd64.deb
Size: 91348
MD5sum: ab0ee0b0d1c6b3d19bd87aa2a9537125
SHA1: 350c9a1a954906088ed032aebb77de3d5bb24004
SHA256: 03f515f7ebc3b67b050b06e82ebca34b5e83e34a528868498fce020bf1dbbe34
Description-en: Apache HTTP Server
 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 Installing this package results in a full installation, including the
 configuration files, init scripts and support scripts.
Description-md5: d02426bc360345e5acd45367716dc35c
Homepage: http://httpd.apache.org/
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu
Supported: 9m
Task: lamp-server, mythbuntu-frontend, mythbuntu-desktop, mythbuntu-backend-slave, mythbuntu-backend-master, mythbuntu-backend-master

APT 命令:查看 Debian/Ubuntu/Mint 系统上的包信息

APT 意为 高级打包工具 Advanced Packaging Tool ,就像 DNF 将如何替代 YUM 一样,APT 是 apt-get 的替代物。它功能丰富的命令行工具包括了如下所有命令的功能如 apt-cacheapt-searchdpkgapt-cdromapt-configapt-key 等等,我们可以方便的通过 apt 来安装 .dpkg 包,但是我们却不能通过 apt-get 来完成这一点,还有一些其他的类似的功能也不能用 apt-get 来完成,所以 apt-get 因为没有解决上述功能缺乏的原因而被 apt 所取代。

(LCTT 译注: 用 apt show 查看 nano 包信息)

$ apt show nano
Package: nano
Version: 2.8.6-3
Priority: standard
Section: editors
Origin: Ubuntu
Maintainer: Ubuntu Developers 
Original-Maintainer: Jordi Mallach 
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 766 kB
Depends: libc6 (>= 2.14), libncursesw5 (>= 6), libtinfo5 (>= 6)
Suggests: spell
Conflicts: pico
Breaks: nano-tiny (<< 2.8.6-2)
Replaces: nano-tiny (<< 2.8.6-2), pico
Homepage: https://www.nano-editor.org/
Task: standard, ubuntu-touch-core, ubuntu-touch
Supported: 9m
Download-Size: 222 kB
APT-Manual-Installed: yes
APT-Sources: http://in.archive.ubuntu.com/ubuntu artful/main amd64 Packages
Description: small, friendly text editor inspired by Pico
 GNU nano is an easy-to-use text editor originally designed as a replacement
 for Pico, the ncurses-based editor from the non-free mailer package Pine
 (itself now available under the Apache License as Alpine).
 .
 However, GNU nano also implements many features missing in pico, including:
  - undo/redo
  - line numbering
  - syntax coloring
  - soft-wrapping of overlong lines
  - selecting text by holding Shift
  - interactive search and replace (with regular expression support)
  - a go-to line (and column) command
  - support for multiple file buffers
  - auto-indentation
  - tab completion of filenames and search terms
  - toggling features while running
  - and full internationalization support

dpkg 命令:查看Debian/Ubuntu/Mint系统上的包信息

dpkg 意指 Debian 包管理器 Debian package manager dpkg 是用于 Debian 系统上安装、构建、移除以及管理 Debian 包的命令行工具。dpkg 使用 aptitude(因为它更为主流及用户友好)作为前端工具来完成所有的功能。其他的工具如dpkg-debdpkg-query 使用 dpkg 做为前端来实现功能。尽管系统管理员还是时不时会在必要时使用 dpkg 来完成一些软件安装的任务,他大多数情况下还是会因为 aptapt-get 以及 aptitude 的健壮性而使用后者。

(LCTT 译注: 用 dpkg -s 查看 python 包的信息)

$ dpkg -s python
Package: python
Status: install ok installed
Priority: optional
Section: python
Installed-Size: 626
Maintainer: Ubuntu Developers 
Architecture: amd64
Multi-Arch: allowed
Source: python-defaults
Version: 2.7.14-2ubuntu1
Replaces: python-dev (<< 2.6.5-2)
Provides: python-ctypes, python-email, python-importlib, python-profiler, python-wsgiref
Depends: python2.7 (>= 2.7.14-1~), libpython-stdlib (= 2.7.14-2ubuntu1)
Pre-Depends: python-minimal (= 2.7.14-2ubuntu1)
Suggests: python-doc (= 2.7.14-2ubuntu1), python-tk (>= 2.7.14-1~)
Breaks: update-manager-core (<< 0.200.5-2)
Conflicts: python-central (<< 0.5.5)
Description: interactive high-level object-oriented language (default version)
 Python, the high-level, interactive object oriented language,
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.
 .
 This package is a dependency package, which depends on Debian's default
 Python version (currently v2.7).
Homepage: http://www.python.org/
Original-Maintainer: Matthias Klose

我们也可使用 dpkg-p 选项,这个选项提供和 dpkg -s 相类似的信息,但是它还提供了包的校验值和包类型。

(LCTT 译注: 用 dpkg -p 查看 python3 包的信息)

$ dpkg -p python3
Package: python3
Priority: important
Section: python
Installed-Size: 67
Origin: Ubuntu
Maintainer: Ubuntu Developers 
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Architecture: amd64
Multi-Arch: allowed
Source: python3-defaults
Version: 3.6.3-0ubuntu2
Replaces: python3-minimal (<< 3.1.2-2)
Provides: python3-profiler
Depends: python3.6 (>= 3.6.3-1~), libpython3-stdlib (= 3.6.3-0ubuntu2), dh-python
Pre-Depends: python3-minimal (= 3.6.3-0ubuntu2)
Suggests: python3-doc (>= 3.6.3-0ubuntu2), python3-tk (>= 3.6.3-1~), python3-venv (>= 3.6.3-0ubuntu2)
Filename: pool/main/p/python3-defaults/python3_3.6.3-0ubuntu2_amd64.deb
Size: 8712
MD5sum: a8bae494c6e5d1896287675faf40d373
Description: interactive high-level object-oriented language (default python3 version)
Original-Maintainer: Matthias Klose 
SHA1: 2daec885cea7d4dc83c284301c3bebf42b23e095
SHA256: 865e509c91d2504a16c4b573dbe27e260c36fceec2add3fa43a30c1751d7e9bb
Homepage: http://www.python.org/
Task: minimal, ubuntu-core, ubuntu-core
Description-md5: 950ebd8122c0a7340f0a740c295b9eab
Supported: 9m

aptitude 命令:查看 Debian/Ubuntu/Mint 系统上的包信息

aptitude 是 Debian GNU/Linux 包管理系统的文本界面。它允许用户查看已安装的包的列表,以及完成诸如安装、升级、删除包之类的包管理任务。这些管理行为也能从图形接口来执行。

(LCTT 译注: 用 aptitude show 查看 htop 包信息)

$ aptitude show htop
Package: htop                     
Version: 2.0.2-1
State: installed
Automatically installed: no
Priority: optional
Section: universe/utils
Maintainer: Ubuntu Developers 
Architecture: amd64
Uncompressed Size: 216 k
Depends: libc6 (>= 2.15), libncursesw5 (>= 6), libtinfo5 (>= 6)
Suggests: lsof, strace
Conflicts: htop:i386
Description: interactive processes viewer
 Htop is an ncursed-based process viewer similar to top, but it allows one to scroll the list vertically and horizontally to see all processes and their full command lines. 
 
 Tasks related to processes (killing, renicing) can be done without entering their PIDs.
Homepage: http://hisham.hm/htop/

via: https://www.2daygeek.com/how-to-view-detailed-information-about-a-package-in-linux/

作者:Prakash Subramanian 选题:lujun9972 译者:DavidChenLiang 校对:wxy

本文由 LCTT 原创编译,Linux中国 荣誉推出

Linux 管理员应该意识到这一点,因为这是一项例行任务。很多人想知道为什么我们需要在服务器中添加多个 IP 地址,以及为什么我们需要将它添加到单块网卡中?我说的对吗?

你可能也会有类似的问题:在 Linux 中如何为单块网卡分配多个 IP 地址?在本文中,你可以得到答案。

当我们对一个新服务器进行设置时,理想情况下它将有一个 IP 地址,即服务器主 IP 地址,它与服务器主机名对应。

我们不应在服务器主 IP 地址上托管任何应用程序,这是不可取的。如果要在服务器上托管任何应用程序,我们应该为此添加辅助 IP。

这是业界的最佳实践,它允许用户安装 SSL 证书。大多数系统都配有单块网卡,这足以添加额外的 IP 地址。

建议阅读:

我们可以在同一个接口上添加 IP 地址,或者在同一设备上创建子接口,然后在其中添加 IP。默认情况下,一直到 Ubuntu 14.04 LTS,接口给名称为 ethX (eth0),但是从 Ubuntu 15.10 之后网络接口名称已从 ethX 更改为 enXXXXX(对于服务器是 ens33,桌面版是 enp0s3)。

在本文中,我们将教你如何在 Ubuntu 上执行此操作,并且衍生到其它发行版(to 校正:这句自己加的)。

注意:别在 DNS 详细信息后添加 IP 地址。如果是这样,DNS 将无法正常工作。

如何在 Ubuntu 14.04 LTS 中添加临时辅助 IP 地址

在系统中添加 IP 地址之前,运行以下任一命令即可验证服务器主 IP 地址:

# ifconfig
或
# ip addr

# ip addr

eth0      Link encap:Ethernet  HWaddr 08:00:27:98:b7:36 
          inet addr:192.168.56.150  Bcast:192.168.56.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe98:b736/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:105 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:902 (902.0 B)  TX bytes:16423 (16.4 KB)

eth1      Link encap:Ethernet  HWaddr 08:00:27:6a:cf:d3 
          inet addr:10.0.3.15  Bcast:10.0.3.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe6a:cfd3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:80 errors:0 dropped:0 overruns:0 frame:0
          TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:8698 (8.6 KB)  TX bytes:17047 (17.0 KB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:25 errors:0 dropped:0 overruns:0 frame:0
          TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:1730 (1.7 KB)  TX bytes:1730 (1.7 KB)

如我所见,服务器主 IP 地址是 192.168.56.150,我将下一个 IP 192.168.56.151 作为辅助 IP,使用以下方法完成:

# ip addr add 192.168.56.151/24 broadcast 192.168.56.255 dev eth0 label eth0:1

输入以下命令以检查新添加的 IP 地址。如果你重新启动服务器,那么新添加的 IP 地址会消失,因为我们的 IP 是临时添加的。

# ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:98:b7:36 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.150/24 brd 192.168.56.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 192.168.56.151/24 brd 192.168.56.255 scope global secondary eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe98:b736/64 scope link
       valid_lft forever preferred_lft forever
3: eth1:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:6a:cf:d3 brd ff:ff:ff:ff:ff:ff
    inet 10.0.3.15/24 brd 10.0.3.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe6a:cfd3/64 scope link
       valid_lft forever preferred_lft forever

如何在 Ubuntu 14.04 LTS 中添加永久辅助 IP 地址

要在 Ubuntu 系统上添加永久辅助 IP 地址,只需编辑 /etc/network/interfaces 文件并添加所需的 IP 详细信息。

# vi /etc/network/interfaces
# vi /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.56.150
        netmask 255.255.255.0
        network 192.168.56.0
        broadcast 192.168.56.255
        gateway 192.168.56.1

auto eth0:1
iface eth0:1 inet static
        address 192.168.56.151
        netmask 255.255.255.0

保存并关闭文件,然后重启网络接口服务。

# service networking restart
或
# ifdown eth0:1 && ifup eth0:1

验证新添加的 IP 地址:

# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:98:b7:36 
          inet addr:192.168.56.150  Bcast:192.168.56.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe98:b736/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5 errors:0 dropped:0 overruns:0 frame:0
          TX packets:84 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:962 (962.0 B)  TX bytes:11905 (11.9 KB)

eth0:1    Link encap:Ethernet  HWaddr 08:00:27:98:b7:36 
          inet addr:192.168.56.151  Bcast:192.168.56.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth1      Link encap:Ethernet  HWaddr 08:00:27:6a:cf:d3 
          inet addr:10.0.3.15  Bcast:10.0.3.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe6a:cfd3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4924 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3185 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4037636 (4.0 MB)  TX bytes:422516 (422.5 KB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

如何在 Ubuntu 16.04 LTS 中临时添加辅助 IP 地址

正如本文开头所述,网络接口名称从 Ubuntu 15.10 就开始从 ‘ethX’ 更改为 ‘enXXXX’ (enp0s3),所以,替换你的接口名称。

在执行此操作之前,先检查系统上的 IP 信息:

# ifconfig
或
# ip addr

enp0s3: flags=4163  mtu 1500
        inet 192.168.56.201  netmask 255.255.255.0  broadcast 192.168.56.255
        inet6 fe80::a00:27ff:fe97:132e  prefixlen 64  scopeid 0x20
        ether 08:00:27:97:13:2e  txqueuelen 1000  (Ethernet)
        RX packets 7  bytes 420 (420.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 294  bytes 24747 (24.7 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp0s8: flags=4163  mtu 1500
        inet 10.0.3.15  netmask 255.255.255.0  broadcast 10.0.3.255
        inet6 fe80::344b:6259:4dbe:eabb  prefixlen 64  scopeid 0x20
        ether 08:00:27:12:e8:c1  txqueuelen 1000  (Ethernet)
        RX packets 1  bytes 590 (590.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 97  bytes 10209 (10.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 325  bytes 24046 (24.0 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 325  bytes 24046 (24.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

如我所见,服务器主 IP 地址是 192.168.56.201,所以,我将下一个 IP 192.168.56.202 作为辅助 IP,使用以下命令完成。

# ip addr add 192.168.56.202/24 broadcast 192.168.56.255 dev enp0s3

运行以下命令来检查是否已分配了新的 IP。当你重启机器时,它会消失。

# ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:97:13:2e brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.201/24 brd 192.168.56.255 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet 192.168.56.202/24 brd 192.168.56.255 scope global secondary enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe97:132e/64 scope link
       valid_lft forever preferred_lft forever
3: enp0s8:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:12:e8:c1 brd ff:ff:ff:ff:ff:ff
    inet 10.0.3.15/24 brd 10.0.3.255 scope global dynamic enp0s8
       valid_lft 86353sec preferred_lft 86353sec
    inet6 fe80::344b:6259:4dbe:eabb/64 scope link
       valid_lft forever preferred_lft forever

如何在 Ubuntu 16.04 LTS 中添加永久辅助 IP 地址

要在 Ubuntu 系统上添加永久辅助 IP 地址,只需编辑 /etc/network/interfaces 文件并添加所需 IP 的详细信息。

我们不应该在 dns-nameservers 行之后添加辅助 IP 地址,因为它不会起作用,应该以下面的格式添加 IP 详情。

此外,我们不需要添加子接口(我们之前在 Ubuntu 14.04 LTS 中的做法):

# vi /etc/network/interfaces

# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

# The primary network interface
auto enp0s3
iface enp0s3 inet static
address 192.168.56.201
netmask 255.255.255.0

iface enp0s3 inet static
address 192.168.56.202
netmask 255.255.255.0

gateway 192.168.56.1
network 192.168.56.0
broadcast 192.168.56.255
dns-nameservers 8.8.8.8 8.8.4.4
dns-search      2daygeek.local

保存并关闭文件,然后重启网络接口服务:

# systemctl restart networking
或
# ifdown enp0s3 && ifup enp0s3

运行以下命令来检查是否已经分配了新的 IP:

# ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:97:13:2e brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.201/24 brd 192.168.56.255 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet 192.168.56.202/24 brd 192.168.56.255 scope global secondary enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe97:132e/64 scope link
       valid_lft forever preferred_lft forever
3: enp0s8:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:12:e8:c1 brd ff:ff:ff:ff:ff:ff
    inet 10.0.3.15/24 brd 10.0.3.255 scope global dynamic enp0s8
       valid_lft 86353sec preferred_lft 86353sec
    inet6 fe80::344b:6259:4dbe:eabb/64 scope link
       valid_lft forever preferred_lft forever

让我来 ping 一下新 IP 地址:

# ping 192.168.56.202 -c 4
PING 192.168.56.202 (192.168.56.202) 56(84) bytes of data.
64 bytes from 192.168.56.202: icmp_seq=1 ttl=64 time=0.019 ms
64 bytes from 192.168.56.202: icmp_seq=2 ttl=64 time=0.087 ms
64 bytes from 192.168.56.202: icmp_seq=3 ttl=64 time=0.034 ms
64 bytes from 192.168.56.202: icmp_seq=4 ttl=64 time=0.042 ms

--- 192.168.56.202 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3068ms
rtt min/avg/max/mdev = 0.019/0.045/0.087/0.026 ms

via: https://www.2daygeek.com/how-to-add-additional-ip-secondary-ip-in-ubuntu-debian-system/

作者:Prakash Subramanian 选题:lujun9972 译者:MjSeven 校对:wxy

本文由 LCTT 原创编译,Linux中国 荣誉推出

这是一个非常基础的话题,在 Linux 中,每个人都知道如何使用 id 来查找用户信息。一些用户也从 /etc/passwd 文件中过滤用户信息。

我们还使用其它命令来获取用户信息。

你可能会问,为什么要讨论这个基础话题呢?即使我也这么认为,因为除了这两个之外没有更好的方法了,但是我们也有一些不错的选择。

与这两者相比,那些命令提供了更详细的信息,这对于新手非常有帮助。

这是帮助管理员在 Linux 中查找用户信息的基本命令之一。Linux 中的一切都是文件,甚至用户信息都存储在一个文件中。

建议阅读:

所有用户都被添加在 /etc/passwd 文件中,这里保留了用户名和其它相关详细信息。在 Linux 中创建用户时,用户详细信息将存储在 /etc/passwd 文件中。passwd 文件将每个用户详细信息保存为一行,包含 7 字段。

我们可以使用以下 6 种方法来查看用户信息。

  • id:为指定的用户名打印用户和组信息。
  • getent:从 Name Service Switch 库中获取条目。
  • /etc/passwd: 文件包含每个用户的详细信息,每个用户详情是一行,包含 7 个字段。
  • finger:用户信息查询程序
  • lslogins:显示系统中已有用户的信息
  • compgen:是 bash 内置命令,它将显示用户的所有可用命令。

1) 使用 id 命令

id 代表 身份 identity 。它输出真实有效的用户和组 ID。也可以输出指定用户或当前用户的用户和组信息。

# id daygeek
uid=1000(daygeek) gid=1000(daygeek) groups=1000(daygeek),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),118(lpadmin),128(sambashare)

下面是上述输出的详细信息:

  • uid (1000/daygeek): 它显示用户 ID 和用户名
  • gid (1000/daygeek): 它显示用户的组 ID 和名称
  • groups: 它显示用户的附加组 ID 和名称

2) 使用 getent 命令

getent 命令显示 Name Service Switch 库支持的数据库中的条目,这些库在 /etc/nsswitch.conf 中配置。

getent 命令会显示类似于 /etc/passwd 文件的用户详情,它将每个用户的详细信息放在一行,包含 7 个字段。

# getent passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
magesh:x:502:503:2g Admin - Magesh M:/home/magesh:/bin/bash
thanu:x:503:504:2g Editor - Thanisha M:/home/thanu:/bin/bash
sudha:x:504:505:2g Editor - Sudha M:/home/sudha:/bin/bash

下面是关于 7 个字段的详细信息:

magesh:x:502:503:2g Admin - Magesh M:/home/magesh:/bin/bash
  • Username (magesh): 已创建的用户名。字符长度应该在 1 到 32 之间。
  • Password (x): 它表明加密密码存储在 /etc/shadow 文件中。
  • User ID (UID-502): 它表示用户 ID(UID),每个用户应包含唯一的 UID。UID (0-Zero) 保留给 root,UID(1-99)是为系统用户保留的,UID(100-999)是为系统账户/组保留的。
  • Group ID (GID-503): 它表示组 ID(GID),每个组应该包含唯一的 GID,它存储在 /etc/group 文件中。
  • User ID Info (2g Admin - Magesh M): 它表示命令字段。这个字段可用于描述用户信息。
  • Home Directory (/home/magesh): 它表示用户家目录。
  • shell (/bin/bash): 它表示用户的 bash shell。

如果你只想在 getent 命令的输出中显示用户名,使用以下命令格式:

# getent passwd | cut -d: -f1
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
uucp
operator
games
gopher
magesh
thanu
sudha

只显示用户的家目录,使用以下命令格式:

# getent passwd | grep '/home' | cut -d: -f1
centos
prakash
magesh
thanu
sudha

3) 使用 /etc/passwd 文件

/etc/passwd 是一个文本文件,它包含每个用户登录 Linux 系统所必需的的信息。它维护用户的有用信息,如用户名,密码,用户 ID,组 ID,用户 ID 信息,家目录和 shell。/etc/passwd 文件将每个用户详细信息放在一行中,包含 7 个字段,如下所示:

# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
magesh:x:502:503:2g Admin - Magesh M:/home/magesh:/bin/bash
thanu:x:503:504:2g Editor - Thanisha M:/home/thanu:/bin/bash
sudha:x:504:505:2g Editor - Sudha M:/home/sudha:/bin/bash

以下是 7 个字段的详细信息。

magesh:x:502:503:2g Admin - Magesh M:/home/magesh:/bin/bash

字段信息同上。

如果你只想显示 /etc/passwd 文件中的用户名,使用以下格式:

# cut -d: -f1 /etc/passwd
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
uucp
operator
games
gopher
magesh
thanu
sudha

只显示用户的家目录,使用以下格式:

# cat /etc/passwd | grep '/home' | cut -d: -f1
centos
prakash
magesh
thanu
sudha

4) 使用 finger 命令

finger 命令显示有关系统用户的信息。它显示用户的真实姓名,终端名称和写入状态(如果没有写入权限,那么最为终端名称后面的 *),空闲时间和登录时间。

# finger magesh
Login: magesh Name: 2g Admin - Magesh M
Directory: /home/magesh Shell: /bin/bash
Last login Tue Jul 17 22:46 (EDT) on pts/2 from 103.5.134.167
No mail.
No Plan.

以下是上述输出的详细信息:

  • Login: 用户名
  • Name: 附加/有关用户的其它信息
  • Directory: 用户家目录的信息
  • Shell: 用户的 shell 信息
  • LAST-LOGIN: 上次登录日期和其它信息

5) 使用 lslogins 命令

它显示系统已知用户的信息。默认情况下,它将列出系统中所有用户的信息。

lslogins 使用程序的灵感来自于 logins 实用程序,该实用程序最初出现在 FreeBSD 4.10 中。

# lslogins -u
UID USER PWD-LOCK PWD-DENY LAST-LOGIN GECOS
 0 root 0 0 00:17:28 root
500 centos 0 1 Cloud User
501 prakash 0 0 Apr12/04:08 2018/04/12
502 magesh 0 0 Jul17/22:46 2g Admin - Magesh M
503 thanu 0 0 Jul18/00:40 2g Editor - Thanisha M
504 sudha 0 0 Jul18/01:18 2g Editor - Sudha M

以下是上述输出的详细信息:

  • UID: 用户 id
  • USER: 用户名
  • PWD-LOCK: 密码已设置,但是已锁定
  • PWD-DENY: 登录密码是否禁用
  • LAST-LOGIN: 上次登录日期
  • GECOS: 有关用户的其它信息

6) 使用 compgen 命令

compgen 是 bash 内置命令,它将显示所有可用的命令,别名和函数。(LCTT 译注:它的 -u 参数可以列出系统中用户。)

# compgen -u
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
uucp
operator
games
gopher
magesh
thanu
sudha

via: https://www.2daygeek.com/6-easy-ways-to-check-user-name-and-other-information-in-linux/

作者:Prakash Subramanian 选题:lujun9972 译者:MjSeven 校对:wxy

本文由 LCTT 原创编译,Linux中国 荣誉推出

Ubuntu 中有许多实用程序可以将 Linux 内核升级到最新的稳定版本。我们之前已经写过关于这些实用程序的文章,例如 Linux Kernel Utilities (LKU)、 Ubuntu Kernel Upgrade Utility (UKUU) 和 Ubunsys。

另外还有一些其它实用程序可供使用。我们计划在其它文章中包含这些,例如 ubuntu-mainline-kernel.sh 和从主线内核手动安装的方式。

今天我们还会教你类似的使用工具 —— UKTools。你可以尝试使用这些实用程序中的任何一个来将 Linux 内核升级至最新版本。

最新的内核版本附带了安全漏洞修复和一些改进,因此,最好保持最新的内核版本以获得可靠、安全和更好的硬件性能。

有时候最新的内核版本可能会有一些漏洞,并且会导致系统崩溃,这是你的风险。我建议你不要在生产环境中安装它。

建议阅读:

什么是 UKTools

UKTools 意思是 Ubuntu 内核工具,它包含两个 shell 脚本 ukupgradeukpurge

ukupgrade 意思是 “Ubuntu Kernel Upgrade”,它允许用户将 Linux 内核升级到 Ubuntu/Mint 的最新稳定版本以及基于 kernel.ubuntu.com 的衍生版本。

ukpurge 意思是 “Ubuntu Kernel Purge”,它允许用户在机器中删除旧的 Linux 内核镜像或头文件,用于 Ubuntu/Mint 和其衍生版本。它将只保留三个内核版本。

此实用程序没有 GUI,但它看起来非常简单直接,因此,新手可以在没有任何问题的情况下进行升级。

我正在运行 Ubuntu 17.10,目前的内核版本如下:

$ uname -a
Linux ubuntu 4.13.0-39-generic #44-Ubuntu SMP Thu Apr 5 14:25:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

运行以下命令来获取系统上已安装内核的列表(Ubuntu 及其衍生产品)。目前我持有 7 个内核。

$ dpkg --list | grep linux-image
ii linux-image-4.13.0-16-generic 4.13.0-16.19 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-4.13.0-17-generic 4.13.0-17.20 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-4.13.0-32-generic 4.13.0-32.35 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-4.13.0-36-generic 4.13.0-36.40 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-4.13.0-37-generic 4.13.0-37.42 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-4.13.0-38-generic 4.13.0-38.43 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-4.13.0-39-generic 4.13.0-39.44 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-16-generic 4.13.0-16.19 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-17-generic 4.13.0-17.20 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-32-generic 4.13.0-32.35 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-36-generic 4.13.0-36.40 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-37-generic 4.13.0-37.42 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-38-generic 4.13.0-38.43 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-39-generic 4.13.0-39.44 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-generic 4.13.0.39.42 amd64 Generic Linux kernel image

如何安装 UKTools

在 Ubuntu 及其衍生产品上,只需运行以下命令来安装 UKTools 即可。

在你的系统上运行以下命令来克隆 UKTools 仓库:

$ git clone https://github.com/usbkey9/uktools

进入 uktools 目录:

$ cd uktools

运行 Makefile 以生成必要的文件。此外,这将自动安装最新的可用内核。只需重新启动系统即可使用最新的内核。

$ sudo make
[sudo] password for daygeek:
Creating the directories if neccessary
Linking profile.d file for reboot message
Linking files to global sbin directory
Ubuntu Kernel Upgrade - by Mustafa Hasturk
------------------------------------------
This script is based on the work of Mustafa Hasturk and was reworked by
Caio Oliveira and modified and fixed by Christoph Kepler

Current Development and Maintenance by Christoph Kepler

Do you want the Stable Release (if not sure, press y)? (y/n): y
Do you want the Generic kernel? (y/n): y
Do you want to autoremove old kernel? (y/n): y
no crontab for root
Do you want to update the kernel automatically? (y/n): y
Setup complete. Update the kernel right now? (y/n): y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
 linux-headers-4.13.0-16 linux-headers-4.13.0-16-generic linux-headers-4.13.0-17 linux-headers-4.13.0-17-generic linux-headers-4.13.0-32 linux-headers-4.13.0-32-generic linux-headers-4.13.0-36
 linux-headers-4.13.0-36-generic linux-headers-4.13.0-37 linux-headers-4.13.0-37-generic linux-image-4.13.0-16-generic linux-image-4.13.0-17-generic linux-image-4.13.0-32-generic linux-image-4.13.0-36-generic
 linux-image-4.13.0-37-generic linux-image-extra-4.13.0-16-generic linux-image-extra-4.13.0-17-generic linux-image-extra-4.13.0-32-generic linux-image-extra-4.13.0-36-generic
 linux-image-extra-4.13.0-37-generic
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
 lynx-common
The following NEW packages will be installed:
 lynx lynx-common
0 upgraded, 2 newly installed, 0 to remove and 71 not upgraded.
Need to get 1,498 kB of archives.
After this operation, 5,418 kB of additional disk space will be used.
Get:1 http://in.archive.ubuntu.com/ubuntu artful/universe amd64 lynx-common all 2.8.9dev16-1 [873 kB]
Get:2 http://in.archive.ubuntu.com/ubuntu artful/universe amd64 lynx amd64 2.8.9dev16-1 [625 kB]
Fetched 1,498 kB in 12s (120 kB/s)
Selecting previously unselected package lynx-common.
(Reading database ... 441037 files and directories currently installed.)
Preparing to unpack .../lynx-common_2.8.9dev16-1_all.deb ...
Unpacking lynx-common (2.8.9dev16-1) ...
Selecting previously unselected package lynx.
Preparing to unpack .../lynx_2.8.9dev16-1_amd64.deb ...
Unpacking lynx (2.8.9dev16-1) ...
Processing triggers for mime-support (3.60ubuntu1) ...
Processing triggers for doc-base (0.10.7) ...
Processing 1 added doc-base file...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up lynx-common (2.8.9dev16-1) ...
Setting up lynx (2.8.9dev16-1) ...
update-alternatives: using /usr/bin/lynx to provide /usr/bin/www-browser (www-browser) in auto mode

Cleaning old downloads in /tmp

Downloading the kernel's components...
Checksum for linux-headers-4.16.7-041607-generic_4.16.7-041607.201805021131_amd64.deb succeed
Checksum for linux-image-unsigned-4.16.7-041607-generic_4.16.7-041607.201805021131_amd64.deb succeed
Checksum for linux-modules-4.16.7-041607-generic_4.16.7-041607.201805021131_amd64.deb succeed

Downloading the shared kernel header...
Checksum for linux-headers-4.16.7-041607_4.16.7-041607.201805021131_all.deb succeed

Installing Kernel and Headers...
Selecting previously unselected package linux-headers-4.16.7-041607.
(Reading database ... 441141 files and directories currently installed.)
Preparing to unpack .../linux-headers-4.16.7-041607_4.16.7-041607.201805021131_all.deb ...
Unpacking linux-headers-4.16.7-041607 (4.16.7-041607.201805021131) ...
Selecting previously unselected package linux-headers-4.16.7-041607-generic.
Preparing to unpack .../linux-headers-4.16.7-041607-generic_4.16.7-041607.201805021131_amd64.deb ...
Unpacking linux-headers-4.16.7-041607-generic (4.16.7-041607.201805021131) ...
Selecting previously unselected package linux-image-unsigned-4.16.7-041607-generic.
Preparing to unpack .../linux-image-unsigned-4.16.7-041607-generic_4.16.7-041607.201805021131_amd64.deb ...
Unpacking linux-image-unsigned-4.16.7-041607-generic (4.16.7-041607.201805021131) ...
Selecting previously unselected package linux-modules-4.16.7-041607-generic.
Preparing to unpack .../linux-modules-4.16.7-041607-generic_4.16.7-041607.201805021131_amd64.deb ...
Unpacking linux-modules-4.16.7-041607-generic (4.16.7-041607.201805021131) ...
Setting up linux-headers-4.16.7-041607 (4.16.7-041607.201805021131) ...
dpkg: dependency problems prevent configuration of linux-headers-4.16.7-041607-generic:
 linux-headers-4.16.7-041607-generic depends on libssl1.1 (>= 1.1.0); however:
 Package libssl1.1 is not installed.

Setting up linux-modules-4.16.7-041607-generic (4.16.7-041607.201805021131) ...
Setting up linux-image-unsigned-4.16.7-041607-generic (4.16.7-041607.201805021131) ...
I: /vmlinuz.old is now a symlink to boot/vmlinuz-4.13.0-39-generic
I: /initrd.img.old is now a symlink to boot/initrd.img-4.13.0-39-generic
I: /vmlinuz is now a symlink to boot/vmlinuz-4.16.7-041607-generic
I: /initrd.img is now a symlink to boot/initrd.img-4.16.7-041607-generic
Processing triggers for linux-image-unsigned-4.16.7-041607-generic (4.16.7-041607.201805021131) ...
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-4.16.7-041607-generic
/etc/kernel/postinst.d/zz-update-grub:
Generating grub configuration file ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-4.16.7-041607-generic
Found initrd image: /boot/initrd.img-4.16.7-041607-generic
Found linux image: /boot/vmlinuz-4.13.0-39-generic
Found initrd image: /boot/initrd.img-4.13.0-39-generic
Found linux image: /boot/vmlinuz-4.13.0-38-generic
Found initrd image: /boot/initrd.img-4.13.0-38-generic
Found linux image: /boot/vmlinuz-4.13.0-37-generic
Found initrd image: /boot/initrd.img-4.13.0-37-generic
Found linux image: /boot/vmlinuz-4.13.0-36-generic
Found initrd image: /boot/initrd.img-4.13.0-36-generic
Found linux image: /boot/vmlinuz-4.13.0-32-generic
Found initrd image: /boot/initrd.img-4.13.0-32-generic
Found linux image: /boot/vmlinuz-4.13.0-17-generic
Found initrd image: /boot/initrd.img-4.13.0-17-generic
Found linux image: /boot/vmlinuz-4.13.0-16-generic
Found initrd image: /boot/initrd.img-4.13.0-16-generic
Found memtest86+ image: /boot/memtest86+.elf
Found memtest86+ image: /boot/memtest86+.bin
done

Thanks for using this script! Hope it helped.
Give it a star: https://github.com/MarauderXtreme/uktools

重新启动系统以激活最新的内核。

$ sudo shutdown -r now

一旦系统重新启动,重新检查内核版本。

$ uname -a
Linux ubuntu 4.16.7-041607-generic #201805021131 SMP Wed May 2 15:34:55 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

此 make 命令会将下面的文件放到 /usr/local/bin 目录中。

do-kernel-upgrade
do-kernel-purge

要移除旧内核,运行以下命令:

$ do-kernel-purge

Ubuntu Kernel Purge - by Caio Oliveira

This script will only keep three versions: the first and the last two, others will be purge

---Current version:
Linux Kernel 4.16.7-041607 Generic (linux-image-4.16.7-041607-generic)

---Versions to remove:
4.13.0-16
4.13.0-17
4.13.0-32
4.13.0-36
4.13.0-37

---Do you want to remove the old kernels/headers versions? (Y/n): y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
 linux-headers-4.13.0-17 linux-headers-4.13.0-17-generic linux-headers-4.13.0-32 linux-headers-4.13.0-32-generic linux-headers-4.13.0-36 linux-headers-4.13.0-36-generic linux-headers-4.13.0-37
 linux-headers-4.13.0-37-generic linux-image-4.13.0-17-generic linux-image-4.13.0-32-generic linux-image-4.13.0-36-generic linux-image-4.13.0-37-generic linux-image-extra-4.13.0-17-generic
 linux-image-extra-4.13.0-32-generic linux-image-extra-4.13.0-36-generic linux-image-extra-4.13.0-37-generic
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
 linux-headers-4.13.0-16* linux-headers-4.13.0-16-generic* linux-image-4.13.0-16-generic* linux-image-extra-4.13.0-16-generic*
0 upgraded, 0 newly installed, 4 to remove and 71 not upgraded.
After this operation, 318 MB disk space will be freed.
(Reading database ... 465582 files and directories currently installed.)
Removing linux-headers-4.13.0-16-generic (4.13.0-16.19) ...
Removing linux-headers-4.13.0-16 (4.13.0-16.19) ...
Removing linux-image-extra-4.13.0-16-generic (4.13.0-16.19) ...
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
update-initramfs: Generating /boot/initrd.img-4.13.0-16-generic
run-parts: executing /etc/kernel/postinst.d/unattended-upgrades 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
run-parts: executing /etc/kernel/postinst.d/update-notifier 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
Generating grub configuration file ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-4.16.7-041607-generic
Found initrd image: /boot/initrd.img-4.16.7-041607-generic
Found linux image: /boot/vmlinuz-4.13.0-39-generic
Found initrd image: /boot/initrd.img-4.13.0-39-generic
Found linux image: /boot/vmlinuz-4.13.0-38-generic
Found initrd image: /boot/initrd.img-4.13.0-38-generic
Found linux image: /boot/vmlinuz-4.13.0-37-generic
Found initrd image: /boot/initrd.img-4.13.0-37-generic
Found linux image: /boot/vmlinuz-4.13.0-36-generic
Found initrd image: /boot/initrd.img-4.13.0-36-generic
Found linux image: /boot/vmlinuz-4.13.0-32-generic
Found initrd image: /boot/initrd.img-4.13.0-32-generic
Found linux image: /boot/vmlinuz-4.13.0-17-generic
Found initrd image: /boot/initrd.img-4.13.0-17-generic
Found linux image: /boot/vmlinuz-4.13.0-16-generic
Found initrd image: /boot/initrd.img-4.13.0-16-generic
Found memtest86+ image: /boot/memtest86+.elf
Found memtest86+ image: /boot/memtest86+.bin
done
Removing linux-image-4.13.0-16-generic (4.13.0-16.19) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
update-initramfs: Deleting /boot/initrd.img-4.13.0-16-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
Generating grub configuration file ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-4.16.7-041607-generic
Found initrd image: /boot/initrd.img-4.16.7-041607-generic
Found linux image: /boot/vmlinuz-4.13.0-39-generic
Found initrd image: /boot/initrd.img-4.13.0-39-generic
Found linux image: /boot/vmlinuz-4.13.0-38-generic
Found initrd image: /boot/initrd.img-4.13.0-38-generic
Found linux image: /boot/vmlinuz-4.13.0-37-generic
Found initrd image: /boot/initrd.img-4.13.0-37-generic
Found linux image: /boot/vmlinuz-4.13.0-36-generic
Found initrd image: /boot/initrd.img-4.13.0-36-generic
Found linux image: /boot/vmlinuz-4.13.0-32-generic
Found initrd image: /boot/initrd.img-4.13.0-32-generic
Found linux image: /boot/vmlinuz-4.13.0-17-generic
Found initrd image: /boot/initrd.img-4.13.0-17-generic
Found memtest86+ image: /boot/memtest86+.elf
Found memtest86+ image: /boot/memtest86+.bin
done
(Reading database ... 430635 files and directories currently installed.)
Purging configuration files for linux-image-extra-4.13.0-16-generic (4.13.0-16.19) ...
Purging configuration files for linux-image-4.13.0-16-generic (4.13.0-16.19) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
Reading package lists... Done
Building dependency tree
Reading state information... Done
.
.
.
.
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
 linux-headers-4.13.0-37* linux-headers-4.13.0-37-generic* linux-image-4.13.0-37-generic* linux-image-extra-4.13.0-37-generic*
0 upgraded, 0 newly installed, 4 to remove and 71 not upgraded.
After this operation, 321 MB disk space will be freed.
(Reading database ... 325772 files and directories currently installed.)
Removing linux-headers-4.13.0-37-generic (4.13.0-37.42) ...
Removing linux-headers-4.13.0-37 (4.13.0-37.42) ...
Removing linux-image-extra-4.13.0-37-generic (4.13.0-37.42) ...
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
update-initramfs: Generating /boot/initrd.img-4.13.0-37-generic
run-parts: executing /etc/kernel/postinst.d/unattended-upgrades 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
run-parts: executing /etc/kernel/postinst.d/update-notifier 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
Generating grub configuration file ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-4.16.7-041607-generic
Found initrd image: /boot/initrd.img-4.16.7-041607-generic
Found linux image: /boot/vmlinuz-4.13.0-39-generic
Found initrd image: /boot/initrd.img-4.13.0-39-generic
Found linux image: /boot/vmlinuz-4.13.0-38-generic
Found initrd image: /boot/initrd.img-4.13.0-38-generic
Found linux image: /boot/vmlinuz-4.13.0-37-generic
Found initrd image: /boot/initrd.img-4.13.0-37-generic
Found memtest86+ image: /boot/memtest86+.elf
Found memtest86+ image: /boot/memtest86+.bin
done
Removing linux-image-4.13.0-37-generic (4.13.0-37.42) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
update-initramfs: Deleting /boot/initrd.img-4.13.0-37-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
Generating grub configuration file ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-4.16.7-041607-generic
Found initrd image: /boot/initrd.img-4.16.7-041607-generic
Found linux image: /boot/vmlinuz-4.13.0-39-generic
Found initrd image: /boot/initrd.img-4.13.0-39-generic
Found linux image: /boot/vmlinuz-4.13.0-38-generic
Found initrd image: /boot/initrd.img-4.13.0-38-generic
Found memtest86+ image: /boot/memtest86+.elf
Found memtest86+ image: /boot/memtest86+.bin
done
(Reading database ... 290810 files and directories currently installed.)
Purging configuration files for linux-image-extra-4.13.0-37-generic (4.13.0-37.42) ...
Purging configuration files for linux-image-4.13.0-37-generic (4.13.0-37.42) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic

Thanks for using this script!!!

使用以下命令重新检查已安装内核的列表。它将只保留三个旧的内核。

$ dpkg --list | grep linux-image
ii linux-image-4.13.0-38-generic 4.13.0-38.43 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-4.13.0-39-generic 4.13.0-39.44 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-38-generic 4.13.0-38.43 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-39-generic 4.13.0-39.44 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-generic 4.13.0.39.42 amd64 Generic Linux kernel image
ii linux-image-unsigned-4.16.7-041607-generic 4.16.7-041607.201805021131 amd64 Linux kernel image for version 4.16.7 on 64 bit x86 SMP

下次你可以调用 do-kernel-upgrade 实用程序来安装新的内核。如果有任何新内核可用,那么它将安装。如果没有,它将报告当前没有可用的内核更新。

$ do-kernel-upgrade
Kernel up to date. Finishing

再次运行 do-kernel-purge 命令以确认。如果发现超过三个内核,那么它将移除。如果不是,它将报告没有删除消息。

$ do-kernel-purge

Ubuntu Kernel Purge - by Caio Oliveira

This script will only keep three versions: the first and the last two, others will be purge

---Current version:
Linux Kernel 4.16.7-041607 Generic (linux-image-4.16.7-041607-generic)
Nothing to remove!

Thanks for using this script!!!

via: https://www.2daygeek.com/uktools-easy-way-to-install-latest-stable-linux-kernel-on-ubuntu-mint-and-derivatives/

作者:Prakash Subramanian 选题:lujun9972 译者:MjSeven 校对:wxy

本文由 LCTT 原创编译,Linux中国 荣誉推出

当你使用默认密码创建用户时,你必须强制用户在下一次登录时更改密码。

当你在一个组织中工作时,此选项是强制性的。因为老员工可能知道默认密码,他们可能会也可能不会尝试不当行为。

这是安全投诉之一,所以,确保你必须以正确的方式处理此事而无任何失误。即使是你的团队成员也要一样做。

大多数用户都很懒,除非你强迫他们更改密码,否则他们不会这样做。所以要做这个实践。

出于安全原因,你需要经常更改密码,或者至少每个月更换一次。

确保你使用的是难以猜测的密码(大小写字母,数字和特殊字符的组合)。它至少应该为 10-15 个字符。

我们运行了一个 shell 脚本来在 Linux 服务器中创建一个用户账户,它会自动为用户附加一个密码,密码是实际用户名和少量数字的组合。

我们可以通过使用以下两种方法来实现这一点:

  • passwd 命令
  • chage 命令

建议阅读:

方法 1:使用 passwd 命令

passwd 的意思是“密码”。它用于更新用户的身份验证令牌。passwd 命令/实用程序用于设置、修改或更改用户的密码。

普通的用户只能更改自己的账户,但超级用户可以更改任何账户的密码。

此外,我们还可以使用其他选项,允许用户执行其他活动,例如删除用户密码、锁定或解锁用户账户、设置用户账户的密码过期时间等。

在 Linux 中这可以通过调用 Linux-PAM 和 Libuser API 执行。

在 Linux 中创建用户时,用户详细信息将存储在 /etc/passwd 文件中。passwd 文件将每个用户的详细信息保存为带有七个字段的单行。

此外,在 Linux 系统中创建新用户时,将更新以下四个文件。

  • /etc/passwd: 用户详细信息将在此文件中更新。
  • /etc/shadow: 用户密码信息将在此文件中更新。
  • /etc/group: 新用户的组详细信息将在此文件中更新。
  • /etc/gshadow: 新用户的组密码信息将在此文件中更新。

如何使用 passwd 命令执行此操作

我们可以使用 passwd 命令并添加 -e 选项来执行此操作。

为了测试这一点,让我们创建一个新用户账户,看看它是如何工作的。

# useradd -c "2g Admin - Magesh M" magesh && passwd magesh
Changing password for user magesh.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

使用户账户的密码失效,那么在下次登录尝试期间,用户将被迫更改密码。

# passwd -e magesh
Expiring password for user magesh.
passwd: Success

当我第一次尝试使用此用户登录系统时,它要求我设置一个新密码。

login as: magesh
[email protected]'s password:
You are required to change your password immediately (root enforced)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user magesh.
Changing password for magesh.
(current) UNIX password:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Connection to localhost closed.

方法 2:使用 chage 命令

chage 意即“改变时间”。它会更改用户密码过期信息。

chage 命令会改变上次密码更改日期之后需要修改密码的天数。系统使用此信息来确定用户何时必须更改他/她的密码。

它允许用户执行其他活动,例如设置帐户到期日期,到期后设置密码失效,显示帐户过期信息,设置密码更改前的最小和最大天数以及设置到期警告天数。

如何使用 chage 命令执行此操作

让我们在 chage 命令的帮助下,通过添加 -d 选项执行此操作。

为了测试这一点,让我们创建一个新用户帐户,看看它是如何工作的。我们将创建一个名为 thanu 的用户帐户。

# useradd -c "2g Editor - Thanisha M" thanu && passwd thanu
Changing password for user thanu.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

要实现这一点,请使用 chage 命令将用户的上次密码更改日期设置为 0。

# chage -d 0 thanu

# chage -l thanu
Last password change : Jul 18, 2018
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

当我第一次尝试使用此用户登录系统时,它要求我设置一个新密码。

login as: thanu
[email protected]'s password:
You are required to change your password immediately (root enforced)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user thanu.
Changing password for thanu.
(current) UNIX password:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Connection to localhost closed.

via: https://www.2daygeek.com/how-to-force-user-to-change-password-on-next-login-in-linux/

作者:Prakash Subramanian 选题:lujun9972 译者:MjSeven 校对:wxy

本文由 LCTT 原创编译,Linux中国 荣誉推出

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5