Common Skills
Configuring the Network
Configure the IP address.
Run the
ip
command to configure an address for the interface.interface-name
indicates the name of the NIC.ip addr [ add | del ] address dev interface-name
Configure a static IP address.
# Configure the static IP address. ip address add 192.168.0.10/24 dev enp3s0 # Run the following command as the root user to query the configuration result: ip addr show dev enp3s0 # The result is as follows: 2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 52:54:00:aa:ad:4a brd ff:ff:ff:ff:ff:ff inet 192.168.202.248/16 brd 192.168.255.255 scope global dynamic noprefixroute enp3s0 valid_lft 9547sec preferred_lft 9547sec inet 192.168.0.10/24 scope global enp3s0 valid_lft forever preferred_lft forever inet6 fe80::32e8:cc22:9db2:f4d4/64 scope link noprefixroute valid_lft forever preferred_lft forever
Configure a static route.
Run the
ip route add
command to add a static route to the routing table and run theip route del
command to delete a static route. The common format of theip route
command is as follows:ip route [ add | del | change | append | replace ] destination-address
- To add a static route to the host address, run the following command as the root user:
ip route add 192.168.2.1 via 10.0.0.1 [dev interface-name]
- To add a static route to the network, run the following command as the root user:
ip route add 192.168.2.0/24 via 10.0.0.1 [dev interface-name]
Configure the network using the ifcfg file.
Modify the ifcfg-enp4s0 file generated in the /etc/sysconfig/network-scripts/ directory as the root user. The following is an example:
TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none IPADDR=192.168.0.10 PREFIX=24 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=enp4s0static UUID=xx DEVICE=enp4s0 ONBOOT=yes
Managing RPM Packages
The full name of RPM is RPM Package Manager, which is intended to manage Red Hat software packages. It is used in mainstream distributions such as openEuler, Fedora, Red Hat, Mandriva, SUSE and YellowDog, and distributions developed based on these distributions.
RPM installs the required software to a set of management programs on the Linux host in database record mode. The software to be installed is compiled and packaged, and the default database record in the packaged software records the dependencies required for the software installation. When a user installs the software on a Linux host, RPM checks whether the dependencies on the Linux host meets the requirements based on the data recorded in it.
- If yes, install the software.
- If no, do not install the software.
During the installation, all software information is written into the RPM database for subsequent query, verification, and uninstallation.
Default installation path of the RPM packages
Generally, RPM uses the default installation path. (The default installation path can be queried by running a command and will be described in detail in subsequent sections.) All installation files are distributed to the directories listed in the following table by type.
RPM installation paths and their meanings
Installation Path Description /etc/ Configuration file installation directory /usr/bin/ Installation directory of the executable commands /usr/lib/ Path for storing the function library used by the program /usr/share/doc Location where the basic software user manual is saved /usr/share/man/ Path for saving the help file Note: You can manually specify the installation path of RPM, but this method is not recommended. After the installation path is manually specified, all installation files are installed in the specified path, and the command for querying the installation path in the system cannot be used. The command can be identified by the system only after being manually configured.
rpm command options
Checking the RPM Signature of the Software Package
Before installing the RPM package on a Linux host, check the PGP signature. After ensuring that the signature integrity and source are correct, run the
rpm --checksig
command to verify the validity:rpm --checksig nano-2.3.1-10.el7.x86_64.rpm
Installing RPM Packages
To install RPM packages in Linux, use the
-i
option in therpm
command.rpm -ivh nano-2.3.1-10.el7.x86_64.rpm
-i
: installs the software package.-v
: displays detailed information.-h
: lists flags during suite installation.
Querying an Installed RPM Package
To query an RPM package (dnf) installed in the Linux system, use the
-q
option in therpm
command.rpm -q dnf
-q
: query operation
If the specified package is not installed, the following error message is displayed:
package dnf is not installed
Querying All Installed RPM Packages
To query all RPM packages installed in Linux, use the
-qa
option in therpm
command.$ rpm -qa dracut-config-rescue-055-7.oe2203sp2.x86_64 parted-3.5-1.oe2203sp2.x86_64 irqbalance-1.8.0-9.oe2203sp2.x86_64 ......
Note: When using the
-qa
option, use the pipe character (|) together to improve the search accuracy.Querying Details About an Installed RPM Package
Use the
-qi
option in therpm
command to query the details of an RPM package installed in the system.# rpm -qi python3 Name : python3 Version : 3.9.9 Release : 24.oe2203sp2 Architecture: x86_64 Install Date: Wed 30 Mar 2022 08:30:23 AM UTC Group : Unspecified Size : 35916839 License : Python Signature : RSA/SHA1, Wed 30 Mar 2022 03:29:30 AM UTC, Key ID d557065eb25e7f66 Source RPM : python3-3.9.9-24.oe2203sp2.x86_64.rpm Build Date : Tue 15 Mar 2022 12:00:00 AM UTC Build Host : obs-worker1639015616-x86-0001 Packager : http://openeuler.org Vendor : http://openeuler.org URL : https://www.python.org/ Summary : Interpreter of the Python3 programming language Description : Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C++ (or other languages, depending on the chosen implementation). Python is also usable as an extension language for applications written in other languages that need easy-to-use scripting or automation interfaces. This package Provides python version 3.
Querying All Files in an RPM Package
To query the file list of an RPM package that is not installed, use the
-qlp
option in therpm
command.$ rpm -qlp pkgship-2.2.0-10.oe2203sp2.noarch.rpm /etc/ima/digest_lists.tlv/0-metadata_list-compact_tlv-pkgship-2.2.0-10.oe2203sp2.noarch /etc/ima/digest_lists/0-metadata_list-compact-pkgship-2.2.0-10.oe2203sp2.noarch /etc/pkgship/auto_install_pkgship_requires.sh /etc/pkgship/conf.yaml /etc/pkgship/package.ini ......
Querying RPM Package Dependencies
To query the list of dependency packages compiled by a specified RPM package that is not installed, use the
-qRp
option in therpm
command.$ rpm -qRp pkgship-2.2.0-10.oe2203sp2.noarch.rpm /bin/bash /bin/sh /usr/bin/python3 config(pkgship) = 2.2.0-10.oe2203sp2 python3 python3-Flask-Limiter ......
Verifying All Installed RPM Packages
To verify an installed RPM package, use the
-Va
option in therpm
command to compare the information about the files installed in the package with the information about the files obtained from the package metadata stored in the RPM database.$ rpm -Va S.5....T. c /root/.bashrc .......T. c /etc/yum.repos.d/openEuler.repo S.5....T. c /etc/issue S.5....T. c /etc/issue.net S.5....T. c /etc/csh.login S.5....T. c /etc/profile .M....G.. g /var/log/lastlog .M....... c /boot/grub2/grubenv ......
Output fields of the
rpm -Va
command and their meaningsField Description S The file length changes. M The access permission or type of a file changes. 5 The MD5 checksum changes. D The attributes of a device node change. L The symbolic link of a file changes. U The owner of a file, subdirectory, or device node changes. G The group of a file, subdirectory, or device node changes. T The last modification time of a file changes. Querying the RPM Package of a Specific File
To query an RPM package that provides a specific binary file on Linux, use the
-qf
option in therpm
command.$ rpm -qf /usr/share/doc/pkgship pkgship-2.2.0-10.oe2203sp2.noarch.rpm
Querying Files in an Installed RPM Package
To query the list of installation files of an RPM package, use the
-ql
option in therpm
command.$ rpm -ql dnf /etc/bash_completion.d/dnf /etc/ima/digest_lists.tlv/0-metadata_list-compact_tlv-dnf-4.14.0-14.oe2203sp2.noarch /etc/ima/digest_lists/0-metadata_list-compact-dnf-dnf-4.14.0-14.oe2203sp2.noarch /usr/bin/dnf /usr/lib/systemd/system/dnf-makecache.service /usr/lib/systemd/system/dnf-makecache.timer /usr/share/doc/dnf /usr/share/doc/dnf/AUTHORS /usr/share/doc/dnf/README.rst /usr/share/licenses/dnf /usr/share/licenses/dnf/COPYING /usr/share/licenses/dnf/PACKAGE-LICENSING /var/cache/dnf
Querying the Recently Installed RPM Packages
Linux is a multi-user OS. During the use of Linux, other users may have installed some software packages. To query the recently installed packages in the system, use the
-qa --last
options in therpm
command.$ rpm -qa --last ntp-4.2.8p15-11.oe2203sp2.x86_64 ntpstat-0.6-4.oe2203sp2.noarch ntp-help-4.2.8p15-11.oe2203sp2.noarch
Querying Only the Documents of the Installed RPM Packages
You can obtain the help information of any command from the Linux Man page (path for storing /usr/share/doc/Package_Name-Version_Number/docs* documents). To query the list of documents associated with the installed RPM packages, use the
-qdf
option in therpm
command and enter the binary file path.$ rpm -qdf /usr/bin/grep /usr/share/doc/grep/NEWS /usr/share/doc/grep/README /usr/share/doc/grep/THANKS /usr/share/doc/grep/TODO /usr/share/info/grep.info.gz /usr/share/man/man1/egrep.1.gz /usr/share/man/man1/fgrep.1.gz /usr/share/man/man1/grep.1.gz
Upgrading an Installed RPM Package
You can easily upgrade the installed RPM package to the latest version by using the
-Uvh
option and therpm
command.$ rpm -Uvh pkgship-2.2.0-10.oe2203sp2.noarch.rpm Preparing... ################################# [100%]
Note: When the installed RPM package is upgraded, the old RPM package is deleted and the new RPM package is installed.
Removing an Installed RPM Package
To remove an RPM package installed on the system, use the
-ev
or-e
option in therpm
command.rpm -ev pkgship
Rebuilding the Damaged RPM Database
When you try to update the system using the
yum update
command, you may receive an error message indicating that the RPM database is damaged. If you receive this message, use the--rebuilddb
option in therpm
command to rebuild the database.rm /var/lib/rpm/__db* rpm --rebuilddb
Checking Whether Vulnerabilities in Specific Packages Have Been Fixed
You can use the
--changelog
option in therpm
command and enter the corresponding CVE ID.rpm -q --changelog python-2.6.6 | grep -i "CVE-2019-9636"
Importing the RPM GPG Key
By default, when a new repository is added to the Linux system, the GPG key is automatically imported. You can also use
--import
in therpm
command to manually import the RPM GPG key to check the integrity of a package when downloading it from the repository.rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-OpenEuler-22.03-LTS-SP2
DNF commands
DNF commands
Command Description repolist Displays the configured software repository source. install Installs one or more software packages on Linux. upgrade Upgrades one or more software packages on Linux. list Lists a software package or a group of software packages. info Displays detailed information about a package or package group. updateinfo Displays the bulletin information about a package. search Searches for the specified character string in the software package details. check-update Checks for software package update. remove Removes one or more software packages from the system. reinstall Reinstalls a package. downgrade Downgrades a software package. autoremove Removes all unnecessary software packages that are installed due to dependency relationships. distro-sync Synchronizes the installed software package to the latest available version. makecache Creates a metadata cache. repository-package Runs commands on all software packages in a specified repository. provides Searches for the software package that provides the specified content. group Displays or uses group information. history Displays or uses transaction history. clean Deletes cached data. Displaying Configured Software Repositories
By default, the
--enabled
option is added to display the enabled software repositories.$ dnf repolist --enabled repo id repo name EPOL EPOL OS OS debuginfo debuginfo everything everything pkgship_elasticsearch Elasticsearch repositor source source update update
--all
: displays all software repositories.--disabled
: displays disabled software repositories.--enabled
: displays enabled repositories (default).
Installing One or More Software Packages
You can run the
install
command to install RPM packages.dnf install software_package
Conflicting packages or packages that cannot be installed may exist during software package installation. You can add
--allowerasing
to the command to replace the conflicting packages or--skip-broken
to skip the packages that cannot be installed.dnf install software_package [software_package ...] --allowerasing --skip-broken
When dnf is used to install a software package, add
--installroot
to set the root directory for installing the software package.dnf install software_package --installroot software_package_root_directory
If you need to temporarily specify a repository source for installation, you can add the
--setopt=reposdir=
option to specify the loading directory of the repository source.dnf install software_package --setopt=reposdir=repo_source_directory
If interactive confirmation is not required during installation, you can add
-y
or--assumeyes
to enable all software packages to be installed to automatically answer Yes.dnf install software_package -y
To install an RPM package by specifying a specific repository source, you can specify the
--repo
or--enablerepo
option. To achieve the same effect, you can also use the--disablerepo
option to disable the matched repository source. You are advised to use the--repo
option to install the RPM package.dnf install software_package --repo=repo_source_
Reinstalling a Software Package
You can run the
reinstall
command to reinstall a software package in the system.dnf reinstall software_package
Upgrading One or More Software Packages
- You can use the
upgrade
command to upgrade one or more software packages on Linux.
dnf upgrade software_package [software_package ...]
- You can also run the
update
command to upgrade one or more software packages.
dnf update software_package [software_package ...]
Downgrading a Software Package
If a compatibility problem occurs because the version of a software package is too late, you can downgrade the software package.
dnf downgrade software_package
Listing a Package or a Group of Packages
You can run the
list
command to list the software packages installed in the system and the software packages in the configured repository.dnf list
You can add options to filter the displayed package list.
--all
: displays all software packages (default).--available
: displays only available software packages.--installed
: displays only installed software packages.--extras
: displays only additional software packages.--updates
: displays only the software packages to be upgraded.--upgrades
: displays only the software packages to be upgraded.--autoremove
: displays only the software packages to be removed.--recent
: displays the software packages that have been changed recently.
Querying Details About a Software Package
You can run the
info
command to query details about a software package.dnf info software_package
Searching for a Software Package
If you need to install a software package in the system but you are not sure about the full name of the software package, you can run the
search
command to search for the matched package.dnf search software_package
Uninstalling One or More Software Packages
You can run the
remove
command to remove an expired or duplicate software package.dnf remove software_package
--duplicates
: removes installed (duplicate) software packages.--oldinstallonly
: removes expired installation-only software packages.
Automatically Removing Software Packages Installed Due to Dependency Relationships
You can run the
autoremove
command to remove unnecessary software packages that are installed due to dependency relationships.dnf autoremove software_package
Configuring SSH
Introduction to the SSH service
Secure Shell (SSH) is a reliable protocol that ensures the security of remote login sessions and other network services. The SSH protocol can effectively prevent information leakage during remote management. SSH encrypts transferred data to prevent domain name server (DNS) spoofing and IP spoofing. OpenSSH was created as an open source alternative to the proprietary SSH protocol.
Configuring the SSH Service
# Open and modify the /etc/ssh/sshd_config file. vi /etc/ssh/sshd_config # Restart the SSH service. systemctl restart sshd # Check the SSH service status. systemctl status sshd
Main options in the SSH service configuration file
$ Specify the SSH protocol version. Protocol 2 # Allowed users AllowUsers xxx # Denied users DenyUser root # Configure session timeout. ClientAliveInterval 120 # Disable SSH root login. PermitRootLogin no # Configure or change the SSH port number. Port 1234 # Disable SSH password authentication. PasswordAuthentication no