首先复习一下学过的命令find并添加新的选项
| 选项 | 作用 |
|---|---|
| -amin<分钟> | 查找在指定时间曾被存取过的文件或目录,单位以分钟计算; |
| - atime<24小时数> | 查找在指定时间曾被存取过的文件或目录,单位以24小时计算; |
| - cmin<分钟> | 查找在指定时间之时被更改过的文件或目录; |
| - ctime<24小时数> | 查找在指定时间之时被更改的文件或目录,单位以24小时计算; |
| - mmin<分钟> | 查找在指定时间曾被更改过的文件或目录,单位以分钟计算; |
| - mtime<24小时数> | 查找在指定时间曾被更改过的文件或目录,单位以24小时计算; |
示例:查找大于1MB的文件
[root@localhost ~]# find /boot -type f -size +1M /boot/initramfs-6.6.0-72.0.0.76.oe2403sp1.x86_64.img /boot/vmlinuz-6.6.0-72.0.0.76.oe2403sp1.x86_64 /boot/efi/EFI/openEuler/grubx64.efi /boot/initramfs-0-rescue-5a44ea1f344449c0863349ae24820f72.img /boot/System.map-6.6.0-72.0.0.76.oe2403sp1.x86_64 /boot/vmlinuz-0-rescue-5a44ea1f344449c0863349ae24820f72 /boot/initramfs-6.6.0-72.0.0.76.oe2403sp1.x86_64kdump.img示例:查找最近7天内修改过的文件(注-7为7天内,+7则为7天前)
[root@localhost ~]# find /home -mtime -7 /home /home/user9 /home/user8 /home/lynn /home/lynn/.bash_history /home/user6 /home/user10 /home/user1 /home/user3 /home/tom /home/tom/.bash_history /home/user4 /home/user2 /home/user5 /home/user7示例:查找属主为user1的文件
[root@localhost ~]# find /home -user user1 /home/user1 /home/user1/.bash_logout /home/user1/.bash_profile /home/user1/.bashrc
Linux防火墙
防火墙结构
用户态:
iptables: 使用iptables命令对防火墙规则进行管理,必须深度理解网络技术和四表五链,对
于初学者或者网络技术不达标的人员不友好
firewalld:使用firewall-cmd命令对防火墙进行管理,采用的是区域划分的形式。不需要连接
底层的四表五链,对于初学者比较友好
ufw: 使用ufw命令对防火墙进行管理,命令简单易懂。
内核态:
四表: 从内核->用户的顺序: raw -> mangle -> nat -> filter
五链: input、output、forward、prerouting、postrouting
Linux防火墙-Firewalld
查看当前防火墙状态
[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled>
Active: active (running) since Mon 2025-09-08 15:45:07 CST; 15h ago
Docs: man:firewalld(1)
Main PID: 1094 (firewalld)
Tasks: 2 (limit: 21355)
Memory: 61.1M ()
CGroup: /system.slice/firewalld.service
└─1094 /usr/bin/python3 -s /usr/sbin/firewalld --nofork -->如关闭则开启防火墙
[root@localhost ~]# systemctl enable --now firewalld查看firewalld里放行了22号端口的ssh服务
[root@localhost ~]# firewall-cmd --list-all --zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: dhcpv6-client mdns ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:区域分类
九大区域: block、dmz、drop、external、home、internal、public、trusted、work
区域功能:
- public: 公共区域,默认区域
public (active)target: default #区域类型规则icmp-block-inversion: nointerfaces: ens33 #属于该区域的接口sources: #来源services: dhcpv6-client ssh #放行服务的名称ports: #放行端口号protocols: #放行协议masquerade: no #NAT地址转换forward-ports: #转发端口source-ports: #源端口icmp-blocks: #ICMP的阻塞类型,ping的阻塞rich rules: #富规则
- home: 家庭区域
hometarget: defaulticmp-block-inversion: nointerfaces:sources:services: dhcpv6-client mdns samba-client sshports:protocols:masquerade: noforward-ports:source-ports:icmp-blocks:rich rules:
- work: 工作区域
worktarget: defaulticmp-block-inversion: nointerfaces:sources:services: dhcpv6-client sshports:protocols:masquerade: noforward-ports:source-ports:icmp-blocks:rich rules:
- trusted: 完全信任区域
trustedtarget: ACCEPT #不采用默认规则,放行一切icmp-block-inversion: nointerfaces:sources:services:ports:protocols:masquerade: noforward-ports:source-ports:icmp-blocks:rich rules:
internal: 内部区域 (连接内部网络)
internaltarget: defaulticmp-block-inversion: nointerfaces:sources:services: dhcpv6-client mdns samba-client sshports:protocols:masquerade: noforward-ports:source-ports:icmp-blocks:rich rules:
external: 外部区域 (连接外部网络,例如: internet网络)
ternaltarget: defaulticmp-block-inversion: nointerfaces:sources:services: sshports:protocols:masquerade: yes #默认进行NAT地址转换forward-ports:source-ports:icmp-blocks:rich rules:
dmz: 非军事化管理区域(内部的服务器放于该区域)
dmztarget: defaulticmp-block-inversion: nointerfaces:sources:services: sshports:protocols:masquerade: noforward-ports:source-ports:icmp-blocks:rich rules:
drop: 丢弃区域 (丢弃一切流量,不给出任何回应)
droptarget: DROPicmp-block-inversion: nointerfaces:sources:services:ports:protocols:masquerade: noforward-ports:source-ports:icmp-blocks:rich rules:
block: 阻塞区域 (拒绝任何流量,但给出回应)
blocktarget: %%REJECT%%icmp-block-inversion: nointerfaces:sources:services:ports:protocols:masquerade: noforward-ports:source-ports:icmp-blocks:rich rules:
firewall-cmd命令用法
选项
| --list- |
| --get- |
| --set- |
| --add- |
| --remove- |
| --change- |
| --zone= |