Linux Dev Cheat Sheet
系统查看
查看Linux系统发行版
查看系统架构
ARM64 / X86-84 / RISC-V
x86(也称为 Intel 架构或 AMD 架构):
- 这是最常见的桌面和服务器 CPU 架构之一,长期以来在个人电脑中占据主导地位
- 它使用复杂指令集(CISC),支持多种操作模式,兼容性强
- 主要由 Intel 和 AMD 提供
ARM64(也称为 AArch64,ARMv8+):
- 这是 ARM 架构的 64 位版本,常见于手机、嵌入式设备、以及最近越来越多的服务器和桌面设备中(如 Apple Silicon M1/M2)
- 它使用精简指令集(RISC),意味着指令集相对简单、执行效率更高,通常也更省电
- 优势在于 低功耗和高性能的平衡
RISC-V:
- RISC-V 是一个开源的指令集架构(ISA),并且是最灵活和可定制的架构之一
- 它也采用 RISC 架构,且与 ARM 有许多相似之处,但它的 开源特性 使得任何公司或个人都能根据需求定制它
- 目前主要出现在实验性、学术和一些特定的嵌入式系统中,但也有不断增长的商业应用
进程管理
CLI中管理进程
1) 在CLI中输入 Ctrl + C,关闭此运行程序
Ctrl + C -> SIGINT -> kill -2 [PID]
2)在CLI中输入 Ctrl + D,关闭此 Shell / 远程连接
Ctrl + D -> EOF for file
3)关闭一个进程:
| Bash |
|---|
| # 优雅的析构
kill -15 [PID]
# 暴力的终止
kill -9 [PID]
|
-2 and -15 and -9
kill -9 PID: 没得商量,啥都别干,现在就滚🥚kill -2 PID: 赶紧滚,但是你可以先把手头的事情干完kill -15 PID: 差不多应该停了,请你优雅的离职 (礼貌)
top中查看/管理进程
这一部分所有的操作都基于 htop 而不是传统的 top
- 方向键:
↑/↓: 上下移动进程列表←/→: 横向滚动,查看其他列的内容(如 MEM、CPU、PID)
- 搜索进程:
/: 按进程名搜索进程。按下 / 后,输入搜索的进程名,htop 会高亮显示匹配的进程
- 排序进程:
- 杀死进程:
k: 选择一个进程后,你可以按 k 来杀死(终止)它- 弹窗会让你选择一个信号,通常默认是
SIGTERM(终止进程)
- 也可以选择其他信号(如
SIGKILL)来强制结束进程
- 查看进程树:
t: 显示进程树(类似 pstree),这会显示进程之间的父子关系
- 改变进程优先级(Nice 值):
N: 调整进程的 "nice" 值,改变进程的优先级- 对任一进程,默认的
nice 值是 0,负数表示提高优先级,正数表示降低优先级
- 退出htop:
CPU 显示
我们将分别展示在 MacOS 和 Linux 上查看 CPU 信息的方式:
MacOS
指令:
结果
| Bash |
|---|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37 | ❯ sysctl -a | grep cpu
kern.sched_rt_avoid_cpu0: 0
kern.cpu_checkin_interval: 5000
hw.ncpu: 12 # CPU 总数
hw.activecpu: 12 # 当前可用的CPU数量
# 性能级别是0 (perf level 0) -> 最高级别的性能模式
hw.perflevel0.physicalcpu: 8 # 性能级别为0(最高性能)时,开启的CPU数量是8 (物理)
hw.perflevel0.physicalcpu_max: 8 # 性能级别为0(最高性能)时,最高可支持CPU数量为8 (物理)
hw.perflevel0.logicalcpu: 8 # 性能级别为0(最高性能)时,开启的CPU数量是8 (逻辑)
hw.perflevel0.logicalcpu_max: 8 # 性能级别为0(最高性能)时,最高可支持CPU数量为8 (逻辑)
# 性能级别是1 (perf level 1) -> 稍弱点的性能模式
hw.perflevel0.cpusperl2: 4
hw.perflevel1.physicalcpu: 4
hw.perflevel1.physicalcpu_max: 4
hw.perflevel1.logicalcpu: 4
hw.perflevel1.logicalcpu_max: 4
hw.perflevel1.cpusperl2: 4
hw.physicalcpu: 12
hw.physicalcpu_max: 12
hw.logicalcpu: 12
hw.logicalcpu_max: 12
# 这里可以体现出来,没有开超线程
# (current phy_CPUNum 12 / logi_CPUNum 12 = 1)
hw.cputype: 16777228 # Apple Silicon ID
hw.cpusubtype: 2
hw.cpu64bit_capable: 1 # 1: this machine is 64-bit
hw.cpufamily: -634136515
hw.cpusubfamily: 4
machdep.cpu.cores_per_package: 12
machdep.cpu.core_count: 12
machdep.cpu.logical_per_package: 12
machdep.cpu.thread_count: 12
machdep.cpu.brand_string: Apple M2 Pro
|
Linux
指令:
结果
| Bash |
|---|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31 | Architecture: aarch64 # ARM架构
CPU op-mode(s): 64-bit # 64-bit machine
Byte Order: Little Endian
CPU(s): 12 # physical CPU num
On-line CPU(s) list: 0-11 # CPU that works
Thread(s) per core: 1 # 说明没开超线程 :)
Core(s) per socket: 12 # 每个 CPU 插槽中有 12 个核心
Socket(s): 1 # 电脑只有一个 CPU 插槽
Vendor ID: 0x61
Model: 0
Stepping: 0x0
CPU max MHz: 2000.0000
CPU min MHz: 2000.0000
BogoMIPS: 48.00
# 后面这些都不重要了
Vulnerability Gather data sampling: Not affected
Vulnerability Itlb multihit: Not affected
Vulnerability L1tf: Not affected
Vulnerability Mds: Not affected
Vulnerability Meltdown: Not affected
Vulnerability Mmio stale data: Not affected
Vulnerability Reg file data sampling: Not affected
Vulnerability Retbleed: Not affected
Vulnerability Spec rstack overflow: Not affected
Vulnerability Spec store bypass: Vulnerable
Vulnerability Spectre v1: Mitigation; __user pointer sanitization
Vulnerability Spectre v2: Not affected
Vulnerability Srbds: Not affected
Vulnerability Tsx async abort: Not affected
Flags: fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm jscvt fcma lrcpc dcpop sha3 asimddp sha512 asimdfhm dit uscat ilrcpc flagm sb dcpodp flagm2 frint ecv
|
网络检查
1) ifconfig:查看和配置网络接口
看en0即可,可以查到 IPv4 / IPv6 / MAC.Addr
ifconfig -> en0
| Bash |
|---|
| en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
ether 7a:c4:24:e3:6f:b9
inet6 fe80::1c72:880b:75c9:c42e%en0 prefixlen 64 secured scopeid 0xe
inet 192.168.31.130 netmask 0xffffff00 broadcast 192.168.31.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
|
根据这段信息:
- IPV4:
192.168.31.130
- IPV6:
fe80::1c72:880b:75c9:c42e
- MAC Addr:
7a:c4:24:e3:6f:b9
2) ping:测试网络连通性
| Bash |
|---|
| ping 1.1.1.1 # cloudflare
ping 8.8.8.8 # google.com
|
3) curl 和 wget:发送 HTTP 请求
curl 支持更多的协议,灵活度更高,笔者更倾向于用curl- 一般都是用
get,post用的少
| Bash |
|---|
| # GET请求
curl http://example.com
# GET请求,并将响应保存为response.html
curl -o response.html http://example.com
|
4) netstat 或 ss:查看网络连接状态
| Bash |
|---|
| netstat # 相当于CLI简化版的wireshark
# --------------------------------
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
|
Note
| Bash |
|---|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48 | ❯ netstat
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 192.168.31.130.60031 111.29.57.39.14901 ESTABLISHED
tcp4 0 0 198.18.0.1.cbt 198.18.0.3.60030 ESTABLISHED
tcp4 0 0 198.18.0.1.60030 91.108.56.145.https ESTABLISHED
tcp4 0 0 192.168.31.130.60001 113.240.75.252.https ESTABLISHED
tcp4 0 0 198.18.0.1.cbt 198.18.0.3.60000 ESTABLISHED
tcp4 0 0 198.18.0.1.60000 198.18.1.74.https ESTABLISHED
tcp4 0 0 192.168.31.130.59966 111.29.57.39.14901 ESTABLISHED
tcp4 0 0 localhost.7890 localhost.59959 ESTABLISHED
tcp4 0 0 localhost.59959 localhost.7890 ESTABLISHED
tcp4 0 0 192.168.31.130.59958 111.29.57.39.14901 ESTABLISHED
tcp4 0 0 localhost.7890 localhost.59951 ESTABLISHED
tcp4 0 0 localhost.59951 localhost.7890 ESTABLISHED
tcp4 0 0 192.168.31.130.59940 111.29.57.39.14901 ESTABLISHED
tcp4 0 0 localhost.7890 localhost.59933 ESTABLISHED
tcp4 0 0 localhost.59933 localhost.7890 ESTABLISHED
tcp4 0 0 192.168.31.130.59932 111.29.57.39.14901 ESTABLISHED
tcp4 0 0 192.168.31.130.59931 111.29.57.39.14901 ESTABLISHED
tcp4 0 0 localhost.7890 localhost.59930 ESTABLISHED
tcp4 0 0 localhost.59930 localhost.7890 ESTABLISHED
tcp4 0 0 localhost.7890 localhost.59929 ESTABLISHED
tcp4 0 0 localhost.59929 localhost.7890 ESTABLISHED
tcp4 0 0 192.168.31.130.59922 111.29.57.39.14901 ESTABLISHED
tcp4 0 0 localhost.7890 localhost.59919 ESTABLISHED
tcp4 0 0 localhost.59919 localhost.7890 ESTABLISHED
tcp4 0 0 192.168.31.130.59918 111.29.57.39.14901 ESTABLISHED
tcp4 0 0 localhost.7890 localhost.59917 ESTABLISHED
tcp4 0 0 localhost.59917 localhost.7890 ESTABLISHED
tcp4 0 0 192.168.31.130.59916 111.29.57.39.14901 ESTABLISHED
tcp4 0 0 localhost.7890 localhost.59913 ESTABLISHED
tcp4 0 0 localhost.59913 localhost.7890 ESTABLISHED
tcp4 0 0 192.168.31.130.59903 111.29.57.39.14901 ESTABLISHED
tcp4 0 0 localhost.7890 localhost.59901 ESTABLISHED
tcp4 0 0 localhost.59901 localhost.7890 ESTABLISHED
tcp4 0 0 192.168.31.130.59900 111.29.57.39.14901 ESTABLISHED
tcp4 0 0 localhost.7890 localhost.59897 ESTABLISHED
tcp4 0 0 localhost.59897 localhost.7890 ESTABLISHED
tcp4 0 0 192.168.31.130.59896 111.29.57.39.14901 ESTABLISHED
tcp4 0 0 localhost.7890 localhost.59895 ESTABLISHED
tcp4 0 0 localhost.59895 localhost.7890 ESTABLISHED
tcp4 0 0 localhost.irdmi localhost.59894 CLOSE_WAIT
tcp4 0 0 localhost.59894 localhost.irdmi FIN_WAIT_2
tcp4 0 0 localhost.irdmi localhost.59820 CLOSE_WAIT
tcp4 0 0 localhost.59820 localhost.irdmi FIN_WAIT_2
tcp4 0 0 localhost.irdmi localhost.59818 CLOSE_WAIT
tcp4 0 0 localhost.59818 localhost.irdmi FIN_WAIT_2
|
5)traceroute (linux) / tcptraceroute (macos)
| Bash |
|---|
| # linux
traceroute 8.8.8.8
# macos
sudo tcptraceroute 8.8.8.8
|
6) wireshark:抓包分析工具
7)nmap:网络端口扫描工具
| Bash |
|---|
| brew install nmap # macos
sudo apt install nmap # linux
|
- 扫描单个主机:
nmap [target] (target: 主机IP, 从ifconfig获得)
- 扫描多个主机:
nmap [target1] [target2] [target3]
- 扫描主机的UDP端口:
nmap -sU [target]
- 扫描整个子网:
nmap [subnet]/24 (subnet: 子网IP, 从ifconfig获得)
- 检测服务的版本信息:
nmap -sV [target]
- 检测某个主机的操作系统:
nmap -O [target]
- 加速: 在上述任一指令加入
-T2 / -T3 / -T4 / -T5 实现加速
- 数字越大加速效果越好,但也更容易被 入侵检测系统(IDS) 发现
Examples on MacOS
主机端口扫描:
| Bash |
|---|
1
2
3
4
5
6
7
8
9
10
11
12
13 | ❯ nmap 10.172.66.0/24
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-27 20:40 CST
Nmap scan report for 10.172.66.43
Host is up (0.000056s latency).
Not shown: 995 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh
445/tcp open microsoft-ds
5000/tcp open upnp
7000/tcp open afs3-fileserver
8080/tcp open http-proxy
Nmap done: 256 IP addresses (1 host up) scanned in 13.10 seconds
|
主机UDP端口扫描:
| Bash |
|---|
1
2
3
4
5
6
7
8
9
10
11
12
13 | ❯ sudo nmap -sU 10.172.66.43
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-27 20:46 CST
Nmap scan report for 10.172.66.43
Host is up (0.00033s latency).
Not shown: 995 closed udp ports (port-unreach)
PORT STATE SERVICE
53/udp open domain
88/udp open kerberos-sec
137/udp open|filtered netbios-ns
138/udp open|filtered netbios-dgm
5353/udp open zeroconf
Nmap done: 1 IP address (1 host up) scanned in 1.35 seconds
|
主机服务检测:
| Bash |
|---|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49 | ❯ nmap -sV -T3 10.172.66.43
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-27 20:40 CST
Nmap scan report for 10.172.66.43
Host is up (0.000066s latency).
Not shown: 995 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 9.8 (protocol 2.0)
445/tcp open microsoft-ds?
5000/tcp open rtsp
7000/tcp open rtsp
8080/tcp open http nginx 1.27.0
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port5000-TCP:V=7.95%I=7%D=2/27%Time=67C05D5A%P=arm-apple-darwin24.1.0%r
SF:(GetRequest,8F,"HTTP/1\.1\x20403\x20Forbidden\r\nContent-Length:\x200\r
SF:\nServer:\x20AirTunes/800\.74\.5\r\nX-Apple-ProcessingTime:\x200\r\nX-A
SF:pple-RequestReceivedTimestamp:\x2034216270\r\n\r\n")%r(RTSPRequest,8F,"
SF:RTSP/1\.0\x20403\x20Forbidden\r\nContent-Length:\x200\r\nServer:\x20Air
SF:Tunes/800\.74\.5\r\nX-Apple-ProcessingTime:\x201\r\nX-Apple-RequestRece
SF:ivedTimestamp:\x2034216290\r\n\r\n")%r(HTTPOptions,8F,"HTTP/1\.1\x20403
SF:\x20Forbidden\r\nContent-Length:\x200\r\nServer:\x20AirTunes/800\.74\.5
SF:\r\nX-Apple-ProcessingTime:\x200\r\nX-Apple-RequestReceivedTimestamp:\x
SF:2034221291\r\n\r\n")%r(FourOhFourRequest,8F,"HTTP/1\.1\x20403\x20Forbid
SF:den\r\nContent-Length:\x200\r\nServer:\x20AirTunes/800\.74\.5\r\nX-Appl
SF:e-ProcessingTime:\x201\r\nX-Apple-RequestReceivedTimestamp:\x2034221295
SF:\r\n\r\n")%r(SIPOptions,A1,"RTSP/1\.0\x20403\x20Forbidden\r\nContent-Le
SF:ngth:\x200\r\nServer:\x20AirTunes/800\.74\.5\r\nCSeq:\x2042\x20OPTIONS\
SF:r\nX-Apple-ProcessingTime:\x200\r\nX-Apple-RequestReceivedTimestamp:\x2
SF:034221299\r\n\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port7000-TCP:V=7.95%I=7%D=2/27%Time=67C05D5F%P=arm-apple-darwin24.1.0%r
SF:(RTSPRequest,8F,"RTSP/1\.0\x20403\x20Forbidden\r\nContent-Length:\x200\
SF:r\nServer:\x20AirTunes/800\.74\.5\r\nX-Apple-ProcessingTime:\x201\r\nX-
SF:Apple-RequestReceivedTimestamp:\x2034216267\r\n\r\n")%r(GetRequest,8F,"
SF:HTTP/1\.1\x20403\x20Forbidden\r\nContent-Length:\x200\r\nServer:\x20Air
SF:Tunes/800\.74\.5\r\nX-Apple-ProcessingTime:\x201\r\nX-Apple-RequestRece
SF:ivedTimestamp:\x2034221273\r\n\r\n")%r(HTTPOptions,8F,"HTTP/1\.1\x20403
SF:\x20Forbidden\r\nContent-Length:\x200\r\nServer:\x20AirTunes/800\.74\.5
SF:\r\nX-Apple-ProcessingTime:\x200\r\nX-Apple-RequestReceivedTimestamp:\x
SF:2034221283\r\n\r\n")%r(FourOhFourRequest,8F,"HTTP/1\.1\x20403\x20Forbid
SF:den\r\nContent-Length:\x200\r\nServer:\x20AirTunes/800\.74\.5\r\nX-Appl
SF:e-ProcessingTime:\x200\r\nX-Apple-RequestReceivedTimestamp:\x2034221288
SF:\r\n\r\n")%r(SIPOptions,A1,"RTSP/1\.0\x20403\x20Forbidden\r\nContent-Le
SF:ngth:\x200\r\nServer:\x20AirTunes/800\.74\.5\r\nCSeq:\x2042\x20OPTIONS\
SF:r\nX-Apple-ProcessingTime:\x200\r\nX-Apple-RequestReceivedTimestamp:\x2
SF:034221292\r\n\r\n");
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 26.27 seconds
|
主机系统扫描:
| Bash |
|---|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 | ❯ sudo nmap -O 10.172.66.43
Password:
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-27 20:43 CST
Nmap scan report for 10.172.66.43
Host is up (0.00022s latency).
Not shown: 995 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
445/tcp open microsoft-ds
5000/tcp open upnp
7000/tcp open afs3-fileserver
8080/tcp open http-proxy
Device type: general purpose
Running: Apple macOS 12.X
OS CPE: cpe:/o:apple:mac_os_x:12
OS details: Apple macOS 12 (Monterey) (Darwin 21.1.0 - 21.6.0)
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.46 seconds
|
8)nginx:Web服务器 + 反向代理服务器(轻量级/高并发处理强)