6 个鲜为人知但非常有用的 Linux 命令

人是习惯的动物。这种说法有好有坏。好的一面是我们每次做事时都倾向于以同样的方式做事。坏的一面是我们不愿意打破常规。这种常规使变化保持一致，并将意外降到最低。任何系统管理员最 不想听到另一个系统管理员说“哎呀”。但那是另一个故事。今天的主题是不熟悉的命令。确切地说是六个不熟悉的命令。我认为你会喜欢这些命令，因为它们很有用，而且超出了大多数系统管理员的视野。它们按字母顺序排列。

[ 你可能还喜欢： 我生活中离不开的 11 个 Linux 命令]

1. ac（会计）

用户记账命令ac为系统管理员提供从/var/log/wtmp文件中读取的所有系统用户的连接时间统计信息。如果系统管理员或经理想要记录用户在系统上的连接时间，这将非常有用。当然，它只跟踪连接而不是活动，因此不要假设显示为连接了六个小时的用户实际上已经在某项特定任务上工作了整整六个小时。

任何用户都可以执行该ac命令。最有用的选项是-dp。该-d选项显示连接时间的“每日总计”。该-p选项提供每个用户的连接统计信息。您可以单独使用这些选项，也可以组合使用这些选项以提供更详细的分析。

$ ac -d
Apr 21	total        8.16
Apr 26	total      119.99
Apr 27	total       18.41
Today	total        0.06

$ ac -p
	bob         2.28
	root      140.48
	khess       3.87
	total     146.62

$ ac -dp
	root                       8.16
Apr 21	total        8.16
	root                     119.99
Apr 26	total      119.99
	root                      12.33
	bob                        2.28
	khess                      3.80
Apr 27	total       18.41
	khess                      0.12
Today	total        0.12

如您所见，该ac命令为您提供了一些有关连接性的有趣且有用的信息。上面显示的最有说服力的统计数据是 root 用户登录的连接时间。这意味着系统管理员在离开时让自己登录到系统，或者存在安全漏洞。在这两种情况下，都需要进一步调查情况。

2. 德尔夫

十一、十二、挖掘和深入 ，这些就是童谣。它似乎符合dig和delv都与 DNS 相关的事实，所以我就用它了。该命令与和delv相关，但通过不仅发送 DNS 查询而且验证它，进一步深入DNS 记录。dignslookup

您的响应中可能会收到大量 未签名的答复消息。如果 DNS 区域不包含 DS 记录（当 (DNS 安全) DNSSEC 激活时需要），则假定它是未签名的 DNS 而不是 DNSSEC。响应将被视为完全验证、未签名或无效。如果您未在查询中指定 DNS 服务器，则delv使用本地的 DNS 服务器/etc/resolv.conf。如果记录无效，delv 通常会给出记录无效的原因。

I don't pretend to know all of the details of DNSSEC or delv, I just know for those who need to know, it's a very useful command. Here are three examples of practical delv usage. The first is an example of a fully validated domain, dnsworkshop.org.

$ delv dnsworkshop.org mx +multi
; fully validated
dnsworkshop.org.	3600 IN	MX 10 smtp5.strotmann.de.
dnsworkshop.org.	3600 IN	MX 200 smtp3.strotmann.de.
dnsworkshop.org.	3600 IN	RRSIG MX 8 2 3600 (
				20210530204044 20210430195221 63654 dnsworkshop.org.
				t+sjQNNTOD0q3cCAqUlmzs2OaRapez++9HnjQ0zbYYP7
				go3pu6xUjFmGP1OrDhI+Udhfma1BGxqmHTwHo7UotXDx
				S9emNuDZVESV6D07HxHbhNqFYjt2jHc8dpLtKjAOmWpA
				Lf8fhHRjfNpkng5zoTBKLmghWlLnBPpXy0p6gU8= )

The second, an unsigned one, which is perhaps more common to see:

$ delv pbs.org mx +multi
; unsigned answer
pbs.org.		300 IN MX 10 mxb-00303201.gslb.pphosted.com.
pbs.org.		300 IN MX 10 mxa-00303201.gslb.pphosted.com.

The third is an example of a "parked" domain.

$ delv sillygoose.org mx +multi
;; resolution failed: ncache nxrrset
; negative response, unsigned answer
; sillygoose.org.		300 IN \-MX ;-$NXRRSET
; sillygoose.org. SOA ns1.namefind.com. dns.jomax.net. 2019022600 28800 7200 604800 300

Please, feel free to explore delv further for all your DNS and DNSSEC needs.

3. dir

No, this isn't one of my bad Dad jokes. The dir command is real. Yes, it's really a copy of the ls command but it's for those of you who might accidentally type dir rather than ls because you've worked with the Microsoft Windows command line and can't break the habit. 

$ ls -la /usr/bin/dir
-rwxr-xr-x. 1 root root 143368 Apr 14  2020 /usr/bin/dir
$ ls -la /usr/bin/ls
-rwxr-xr-x. 1 root root 143368 Apr 14  2020 /usr/bin/ls

And, no, it's not a hard link. The two commands have different inode numbers. Please test that if you don't believe me. 

4. dos2unix

Here's another command that attempts to help with cross-platform compatibility. I've had it happen more times than I can count that I create or receive a file created on Microsoft Windows that seems to fail if I use it on Linux. Text files will often have invisible "control" characters at the end of the lines that prevent parsing on Linux. This is where the dos2unix command rushes in to fix such things. Dos2unix removes those ^M and ^V control characters located at the end of lines that you might see when you vi/vim a file. Sure, you can remove them if you know how to globally replace such characters with vi, but it's a pain otherwise.

one^M^V
two^M^V
three^M^V
four^M^V
five^M^V

or

one^M
two^M
three^M
four^M
five^M

These "control" characters will often appear in a different color that I can't reproduce here. The dos2unix command strips those for you. Before I discovered it, I had to go in and remove them manually with a global replace macro or use sed at the command line.

5. fold

The fold command is new to me but is useful for those of us who tend to write very long lines of code or documentation inside a file. This command has a single purpose: To "wrap each input line to fit in specified width (From the fold man page)."  In other words, if you have a limitation of 80 characters in a display or content management system (CMS), then you can adjust a file's width by folding it at the 80th character. 80 character folding is the default.

$ cat test.txt
This is a folding test.

obomb9jdf;amfd;asmf;dasjpsdaoddsofdsfmdsfmdsofsdjsdmfl.dsfmsdhsdlfsdlfjmds.fmsd.fndsdjdsf;djs;fmdslfmdslfm.dsfsl

$ fold test.txt
This is a folding test.

obomb9jdf;amfd;asmf;dasjpsdaoddsofdsfmdsfmdsofsdjsdmfl.dsfmsdhsdlfsdlfjmds.fmsd.
fndsdjdsf;djs;fmdslfmdslfm.dsfsl

The fold command does not rewrite the file. If you run cat test.txt, the output looks the same as the cat command above does. To rewrite the folded file, you have to redirect it to a file name.

$ fold test.txt > folded.txt

$ cat folded.txt
This is a folding test.

obomb9jdf;amfd;asmf;dasjpsdaoddsofdsfmdsfmdsofsdjsdmfl.dsfmsdhsdlfsdlfjmds.fmsd.
fndsdjdsf;djs;fmdslfmdslfm.dsfsl

If you don't want to use the 80 character default, then you can specify a width such as 50 using the -w option.

$ fold -w 50 test.txt
This is a folding test.

obomb9jdf;amfd;asmf;dasjpsdaoddsofdsfmdsfmdsofsdjs
dmfl.dsfmsdhsdlfsdlfjmds.fmsd.fndsdjdsf;djs;fmdslf
mdslfm.dsfsl

You can specify the number of bytes or characters for folding long lines if you don't like columns. You can also fold at spaces.

6. zipcloak

The zipcloak command encrypts the contents of zip files. The command is easy to use and works without any issues or drama. By issues and drama, I mean that you don't have to supply a lot of options or worry about complex syntax to get the job done. You simply zipcloak a file, supply a password, and you're done. You can only encrypt zip files. You cannot use zipcloak to encrypt tar files for example.

$ zipcloak zipfile.zip
Enter password:
Verify password:
encrypting: eight
encrypting: five
encrypting: four
encrypting: nine
encrypting: one
encrypting: seven
encrypting: six
encrypting: ten
encrypting: three
encrypting: two

$ ls
eight  five  four  nine  one  seven  six  ten  three  two  zipfile.zip

When you unzip the file, you're prompted for the password you used when you encrypted the zip archive.

$ unzip zipfile.zip
Archive:  zipfile.zip
[zipfile.zip] eight password:
 extracting: eight
 extracting: five
 extracting: four
 extracting: nine
 extracting: one
 extracting: seven
 extracting: six
 extracting: ten
 extracting: three
 extracting: two     

As you can see, zipcloak is easy to use and works with no hassle. 

[ Learn the basics of using Kubernetes in this free cheat sheet. ] 

Wrap up

I hope you find these six commands as useful and as handy as I do. No, I don't encrypt a zipped file every day, I don't often need to convert a Windows-created text file to a Unix-compatible one, and I certainly don't have a need to fold a file but once or twice per year, but when I need these services, I need them. And, I need them to be trouble-free, which these are. There aren't a ton of options for any of them nor are they cumbersome in any way. These six commands are great ones to add to your personal sysadmin toolbox.