1、显示/boot/grub/grub.conf中以至少一个空白字符开头的行
[root@cloud ~]# grep -P '^\s+\S' /boot/grub/grub.conf root (hd0,0) kernel /vmlinuz-2.6.32-358.el6.i686 ro root=/dev/mapper/vg_cloud-lv_root rd_NO_LUKS rd_NO_MD rd_LVM_LV=vg_cloud/lv_swap crashkernel=auto.UTF-8 rd_LVM_LV=vg_cloud/lv_root KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet initrd /initramfs-2.6.32-358.el6.i686.img
2、显示/etc/rc.d/rc.sysinit文件中以#开头,后面跟至少一个空白字符,而后又有至少一个非空白字符的行;
[root@cloud ~]# grep -P '^#\s+\S+' /etc/rc.d/rc.sysinit # /etc/rc.d/rc.sysinit - run once at boot time # Taken in part from Miquel van Smoorenburg's bcheckrc. # Check SELinux status # Print a text banner. # Only read this once. # Initialize hardware # Set default affinity # Load other user-defined modules # Load modules (for backward compatibility with VARs) # Configure kernel parameters # Set the hostname. # Sync waiting for storage. # Device mapper & related initialization # Start any MD RAID arrays that haven't been started yet # Remount the root filesystem read-write. # Clean up SELinux labels # If relabeling, relabel mount points. # Mount all other filesystems (except for NFS and /proc, which is already # mounted). Contrary to standard usage, # filesystems are NOT unmounted in single user mode. # The 'no' applies to all listed filesystem types. See mount(8). # Update quotas if necessary # Check to see if a full relabel is needed # Initialize pseudo-random number generator # Configure machine if necessary. # Clean out /. # Do we need (w|u)tmpx files? We don't set them up, but the sysadmin might... # Clean up /var. # Clean up utmp/wtmp # Clean up various /tmp bits # Make ICE directory # Start up swapping. # Set up binfmt_misc # Boot time profiles. Yes, this should be somewhere else. # Now that we have all of our basic modules loaded and the kernel going, # let's dump the syslog ring somewhere so we can find it later # create the crash indicator flag to warn on crashes, offer fsck with timeout # Let rhgb know that we're leaving rc.sysinit
3、打出netstat-tan命令执行结果中以‘LISTEN’,后或跟空白字符结尾的行;
[root@cloud ~]# netstat -tan | grep -P 'LISTEN\s*$' tcp 0 0 0.0.0.0:5902 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8880 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:6002 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:12346 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25151 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:63009 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8388 0.0.0.0:* LISTEN tcp 0 0 :::111 :::* LISTEN tcp 0 0 :::80 :::* LISTEN tcp 0 0 :::14513 :::* LISTEN tcp 0 0 :::6002 :::* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:631 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN tcp 0 0 :::443 :::* LISTEN
4、添加用户bash, testbash, basher, nologin (此一个用户的shell为/sbin/nologin),而后找出当前系统上其用户名和默认shell相同的用户的信息;
[root@cloud ~]# for u in bash testbash basher nologin; do > [ "$u" = "nologin" ] && shell=/sbin/nologin || shell=/bin/bash > useradd -s $shell $u > done [root@cloud ~]# egrep --color '^([^:]*):.*\1$' /etc/passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt bash:x:502:502::/home/bash:/bin/bash nologin:x:505:505::/home/nologin:/sbin/nologin
5、显示当前系统上root、fedora或user1用户的默认shell;
[root@cloud ~]# grep -P '^(?:root|fedora|user1)' /etc/passwd | grep -oP '[^:]*$' /bin/bash /bin/bash /bin/bash
6、找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,形如:hello();
[root@cloud ~]# grep -P '\w+\(\)' /etc/rc.d/init.d/functions fstab_decode_str() { checkpid() { __readlink() { __fgrep() { __umount_loop() { __umount_loopback_loop() { __pids_var_run() { __pids_pidof() { daemon() { killproc() { pidfileofproc() { pidofproc() { status() { echo_success() { echo_failure() { echo_passed() { echo_warning() { update_boot_stage() { success() { failure() { passed() { warning() { action() { strstr() { confirm() { get_numeric_dev() { is_ignored_file() { is_true() { is_false() { apply_sysctl() { key_is_random() { find_crypto_mount_point() { init_crypto() {
7、使用echo命令输出一个绝对路径,使用grep取出其基名;扩展:取出其路径名
[root@cloud ~]# echo /path/to/file | grep -o '[^/]*$' file [root@cloud ~]# echo /path/to/file | grep -oP '^.*(?=/)' /path/to
8、找出ifconfig命令结果中的1-255之间数字;
[root@cloud ~]# ifconfig | egrep -o '\b[1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]\b' 127 1 255 1 128 164
9、挑战题:写一个模式,能匹配合理的IP地址;
[root@host1 ~]# ifconfig | egrep -o '(\b([1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}\b([1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\b' 192.168.124.71 192.168.124.255
10、挑战题:写一个模式,能匹配出所有的邮件地址;
[root@host1 ~]# cat <<EOF | grep -oP '\b[-\w]+@([\w-]+\.){1,}[a-zA-Z]{2,3}\b' > right email: > <tom@163.com> > bbs: sys-admin@126.cn end > >jack@sina.com.cn! > wrong email: > hahhafs@@alsd@@ > asdfa.@sasda.com > asdafs@..com > adaf@.cn > EOF tom@163.com sys-admin@126.cn jack@sina.com.cn
11、查找/var目录下属主为root,且属组为mail的所有文件或目录;
[root@host1 ~]# find /var -user root -a -group mail /var/spool/mail
12、查找当前系统上没有属主或属组的文件; 进一步:查找当前系统上没有属主或属组,且最近3天内曾被访问过的文件或目录;
[root@host1 ~]# find `ls -d /* | egrep -v '/proc|/sys'` -type f \( -nouser -o -nogroup \) -ls 132 4 -rw-r--r-- 1 1005 distro 18 11月 20 2015 /home/mandriva/.bash_logout 133 4 -rw-r--r-- 1 1005 distro 193 11月 20 2015 /home/mandriva/.bash_profile 134 4 -rw-r--r-- 1 1005 distro 231 11月 20 2015 /home/mandriva/.bashrc 135229525 0 -rw-rw---- 1 1005 mail 0 6月 29 17:34 /var/spool/mail/mandriva [root@host1 ~]# find `ls -d /* | egrep -v '/proc|/sys'` \( -nouser -o -nogroup \) -a -atime -3 -ls 131 0 drwx------ 2 1005 distro 59 6月 29 17:34 /home/mandriva
13、查找/etc目录下所有用户都有写权限的文件;
[root@host1 ~]# touch /etc/allwrite.txt && chmod 777 /etc/allwrite.txt [root@host1 ~]# find /etc -type f -perm -0222 -ls 134664121 0 -rwxrwxrwx 1 root root 0 7月 9 12:39 /etc/allwrite.txt
14、查找/etc目录下大于1M,且类型为普通文件的所有文件;
[root@host1 ~]# find /etc -type f -size +1M -ls 67526230 6824 -r--r--r-- 1 root root 6984832 7月 7 23:02 /etc/udev/hwdb.bin 202247550 3772 -rw-r--r-- 1 root root 3858924 11月 21 2015 /etc/selinux/targeted/policy/policy.29
15、查找/etc/init.d/目录下,所有用户都有执行权限,且其它用户有写权限的文件;
[root@host1 ~]# find /etc -type f -perm -0113 -ls 134664121 0 -rwxrwxrwx 1 root root 0 7月 9 12:39 /etc/allwrite.txt
16、查找/usr目录下不属于root、bin或hadoop的文件;
[root@host1 ~]# find /usr -type f ! \( -user root -o -user bin -o -user hadoop \) -ls 202649998 16 -rwsr-sr-x 1 abrt abrt 15336 12月 1 2015 /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
17、查找/etc/目录下至少有一类用户没有写权限的文件;
[root@host1 ~]# find /etc -type f ! -perm -0222 -ls
18、查找/etc目录下最近一周内其内容被修改过,且不属于root或hadoop的文件;
[root@host1 ~]# touch /etc/hello.txt [root@host1 ~]# chown abrt /etc/hello.txt [root@host1 ~]# find /etc -type f ! \( -user root -o -user hadoop \) -mtime -7 -ls 134664122 0 -rw-r--r-- 1 abrt root 0 7月 9 12:50 /etc/hello.txt
原创文章,作者:gateray,如若转载,请注明出处:http://www.178linux.com/23272
评论列表(1条)
写的很好,排版还可以在漂亮一点,加油