1、显示/boot/grub/grub.conf中以至少一个空白字符开头的行;
[root@localhost ~]# grep "^[[:space:]]\+" /boot/grub/grub.conf root (hd0,0) kernel /vmlinuz-2.6.32-573.el6.x86_64 ro root=UUID=7b0461b9-cefa-4cf7-a614-e513eb00f316 rd_NO_LUKS rd_NO_LVM.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet initrd /initramfs-2.6.32-573.el6.x86_64.img
2、显示/etc/rc.d/rc.sysinit文件中以#开头,后面跟至少一个空白字符,而后又有至少一个非空白字符的行;
[root@localhost ~]# grep "^#[[:space:]]\+[^[:space:]]" /etc/rc.d/rc.sysinit # /etc/rc.d/rc.sysinit - run once at boot time # Taken in part from Miquel van Smoorenburg's bcheckrc. # Check SELinux status # Print a text banner. # Only read this once. # Initialize hardware # Set default affinity # Load other user-defined modules # Load modules (for backward compatibility with VARs) # Configure kernel parameters # Set the hostname. # Sync waiting for storage. # Device mapper & related initialization # Start any MD RAID arrays that haven't been started yet # Remount the root filesystem read-write. # Clean up SELinux labels # If relabeling, relabel mount points. # Mount all other filesystems (except for NFS and /proc, which is already # mounted). Contrary to standard usage, # filesystems are NOT unmounted in single user mode. # The 'no' applies to all listed filesystem types. See mount(8). # Update quotas if necessary # Check to see if a full relabel is needed # Initialize pseudo-random number generator # Configure machine if necessary. # Clean out /. # Do we need (w|u)tmpx files? We don't set them up, but the sysadmin might... # Clean up /var. # Clean up utmp/wtmp # Clean up various /tmp bits # Make ICE directory # Start up swapping. # Set up binfmt_misc # Boot time profiles. Yes, this should be somewhere else. # Now that we have all of our basic modules loaded and the kernel going, # let's dump the syslog ring somewhere so we can find it later # create the crash indicator flag to warn on crashes, offer fsck with timeout # Let rhgb know that we're leaving rc.sysinit
3、打出netstat -tan命令执行结果中以‘LISTEN’,后或跟空白字符结尾的行;
[root@localhost ~]# netstat -tan|grep "LISTEN[[:space:]]*$" tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:631 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN
4、添加用户bash, testbash, basher, nologin (此一个用户的shell为/sbin/nologin),而后找出当前系统上其用户名和默认shell相同的用户的信息;
[root@localhost ~]# useradd bash [root@localhost ~]# useradd testbash [root@localhost ~]# useradd basher [root@localhost ~]# useradd -s /sbin/nologin nologin [root@localhost ~]# grep -E "^(\<[a-z]+\>).*\1$" /etc/passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt bash:x:501:501::/home/bash:/bin/bash nologin:x:504:504::/home/nologin:/sbin/nologin
5、显示当前系统上root、fedora或user1用户的默认shell;
[root@localhost ~]# grep -E '^(root|fedora|user1)' /etc/passwd |cut -d : -f 7 /bin/bash /bin/bash /bin/bash
6、找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,形如:hello();
[root@localhost ~]# grep -E "[a-z]+\(\)" / /etc/rc.d/init.d/functions grep: /: Is a directory /etc/rc.d/init.d/functions:fstab_decode_str() { /etc/rc.d/init.d/functions:checkpid() { /etc/rc.d/init.d/functions:__readlink() { /etc/rc.d/init.d/functions:__fgrep() { /etc/rc.d/init.d/functions:__umount_loop() { /etc/rc.d/init.d/functions:__umount_loopback_loop() { /etc/rc.d/init.d/functions:__pids_var_run() { /etc/rc.d/init.d/functions:__pids_pidof() { /etc/rc.d/init.d/functions:daemon() { /etc/rc.d/init.d/functions:killproc() { /etc/rc.d/init.d/functions:pidfileofproc() { /etc/rc.d/init.d/functions:pidofproc() { /etc/rc.d/init.d/functions:status() { /etc/rc.d/init.d/functions:echo_success() { /etc/rc.d/init.d/functions:echo_failure() { /etc/rc.d/init.d/functions:echo_passed() { /etc/rc.d/init.d/functions:echo_warning() { /etc/rc.d/init.d/functions:update_boot_stage() { /etc/rc.d/init.d/functions:success() { /etc/rc.d/init.d/functions:failure() { /etc/rc.d/init.d/functions:passed() { /etc/rc.d/init.d/functions:warning() { /etc/rc.d/init.d/functions:action() { /etc/rc.d/init.d/functions:action_silent() { /etc/rc.d/init.d/functions:strstr() { /etc/rc.d/init.d/functions:confirm() { /etc/rc.d/init.d/functions:get_numeric_dev() { /etc/rc.d/init.d/functions:is_ignored_file() { /etc/rc.d/init.d/functions:is_true() { /etc/rc.d/init.d/functions:is_false() { /etc/rc.d/init.d/functions:apply_sysctl() { /etc/rc.d/init.d/functions:key_is_random() { /etc/rc.d/init.d/functions:find_crypto_mount_point() { /etc/rc.d/init.d/functions:init_crypto() {
7、使用echo命令输出一个绝对路径,使用grep取出其基名;
扩展:取出其路径名
[root@localhost network-scripts]# echo /etc/sysconfig/network-scripts | grep -o "[^/]*$" network-scripts [root@localhost network-scripts]# echo /etc/sysconfig/network-scripts | grep -oP "^.*(?=/)" /etc/sysconfig
8、找出ifconfig命令结果中的1-255之间数字;
ifconfig |grep -E --color=auto '\<[1-9][0-9]\>|\<1[0-9]{2}\>|\<2[0-4][0-9]\>|\<25[0-5]\>'
9、挑战题:写一个模式,能匹配合理的IP地址;
[root@localhost ~]# ifconfig | egrep -o '(\b([1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}\b([1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\b' 192.168.10.161 192.168.10.255
10、挑战题:写一个模式,能匹配出所有的邮件地址;
grep ^[a-zA-Z0-9_-]*@[A-Za-z0-9_-]*\.[a-zA-Z_-]*$ email.sh
11、查找/var目录下属主为root,且属组为mail的所有文件或目录;
ll -a /var/ | grep 'root mail'
12、查找当前系统上没有属主或属组的文件;
进一步:查找当前系统上没有属主或属组,且最近3天内曾被访问过的文件或目录;
find / \( -nouser -a -nogroup \) -ls
13、查找/etc目录下所有用户都有写权限的文件;
find /etc -perm /222
14、查找/etc目录下大于1M,且类型为普通文件的所有文件;
find /etc -size +1M -type f
15、查找/etc/init.d/目录下,所有用户都有执行权限,且其它用户有写权限的文件;
find /etc/init.d -perm -113
16、查找/usr目录下不属于root、bin或hadoop的文件;
find /usr -not \( -user root -o -user bin -o -user hadoop \)
17、查找/etc/目录下至少有一类用户没有写权限的文件;
find /etc/ -not -perm /222
18、查找/etc目录下最近一周内其内容被修改过,且不属于root或hadoop的文件;
find /etc/ -mtime -7 -a -not \( -user root -o -user hadoop \)
原创文章,作者:huan918,如若转载,请注明出处:http://www.178linux.com/23456
评论列表(1条)
写的很好,排版还可以在漂亮一点,加油