1、 显示/boot/grub/grub.conf中以至少一个空白字符开头的行;
[root@localhost ~]# grep "^[[:space:]]\+.*" /boot/grub/grub.conf
root (hd0,0)
kernel /vmlinuz-2.6.32-504.el6.i686 ro root=UUID=e6891007-5edb-4ec9-b9af-2e0a319bcde5 rd_NO_LUKS rd_NO_LVM.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
initrd /initramfs-2.6.32-504.el6.i686.img
[root@localhost ~]#
2、 显示/etc/rc.d/rc.sysinit文件中以#开头,后面跟至少一个空白字符,而后又有至少一个非空白字符的行;
[root@localhost ~]# grep "^#[[:space:]]\+[^[:space:]]" /etc/rc.d/rc.sysinit
# /etc/rc.d/rc.sysinit – run once at boot time
# Taken in part from Miquel van Smoorenburg's bcheckrc.
# Check SELinux status
# Print a text banner.
# Only read this once.
# Initialize hardware
# Set default affinity
# Load other user-defined modules
# Load modules (for backward compatibility with VARs)
# Configure kernel parameters
# Set the hostname.
# Sync waiting for storage.
# Device mapper & related initialization
# Start any MD RAID arrays that haven't been started yet
# Remount the root filesystem read-write.
# Clean up SELinux labels
# If relabeling, relabel mount points.
# Mount all other filesystems (except for NFS and /proc, which is already
# mounted). Contrary to standard usage,
# filesystems are NOT unmounted in single user mode.
# The 'no' applies to all listed filesystem types. See mount(8).
# Update quotas if necessary
# Check to see if a full relabel is needed
# Initialize pseudo-random number generator
# Configure machine if necessary.
# Clean out /.
# Do we need (w|u)tmpx files? We don't set them up, but the sysadmin might…
# Clean up /var.
# Clean up utmp/wtmp
# Clean up various /tmp bits
# Make ICE directory
# Start up swapping.
# Set up binfmt_misc
# Boot time profiles. Yes, this should be somewhere else.
# Now that we have all of our basic modules loaded and the kernel going,
# let's dump the syslog ring somewhere so we can find it later
# create the crash indicator flag to warn on crashes, offer fsck with timeout
# Let rhgb know that we're leaving rc.sysinit
[root@localhost ~]#
3、 打出netstat -tan命令执行结果中以‘LISTEN’,后或跟空白字符结尾的行;
[root@localhost ~]# netstat -tan | grep "LISTEN[[:space:]]*$"
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:631 :::* LISTEN
tcp 0 0 ::1:25 :::* LISTEN
[root@localhost ~]#
4、 添加用户bash, testbash, basher, nologin (此一个用户的shell为/sbin/nologin),而后找出当前系统上其用户名和默认shell相同的用户的信息;
[root@localhost ~]# egrep "^([[:alnum:]]).*\1$" /etc/passwd
nobody:x:99:99:Nobody:/:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
nologin:x:2007:2007::/home/nologin:/sbin/nologin
[root@localhost ~]#
5、 显示当前系统上root、fedora或user1用户的默认shell;
[root@localhost ~]# grep -E '^(root|fedora|user1)' /etc/passwd
root:x:0:0:root:/root:/bin/bash
[root@localhost ~]#
6、 找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,形如:hello();
[root@localhost ~]# grep "[[:alpha:]]\+()" /etc/rc.d/init.d/functions
fstab_decode_str() {
checkpid() {
__readlink() {
__fgrep() {
__umount_loop() {
__umount_loopback_loop() {
__pids_var_run() {
__pids_pidof() {
daemon() {
killproc() {
pidfileofproc() {
pidofproc() {
status() {
echo_success() {
echo_failure() {
echo_passed() {
echo_warning() {
update_boot_stage() {
success() {
failure() {
passed() {
warning() {
action() {
strstr() {
confirm() {
get_numeric_dev() {
is_ignored_file() {
is_true() {
is_false() {
apply_sysctl() {
key_is_random() {
find_crypto_mount_point() {
init_crypto() {
[root@localhost ~]#
7、 使用echo命令输出一个绝对路径,使用grep取出其基名;
[root@localhost ~]# echo /etc/sysconfig/network-scripts | grep -o "[^/]*$"
network-scripts
[root@localhost ~]#
扩展:取出其路径名
[root@localhost ~]# echo /etc/sysconfig/network-scripts | grep -oP "^.*(?=/)"
/etc/sysconfig
[root@localhost ~]#
8、 找出ifconfig命令结果中的1-255之间数字
[root@localhost ~]# ifconfig | egrep -o "[1-9]{1,2}|2[0-5]{1,2}"
29
63
3
89
19
2
16
8
1
13
5
19
2
16
8
1
255
255
255
255
6
8
20
29
63
38
9
64
15
1
68
9
8
36
12
4
1
76
81
97
75
73
2
213
59
88
2
19
202
4
12
7
1
255
6
1
12
8
65
53
6
1
26
26
14
34
1
4
14
34
1
4
[root@localhost ~]#
9、 挑战题:写一个模式,能匹配合理的IP地址;
[root@localhost etc]# ifconfig | egrep -o "[1-9]{1,3}\.[1-9]{1,3}\.[0-9]{1,3}\.[1-9]{1,3}"
192.168.10.135
192.168.10.255
[root@localhost etc]#
10、 挑战题:写一个模式,能匹配出所有的邮件地址;
[root@localhost etc]# cat mail.txt
ddw@163.com
ddw@qq.com
ddw1@129.com
ddw
ddw3444
[root@localhost etc]# cat mail.txt | grep '[[:alnum:]]\+@[[:alnum:]]\+\.[[:alnum:]]\+$'
ddw@163.com
ddw@qq.com
ddw1@129.com
[root@localhost etc]#
11、 查找/var目录下属主为root,且属组为mail的所有文件或目录;
[root@localhost ~]# find /var/ -user root -group mail
/var/spool/mail
/var/spool/mail/root
[root@localhost ~]#
12、 查找当前系统上没有属主或属组的文件;
[root@localhost ~]# find / -nouser -o -nogroup
find: `/proc/1470/task/1470/fd/5': No such file or directory
find: `/proc/1470/task/1470/fd/5': No such file or directory
find: `/proc/1470/task/1470/fdinfo/5': No such file or directory
find: `/proc/1470/task/1470/fdinfo/5': No such file or directory
find: `/proc/1470/fd/5': No such file or directory
find: `/proc/1470/fd/5': No such file or directory
find: `/proc/1470/fdinfo/5': No such file or directory
find: `/proc/1470/fdinfo/5': No such file or directory
/home/mageia
/home/mageia/.bashrc
/home/mageia/.bash_logout
/home/mageia/.bash_profile
/home/mageia/.mozilla
/home/mageia/.mozilla/extensions
/home/mageia/.mozilla/plugins
/home/mageia/.gnome2
/home/mandriva
/home/mandriva/.bashrc
/home/mandriva/.bash_logout
/home/mandriva/.bash_profile
/home/mandriva/.mozilla
/home/mandriva/.mozilla/extensions
/home/mandriva/.mozilla/plugins
/home/mandriva/.gnome2
/var/spool/mail/mageia
[root@localhost ~]#
进一步:查找当前系统上没有属主或属组,且最近3天内曾被访问过的文件或目录;
[root@localhost ~]# find / -nouser -o -nogroup -a -atime -3
find: `/proc/1474/task/1474/fd/5': No such file or directory
find: `/proc/1474/task/1474/fd/5': No such file or directory
find: `/proc/1474/task/1474/fdinfo/5': No such file or directory
find: `/proc/1474/task/1474/fdinfo/5': No such file or directory
find: `/proc/1474/fd/5': No such file or directory
find: `/proc/1474/fd/5': No such file or directory
find: `/proc/1474/fdinfo/5': No such file or directory
find: `/proc/1474/fdinfo/5': No such file or directory
/home/mageia
/home/mageia/.bashrc
/home/mageia/.bash_logout
/home/mageia/.bash_profile
/home/mageia/.mozilla
/home/mageia/.mozilla/extensions
/home/mageia/.mozilla/plugins
/home/mageia/.gnome2
/home/mandriva
/home/mandriva/.mozilla
/home/mandriva/.mozilla/extensions
/home/mandriva/.mozilla/plugins
/home/mandriva/.gnome2
/var/spool/mail/mageia
[root@localhost ~]#
13、 查找/etc目录下所有用户都有写权限的文件;
[root@localhost ~]# find /etc -perm -222
14、 查找/etc目录下大于1M,且类型为普通文件的所有文件;
[root@localhost ~]# find /etc -type f -size +1M
/etc/gconf/gconf.xml.defaults/%gconf-tree.xml
/etc/selinux/targeted/modules/active/policy.kern
/etc/selinux/targeted/policy/policy.24
[root@localhost ~]#
15、 查找/etc/init.d/目录下,所有用户都有执行权限,且其它用户有写权限的文件;
[root@localhost ~]# find /etc/init.d -perm -113
/etc/init.d
[root@localhost ~]#
16、 查找/usr目录下不属于root、bin或hadoop的文件;
[root@localhost ~]# find /usr -not \( -user root -o -user bin -o -user hadoop \) -ls
812604 8 -rwsr-xr-x 1 abrt abrt 5524 Oct 16 2014 /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
[root@localhost ~]#
17、 查找/etc/目录下至少有一类用户没有写权限的文件;
[root@localhost ~]# find /etc ! -perm +222 -ls
270181 4 -r–r–r– 1 root root 76 Aug 31 2014 /etc/lvm/profile/thin-generic.profile
270180 4 -r–r–r– 1 root root 827 Oct 15 2014 /etc/lvm/profile/metadata_profile_template.profile
270182 4 -r–r–r– 1 root root 80 Aug 31 2014 /etc/lvm/profile/thin-performance.profile
270179 4 -r–r–r– 1 root root 2231 Oct 15 2014 /etc/lvm/profile/command_profile_template.profile
263545 4 ———- 1 root root 881 Jul 28 19:43 /etc/gshadow
262577 4 -r——– 1 root root 45 May 2 07:57 /etc/openldap/certs/password
270407 4 -r–r—– 1 root root 4002 Mar 1 2012 /etc/sudoers
263665 4 ———- 1 root root 1306 Jul 28 19:43 /etc/shadow
262349 316 -r–r–r– 1 root root 321332 May 2 07:56 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
262350 236 -r–r–r– 1 root root 240762 May 2 07:56 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
262351 188 -r–r–r– 1 root root 191741 May 2 07:56 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
262352 188 -r–r–r– 1 root root 191772 May 2 07:56 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
262353 176 -r–r–r– 1 root root 179212 May 2 07:56 /etc/pki/ca-trust/extracted/java/cacerts
262869 4 -r–r–r– 1 root root 460 Oct 15 2014 /etc/dbus-1/system.d/cups.conf
262187 4 ———- 1 root root 1276 Jul 28 19:43 /etc/shadow-
262871 4 -r–r–r– 1 root root 146 Oct 15 2014 /etc/pam.d/cups
270184 4 -r-xr-xr-x 1 root root 2134 Oct 15 2014 /etc/rc.d/init.d/lvm2-lvmetad
270185 4 -r-xr-xr-x 1 root root 2757 Oct 15 2014 /etc/rc.d/init.d/lvm2-monitor
270183 4 -r-xr-xr-x 1 root root 1340 Oct 15 2014 /etc/rc.d/init.d/blk-availability
262722 4 -r–r–r– 1 root root 324 Oct 14 2014 /etc/ld.so.conf.d/kernel-2.6.32-504.el6.i686.conf
[root@localhost ~]#
18、 查找/etc目录下最近一周内其内容被修改过,且不属于root或hadoop的文件;
[root@localhost ~]# find /etc/ -not \( -user root -o -user hadoop \) -a -ctime -7 -ls
原创文章,作者:dengdw0917,如若转载,请注明出处:http://www.178linux.com/26752
评论列表(1条)
写的很好,排版还可以在漂亮一点,加油,8题不对,100-199的匹配不出来吧