1、显示/boot/grub/grub.conf中以至少一个空白字符开头的行;
[root@C67-X64-A0 ~]# grep "^[[:space:]]\+" /boot/grub/grub.conf root (hd0,0) kernel /tboot.gz logging=vga,serial,memory module /vmlinuz-2.6.32-573.el6.x86_64 ro root=UUID=922eb46f-7e6e-4670-8bf1-6f9f1b05a053 intel_iommu=on amd_iommu=on rd_NO_LUKS KEYBOARDTYPE=pc KEYTABLE=us rd_NO_MD crashkernel=128M.UTF-8 rd_NO_LVM rd_NO_DM rhgb quiet module /initramfs-2.6.32-573.el6.x86_64.img
2、显示/etc/rc.d/rc.sysinit文件中以#开头,后面跟至少一个空白字符,而后又有至少一个非空白字符的行;
[root@C67-X64-A0 ~]# grep "^#[[:space:]]\+[^[:space:]]\+" /etc/rc.d/rc.sysinit
# /etc/rc.d/rc.sysinit - run once at boot time # Taken in part from Miquel van Smoorenburg's bcheckrc. # Check SELinux status # Print a text banner. # Only read this once. # Initialize hardware # Set default affinity # Load other user-defined modules # Load modules (for backward compatibility with VARs)
3、打出netstat -tan命令执行结果中以‘LISTEN’,后或跟空白字符结尾的行;
[root@C67-X64-A0 ~]# netstat -tan | grep "LISTEN*[[:space:]]" tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:36628 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 :::50695 :::* LISTEN tcp 0 0 :::111 :::* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:631 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN
4、添加用户bash, testbash, basher, nologin (此一个用户的shell为/sbin/nologin),而后找出当前系统上其用户名和默认shell相同的用户的信息;
[root@C67-X64-A0 ~]# grep '^\([[:alnum:]]\+\>\).*\1$' /etc/passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt bash:x:1001:1001::/home/bash:/bin/bash nologin:x:1004:1004::/home/nologin:/sbin/nologin
5、显示当前系统上root、fedora或user1用户的默认shell;
[root@C67-X64-A0 ~]# egrep "^(root|fedora|user1)" /etc/passwd|awk -F ":" '{print $1,$NF}' root /bin/bash fedora /bin/bash user1 /bin/bash
6、找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,形如:hello();
[root@C67-X64-A0 ~]# egrep -o "^[[:alpha:]]+\(\)" /etc/rc.d/init.d/functions checkpid() daemon() killproc() pidfileofproc() pidofproc() status() success() failure() passed() warning() action() strstr() confirm()
7、使用echo命令输出一个绝对路径,使用grep取出其基名;
扩展:取出其路径名 [root@C67-X64-A0 ~]# echo /var/www/html/ |egrep -o '[^/]+/?$'|cut -d/ -f1 html [root@C67-X64-A0 ~]# echo /var/www/html |egrep -o '[^/]+/?$'|cut -d/ -f1 html
8、找出ifconfig命令结果中的1-255之间数字;
如果不想消除重复,可以不用sort -nu [ec2-user@ip-172-31-22-8 wanwan]$ ifconfig | egrep -o '\<([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\>'|sort -nu 1 2 3 6 8 22 31 64 73 87 91 97 127 128 172 240 255
9、挑战题:写一个模式,能匹配合理的IP地址;
[ec2-user@ip-172-31-22-8 ~]$ ifconfig -a eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001 inet 172.31.22.8 netmask 255.255.240.0 broadcast 172.31.31.255 inet6 fe80::97:8ff:fe6c:87eb prefixlen 64 scopeid 0x20<link> ether 02:97:08:6c:87:eb txqueuelen 1000 (Ethernet) RX packets 649259 bytes 334885592 (319.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 488040 bytes 95253490 (90.8 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 10596 bytes 592200 (578.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 10596 bytes 592200 (578.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [ec2-user@ip-172-31-22-8 ~]$ ifconfig | egrep -o '[1-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' 172.31.22.8 255.255.240.0 172.31.31.255 127.0.0.1 255.0.0.0 如果需要匹配网卡的IP地址: CentOS6: [root@C67-X64-A0 ~]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:0C:29:71:7C:0C inet addr:10.10.10.129 Bcast:10.10.10.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe71:7c0c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9483 errors:0 dropped:0 overruns:0 frame:0 TX packets:2582 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:687467 (671.3 KiB) TX bytes:294100 (287.2 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:338 (338.0 b) TX bytes:338 (338.0 b) 方法1: [root@C67-X64-A0 ~]# ifconfig -a|grep "inet addr"|grep -v "127.0.0.1"|awk -F ":" '{print $2}' 10.10.10.129 Bcast [root@C67-X64-A0 ~]# ifconfig -a|grep "inet addr"|grep -v "127.0.0.1"|awk -F ":" '{print $2}'|cut -d' ' -f1 10.10.10.129 方法2: [root@C67-X64-A0 ~]# ifconfig -a|grep "inet addr"|grep -v "127.0.0.1"|awk -F ":" '{print $2}'|awk -F " " '{print $(NF-1)}' 10.10.10.129 CentOS7: [root@zabbix ~]# ifconfig -a|grep inet|grep -v inet6|grep -v 127.0.0.1|awk '{print $2}' 10.203.12.88 [root@zabbix ~]# ifconfig -a|grep broadcast|cut -d' ' -f10 10.203.12.88 [ec2-user@ip-172-31-22-8 ~]$ ifconfig | egrep -o '[1-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' 172.31.22.8 255.255.240.0 172.31.31.255 127.0.0.1 255.0.0.0
10、挑战题:写一个模式,能匹配出所有的邮件地址;
[ec2-user@ip-172-31-22-8 ~]$ cat mail.txt wanlong_860514@163.com 314552@qq.com wanzhixing@gmail.com zhang3_li4_good@126.com dpwanl@dfl.com.cn 方法1: [ec2-user@ip-172-31-22-8 ~]$ cat mail.txt | grep '.*@.*\.[[:alpha:]]\+$' wanlong_860514@163.com 314552@qq.com wanzhixing@gmail.com zhang3_li4_good@126.com dpwanl@dfl.com.cn 方法2: [ec2-user@ip-172-31-22-8 ~]$ cat mail.txt |egrep -o '[A-Za-z0-9._]+@[A-Za-z0-9.]+\.[a-zA-Z]{2,4}' wanlong_860514@163.com 314552@qq.com wanzhixing@gmail.com zhang3_li4_good@126.com dpwanl@dfl.com.cn
11、查找/var目录下属主为root,且属组为mail的所有文件或目录;
[root@C67-X64-A0 ~]# find /var/ -user root -group mail /var/spool/mail /var/spool/mail/root [root@C67-X64-A0 ~]# ls -ld /var/spool/mail/ drwxrwxr-x. 2 root mail 4096 8月 2 13:28 /var/spool/mail/ [root@C67-X64-A0 ~]# ls -ld /var/spool/mail/root -rw-------. 1 root mail 2671 8月 2 09:19 /var/spool/mail/root
12、查找当前系统上没有属主或属组的文件;
进一步:查找当前系统上没有属主或属组,且最近3天内曾被访问过的文件或目录;
[root@C67-X64-A0 ~]# find / -nouser -o -nogroup -print0 find: “/proc/5244/task/5244/fd/5”: 没有那个文件或目录 find: “/proc/5244/task/5244/fd/5”: 没有那个文件或目录 find: “/proc/5244/task/5244/fdinfo/5”: 没有那个文件或目录 find: “/proc/5244/task/5244/fdinfo/5”: 没有那个文件或目录 find: “/proc/5244/fd/5”: 没有那个文件或目录 find: “/proc/5244/fd/5”: 没有那个文件或目录 find: “/proc/5244/fdinfo/5”: 没有那个文件或目录 find: “/proc/5244/fdinfo/5”: 没有那个文件或目录 [root@C67-X64-A0 ~]# find / \( -nouser -o -nogroup \) -atime -3 -print0
13、查找/etc目录下所有用户都有写权限的文件;
[root@C67-X64-A0 ~]# find /etc -perm -222 |tail -5 /etc/httpd/logs /etc/httpd/modules /etc/rc5.d /etc/system-release /etc/favicon.png
14、查找/etc目录下大于1M,且类型为普通文件的所有文件;
[root@C67-X64-A0 ~]# find /etc -size +1M -type f -exec ls -lh {} \; -rw-r--r--. 1 root root 1.1M 4月 24 2015 /etc/pki/tls/certs/ca-bundle.trust.crt -rw-r--r--. 1 root root 8.0M 7月 6 00:13 /etc/selinux/targeted/policy/policy.24 -rw-r--r--. 1 root root 8.0M 7月 6 00:13 /etc/selinux/targeted/modules/active/policy.kern -rw-r--r--. 1 root root 2.2M 7月 6 00:24 /etc/gconf/gconf.xml.defaults/%gconf-tree.xml -rw-r--r--. 1 root root 1.4M 9月 5 2012 /etc/brltty/zh-tw.ctb
15、查找/etc/init.d/目录下,所有用户都有执行权限,且其它用户有写权限的文件;
# find /etc/init.d/ -perm -113 -exec ls -l {} \; ---x--x-wx. 1 root root 0 Aug 2 19:09 /etc/init.d/test1 --wx-wx-wx. 1 root root 0 Aug 2 19:09 /etc/init.d/test2 -rwxrwxrwx. 1 root root 0 Aug 2 19:09 /etc/init.d/test3 可以看出权限:113、333、777均满足条件
16、查找/usr目录下不属于root、bin或hadoop的文件;
[root@C67-X64-A0 ~]# find /usr/ -not \( -user root -o -user bin -o -user hadoop \)
17、查找/etc/目录下至少有一类用户没有写权限的文件;
[ec2-user@ip-172-31-22-8 wanwan]$ find . ! -perm -222 -ls 50498537 4 drwxr-xr-x 2 root root 4096 Aug 2 19:45 . 50498539 0 ---x--x-wx 1 root root 0 Aug 2 19:09 ./test1 50498542 0 -r--r--r-- 1 root root 0 Aug 2 19:24 ./doc1 50498543 0 -r-xr-xr-- 1 root root 0 Aug 2 19:24 ./doc2 50498544 0 ---xr--r-x 1 root root 0 Aug 2 19:24 ./doc3 50498545 0 -rwxr-x--x 1 root root 0 Aug 2 19:25 ./doc4 50498546 0 -rwxrwxr-- 1 root root 0 Aug 2 19:25 ./doc5 50498547 0 -rwxr-xr-x 1 root root 0 Aug 2 19:25 ./doc6 错误的理解: [ec2-user@ip-172-31-22-8 init.d]$ find /etc/init.d/ -not -perm /222 -exec ls -l {} \; -r--r--r--. 1 root root 0 Aug 2 19:24 /etc/init.d/doc1 -r-xr-xr--. 1 root root 0 Aug 2 19:24 /etc/init.d/doc2 ---xr--r-x. 1 root root 0 Aug 2 19:24 /etc/init.d/doc3
18、查找/etc目录下最近一周内其内容被修改过,且不属于root或hadoop的文件;
[root@C67-X64-A0 ~]# find /etc -mtime -7 -not \( -user root -o -user hadoop \) 或者: find /etc/ -mtime -7 -a -not -user root -a -not -user Hadoop
原创文章,作者:Net21-冰冻vs西瓜,如若转载,请注明出处:http://www.178linux.com/27504
评论列表(1条)
写的很好,排版也很棒,加油,ip地址取的不对,按照你的写法试试999.999.999.999能不能匹配