第5周作业
1、显示/boot/grub/grub.conf中以至少一个空白字符开头的行;
[root@iZ28zld7ztoZ ~]# grep '^[[:space:]]' /boot/grub/grub.conf
[root@iZ28zld7ztoZ ~]# grep -E '^[[:space:]]' /boot/grub/grub.conf //也可以加上-E参数
2、显示/etc/rc.d/rc.sysinit文件中以#开头,后面跟至少一个空白字符,而后又有至少一个非空白字符的行;
[root@iZ28zld7ztoZ ~]# grep -E '^#[[:space:]]+[^[:space:]]+' /etc/rc.d/rc.sysinit # /etc/rc.d/rc.sysinit - run once at boot time # Taken in part from Miquel van Smoorenburg's bcheckrc.
[root@iZ28zld7ztoZ ~]# egrep "^#[[:space:]]{1,}[^[:space:]]{1,}" /etc/rc.d/rc.sysinit
# /etc/rc.d/rc.sysinit - run once at boot time
# Taken in part from Miquel van Smoorenburg's bcheckrc
3、打出netstat -tan命令执行结果中以‘LISTEN’,后或跟空白字符结尾的行;
[root@iZ28zld7ztoZ ~]# netstat -tan | grep 'LISTEN[[:space:]]' tcp 0 0 0.0.0.0:9998 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9999 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9009 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6071 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:6072 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:7072 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:47746 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:2181 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:8071 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN
[root@iZ28zld7ztoZ ~]# netstat -anpt | grep 'LISTEN[[:space:]]' tcp 0 0 0.0.0.0:9998 0.0.0.0:* LISTEN 21777/java tcp 0 0 0.0.0.0:9999 0.0.0.0:* LISTEN 21489/java tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 696/nginx tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 696/nginx tcp 0 0 0.0.0.0:9009 0.0.0.0:* LISTEN 21777/java tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 24475/sshd tcp 0 0 127.0.0.1:6071 0.0.0.0:* LISTEN 21489/java tcp 0 0 0.0.0.0:6072 0.0.0.0:* LISTEN 21489/java tcp 0 0 0.0.0.0:7072 0.0.0.0:* LISTEN 21777/java tcp 0 0 0.0.0.0:47746 0.0.0.0:* LISTEN 5799/java tcp 0 0 0.0.0.0:2181 0.0.0.0:* LISTEN 5799/java tcp 0 0 127.0.0.1:8071 0.0.0.0:* LISTEN 21777/java tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 21489/java
4、添加用户bash, testbash, basher, nologin (此一个用户的shell为/sbin/nologin),而后找出当前系统上其用户名和默认shell相同的用户的信息;
[root@iZ28zld7ztoZ ~]# useradd bash [root@iZ28zld7ztoZ ~]# useradd testbash [root@iZ28zld7ztoZ ~]# useradd basher [root@iZ28zld7ztoZ ~]# useradd -s /sbin/nologin nologin [root@iZ28zld7ztoZ ~]# grep '^\([^:]\+\):.*/\1$' /etc/passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt bash:x:901:902::/home/bash:/bin/bash nologin:x:904:905::/home/nologin:/sbin/nologin
或: [root@iZ28zld7ztoZ ~]# grep -E "(^[[:alpha:]]+):.*\1$" /etc/passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt bash:x:901:902::/home/bash:/bin/bash nologin:x:904:905::/home/nologin:/sbin/nologin
5、显示当前系统上root、fedora或user1用户的默认shell;
[root@iZ28zld7ztoZ ~]# grep -E '^(root|fedora|user1)' /etc/passwd root:x:0:0:root:/root:/bin/bash [root@iZ28zld7ztoZ ~]# grep -E '^(root|fedora|user1)' /etc/passwd | cut -d: -f7 /bin/bash
6、找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,形如:hello();
[root@iZ28zld7ztoZ ~]# grep --color=auto '[[:alpha:]]\+()' /etc/rc.d/init.d/functions
fstab_decode_str() {
checkpid() {
__readlink() {
__fgrep() {
__umount_loop() {
__umount_loopback_loop() {
__pids_var_run() {
__pids_pidof() {
daemon() {
killproc() {
pidfileofproc() {
pidofproc() {
status() {
echo_success() {
echo_failure() {
echo_passed() {
echo_warning() {
update_boot_stage() {
success() {
failure() {
passed() {
warning() {
action() {
strstr() {
confirm() {
get_numeric_dev() {
is_ignored_file() {
is_true() {
is_false() {
apply_sysctl() {
key_is_random() {
find_crypto_mount_point() {
init_crypto() {
7、使用echo命令输出一个绝对路径,使用grep取出其基名;
扩展:取出其路径名
[root@iZ28zld7ztoZ ~]# echo "/etc/rc.d/init.d/functions" | grep -E -o "[^/]+/?$" functions [root@iZ28zld7ztoZ ~]# echo "/etc/rc.d/init.d/functions" | grep -E -o "[^/]+/?$" | cut -d"/" -f 1 functions [root@iZ28zld7ztoZ ~]# echo "/etc/rc.d/init.d/functions" | grep -o -E "(/.*/)" /etc/rc.d/init.d/
8、找出ifconfig命令结果中的1-255之间数字;
[root@iZ28zld7ztoZ ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:16:3E:00:18:DD inet addr:10.251.142.220 Bcast:10.251.143.255 Mask:255.255.248.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:60515 errors:0 dropped:0 overruns:0 frame:0 TX packets:114069 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4386520 (4.1 MiB) TX bytes:8523620 (8.1 MiB) Interrupt:165 eth1 Link encap:Ethernet HWaddr 00:16:3E:00:0B:F7 inet addr:139.129.20.55 Bcast:139.129.23.255 Mask:255.255.252.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3242396 errors:0 dropped:0 overruns:0 frame:0 TX packets:1762547 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3011542125 (2.8 GiB) TX bytes:164042924 (156.4 MiB) Interrupt:164 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:9068 errors:0 dropped:0 overruns:0 frame:0 TX packets:9068 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1250304 (1.1 MiB) TX bytes:1250304 (1.1 MiB)
[root@iZ28zld7ztoZ ~]# ifconfig | grep -E -o --color=auto '\<[0-9]\>|\<[1-9][0-9]\>|\<1[0-9][0-9]\>|\<2[0-4][0-9]\>|<25[0-5]\>' 16 18 10 142 220 10 143 248 0 1 0 0 0 0 0 0 0 0 0 4 1 8 1 165 16 139 129 20 55 139 129 23 0 1 0 0 0 0 0 0 0 0 0 2 8 156 4 164 127 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 1 1
下面是列出带有数字的行: [root@iZ28zld7ztoZ ~]# ifconfig | grep -wE '([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-5][0-5])' eth0 Link encap:Ethernet HWaddr 00:16:3E:00:18:DD inet addr:10.251.142.220 Bcast:10.251.143.255 Mask:255.255.248.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX bytes:4386624 (4.1 MiB) TX bytes:8523752 (8.1 MiB) Interrupt:165 eth1 Link encap:Ethernet HWaddr 00:16:3E:00:0B:F7 inet addr:139.129.20.55 Bcast:139.129.23.255 Mask:255.255.252.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX bytes:3011580193 (2.8 GiB) TX bytes:164085744 (156.4 MiB) Interrupt:164 inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX bytes:1250304 (1.1 MiB) TX bytes:1250304 (1.1 MiB) [root@iZ28zld7ztoZ ~]# ifconfig | grep -wE '[1-9][0-9]?|1[0-9][0-9]|2[0-5][0-5]' eth0 Link encap:Ethernet HWaddr 00:16:3E:00:18:DD inet addr:10.251.142.220 Bcast:10.251.143.255 Mask:255.255.248.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX bytes:4386624 (4.1 MiB) TX bytes:8523752 (8.1 MiB) Interrupt:165 eth1 Link encap:Ethernet HWaddr 00:16:3E:00:0B:F7 inet addr:139.129.20.55 Bcast:139.129.23.255 Mask:255.255.252.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX bytes:3011580635 (2.8 GiB) TX bytes:164087098 (156.4 MiB) Interrupt:164 inet addr:127.0.0.1 Mask:255.0.0.0
9、挑战题:写一个模式,能匹配合理的IP地址;
IP为:[0-255].[0-255].[0-255].[0-255]
[root@iZ28zld7ztoZ ~]# ifconfig | grep -wE '(([0-1]?[0-9]?[0-9]|2[0-5]{2})\.){3}([0-1]?[0-9]?[0-9]|2[0-5]{2})'
inet addr:10.251.142.220 Bcast:10.251.143.255 Mask:255.255.248.0
inet addr:139.129.20.55 Bcast:139.129.23.255 Mask:255.255.252.0
inet addr:127.0.0.1 Mask:255.0.0.0
[root@iZ28zld7ztoZ ~]# ifconfig | egrep -o '[1-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
255.255.248.0
139.129.20.55
139.129.23.255
255.255.252.0
127.0.0.1
255.0.0.0
10、挑战题:写一个模式,能匹配出所有的邮件地址;
grep -E '[[:alnum:]]+.*@[[:alnum:]]+\.[[:alnum:]]+\.?[[:alpha:]]+' //抄的
[root@iZ28zld7ztoZ ~]# vi /home/mail.txt www@mail.com zhouyong@365.com 123 abcdef01234
[root@iZ28zld7ztoZ home]# grep -E "^([a-zA-Z0-9_\-\.\+]+)@([a-zA-Z0-9_\-\.\+]+)\.([a-zA-Z]{2,5})$" mail.txt
www@mail.com
zhouyong@365.com
或: [root@iZ28zld7ztoZ home]# grep -E '[[:alnum:]]+.*@[[:alnum:]]+\.[[:alnum:]]+\.?[[:alpha:]]+' mail.txt www@mail.com zhouyong@365.com
11、查找/var目录下属主为root,且属组为mail的所有文件或目录;
[root@iZ28zld7ztoZ ~]# find /var -user root -group mail /var/spool/mail [root@iZ28zld7ztoZ ~]# find /var/ -user root -a -group mail -ls 786973 4 drwxrwxr-x 2 root mail 4096 Aug 6 22:50 /var/spool/mail
11.1 关于find命令-ls参数的用法总结
在
find命令中使用了-a(逻辑与)或-o(逻辑或)时,如果还需要使用-ls参数,则需要注意:
-a: 使用逻辑与时,各条件是否使用()括起来均可,建议使用()括起来;
-O: 使用逻辑或时,各条件必须使用()括起来,否则查找结果显示错误。
-o:若不使用(),一般认为会显示最后一个逻辑条件的查找结果,但是实验发现,最后一个逻辑条件的查找结果显示也是错误的,所以逻辑或查找条件中,必须将各条件用()括起来。
示例:
-a: 可以省略不写
[root@rhel-5 var]# find /var -user oracle -group mail -ls 2763626 0 -rw-r--r-- 1 oracle mail 0 8月 1 14:48 /var/123.sh 3390953 0 -rw-rw---- 1 oracle mail 0 7月 29 15:34 /var/spool/mail/oracle [root@rhel-5 var]# find /var \( -user oracle -group mail \) -ls 2763626 0 -rw-r--r-- 1 oracle mail 0 8月 1 14:48 /var/123.sh 3390953 0 -rw-rw---- 1 oracle mail 0 7月 29 15:34 /var/spool/mail/oracle
-o:该参数配合-ls使用时,注意以下两点:
第一条命令中,各逻辑条件不用()括起来,一般认为其只会显示最后一个逻辑条件的结果,即 -group mail,但是/var/123.sh的属组为mail,结果却没有显示出来,所以显示最后一个逻辑条件的查找结果的说法也是错误的。
find命令使用逻辑或进行条件查找时,各条件必须使用()括起来。
[root@rhel-5 var]# find /var -user oracle -o -group mail -ls 3381291 8 drwxrwxr-x 2 root mail 4096 8月 1 13:44 /var/spool/mail 3413767 0 -rw-rw---- 1 nologin mail 0 7月 31 19:26 /var/spool/mail/nologin 3413764 0 -rw-rw---- 1 bash mail 0 7月 31 19:26 /var/spool/mail/bash 3390134 4 -rw-rw---- 1 rpc mail 0 7月 29 10:01 /var/spool/mail/rpc 3413766 0 -rw-rw---- 1 basher mail 0 7月 31 19:26 /var/spool/mail/basher 3413765 0 -rw-rw---- 1 testbasher mail 0 7月 31 19:26 /var/spool/mail/testbasher 3413768 0 -rw-rw---- 1 testbash mail 0 8月 1 13:44 /var/spool/mail/testbash 3413763 0 -rw-rw---- 1 hadoop mail 0 7月 31 19:04 /var/spool/mail/hadoop 70581 8 drwx------ 2 root mail 4096 7月 28 2011 /var/spool/mqueue [root@rhel-5 var]# find /var \( -user oracle -o -group mail \) -ls 397605 0 srwxrwxrwx 1 oracle oinstall 0 7月 29 15:59 /var/tmp/.oracle/sEXTPROC1521 397606 0 srwxrwxrwx 1 oracle oinstall 0 7月 29 15:59 /var/tmp/.oracle/s#27699.2 397604 0 srwxrwxrwx 1 oracle oinstall 0 7月 29 15:59 /var/tmp/.oracle/s#27699.1 41919 16 -rw------- 1 oracle oinstall 15000 7月 29 15:35 /var/cache/coolkey/coolkeypk11sE-Gate\ 0\ 0-500 2763626 0 -rw-r--r-- 1 oracle mail 0 8月 1 14:48 /var/123.sh 3381291 8 drwxrwxr-x 2 root mail 4096 8月 1 13:44 /var/spool/mail 3413767 0 -rw-rw---- 1 nologin mail 0 7月 31 19:26 /var/spool/mail/nologin 3413764 0 -rw-rw---- 1 bash mail 0 7月 31 19:26 /var/spool/mail/bash 3390134 4 -rw-rw---- 1 rpc mail 0 7月 29 10:01 /var/spool/mail/rpc 3413766 0 -rw-rw---- 1 basher mail 0 7月 31 19:26 /var/spool/mail/basher 3413765 0 -rw-rw---- 1 testbasher mail 0 7月 31 19:26 /var/spool/mail/testbasher 3413768 0 -rw-rw---- 1 testbash mail 0 8月 1 13:44 /var/spool/mail/testbash 3413763 0 -rw-rw---- 1 hadoop mail 0 7月 31 19:04 /var/spool/mail/hadoop 3390953 0 -rw-rw---- 1 oracle mail 0 7月 29 15:34 /var/spool/mail/oracle 70581 8 drwx------ 2 root mail 4096 7月 28 2011 /var/spool/mqueue
12、查找当前系统上没有属主或属组的文件;
进一步:查找当前系统上没有属主或属组,且最近3天内曾被访问过的文件或目录;
[root@iZ28zld7ztoZ ~]# find / -nouser -o -nogroup find: `/proc/29618/task/29618/fd/5': No such file or directory find: `/proc/29618/task/29618/fd/5': No such file or directory find: `/proc/29618/task/29618/fdinfo/5': No such file or directory find: `/proc/29618/task/29618/fdinfo/5': No such file or directory find: `/proc/29618/fd/5': No such file or directory ……
[root@iZ28zld7ztoZ ~]# find / \( -nouser -o -nogroup \) -a -atime -3
或:[root@iZ28zld7ztoZ ~]# find / -nouser -o -nogroup -a -atime -3 [root@iZ28zld7ztoZ ~]# find /var -user oracle -o -group mail -ls
find命令的逻辑条件查找中使用-ls参数,需要用()将各逻辑条件括起来。
13、查找/etc目录下所有用户都有写权限的文件;
[root@iZ28zld7ztoZ ~]# find /etc/ -perm -222
14、查找/etc目录下大于1M,且类型为普通文件的所有文件;
[root@iZ28zld7ztoZ ~]# find /etc/ -size +1M -type f /etc/backup/1/initramfs-2.6.32-431.23.3.el6.x86_64.img /etc/selinux/targeted/policy/policy.24 /etc/selinux/targeted/modules/active/policy.kern
[root@iZ28zld7ztoZ ~]# find /etc/ \( -size +1M -type f \) -ls 918464 16712 -rw------- 1 root root 17109426 Jul 24 2015 /etc/backup/1/initramfs-2.6.32-431.23.3.el6.x86_64.img 919180 7124 -rw-r--r-- 1 root root 7292905 Aug 14 2014 /etc/selinux/targeted/policy/policy.24 919175 7124 -rw-r--r-- 1 root root 7292905 Aug 14 2014 /etc/selinux/targeted/modules/active/policy.kern [root@iZ28zld7ztoZ ~]#
15、查找/etc/init.d/目录下,所有用户都有执行权限,且其它用户有写权限的文件;
[root@iZ28zld7ztoZ ~]# find /etc/init.d/ -perm -113 [root@iZ28zld7ztoZ ~]# find /etc/init.d/ -perm -113 -ls
16、查找/usr目录下不属于root、bin或hadoop的文件;
[root@iZ28zld7ztoZ ~]# find /usr ! \( -user root -o -user bin -o -user hadoop \) -ls 9136 4 drwx------ 2 nobody root 4096 Jun 30 16:55 /usr/local/nginx/client_body_temp 9137 4 drwx------ 2 nobody root 4096 Jun 30 16:55 /usr/local/nginx/proxy_temp 9138 4 drwx------ 2 nobody root 4096 Jun 30 16:55 /usr/local/nginx/fastcgi_temp 9140 4 drwx------ 2 nobody root 4096 Jun 30 16:55 /usr/local/nginx/scgi_temp 9139 4 drwx------ 2 nobody root 4096 Jun 30 16:55 /usr/local/nginx/uwsgi_temp
[root@iZ28zld7ztoZ ~]# find /usr \( -not -user root -a -not -user bin -a -not -user hadoop \) /usr/local/nginx/client_body_temp /usr/local/nginx/proxy_temp /usr/local/nginx/fastcgi_temp /usr/local/nginx/scgi_temp /usr/local/nginx/uwsgi_temp
[root@iZ28zld7ztoZ ~]# find /usr -not \( -user root -o -user bin -o -user hadoop \) -ls 9136 4 drwx------ 2 nobody root 4096 Jun 30 16:55 /usr/local/nginx/client_body_temp 9137 4 drwx------ 2 nobody root 4096 Jun 30 16:55 /usr/local/nginx/proxy_temp 9138 4 drwx------ 2 nobody root 4096 Jun 30 16:55 /usr/local/nginx/fastcgi_temp 9140 4 drwx------ 2 nobody root 4096 Jun 30 16:55 /usr/local/nginx/scgi_temp 9139 4 drwx------ 2 nobody root 4096 Jun 30 16:55 /usr/local/nginx/uwsgi_temp
17、查找/etc/目录下至少有一类用户没有写权限的文件;
[root@iZ28zld7ztoZ ~]# find /etc ! -perm -222 -ls [root@iZ28zld7ztoZ ~]# find /etc ! -perm -222 -ls | tail -fn 10 917782 4 drwxr-xr-x 2 root root 4096 Aug 14 2014 /etc/event.d 917815 4 -rw-r--r-- 1 root root 141 Nov 11 2010 /etc/event.d/ck-log-system-start 917816 4 -rw-r--r-- 1 root root 137 Nov 11 2010 /etc/event.d/ck-log-system-stop 917814 4 -rw-r--r-- 1 root root 146 Nov 11 2010 /etc/event.d/ck-log-system-restart 918495 4 drwxr-xr-x 2 root root 4096 Aug 3 10:57 /etc/portreserve 918525 4 -rw-r--r-- 1 root root 29 May 12 03:22 /etc/portreserve/dhcpd 918503 4 drwxr-xr-x 3 root root 4096 Aug 3 17:11 /etc/ansible 918566 4 drwxr-xr-x 2 root root 4096 May 25 23:50 /etc/ansible/roles 918565 4 -rw-r--r-- 1 root root 1016 May 25 23:50 /etc/ansible/hosts 918564 16 -rw-r--r-- 1 root root 13819 May 25 23:50 /etc/ansible/ansible.cfg
#find /etc/ -not -perm -222 –ls //! 等价于not
18、查找/etc目录下最近一周内其内容被修改过,且不属于root或hadoop的文件;
[root@iZ28zld7ztoZ ~]# find /etc/ -mtime -7 -a ! -user root -a ! -user hadoop
[root@iZ28zld7ztoZ ~]# find /etc/ -mtime -7 -a -not -user root -a -not -user hadoop
[root@iZ28zld7ztoZ ~]# find /etc/ -mtime -7 -a -not \( -user root -o -user hadoop \)
原创文章,作者:365,如若转载,请注明出处:http://www.178linux.com/30381
评论列表(1条)
写的很好,排版也很棒,加油,ip的匹配不对