1、显示当前系统上root、fedora或user1用户的默认shell;
[root@localhost ~]# grep -E "^(root|fedora|user1)" /etc/passwd |cut -d : -f 1,7
root:/bin/bash
fedora:/bin/bash
user1:/bin/bash
2、找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,形如:hello();
[root@localhost ~]# grep "[[:alpha:]]\+()" /etc/rc.d/init.d/functions
checkpid() { (粗字体为匹配的结果)
__pids_var_run() {
__pids_pidof() {
daemon() {
killproc() {
pidfileofproc() {
pidofproc() {
status() {
echo_success() {
echo_failure() {
echo_passed() {
echo_warning() {
update_boot_stage() {
success() {
failure() {
passed() {
warning() {
action() {
strstr() {
is_ignored_file() {
is_true() {
is_false() {
apply_sysctl() {
3、使用echo命令输出一个绝对路径,使用grep取出其基名; 扩展:取出其路径名
[root@localhost ~]# echo "/etc/rc.d/init.d" |grep -o "[^/]+$"
init.d (取出基名)
[root@localhost ~]# echo "/etc/rc.d/init.d" |grep -o "^.*/"
/etc/rc.d/ (取出路径名)
4、找出ifconfig命令结果中的1-255之间数字;
[root@localhost ~]# ifconfig |grep -E "\<([1-9]|[1-9][0-9]{1,2}|2[0-4][0-9]|25[0-5])\>"
(粗体数字为匹配结果)
inet 192.168.1.122 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fe7f:144c prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:7f:14:4c txqueuelen 1000 (Ethernet)
RX packets 17093 bytes 9411784 (8.9 MiB)
TX packets 7533 bytes 895892 (874.8 KiB)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
5、挑战题:写一个模式,能匹配合理的IP地址;
[root@localhost ~]# ifconfig |grep -E "\<([1-9]|[1-9][0-9]{1,2}|2[0-4][0-9]|25[0-5])\>.\<([0-9]|[1-9][0-9]{1,2}|2[0-4][0-9]|25[0-5])\>.\<([0-9]|[1-9][0-9]{1,2}|2[0-4][0-9]|25[0-5])\>.\<([0-9]|[1-9][0-9]{1,2}|2[0-4][0-9]|25[0-5])\>"
inet 192.168.1.122 netmask 255.255.255.0 broadcast 192.168.1.255
inet 127.0.0.1 netmask 255.0.0.0
6、挑战题:写一个模式,能匹配出所有的邮件地址;
[root@localhost ~]# grep -E "[^[:space:]]+@[^[:space:]]+" mail.txt
(粗体为匹配结果)
sdfkjdfoiwjflks 403562563@qq.com ldkfjlsdkfj (地址在行中间)
liguohui2006@sina.com fldskfjlsifjlsfj (地址在行开头)
cl,fnslkfjsifjsfk join2000@yahoo.com (地址在行尾)
zhangsan2001@163.com (地址开头有空白字符)
liu_guo_hui.zhengfu@sohu.com
zhang-feng.guo@263.com
7、查找/var目录下属主为root,且属组为mail的所有文件或目录;
[root@localhost mail]# find /var -user root -group mail -ls
50331800 0 drwxrwxr-x 2 root mail 97 Sep 8 13:17 /var/spool/mail
8、查找当前系统上没有属主或属组的文件;进一步:查找当前系统上没有属主或属组,且最近3天内曾被访问过的文件或目录;
[root@localhost ~]# userdel user1 (先删除一个用户user1,用来验证效果)
[root@localhost ~]# find / -nouser -o -nogroup
/home/user1
/home/user1/.bash_logout
/home/user1/.bash_profile
/home/user1/.bashrc
/home/user1/myuser1.file
/home/user1/myuser1.txt
/home/user1/.bash_history
find: ‘/proc/3160/task/3160/fd/6’: No such file or directory
find: ‘/proc/3160/task/3160/fdinfo/6’: No such file or directory
find: ‘/proc/3160/fd/6’: No such file or directory
find: ‘/proc/3160/fdinfo/6’: No such file or directory
/var/spool/mail/user1
[root@localhost ~]# find / -nouser -o -nogroup -atime -3 (进一步查找近3天内访问过的文件或目录)
/home/user1
/home/user1/.bash_logout
/home/user1/.bash_profile
/home/user1/.bashrc
/home/user1/myuser1.file
/home/user1/myuser1.txt
/home/user1/.bash_history
find: ‘/proc/3195/task/3195/fd/6’: No such file or directory
find: ‘/proc/3195/task/3195/fdinfo/6’: No such file or directory
find: ‘/proc/3195/fd/6’: No such file or directory
find: ‘/proc/3195/fdinfo/6’: No such file or directory
/var/spool/mail/user1
9、查找/etc目录下所有用户都有写权限的文件;
[root@localhost ~]# find /etc -perm -222 -ls
(部分截屏)
136 0 lrwxrwxrwx 1 root root 17 Aug 13 07:33 /etc/mtab -> /proc/self/mounts
153 0 lrwxrwxrwx 1 root root 14 Aug 13 07:33 /etc/redhat-release -> centos-release
155 0 lrwxrwxrwx 1 root root 14 Aug 13 07:33 /etc/system-release -> centos-release
5924 0 lrwxrwxrwx 1 root root 22 Aug 13 07:37 /etc/grub2.cfg -> ../boot/grub2/grub.cfg
10、查找/etc目录下大于1M,且类型为普通文件的所有文件;
[root@localhost ~]# find /etc -size +1M -type f -exec ls -lh {} \;
-r–r–r–. 1 root root 6.7M Aug 13 07:51 /etc/udev/hwdb.bin
-rw-r–r–. 1 root root 3.7M Nov 20 2015 /etc/selinux/targeted/policy/policy.29
11、查找/etc/init.d/目录下,所有用户都有执行权限,且其它用户有写权限的文件;
[root@localhost ~]# find /etc/init.d/ -perm -113
(无输出)
12、查找/usr目录下不属于root、bin或hadoop的文件;
[root@localhost ~]# find /usr/ -not \( -user root -o -user bin -o -user hadoop \) -ls
50564916 0 drwx—— 2 polkitd root 6 Jun 9 2014 /usr/share/polkit-1/rules.d
13、查找/etc/目录下至少有一类用户没有写权限的文件;
[root@localhost ~]# find /etc/ ! -perm +222 -ls
(部分截屏)
12066 4 -rw-r–r– 1 root root 112 Mar 5 2015 /etc/e2fsck.conf
12067 4 -rw-r–r– 1 root root 936 Mar 5 2015 /etc/mke2fs.conf
5247 4 -rw-r–r– 1 root root 37 Aug 13 07:45 /etc/vconsole.conf
12069 4 -rw-r–r– 1 root root 19 Aug 13 07:45 /etc/locale.conf
12071 4 -rw-r–r– 1 root root 22 Aug 13 07:45 /etc/hostname
12068 4 -rw-r–r– 1 root root 163 Aug 13 07:33 /etc/.updated
12074 12 -rw-r–r– 1 root root 12288 Aug 13 07:51 /etc/aliases.db
14、查找/etc目录下最近一周内其内容被修改过,且不属于root或hadoop的文件;
[root@localhost ~]# find /etc -mtime -7 -not \( -user root -o -user hadoop \) -ls
(无输出)
原创文章,作者:heianyangguo,如若转载,请注明出处:http://www.178linux.com/44618