1、显示/boot/grub/grub.conf中以至少一个空白字符开头的行;
[root@localhost grub]# grep "^[[:space:]]\+.*" grub.conf root (hd0,0) 限于格式要求,只截取部分显示结果
2、显示/etc/rc.d/rc.sysinit文件中以#开头,后面跟至少一个空白字符,而后又有至少一个非空白字符的行;
[root@localhost rc.d]# grep "^#[[:space:]]\+[^[:space:]]" rc.sysinit # /etc/rc.d/rc.sysinit - run once at boot time # Taken in part from Miquel van Smoorenburg's bcheckrc. # Check SELinux status # Print a text banner. # Only read this once. # Initialize hardware # Set default affinity # Load other user-defined modules # Load modules (for backward compatibility with VARs) # Configure kernel parameters # Set the hostname. # Sync waiting for storage. # Device mapper & related initialization # Start any MD RAID arrays that haven't been started yet # Remount the root filesystem read-write. # Clean up SELinux labels # If relabeling, relabel mount points. # Mount all other filesystems (except for NFS and /proc, which is already # mounted). Contrary to standard usage, # filesystems are NOT unmounted in single user mode. # The 'no' applies to all listed filesystem types. See mount(8). # Update quotas if necessary # Check to see if a full relabel is needed # Initialize pseudo-random number generator # Configure machine if necessary. # Clean out /. # Do we need (w|u)tmpx files? We don't set them up, but the sysadmin might... # Clean up /var. # Clean up utmp/wtmp # Clean up various /tmp bits # Make ICE directory # Start up swapping. # Set up binfmt_misc # Boot time profiles. Yes, this should be somewhere else. # Now that we have all of our basic modules loaded and the kernel going, # let's dump the syslog ring somewhere so we can find it later # create the crash indicator flag to warn on crashes, offer fsck with timeout # Let rhgb know that we're leaving rc.sysinit [root@localhost rc.d]#
3、打出netstat -tan命令执行结果中以‘LISTEN’,后或跟空白字符结尾的行;
[root@localhost rc.d]# netstat -tan | grep "LISTEN[[:space:]]*$" tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:631 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN
4、添加用户bash, testbash, basher, nologin (此一个用户的shell为/sbin/nologin),而后找出当前系统上其用 户名和默认shell相同的用户的信息;
[root@localhost ~]# grep "^\([a-z]\+\b\).*\1$" /etc/passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt bash:x:501:501::/home/bash:/bin/bash nologin:x:503:503::/home/nologin:/sbin/nologin [root@localhost ~]#
5、显示当前系统上root、fedora或user1用户的默认shell;
[root@localhost ~]# grep -E "^(root|fedora|user1)\b.*" /etc/passwd | cut -d: -f1,7 root:/bin/bash fedora:/bin/bash user1:/bin/bash [root@localhost ~]#
6、找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,形如:hello();
[root@localhost ~]# grep "[[:alnum:]]\+()" /etc/rc.d/init.d/functions fstab_decode_str() { checkpid() { __readlink() { __fgrep() { __umount_loop() { __umount_loopback_loop() { __pids_var_run() { __pids_pidof() { daemon() { killproc() { pidfileofproc() { pidofproc() { status() { echo_success() { echo_failure() { echo_passed() { echo_warning() { update_boot_stage() { success() { failure() { passed() { warning() { action() { strstr() { confirm() { get_numeric_dev() { is_ignored_file() { is_true() { is_false() { apply_sysctl() { key_is_random() { find_crypto_mount_point() { init_crypto() { [root@localhost ~]#
7、使用echo命令输出一个绝对路径,使用grep取出其基名;
[root@localhost ~]# echo /tmp/test/ | grep -o "[^/]\+\/\?$" test/ 扩展:取出其路径名 [root@localhost ~]# echo /tmp/test/ | grep -o "^\/\+[[:alnum:]]\+\b" /tmp
8、找出ifconfig命令结果中的1-255之间数字;
[root@localhost ~]# ifconfig | grep -E -o "\b(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]{1,2})\b" 192 168 1 104 255 255 255 192 168 1 255 64 29 41 25 116 4 111 73 127 1 255 1 128 4 4 192 168 122 1 255 255 255 192 168 122 255 [root@localhost ~]#
9、挑战题:写一个模式,能匹配合理的IP地址;
[root@localhost ~]# ifconfig | grep -P -o "\b((2[0-4]\d|25[0-5]|[01]?\d\d?)\.){3}(2[0-4]\d|25[0-5]|[01]?\d\d?)\b" 192.168.1.104 255.255.255.0 192.168.1.255 127.0.0.1 255.0.0.0 192.168.122.1 255.255.255.0 192.168.122.255 或者 [root@localhost ~]# ifconfig | grep -E -o "((2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)\.){3}(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)" 192.168.1.104 255.255.255.0 192.168.1.255 127.0.0.1 255.0.0.0 192.168.122.1 255.255.255.0 192.168.122.255
以上是匹配所有的ip地址。
如果要匹配跟随inet后面的地址则为:
[root@localhost ~]# ifconfig | grep "inet\b" | cut -d" " -f10 192.168.1.104 127.0.0.1 192.168.122.1 [root@localhost ~]#
10、挑战题:写一个模式,能匹配出所有的邮件地址;
[root@localhost ~]# grep -E -o "\b[^[:space:]]+\@[^[:space:]]+\b" /tmp/test/mailstest.text 163frj@msina.com 4355@qq.com greatwall_china@gov.com goodluck_232@facebook.com 455iirr@rl.ro ab55&00_@gmail.com
11、查找/var目录下属主为root,且属组为mail的所有文件或目录;
[root@localhost ~]# find /var -user root -group mail -ls 134221194 4 drwxrwxr-x 2 root mail 4096 Dec 22 06:48 /var/spool/mail 137126650 132 -rw------- 1 root mail 131956 Nov 30 19:31 /var/spool/mail/root
12、查找当前系统上没有属主或属组的文件;
[root@localhost ~]# find / -nouser -o -nogroup -ls find: ‘/proc/15106’: No such file or directory find: ‘/proc/15114/task/15114/fd/6’: No such file or directory find: ‘/proc/15114/task/15114/fdinfo/6’: No such file or directory find: ‘/proc/15114/fd/6’: No such file or directory find: ‘/proc/15114/fdinfo/6’: No such file or directory 进一步:查找当前系统上没有属主或属组,且最近3天内曾被访问过的文件或目录; [root@localhost ~]# find / \( -nouser -o -nogroup \) -atime -3 -ls find: ‘/proc/16974/task/16974/fd/6’: No such file or directory find: ‘/proc/16974/task/16974/fdinfo/6’: No such file or directory find: ‘/proc/16974/fd/6’: No such file or directory find: ‘/proc/16974/fdinfo/6’: No such file or directory 403645670 0 drwx------ 3 1002 1002 74 Nov 12 16:21 /home/slackware 3484079 0 drwxr-xr-x 4 1002 1002 37 Nov 8 20:14 /home/slackware/.mozilla 137119261 0 drwxr-xr-x 2 1002 1002 6 Jun 9 2014 /home/slackware/.mozilla/extensions 272578502 0 drwxr-xr-x 2 1002 1002 6 Jun 9 2014 /home/slackware/.mozilla/plugins 405829138 0 drwx------ 3 200 1005 74 Nov 16 19:03 /home/openstack 4526238 0 drwxr-xr-x 4 200 1005 37 Nov 8 20:14 /home/openstack/.mozilla 137132447 0 drwxr-xr-x 2 200 1005 6 Jun 9 2014 /home/openstack/.mozilla/extensions 272578520 0 drwxr-xr-x 2 200 1005 6 Jun 9 2014 /home/openstack/.mozilla/plugins 405829147 0 drwx------ 3 1005 1007 74 Nov 16 19:16 /home/mix 4334240 0 drwxr-xr-x 4 1005 1007 37 Nov 8 20:14 /home/mix/.mozilla 137132451 0 drwxr-xr-x 2 1005 1007 6 Jun 9 2014 /home/mix/.mozilla/extensions 272578522 0 drwxr-xr-x 2 1005 1007 6 Jun 9 2014 /home/mix/.mozilla/plugins 139922069 0 drwx------ 3 1005 distro 74 Dec 20 04:30 /home/mandriva 270994653 0 drwxr-xr-x 4 1005 distro 37 Nov 8 20:14 /home/mandriva/.mozilla 405832494 0 drwxr-xr-x 2 1005 distro 6 Jun 9 2014 /home/mandriva/.mozilla/extensions 3482209 0 drwxr-xr-x 2 1005 distro 6 Jun 9 2014 /home/mandriva/.mozilla/plugins
13、查找/etc目录下所有用户都有写权限的文件;
[root@localhost ~]# find /etc -perm -222 -ls | head -n 10 667104 0 lrwxrwxrwx 1 root root 37 Nov 30 04:10 /etc/xdg/ 655829 0 lrwxrwxrwx 1 root root 19 Nov 30 03:54 /e 653507 0 lrwxrwxrwx 1 root root 11 Nov 30 03:53 /etc/in 662151 0 lrwxrwxrwx 1 root root 21 Nov 30 03:58 /etc/gd/ 655834 0 lrwxrwxrwx 1 root root 16 Nov 30 03:54 /etc/ssl/c 670719 0 lrwxrwxrwx 1 root root 29 Nov 30 04:08 /etc/vmware-tools/ 670721 0 lrwxrwxrwx 1 root root 25 Nov 30 04:08 /et 669583 0 lrwxrwxrwx 1 root root 22 Nov 30 04:06 /etc/grub.conf -> ../ 667434 0 lrwxrwxrwx 1 root root 19 Nov 30 04:01 /et -> .. 668205 0 lrwxrwxrwx 1 root root 18 Nov 30 04:02 /etc/rc.d/rc5.d/ 限于格式,只截取部分结果展示。
14、查找/etc目录下大于1M,且类型为普通文件的所有文件;
[root@localhost init.d]# find /etc -size +1M -type f -exec ls -lh {} \; -rw-r--r--. 1 root root 2.0M Nov 30 04:02 /etc/gconf/gconf.xml.defaults/%gconf-tree.xml -rw-r--r--. 1 root root 7.0M Nov 30 04:09 /etc/selinux/targeted/modules/active/policy.kern -rw-r--r--. 1 root root 7.0M Nov 30 04:09 /etc/selinux/targeted/policy/policy.24
15、查找/etc/init.d/目录下,所有用户都有执行权限,且其它用户有写权限的文件;
[root@localhost ~]# find /etc/init.d/ -perm -113 -exec ls -lh {} \; ---x--x-wx. 1 root root 0 Dec 24 11:22 /etc/init.d/test.text
16、查找/usr目录下不属于root、bin或hadoop的文件;
[root@localhost ~]# find /usr -not \( -user root -o -user bin -o -user hadoop \) -ls 395905 12 -rwsr-xr-x 1 abrt abrt 9904 Nov 22 2013 /usr/libexec/abrt-action- 限于格式,只截取部分结果。
17、查找/etc/目录下至少有一类用户没有写权限的文件;
[root@localhost ~]# find /etc/ -not -perm -222 -exec ls -lh {} \;
18、查找/etc目录下最近一周内其内容被修改过,且不属于root或hadoop的文件;
[root@localhost etc]# find /etc -mtime -7 -not \( -user root -o -user hadoop \) -ls 667125 0 --w--w--w- 1 admin admin 0 Dec 24 13:12 /etc/findtest.text [root@localhost etc]#
以上示例为学生作业,如有错误之处和不足,欢迎指正!
原创文章,作者:diglinux,如若转载,请注明出处:http://www.178linux.com/64639
评论列表(2条)
写的很好,排版也很棒,提一个问题,255.255.255.255是一个合理的ip地址吗?
@马哥教育:谢谢,这不是个合理的ip,需要修正。