1、显示/boot/grub/grub.conf中以至少一个空白字符开头的行;
[root@localhost ~]# grep "^[[:space:]]\+" /boot/grub/grub.conf root (hd0,0) kernel /vmlinuz-2.6.32-504.el6.x86_64 ro root=/dev/mapper/myvg-lv_root rd_NO_LUKS.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=myvg/lv_swap KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rd_LVM_LV=myvg/lv_root rhgb quiet initrd /initramfs-2.6.32-504.el6.x86_64.img
2、显示/etc/rc.d/rc.sysinit文件中以#开头,后面跟至少一个空白字符,而后又有至少一个非空白字符的行;
[root@localhost ~]# grep -E "^#[[:space:]]+[^[:space:]]+" /etc/rc.d/rc.sysinit # /etc/rc.d/rc.sysinit - run once at boot time
3、打出netstat -tan命令执行结果中以‘LISTEN’,后或跟空白字符结尾的行;
[root@localhost ~]# netstat -tan | grep "LISTEN[[:space:]]*$" tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN
4、添加用户bash, testbash, basher, nologin (此一个用户的shell为/sbin/nologin),而后找出当前系统上其用户名和默认shell相同的用户的信息;
[root@localhost ~]# useradd bash [root@localhost ~]# useradd testbash [root@localhost ~]# useradd basher [root@localhost ~]# useradd nologin -s /sbin/nologin [root@localhost ~]# grep -E "^([^:]+\>).*\1$" /etc/passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt bash:x:501:501::/home/bash:/bin/bash nologin:x:504:504::/home/nologin:/sbin/nologin
5、显示当前系统上root、fedora或user1用户的默认shell;
[root@localhost ~]# grep -E "^root|fedora|user1" /etc/passwd | cut -d: -f1,7 root:/bin/bash fedora:/bin/bash user1:/bin/bash
6、找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,形如:hello();
[root@localhost ~]# grep "\<.*\>()" /etc/rc.d/init.d/functions fstab_decode_str() { checkpid() {
7、使用echo命令输出一个绝对路径,使用grep取出其基名;
扩展:取出其路径名
取路径基名: [root@test ~]# echo /etc/rc.d/init.d/functions/ | grep -E -o "[^/]+/?$" functions/ [root@test ~]# echo /etc/rc.d/init.d/functions | grep -E -o "[^/]+/?$" functions 取路径名: [root@localhost ~]# echo /etc/rc.d/init.d/functions/ | grep -E -o "/.*/\<" /etc/rc.d/init.d/ [root@localhost ~]# echo /etc/rc.d/init.d/functions | grep -E -o "/.*/\<" /etc/rc.d/init.d/ # 利用最后的词首铆定,来定位基名前的部分
8、找出ifconfig命令结果中的1-255之间数字;
[root@test ~]# ifconfig | egrep --color=auto "\<([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\>" eth0 Link encap:Ethernet HWaddr 00:0C:29:CE:79:AB inet addr:172.16.0.144 Bcast:172.16.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fece:79ab/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX bytes:116989478 (111.5 MiB) TX bytes:218003229 (207.9 MiB) inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX bytes:22504271 (21.4 MiB) TX bytes:22504271 (21.4 MiB) [root@test ~]# ifconfig | egrep -o --color=auto "\<([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\>" 29 79 172 16 144 172 16 255 255 255 255 64 1 111 5 207 9 127 1 255 1 128 1 21 4 21 4
9、挑战题:写一个模式,能匹配合理的IP地址;
匹配A类,B类,C类地址,不匹配网络地址和广播地址 [root@test ~]# ifconfig | egrep -o "\<([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-1][0-9]|22[0-3])\>.\<([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\>.\<([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\>.\<([1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-4])\>" 172.16.0.144 127.0.0.1 [root@test ~]# cat ip 9.2.100.253 10.2.4.200 0.0.0.0 127.0.0.1 128.4.20.155 128.6.100.255 172.16.0.10 172.16.100.255 192.168.255.4 192.168.233.255 [root@test ~]# egrep -o "\<([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-1][0-9]|22[0-3])\>.\<([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\>.\<([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\>.\<([1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-4])\>" ip 9.2.100.253 10.2.4.200 127.0.0.1 128.4.20.155 172.16.0.10 192.168.255.4
10、挑战题:写一个模式,能匹配出所有的邮件地址;
匹配邮件地址: 1. 6到18位的字母、数字、下划线 2. 字母开头 3. 邮件后缀: .com .net .org [root@test scripts]# cat mail hahaa@qq.com hahaaaaa.qq.com lalaaaaaqq#.com lala@163.com 234@qq.com 2343%@qq.com han_han@qq.com a1234567@qq.com 1234567@qq.com abcdefg@qq.com asdjfoisdjfoisjdfjsodfjjdoifsdfjidf@qq.com sdjfoisjdof@163.net aaaaaaaa@gmail.com cccccccc@gmai@com dddddddd@gmail.org [root@test scripts]# egrep --color=auto "\<[[:alpha:]][_[:alnum:]]{5,17}@[[:alnum:]]+\.(com)|(net)|(org)\>" mail han_han@qq.com a1234567@qq.com abcdefg@qq.com sdjfoisjdof@163.net aaaaaaaa@gmail.com dddddddd@gmail.org
11、查找/var目录下属主为root,且属组为mail的所有文件或目录;
[root@test scripts]# find /var -user root -group mail -ls 131077 4 drwxrwxr-x 2 root mail 4096 1月 3 02:13 /var/spool/mail
12、查找当前系统上没有属主或属组的文件;
进一步:查找当前系统上没有属主或属组,且最近3天内曾被访问过的文件或目录;
[root@localhost test]# find / \( -nouser -o -nogroup \) -ls [root@localhost test]# find / \( -nouser -o -nogroup \) -a -atime -3 -ls # centos7 下因为系统默认原因,atime不会更新
13、查找/etc目录下所有用户都有写权限的文件;
[root@localhost ~]# find /etc -perm -222 -ls 33554564 0 lrwxrwxrwx 1 root root 17 Aug 20 07:19 /etc/mtab -> /proc/self/mounts 67321171 0 lrwxrwxrwx 1 root root 49 Aug 20 07:21 /etc/pki/tls/certs/ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem 67321172 0 lrwxrwxrwx 1 root root 55 Aug 20 07:21 /etc/pki/tls/certs/ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt 33807200 0 lrwxrwxrwx 1 root root 49 Aug 20 07:21 /etc/pki/tls/cert.pem -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem 33807206 0 lrwxrwxrwx 1 root root 59 Aug 20 07:21 /etc/pki/ca-trust/source/ca-bundle.legacy.crt -> /usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt ........
14、查找/etc目录下大于1M,且类型为普通文件的所有文件;
[root@localhost ~]# find /etc -size +1M -type f | xargs ls -l -rw-r--r--. 1 root root 3858924 Nov 21 2015 /etc/selinux/targeted/policy/policy.29 -r--r--r--. 1 root root 6984832 Aug 20 07:34 /etc/udev/hwdb.bin [root@localhost ~]# find /etc -size +1M -type f -exec ls -lh {} \; -r--r--r--. 1 root root 6.7M Aug 20 07:34 /etc/udev/hwdb.bin -rw-r--r--. 1 root root 3.7M Nov 21 2015 /etc/selinux/targeted/policy/policy.29
15、查找/etc/init.d/目录下,所有用户都有执行权限,且其它用户有写权限的文件;
[root@localhost ~]# find /etc/init.d/ -perm -113 -type f -ls
16、查找/usr目录下不属于root、bin或hadoop的文件;
[root@localhost ~]# find /usr -type f -a -not -user root -a -not -user bin -a -not -user hadoop -ls [root@localhost ~]# find /usr -type f -a -not \( -user root -o -user bin -o -user hadoop \) -ls
17、查找/etc/目录下至少有一类用户没有写权限的文件;
[root@localhost ~]# find /etc -not -perm -222 -type f -ls
18、查找/etc目录下最近一周内其内容被修改过,且不属于root或hadoop的文件;
[root@localhost ~]# find /etc -mtime -7 -a -not \( -user root -o -user hadoop \) -a -type f -ls
原创文章,作者:hansj,如若转载,请注明出处:http://www.178linux.com/66007
评论列表(1条)
写的很好,排版也很漂亮,继续保持,加油