1、显示/boot/grub/grub.conf中以至少一个空白字符开头的行;
[root@localhost ~]# grep -E "^[[:space:]]+" /boot/grub/grub.conf root (hd0,0) kernel /vmlinuz-2.6.32-431.el6.x86_64 ro root=/dev/mapper/VolGroup-lv_root rd_NO_LUKS.UTF-8 rd_NO_MD rd_LVM_LV=VolGroup/lv_swap SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=VolGroup/lv_root KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet initrd /initramfs-2.6.32-431.el6.x86_64.img [root@localhost ~]# grep "^[[:space:]]\+" /boot/grub/grub.conf root (hd0,0) kernel /vmlinuz-2.6.32-431.el6.x86_64 ro root=/dev/mapper/VolGroup-lv_root rd_NO_LUKS.UTF-8 rd_NO_MD rd_LVM_LV=VolGroup/lv_swap SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=VolGroup/lv_root KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet initrd /initramfs-2.6.32-431.el6.x86_64.img
2、显示/etc/rc.d/rc.sysinit文件中以#开头,后面跟至少一个空白字符,而后又有至少一个非空白字符的行;
[root@localhost ~]# grep "^#[[:space:]]\+[^[:space:]]\+" /etc/rc.d/rc.sysinit # /etc/rc.d/rc.sysinit - run once at boot time # Taken in part from Miquel van Smoorenburg's bcheckrc. # Check SELinux status # Print a text banner. # Only read this once. # Initialize hardware # Set default affinity # Load other user-defined modules # Load modules (for backward compatibility with VARs) # Configure kernel parameters # Set the hostname. # Sync waiting for storage. # Device mapper & related initialization # Start any MD RAID arrays that haven't been started yet # Remount the root filesystem read-write. # Clean up SELinux labels # If relabeling, relabel mount points. # Mount all other filesystems (except for NFS and /proc, which is already # mounted). Contrary to standard usage, # filesystems are NOT unmounted in single user mode. # The 'no' applies to all listed filesystem types. See mount(8). # Update quotas if necessary # Check to see if a full relabel is needed # Initialize pseudo-random number generator # Configure machine if necessary. # Clean out /. # Do we need (w|u)tmpx files? We don't set them up, but the sysadmin might... # Clean up /var. # Clean up utmp/wtmp # Clean up various /tmp bits # Make ICE directory # Start up swapping. # Set up binfmt_misc # Boot time profiles. Yes, this should be somewhere else. # Now that we have all of our basic modules loaded and the kernel going, # let's dump the syslog ring somewhere so we can find it later # create the crash indicator flag to warn on crashes, offer fsck with timeout # Let rhgb know that we're leaving rc.sysinit [root@localhost ~]# grep -E "^#[[:space:]]+[^[:space:]]+" /etc/rc.d/rc.sysinit # /etc/rc.d/rc.sysinit - run once at boot time # Taken in part from Miquel van Smoorenburg's bcheckrc. # Check SELinux status # Print a text banner. # Only read this once. # Initialize hardware # Set default affinity # Load other user-defined modules # Load modules (for backward compatibility with VARs) # Configure kernel parameters # Set the hostname. # Sync waiting for storage. # Device mapper & related initialization # Start any MD RAID arrays that haven't been started yet # Remount the root filesystem read-write. # Clean up SELinux labels # If relabeling, relabel mount points. # Mount all other filesystems (except for NFS and /proc, which is already # mounted). Contrary to standard usage, # filesystems are NOT unmounted in single user mode. # The 'no' applies to all listed filesystem types. See mount(8). # Update quotas if necessary # Check to see if a full relabel is needed # Initialize pseudo-random number generator # Configure machine if necessary. # Clean out /. # Do we need (w|u)tmpx files? We don't set them up, but the sysadmin might... # Clean up /var. # Clean up utmp/wtmp # Clean up various /tmp bits # Make ICE directory # Start up swapping. # Set up binfmt_misc # Boot time profiles. Yes, this should be somewhere else. # Now that we have all of our basic modules loaded and the kernel going, # let's dump the syslog ring somewhere so we can find it later # create the crash indicator flag to warn on crashes, offer fsck with timeout # Let rhgb know that we're leaving rc.sysinit [root@localhost ~]#
3、打出netstat -tan命令执行结果中以‘LISTEN’,后或跟空白字符结尾的行;
[root@localhost ~]# netstat -tan |grep "LISTEN[[:space:]]*" tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN
4、添加用户bash, testbash, basher, nologin (此一个用户的shell为/sbin/nologin),而后找出当前系统上其用户名和默认shell相同的用户的信息;
[root@localhost ~]# grep -E "^([^:]+\>).*\1$" /etc/passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt bash:x:500:500::/home/bash:/bin/bash nologin:x:503:503::/home/nologin:/sbin/nologin
5、显示当前系统上root、fedora或user1用户的默认shell;
[root@localhost ~]# grep -E "(root|fedora|user1)" /etc/passwd |cut -d: -f7 /bin/bash /sbin/nologin
6、找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,形如:hello();
[root@localhost ~]# grep -E "[[:alnum:]]\>+\(\)" /etc/rc.d/init.d/functions
fstab_decode_str() {
checkpid() {
__readlink() {
__fgrep() {
__umount_loop() {
__umount_loopback_loop() {
__pids_var_run() {
__pids_pidof() {
daemon() {
killproc() {
pidfileofproc() {
pidofproc() {
status() {
echo_success() {
echo_failure() {
echo_passed() {
echo_warning() {
update_boot_stage() {
success() {
failure() {
passed() {
warning() {
action() {
strstr() {
confirm() {
get_numeric_dev() {
is_ignored_file() {
is_true() {
is_false() {
apply_sysctl() {
key_is_random() {
find_crypto_mount_point() {
init_crypto() {
7、使用echo命令输出一个绝对路径,使用grep取出其基名;
echo /etc/rc.d/init.d/functions | grep -o "[^/]*/*$" functions
扩展:取出其路径名
[root@localhost ~]# echo /etc/rc.d/init.d/functions | grep -o "/.*/" /etc/rc.d/init.d/
8、找出ifconfig命令结果中的1-255之间数字;
[root@localhost ~]# ifconfig |grep --color -E -o "<\([1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]\)\>"
29
52
192
168
44
23
192
168
44
25
25
25
25
80
20
29
95
64
150
52
84
34
27
100
50
51
70
49
44
43
47
43
127
25
128
164
36
68
68
68
68
9、挑战题:写一个模式,能匹配合理的IP地址;
[root@localhost ~]# ifconfig eth0 |grep -oE "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"
192.168.44.23
192.168.44.255
255.255.255.0
10、挑战题:写一个模式,能匹配出所有的邮件地址;
[a-z,A-Z,0-9,_]*@[a-z,A-Z,0-9,_]*\.[a-z,A-Z,0-9]*
11、查找/var目录下属主为root,且属组为mail的所有文件或目录;
find /var/ -user root -a -group mai
12、查找当前系统上没有属主或属组的文件;
find / -nouser -o -nogroup
进一步:查找当前系统上没有属主或属组,且最近3天内曾被访问过的文件或目录;
find / -nouser -a -nogroup -a -type f -a mtime -3 find / \( -nouser -o -nogroup \) -a -type f -a mtime -3
13、查找/etc目录下所有用户都有写权限的文件;
find /etc/ -perm -222
14、查找/etc目录下大于1M,且类型为普通文件的所有文件;
[root@localhost ~]# find /etc/ -size +1M -a -type f /etc/selinux/targeted/modules/active/policy.kern /etc/selinux/targeted/policy/policy.24
15、查找/etc/init.d/目录下,所有用户都有执行权限,且其它用户有写权限的文件;
find /etc/init.d/ -perm -113
16、查找/usr目录下不属于root、bin或hadoop的文件;
find /usr/ -not -user root -a -not -user bin -not -user hadoop find /usr/ -not \( -user root -o -user bin -o -user hadoop \)
17、查找/etc/目录下至少有一类用户没有写权限的文件;
find /etc/ -not -perm /2
18、查找/etc目录下最近一周内其内容被修改过,且不属于root或hadoop的文件
find /etc/ -not -user root -a -not -user hadoop -a -mtime -7
原创文章,作者:胡安慧,如若转载,请注明出处:http://www.178linux.com/67436
