1、显示/boot/grub/grub.conf中以至少一个空白字符开头的行;
[root@localhost ~]# grep "^[[:space:]]\+.*" /boot/grub/grub.conf
2、显示/etc/rc.d/rc.sysinit文件中以#开头,后面跟至少一个空白字符,而后又有至少一个非空白字符的行;
[root@localhost ~]# grep "^[#][[:space:]]\+[^[:space:]]" /etc/rc.d/rc.sysinit
3、打出netstat -tan命令执行结果中以‘LISTEN’,后或跟空白字符结尾的行;
[root@localhost ~]# netstat -tan | grep "LISTEN[[:space:]]*$"
4、添加用户bash, testbash, basher, nologin (此一个用户的shell为/sbin/nologin),而后找出当前系统上其用户名和默认shell相同的用户的信息;
[root@localhost ~]# useradd bash [root@localhost ~]# useradd testbash [root@localhost ~]# useradd basher [root@localhost ~]# useradd -s /sbin/nologin nologin
[root@localhost ~]# egrep "^([[:alnum:]]).*\1$" /etc/passwd
5、显示当前系统上root、fedora或user1用户的默认shell;
[root@localhost ~]# cat /etc/passwd | cut -d: -f1,7 | egrep "\<root\>|\<fedora\>|\<user1\>" root:/bin/bash user1:/bin/bash fedora:/bin/bash
6、找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,形如:hello();
[root@localhost ~]# egrep "[[:alnum:]]\(\)" /etc/rc.d/init.d/functions
checkpid() {
__pids_var_run() {
__pids_pidof() {
daemon() {
killproc() {
pidfileofproc() {
pidofproc() {
status() {
echo_success() {
echo_failure() {
echo_passed() {
echo_warning() {
update_boot_stage() {
success() {
failure() {
passed() {
warning() {
action() {
strstr() {
is_ignored_file() {
is_true() {
is_false() {
apply_sysctl() {
7、使用echo命令输出一个绝对路径,使用grep取出其基名;
[root@localhost ~]# echo "/etc/sysconfig/" | egrep -o '[^/]+/?$' | cut -d/ -f 1 sysconfig
扩展:取出其路径名
[root@localhost ~]# echo "/etc/sysconfig/network" | egrep -o '(/.*/)' /etc/sysconfig/
8、找出ifconfig命令结果中的1-255之间数字;
[root@localhost ~]# ifconfig | egrep "([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.99 netmask 255.255.255.0 broadcast 192.168.2.255
inet6 fe80::20c:29ff:fe59:590b prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:59:59:0b txqueuelen 1000 (Ethernet)
RX packets 12214 bytes 1201175 (1.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6328 bytes 1244024 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 88 bytes 7436 (7.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 88 bytes 7436 (7.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:f7:9e:82 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
9、挑战题:写一个模式,能匹配合理的IP地址;
[root@localhost ~]# ifconfig | egrep -o '([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.
([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.
([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.
([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])'
192.168.2.99
255.255.255.0
192.168.2.255
127.0.0.1
255.0.0.0
192.168.122.1
255.255.255.0
192.168.122.255
10、挑战题:写一个模式,能匹配出所有的邮件地址;
新建测试文件
[root@localhost ~]# cat mailtest.txt [email protected] [email protected] [email protected] [email protected] aaaaaaaaaaaaaa 12312321312312 sfds_fdfdfd [email protected]
匹配模式
[root@localhost ~]# egrep "[[:alnum:]]+_?[[:alnum:]]+@[[:alnum:]]+\.[[:alpha:]]+\.?[[:alpha:]]+?" mailtest.txt [email protected] [email protected] [email protected] [email protected] [email protected]
11、查找/var目录下属主为root,且属组为mail的所有文件或目录;
[root@localhost ~]# find /var \( -user root -a -group mail \) -ls 67127265 4 drwxrwxr-x 2 root mail 4096 Jul 5 10:00 /var/spool/mail
12、查找当前系统上没有属主或属组的文件;
[root@localhost ~]# find / \( -nouser -a -nogroup \) -ls find: ‘/proc/34206/task/34206/fd/6’: No such file or directory find: ‘/proc/34206/task/34206/fdinfo/6’: No such file or directory find: ‘/proc/34206/fd/6’: No such file or directory find: ‘/proc/34206/fdinfo/6’: No such file or directory 69216572 0 drwxr-xr-x 2 27 27 6 Nov 21 2015 /var/lib/mysql 137041146 0 drwxr-x--- 2 27 27 24 Mar 11 22:33 /var/log/mariadb 137041147 0 -rw-r----- 1 27 27 0 Mar 11 22:33 /var/log/mariadb/mariadb.log
进一步:查找当前系统上没有属主或属组,且最近3天内曾被访问过的文件或目录;
[root@localhost ~]# find / \( -nouser -a -nogroup -a -atime -3 \) -ls find: ‘/proc/34603/task/34603/fd/6’: No such file or directory find: ‘/proc/34603/task/34603/fdinfo/6’: No such file or directory find: ‘/proc/34603/fd/6’: No such file or directory find: ‘/proc/34603/fdinfo/6’: No such file or directory 69216572 0 drwxr-xr-x 2 27 27 6 Nov 21 2015 /var/lib/mysql 137041146 0 drwxr-x--- 2 27 27 24 Mar 11 22:33 /var/log/mariadb
13、查找/etc目录下所有用户都有写权限的文件;
[root@localhost ~]# find /etc -perm -222 -ls
14、查找/etc目录下大于1M,且类型为普通文件的所有文件;
[root@localhost ~]# find /etc -size +1M -type f -ls 4654340 6852 -r--r--r-- 1 root root 7014922 Mar 11 23:24 /etc/udev/hwdb.bin 134959433 1364 -rw-r--r-- 1 root root 1395438 Nov 22 2015 /etc/gconf/schemas/ekiga.schemas 141310667 1308 -rw------- 1 root root 1338053 Jun 27 21:41 /etc/selinux/targeted/contexts/files/file_contexts.bin 7278517 3712 -rw-r--r-- 1 root root 3799487 Jun 27 21:41 /etc/selinux/targeted/policy/policy.29 205532203 1336 -rw-r--r-- 1 root root 1367395 Mar 6 2015 /etc/brltty/zh-tw.ctb
15、查找/etc/init.d/目录下,所有用户都有执行权限,且其它用户有写权限的文件;
[root@localhost ~]# find /etc/init.d -perm -113 -ls
16、查找/usr目录下不属于root、bin或hadoop的文件;
[root@localhost ~]# find /usr -not \( -user root -o -user bin -o -user hadoop \) -ls 68833034 4 drwx------ 2 polkitd root 4096 Mar 11 22:51 /usr/share/polkit-1/rules.d 2416036 16 -rwsr-sr-x 1 abrt abrt 15336 Dec 1 2015 /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
17、查找/etc/目录下至少有一类用户没有写权限的文件;
[root@localhost ~]# find /etc/ -not -perm -222 -ls
18、查找/etc目录下最近一周内其内容被修改过,且不属于root或hadoop的文件;
[root@localhost ~]# find /etc/ \( -mtime -7 -a -not -user root -a -not -user hadoop \) -ls
原创文章,作者:Anaconda,如若转载,请注明出处:http://www.178linux.com/21257
评论列表(1条)
写的很好,排版也很棒,有的还是可以优化一下的,加油