1. 显示当前系统上root, fedora或user1用户的默认shell
[root@dhcp-10-129-6-166 ~]# grep -E "root|fedora|user1" /etc/passwd | grep -o "[^:]*$"
/bin/bash
/sbin/nologin
/bin/bash
/sbin/nologin
[root@dhcp-10-129-6-166 ~]#
2. 找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,刑如: hello();
[root@dhcp-10-129-6-166 ~]# grep -E "\<[[:alpha:]]+\(\)" /etc/rc.d/init.d/functions
checkpid() {
daemon() {
killproc() {
pidfileofproc() {
pidofproc() {
status() {
success() {
failure() {
passed() {
warning() {
action() {
strstr() {
[root@dhcp-10-129-6-166 ~]#
3. 使用echo命令输出一个绝对路径,使用grep取出其基名
[root@dhcp-10-129-6-166 ~]# echo "/etc/rc.d/init.d/functions" | grep "[^/]*$" /etc/rc.d/init.d/functions [root@dhcp-10-129-6-166 ~]#
扩展:取出其路径名
[root@dhcp-10-129-6-166 ~]# echo "/etc/rc.d/init.d/functions" | grep -o "^/.*/" /etc/rc.d/init.d/ [root@dhcp-10-129-6-166 ~]#
4. 找出ifconfig命令结果中的1-225的数字
[root@dhcp-10-129-6-166 ~]# ifconfig | grep -E "\<([0-9]|[1-9][0-9]|2[0-4][0-9]|25[0-5])\>" inet 10.129.6.166 netmask 255.255.255.0 broadcast 10.129.6.255 inet6 fe80::20c:29ff:fe02:650b prefixlen 64 scopeid 0x20<link> ether 00:0c:29:02:65:0b txqueuelen 1000 (Ethernet) RX packets 5819710 bytes 437764632 (417.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 127834 bytes 18650407 (17.7 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 4 bytes 234 (234.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4 bytes 234 (234.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@dhcp-10-129-6-166 ~]#
5. 挑战题:写一个模式,能匹配出合理的IP地址
[root@dhcp-10-129-6-166 ~]# ifconfig | grep -E -o "\<([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-1][0-9]|22[0-3])\.(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){2}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-4])"
10.129.6.166
10.129.6.25
127.0.0.1
[root@dhcp-10-129-6-166 ~]#
6. 挑战题: 写一个模式,能匹配出所有的邮件地址
[root@dhcp-10-129-6-166 ~]# grep -E "\<([[:alnum:]]+[._]*[[:alnum:]]*)+@([[:alnum:]]+\.[[:alpha:]]+)*\>" mailaddress [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] Dear Sender, Thanks for your massage. I am on my annual leave from 31Dec2016 - 02Jan2017 and limit to access email. Any urgent, please drop email to [email protected]. Or [email protected] [email protected] [email protected]. [email protected]:[email protected]:[email protected] [root@dhcp-10-129-6-166 ~]#
7. 查找/var目录下属主为root, 且属组为mail的所有文件或目录
[root@dhcp-10-129-6-166 ~]# find /var -user root -group mail -ls 67150324 4 drwxrwxr-x 2 root mail 4096 12月 27 14:13 /var/spool/mail 67972298 4 -rw------- 1 root mail 756 12月 22 09:46 /var/spool/mail/root [root@dhcp-10-129-6-166 ~]#
8. 查找当前系统没有属主或属组的文件
[root@dhcp-10-129-6-166 ~]# find /home -nouser -nogroup -ls 624058 4 drwx------ 2 2013 2013 4096 12月 27 14:24 /home/user8 624059 4 -rw-r--r-- 1 2013 2013 18 11月 20 2015 /home/user8/.bash_logout 624060 4 -rw-r--r-- 1 2013 2013 193 11月 20 2015 /home/user8/.bash_profile 624061 4 -rw-r--r-- 1 2013 2013 231 11月 20 2015 /home/user8/.bashrc 624062 0 -rw-rw-r-- 1 2013 2013 0 12月 27 14:24 /home/user8/file1 624063 0 -rw-rw-r-- 1 2013 2013 0 12月 27 14:24 /home/user8/file2 570464 0 -rw-rw-r-- 1 2013 2013 0 12月 27 14:24 /home/user8/file3 570465 4 -rw------- 1 2013 2013 26 12月 27 14:24 /home/user8/.bash_history [root@dhcp-10-129-6-166 ~]#
进一步: 查找当前系统上没有属主或属组,且最近3天内曾被访问过的文件或目录
[root@dhcp-10-129-6-166 ~]# find /home -nouser -nogroup -atime -3 -ls 624058 4 drwx------ 2 2013 2013 4096 Dec 27 14:24 /home/user8 624059 4 -rw-r--r-- 1 2013 2013 18 Nov 20 2015 /home/user8/.bash_logout 624060 4 -rw-r--r-- 1 2013 2013 193 Nov 20 2015 /home/user8/.bash_profile 624061 4 -rw-r--r-- 1 2013 2013 231 Nov 20 2015 /home/user8/.bashrc 624062 0 -rw-rw-r-- 1 2013 2013 0 Dec 27 14:24 /home/user8/file1 624063 0 -rw-rw-r-- 1 2013 2013 0 Dec 27 14:24 /home/user8/file2 570464 0 -rw-rw-r-- 1 2013 2013 0 Dec 27 14:24 /home/user8/file3 570465 4 -rw------- 1 2013 2013 26 Dec 27 14:24 /home/user8/.bash_history
9. 查找/etc/目录下所有用户都有写权限的文件
[root@dhcp-10-129-6-166 ~]# find /etc -perm /222 | wc -l 1078 [root@dhcp-10-129-6-166 ~]#
10. 查找/etc/目录下大于1M, 且类型为普通用户的所有文件
[root@dhcp-10-129-6-166 ~]# find /etc/ -size +2M -type f -ls 34318041 6824 -r--r--r-- 1 root root 6984832 Dec 1 22:09 /etc/udev/hwdb.bin 67884867 3772 -rw-r--r-- 1 root root 3858924 Nov 21 2015 /etc/selinux/targeted/policy/policy.29
11. 查找/etc/init.d/目录下,所有用户都有执行权限,且其他用户有写权限的文件
[root@dhcp-10-129-6-166 mnt]# find /etc/init.d/ -perm -113 -ls [root@dhcp-10-129-6-166 mnt]#
12. 查找/usr/目录下不属于root,bin,或hadoop的文件
[root@dhcp-10-129-6-166 mnt]# find /usr ! \( -user root -o -user bin \) -type f -ls [root@dhcp-10-129-6-166 mnt]#
13. 查找/etc/目录下至少有一类用户没有写权限的文件
[root@dhcp-10-129-6-166 mnt]# find /etc -perm /333 -a -type f -ls 33554563 0 -rw------- 1 root root 0 12月 29 11:51 /etc/crypttab 34101623 4 -rw-r--r-- 1 root root 70 1月 9 21:35 /etc/resolv.conf 100663438 4 -rw-r--r-- 1 root root 1690 12月 9 2015 /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 100663439 4 -rw-r--r-- 1 root root 1004 12月 9 2015 /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Debug-7 100663440 4 -rw-r--r-- 1 root root 1690 12月 9 2015 /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Testing-7 33833594 4 -rw-r--r-- 1 root root 2388 6月 29 2015 /etc/pki/tls/certs/Makefile ...
14. 查找/etc/目录下最近一周内其内容没有被修改过,且不属于root或hadoop的文件
[root@dhcp-10-129-6-166 mnt]# find /etc -mtime +7 -a ! -user root -exec ls -l {} \;
总用量 8
-rw-r--r--. 1 root root 974 6月 10 2014 49-polkit-pkla-compat.rules
-rw-r--r--. 1 root root 326 4月 30 2013 50-default.rules
-rw-------. 1 tss tss 7046 12月 29 11:51 /etc/tcsd.conf
原创文章,作者:JL,如若转载,请注明出处:http://www.178linux.com/65011
