skr! grep~ skr~~find!

发表于

1、显示当前系统上root、fedora或user1用户的默认shell;

1
grep -E "^(root|hadoop|user1)\>" /etc/passwd |cut -d":" -f1,7

2、找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,形如:hello();

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[root@centos7 /]# grep  -E -o "[_[:alnum:]]+\(\)"  /etc/rc.d/init.d/functions
checkpid()
__pids_var_run()
__pids_pidof()
daemon()
killproc()
pidfileofproc()
pidofproc()
status()
echo_success()
echo_failure()
echo_passed()
echo_warning()
update_boot_stage()
success()
failure()
passed()
warning()
action()
strstr()
is_ignored_file()
is_true()
is_false()
apply_sysctl()

3、使用echo命令输出一个绝对路径,使用grep取出其基名;扩展:取出其路径名

1
2
3
4
5
[root@centos7 /]#  echo "/etc/rc.d/init.d/functions" |grep -E -o "[^/]+$"
functions

[root@centos7 /]#  echo "/etc/rc.d/init.d/functions" |grep -E -o  "^/.*/"
/etc/rc.d/init.d/

4、找出ifconfig命令结果中的1-255之间数字;

1
ifconfig | grep  -E  -o  "\<([1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\>"

5、挑战题:写一个模式,能匹配合理的IP地址;

1
grep -E -o "\<([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\>.\<([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\>.\<([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\>.\<([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\>"

6、挑战题:写一个模式,能匹配出所有的邮件地址;

1
grep -E -o “\<[a-z0-9A-Z._%+-]+@[a-z0-9A-Z.-]+\.[a-zA-Z]{2,6}\>”

7、查找/var目录下属主为root,且属组为mail的所有文件或目录;

1
2
3
[root@centos7 /]# find /var/ -user root -a -group mail
/var/spool/mail
/var/spool/mail/root

8、查找当前系统上没有属主或属组的文件;进一步:查找当前系统上没有属主或属组,且最近3天内曾被访问过的文件或目录;

1
find / -nouser -o -nogroup -atime 3

9、查找/etc目录下所有用户都有写权限的文件;

1
find /etc/ -perm -020

10、查找/etc目录下大于1M,且类型为普通文件的所有文件;

1
find /etc/ -size +1M -type f

11、查找/etc/init.d/目录下,所有用户都有执行权限,且其它用户有写权限的文件;

1
find /etc/init.d/ -perm -111 -perm -002

12、查找/usr目录下不属于root、bin或hadoop的文件;

1
2
3
[root@centos7 /]# find /usr ! \( -user root -o -user bin -o -user hadoop \)
/usr/share/polkit-1/rules.d
/usr/libexec/abrt-action-install-debuginfo-to-abrt-cache

13、查找/etc/目录下至少有一类用户没有写权限的文件;

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
[root@centos7 /]# find /usr ! \( -user root -o -user bin -o -user hadoop \)
/usr/share/polkit-1/rules.d
/usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
[root@centos7 /]# find /usr -not \( -user root -o -user bin -o -user hadoop \)
/usr/share/polkit-1/rules.d
/usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
[root@centos7 /]# find /usr ! \( -user root -o -user bin -o -user hadoop \)
/usr/share/polkit-1/rules.d
/usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
[root@centos7 /]# find /etc/ -not -perm /222
/etc/pki/ca-trust/extracted/java/cacerts
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
/etc/gshadow
/etc/openldap/certs/password
/etc/shadow
/etc/ld.so.conf.d/kernel-3.10.0-327.el7.x86_64.conf
/etc/ld.so.conf.d/kernel-3.10.0-327.36.3.el7.x86_64.conf
/etc/udev/hwdb.bin
/etc/gshadow-
/etc/dbus-1/system.d/cups.conf
/etc/shadow-
/etc/lvm/profile/cache-mq.profile
/etc/lvm/profile/cache-smq.profile
/etc/lvm/profile/command_profile_template.profile
/etc/lvm/profile/metadata_profile_template.profile
/etc/lvm/profile/thin-generic.profile
/etc/lvm/profile/thin-performance.profile
/etc/pam.d/cups
/etc/machine-id
/etc/sudoers

14、查找/etc目录下最近一周内其内容被修改过,且不属于root或hadoop的文件;

1
find /etc -mtime -7 ! \( -user root -o -user hadoop \)
0%