1. 顯示/etc/passwd文件中以bash結尾的行
1 2 3
|
| [root@www ~]# grep -n '\(bash\)$' /etc/passwd 1:root:x:0:0:root:/root:/bin/bash 38:Allen:x:500:500:Allen.Huang:/home/Allen:/bin/bash |
2. 顯示/etc/passwd文件中的兩位數或三位數
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
|
| [root@www ~]# grep -n '[[:digit:]]\{2,3\}' /etc/passwd 9:mail:x:8:12:mail:/var/spool/mail:/sbin/nologin 10:uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin 11:operator:x:11:0:operator:/root:/sbin/nologin 12:games:x:12:100:games:/usr/games:/sbin/nologin 13:gopher:x:13:30:gopher:/var/gopher:/sbin/nologin 14:ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin 15:nobody:x:99:99:Nobody:/:/sbin/nologin 16:dbus:x:81:81:System message bus:/:/sbin/nologin 17:usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin 18:rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin 19:oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin 20:vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin 21:rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin 22:abrt:x:173:173::/etc/abrt:/sbin/nologin 23:hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin 24:avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin 25:saslauth:x:498:76:Saslauthd user:/var/empty/saslauth:/sbin/nologin 26:rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin 27:nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin 28:postfix:x:89:89::/var/spool/postfix:/sbin/nologin 29:haldaemon:x:68:68:HAL daemon:/:/sbin/nologin 30:gdm:x:42:42::/var/lib/gdm:/sbin/nologin 31:ntp:x:38:38::/etc/ntp:/sbin/nologin 32:apache:x:48:48:Apache:/var/www:/sbin/nologin 33:radvd:x:75:75:radvd user:/:/sbin/nologin 34:pulse:x:497:495:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin 35:qemu:x:107:107:qemu user:/:/sbin/nologin 36:sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin 37:tcpdump:x:72:72::/:/sbin/nologin 38:Allen:x:500:500:Allen.Huang:/home/Allen:/bin/bash |
3. 顯示‘netstat -tan’命令結果中以‘LISTEN’後跟0個、1個或多個空白字符結尾的行
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
|
| [root@www ~]# netstat -tan | grep -n "LISTEN[[:space:]]*$" 3:tcp 0 0 127.0.0.1:6013 0.0.0.0:* LISTEN 4:tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 5:tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 6:tcp 0 0 0.0.0.0:41811 0.0.0.0:* LISTEN 7:tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 8:tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 9:tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 10:tcp 0 0 127.0.0.1:6012 0.0.0.0:* LISTEN 12:tcp 0 0 ::1:6013 :::* LISTEN 13:tcp 0 0 :::2222 :::* LISTEN 14:tcp 0 0 :::111 :::* LISTEN 15:tcp 0 0 ::1:631 :::* LISTEN 16:tcp 0 0 ::1:25 :::* LISTEN 17:tcp 0 0 :::42138 :::* LISTEN 18:tcp 0 0 ::1:6012 :::* LISTEN |
4. 添加用戶bash, testbash, basher以及nologin用戶(nologin用戶的shell爲/sbin/nologin),而後找出/etc/passwd文件中用戶名同shell名的行
1 2 3 4
|
| [root@www ~]# useradd bash [root@www ~]# useradd testbash [root@www ~]# useradd basher [root@www ~]# useradd nologin -s /sbin/nologin |
1 2 3 4 5 6
|
| [root@www ~]# grep -n '^\(\b[[:alnum:]]\{1,\}\b\):.*\1$' /etc/passwd 6:sync:x:5:0:sync:/sbin:/bin/sync 7:shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown 8:halt:x:7:0:halt:/sbin:/sbin/halt 39:bash:x:501:501::/home/bash:/bin/bash 42:nologin:x:504:504::/home/nologin:/sbin/nologin |
5. 顯示當前系統上root、centos或user1用戶的默認的shell和UID
1 2 3 4
|
| [root@www ~]# egrep '^\b(root|centos|user1)\b' /etc/passwd |cut -d: -f3,7 0:/bin/bash 503:/bin/bash 504:/bin/bash |
6. 找出/etc/rc.d/init.d/functions文件中某單詞(單詞中間可以存在下劃線)後面跟着一組小括號的行
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
|
| [root@www ~]# egrep -n --color '^(\b(\w{1,})\b)\(\)' /etc/rc.d/init.d/functions 54:fstab_decode_str() { 59:checkpid() { 68:__readlink() { 72:__fgrep() { 87:__umount_loop() { 115:__umount_loopback_loop() { 148:__pids_var_run() { 184:__pids_pidof() { 191:daemon() { 281:killproc() { 382:pidfileofproc() { 397:pidofproc() { 423:status() { 487:echo_success() { 498:echo_failure() { 509:echo_passed() { 520:echo_warning() { 532:update_boot_stage() { 540:success() { 546:failure() { 554:passed() { 561:warning() { 568:action() { 581:action_silent() { 594:strstr() { 600:confirm() { 618:get_numeric_dev() { 629:is_ignored_file() { 639:is_true() { 649:is_false() { 659:apply_sysctl() { 667:key_is_random() { 672:find_crypto_mount_point() { 685:init_crypto() { |
7. 使用echo輸出一個路徑,而後egrep找出其路徑基名,進一步地使用egrep取出其目錄名
1 2 3 4 5 6
|
| [root@www ~]# echo /etc/sysconfig/network/ | egrep -o --color '[[:alpha:]]+/?$' |cut -d/ -f1 network [root@www ~]# echo /etc/sysconfig/network/ | egrep -o --color '^(/)\b.*\1\b' /etc/sysconfig/ [root@www ~]# echo /etc/sysconfig/network/ | egrep -o --color '^(/)\b.*\1\b' |cut -d/ -f1-3 /etc/sysconfig |
8. 找出ifconfig命令執行結果中1-255之間的數字
1 2 3 4 5 6 7 8 9 10 11 12 13 14
|
| [root@www ~]# ifconfig | egrep --color '\b([1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\b' eth0 Link encap:Ethernet HWaddr 00:0C:29:A6:0E:39 inet addr:172.16.10.101 Bcast:172.16.10.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fea6:e39/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX bytes:2573958 (2.4 MiB) TX bytes:2567184 (2.4 MiB) inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 virbr0 Link encap:Ethernet HWaddr 52:54:00:6F:2D:C1 inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 |