1、找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,形如:hello();
[root@tom ~]# grep -E -o "[_[:alpha:]]+\(\)" /etc/rc.d/init.d/functions fstab_decode_str() checkpid() __readlink() __fgrep() __kill_pids_term_kill_checkpids() __kill_pids_term_kill() __umount_loop() __source_netdevs_fstab() __source_netdevs_mtab() __umount_loopback_loop() __find_mounts() __pids_var_run() __pids_pidof() daemon() killproc() pidfileofproc() pidofproc() status() echo_success() echo_failure() echo_passed() echo_warning() update_boot_stage() success() failure() passed() warning() action() action_silent() strstr() confirm() get_numeric_dev() is_ignored_file() is_true() is_false() apply_sysctl() key_is_random() find_crypto_mount_point() init_crypto()
2、使用echo命令输出一个绝对路径,使用grep取出其基名;
扩展:取出其路径名
[root@tom ~]# echo /etc/sysconfig/network-scripts/ifcfg-eth0 | grep -E -o "[^/]+$" ifcfg-eth0 #extended# [root@tom ~]# echo /etc/sysconfig/network-scripts/ifcfg-eth0 | grep -E -o "/.*/" /etc/sysconfig/network-scripts/
3、找出ifconfig命令结果中的1-255之间数字;
[root@tom ~]# ifconfig eth0 Link encap:Ethernet HWaddr 08:00:27:DA:EF:CA inet addr:172.18.11.121 Bcast:172.18.11.127 Mask:255.255.255.128 inet6 addr: fe80::a00:27ff:feda:efca/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:21714 errors:0 dropped:0 overruns:0 frame:0 TX packets:915 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1479394 (1.4 MiB) TX bytes:133705 (130.5 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) [root@tom ~]# ifconfig | egrep -o "\<([1-9]|[0-9]{2}|1[0-9]{2}|2[0-5]{2})\>" 08 00 27 172 18 11 121 172 18 11 127 255 255 255 128 64 1 2 1 224 2 127 1 255 1 128 1
4、查找当前系统上没有属主或属组的文件;
进一步:查找当前系统上没有属主或属组,且最近3天内曾被访问过的文件或目录;
[root@tom ~]# find / \( -nouser -o -nogroup \) -a -ls | wc -l find: `/proc/21565/task/21565/fd/5': No such file or directory find: `/proc/21565/task/21565/fd/5': No such file or directory find: `/proc/21565/task/21565/fdinfo/5': No such file or directory find: `/proc/21565/task/21565/fdinfo/5': No such file or directory find: `/proc/21565/fd/5': No such file or directory find: `/proc/21565/fd/5': No such file or directory find: `/proc/21565/fdinfo/5': No such file or directory find: `/proc/21565/fdinfo/5': No such file or directory 1842 #Next step# [root@tom ~]# find / \( -nouser -o -nogroup \) -a -atime -3 -ls | wc -l find: `/proc/21574/task/21574/fd/5': No such file or directory find: `/proc/21574/task/21574/fdinfo/5': No such file or directory find: `/proc/21574/fd/5': No such file or directory find: `/proc/21574/fdinfo/5': No such file or directory 214
5、查找/etc目录下大于1M,且类型为普通文件的所有文件;
[root@tom ~]# find /etc -size +1M -type f -exec ls -lh {} \; -rw-r--r--. 1 root root 8.1M Dec 16 16:43 /etc/selinux/targeted/modules/active/policy.kern -rw-r--r--. 1 root root 8.1M Dec 16 16:43 /etc/selinux/targeted/policy/policy.24 -rw-r--r--. 1 root root 2.2M Dec 16 16:10 /etc/gconf/gconf.xml.defaults/%gconf-tree.xml
6、查找/etc/init.d/目录下,所有用户都有执行权限,且其它用户有写权限的文件;
[root@tom ~]# find /etc/init.d/ -perm 113 [root@tom ~]# ls -lh /etc/init.d/ total 440K -rwxr-xr-x. 1 root root 1.3K May 12 2016 abrt-ccpp -rwxr-xr-x. 1 root root 1.6K May 12 2016 abrtd -rwxr-xr-x. 1 root root 1.7K May 12 2016 abrt-oops -rwxr-xr-x. 1 root root 1.8K Feb 17 2016 acpid -rwxr-xr-x. 1 root root 2.1K Feb 20 2015 atd -rwxr-xr-x. 1 root root 3.5K May 11 2016 auditd -rwxr-xr-x. 1 root root 4.0K Jul 12 2016 autofs -r-xr-xr-x. 1 root root 1.4K Aug 24 02:37 blk-availability -rwxr-xr-x. 1 root root 710 Nov 11 2010 bluetooth -rwxr-xr-x. 1 root root 2.1K May 9 2016 certmonger -rwxr-xr-x. 1 root root 12K Jul 24 2015 cpuspeed -rwxr-xr-x. 1 root root 2.8K Aug 24 02:36 crond -rwxr-xr-x. 1 root root 3.0K May 11 2016 cups -rwxr-xr-x. 1 root root 1.7K May 11 2016 dnsmasq -rwxr-xr-x. 1 root root 3.2K Jul 9 2013 firstboot -rw-r--r--. 1 root root 25K Apr 12 2016 functions -rwxr-xr-x. 1 root root 1.8K Oct 15 2014 haldaemon -rwxr-xr-x. 1 root root 5.9K Apr 12 2016 halt -rwxr-xr-x. 1 root root 2.0K Nov 19 07:49 htcacheclean -rwxr-xr-x. 1 root root 3.5K Nov 19 07:49 httpd -rwxr-xr-x. 1 root root 11K Jul 24 2015 ip6tables -rwxr-xr-x. 1 root root 6.6K May 11 2016 ipsec -rwxr-xr-x. 1 root root 11K Jul 24 2015 iptables -rwxr-xr-x. 1 root root 1.9K Feb 2 2016 irqbalance -rwxr-xr-x. 1 root root 21K Nov 18 23:19 kdump -rwxr-xr-x. 1 root root 652 Apr 12 2016 killall -r-xr-xr-x. 1 root root 2.1K Aug 24 02:37 lvm2-lvmetad -r-xr-xr-x. 1 root root 3.0K Aug 24 02:37 lvm2-monitor -rwxr-xr-x. 1 root root 2.6K Jun 21 2016 mdmonitor -rwxr-xr-x. 1 root root 2.2K Apr 22 2015 messagebus -rwxr-xr-x. 1 root root 6.9K May 11 2016 mysqld -rwxr-xr-x. 1 root root 3.0K Apr 12 2016 netconsole -rwxr-xr-x. 1 root root 5.2K Apr 12 2016 netfs -rwxr-xr-x. 1 root root 6.3K Apr 12 2016 network -rwxr-xr-x. 1 root root 2.2K May 11 2016 NetworkManager -rwxr-xr-x. 1 root root 6.8K Oct 5 04:27 nfs -rwxr-xr-x. 1 root root 3.5K Oct 5 04:27 nfslock -rwxr-xr-x. 1 root root 1.9K May 3 2016 ntpd -rwxr-xr-x. 1 root root 2.0K May 3 2016 ntpdate -rwxr-xr-x. 1 root root 2.3K May 11 2016 oddjobd -rwxr-xr-x. 1 root root 2.5K May 31 2010 openct -rwxr-xr-x. 1 root root 2.2K Jul 24 2015 pcscd -rwxr-xr-x. 1 root root 2.0K May 11 2016 portreserve -rwxr-xr-x. 1 root root 3.9K Nov 10 2015 postfix -rwxr-xr-x. 1 root root 9.5K Nov 5 22:08 postgresql-9.2 -rwxr-xr-x. 1 root root 1.7K May 11 2016 pppoe-server -rwxr-xr-x. 1 root root 1.6K Jul 17 2012 psacct -rwxr-xr-x. 1 root root 2.0K Jan 7 2015 quota_nld -rwxr-xr-x. 1 root root 1.5K Nov 13 2015 rdisc -rwxr-xr-x. 1 root root 1.8K Nov 18 23:30 restorecond -rwxr-xr-x. 1 root root 1.8K Sep 22 2015 rngd -rwxr-xr-x. 1 root root 2.1K May 11 2016 rpcbind -rwxr-xr-x. 1 root root 2.5K Oct 5 04:27 rpcgssd -rwxr-xr-x. 1 root root 2.3K Oct 5 04:27 rpcidmapd -rwxr-xr-x. 1 root root 2.5K Oct 5 04:27 rpcsvcgssd -rwxr-xr-x. 1 root root 2.0K Dec 10 2014 rsyslog -rwxr-xr-x. 1 root root 1.7K Nov 18 23:30 sandbox -rwxr-xr-x. 1 root root 2.1K Feb 27 2015 saslauthd -rwxr-xr-x. 1 root root 647 Apr 12 2016 single -rwxr-xr-x. 1 root root 3.0K Feb 22 2013 smartd -rwxr-xr-x. 1 root root 2.2K Aug 24 02:47 snmpd -rwxr-xr-x. 1 root root 1.7K Aug 24 02:47 snmptrapd -rwxr-xr-x. 1 root root 2.5K May 11 2016 spice-vdagentd -rwxr-xr-x. 1 root root 4.6K May 12 2016 sshd -rwxr-xr-x. 1 root root 2.7K Jul 12 2016 sssd -rwxr-xr-x. 1 root root 1.2K May 11 2016 sysstat -rwxr-xr-x. 1 root root 2.3K Sep 6 22:51 udev-post -rwxr-xr-x. 1 root root 16K Nov 6 16:42 vboxadd -rwxr-xr-x. 1 root root 3.0K Nov 6 16:43 vboxadd-service -rwxr-xr-x. 1 root root 21K Nov 6 16:43 vboxadd-x11 -rwxr-xr-x. 1 root root 3.4K May 11 2016 vsftpd -rwxr-xr-x. 1 root root 1.7K Feb 22 2013 wdaemon -rwxr-xr-x. 1 root root 1.6K Aug 24 02:58 winbind -rwxr-xr-x. 1 root root 1.9K Nov 18 22:26 wpa_supplicant -rwxr-xr-x. 1 root root 5.0K May 11 2016 ypbind
7、查找/etc目录下最近一周内其内容被修改过,且不属于root或hadoop的文件;
[root@tom ~]# find /etc -mtime -7 -a -not \( -user root -o -user hadoop \) [root@tom ~]#
8、复制/etc/rc.d/rc.sysinit文件至/tmp目录,将/tmp/rc.sysinit文件中的以至少一个空白字符开头的行的行首加#;
[root@tom ~]# cp /etc/rc.d/rc.sysinit /tmp [root@tom ~]# ls -lh /tmp total 24K drwx------. 2 root root 4.0K Dec 11 19:18 pulse-0QUeAoK4lJM6 -rwxr-xr-x. 1 root root 20K Feb 12 17:07 rc.sysinit [root@tom ~]# head -n 20 /tmp/rc.sysinit #!/bin/bash # # /etc/rc.d/rc.sysinit - run once at boot time # # Taken in part from Miquel van Smoorenburg's bcheckrc. # HOSTNAME=$(/bin/hostname) set -m if [ -f /etc/sysconfig/network ]; then . /etc/sysconfig/network fi if [ -z "$HOSTNAME" -o "$HOSTNAME" = "(none)" ]; then HOSTNAME=localhost fi if [ ! -e /proc/mounts ]; then mount -n -t proc /proc /proc [root@tom ~]# vim /tmp/rc.sysinit #在末行模式下输入: :%s@^[[:space:]]\+@#&@g [root@tom ~]# head -n 20 /tmp/rc.sysinit #!/bin/bash # # /etc/rc.d/rc.sysinit - run once at boot time # # Taken in part from Miquel van Smoorenburg's bcheckrc. # HOSTNAME=$(/bin/hostname) set -m if [ -f /etc/sysconfig/network ]; then # . /etc/sysconfig/network fi if [ -z "$HOSTNAME" -o "$HOSTNAME" = "(none)" ]; then # HOSTNAME=localhost fi if [ ! -e /proc/mounts ]; then # mount -n -t proc /proc /proc [root@tom ~]# head -n 20 /tmp/rc.sysinit #!/bin/bash # /etc/rc.d/rc.sysinit - run once at boot time # Taken in part from Miquel van Smoorenburg's bcheckrc. # HOSTNAME=$(/bin/hostname) set -m if [ -f /etc/sysconfig/network ]; then . /etc/sysconfig/network fi if [ -z "$HOSTNAME" -o "$HOSTNAME" = "(none)" ]; then HOSTNAME=localhost fi if [ ! -e /proc/mounts ]; then mount -n -t proc /proc /proc
9、删除/tmp/rc.sysinit文件中的以#开头,且后面跟了至少一个空白字符的行行的#和空白字符
[root@tom ~]# head -n 20 /tmp/rc.sysinit #!/bin/bash # # /etc/rc.d/rc.sysinit - run once at boot time # # Taken in part from Miquel van Smoorenburg's bcheckrc. # HOSTNAME=$(/bin/hostname) set -m if [ -f /etc/sysconfig/network ]; then # . /etc/sysconfig/network fi if [ -z "$HOSTNAME" -o "$HOSTNAME" = "(none)" ]; then # HOSTNAME=localhost fi if [ ! -e /proc/mounts ]; then # mount -n -t proc /proc /proc [root@tom ~]# vim /tmp/rc.sysinit #在末行模式下输入: :%s@^#[[:space:]]\+@@g [root@tom ~]# head -n 20 /tmp/rc.sysinit #!/bin/bash # /etc/rc.d/rc.sysinit - run once at boot time # Taken in part from Miquel van Smoorenburg's bcheckrc. # HOSTNAME=$(/bin/hostname) set -m if [ -f /etc/sysconfig/network ]; then . /etc/sysconfig/network fi if [ -z "$HOSTNAME" -o "$HOSTNAME" = "(none)" ]; then HOSTNAME=localhost fi if [ ! -e /proc/mounts ]; then mount -n -t proc /proc /proc
10、将/etc/yum.repos.d/CentOS-Media.repo文件中所有的enabled=0或gpgcheck=0的最后的0修改为1;
[root@tom ~]# cat /etc/yum.repos.d/CentOS-Media.repo # CentOS-Media.repo # # This repo can be used with mounted DVD media, verify the mount point for # CentOS-6. You can use this repo and yum to install items directly off the # DVD ISO that we release. # # To use this repo, put in your DVD and use it with the other repos too: # yum --enablerepo=c6-media [command] # # or for ONLY the media repo, do this: # # yum --disablerepo=\* --enablerepo=c6-media [command] [c6-media] name=CentOS-$releasever - Media baseurl=file:///media/CentOS/ file:///media/cdrom/ file:///media/cdrecorder/ gpgcheck=1 enabled=0 gpgkey= [root@tom ~]# vi /etc/yum.repos.d/CentOS-Media.repo #在末行模式下输入: :%s/\(enabled\|gpgcheck\)=0/\1=1/g [root@tom ~]# cat /etc/yum.repos.d/CentOS-Media.repo # CentOS-Media.repo # # This repo can be used with mounted DVD media, verify the mount point for # CentOS-6. You can use this repo and yum to install items directly off the # DVD ISO that we release. # # To use this repo, put in your DVD and use it with the other repos too: # yum --enablerepo=c6-media [command] # # or for ONLY the media repo, do this: # # yum --disablerepo=\* --enablerepo=c6-media [command] [c6-media] name=CentOS-$releasever - Media baseurl=file:///media/CentOS/ file:///media/cdrom/ file:///media/cdrecorder/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
11、每周2,4,6备份/var/log/messages文件至/backup/messages_logs/目录中,保存的文件名形如messages-20161202
[root@tom ~]# crontab -e no crontab for root - using an empty one crontab: installing new crontab [root@tom ~]# crontab -l #Backup /var/log/messages to /backup/messages_logs/ at every week 2,4,6 --sam * * * * 2,4,6 cp /var/log/messages backup/messages_logs/messages-$(date +%Y%m%D)
12、每天每两小时取当前系统/proc/meminfo文件中的所有以S开头的信息至/stats/memory.txt文件中
[root@tom ~]# crontab -e crontab: installing new crontab [root@tom ~]# crontab -l #Backup /var/log/messages to /backup/messages_logs/ at every week 2,4,6 --sam * * * * 2,4,6 cp /var/log/messages backup/messages_logs/messages-$(date +%Y%m%D) #每天每两小时取当前系统/proc/meminfo文件中的所有以S开头的信息至/stats/memory.txt文件中 * */2 * * * cat /proc/meminfo | grep "^S" >> /stats/memory.txt
13、写一个脚本创建10用户user10-user19;密码同用户名;
[root@tom bin]# vim uadd #!/bin/bash #add user10-user19. for ((i=10;i<=19;i++));do id user$i &> /dev/null && exit0 || useradd user$i && echo "user$i" | passwd --stdin user$i done [root@tom bin]# ll total 4 -rw-r--r--. 1 root root 155 Feb 12 18:02 uadd [root@tom bin]# chmod 755 uadd [root@tom bin]# ll total 4 -rwxr-xr-x. 1 root root 155 Feb 12 18:02 uadd [root@tom bin]# uadd Changing password for user user10. passwd: all authentication tokens updated successfully. Changing password for user user11. passwd: all authentication tokens updated successfully. Changing password for user user12. passwd: all authentication tokens updated successfully. Changing password for user user13. passwd: all authentication tokens updated successfully. Changing password for user user14. passwd: all authentication tokens updated successfully. Changing password for user user15. passwd: all authentication tokens updated successfully. Changing password for user user16. passwd: all authentication tokens updated successfully. Changing password for user user17. passwd: all authentication tokens updated successfully. Changing password for user user18. passwd: all authentication tokens updated successfully. Changing password for user user19. passwd: all authentication tokens updated successfully. [root@tom bin]# tail /etc/passwd user10:x:3009:3009::/home/user10:/bin/bash user11:x:3010:3010::/home/user11:/bin/bash user12:x:3011:3011::/home/user12:/bin/bash user13:x:3012:3012::/home/user13:/bin/bash user14:x:3013:3013::/home/user14:/bin/bash user15:x:3014:3014::/home/user15:/bin/bash user16:x:3015:3015::/home/user16:/bin/bash user17:x:3016:3016::/home/user17:/bin/bash user18:x:3017:3017::/home/user18:/bin/bash user19:x:3018:3018::/home/user19:/bin/bash