找出ifconfig命令结果中本机的所有ipv4地址
[root@English6 wang]# ifconfig |grep -o "[1-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}"
192.168.1.113
192.168.1.255
255.255.255.0
127.0.0.1
255.0.0.0
查处分区空间使用率的最大百分比值
[root@English6 wang]# df | grep "^/dev/s" | tr -s " " "%"|cut -d% -f5|sort -n|tail -n1 100
查处用户uid最大值的用户名、uid及shell类型
[root@English6 wang]# cut -d: -f1,3,7 /etc/passwd | sort -n -t: -k2 |tail -n1 nfsnobody:65534:/sbin/nologin
查处/tmp的权限,以数字方式显示
[root@English6 wang]# stat /tmp |head -n4|tail -n1|cut -d/ -f1|cut -d"(" -f2
1777
统计当前连接本机的每个远程主机ip的连接数,并按从大到小排序
[root@English6 wang]# netstat -nt |grep "^tcp"|tr -s " " ":"|cut -d: -f6 192.168.1.106 184.51.198.10
显示/proc/meminfo文件中以大小s开头的行(两种方法)
[root@English6 wang]# grep -i "^s" /proc/meminfo SwapCached: 0 kB SwapTotal: 4095996 kB SwapFree: 4095996 kB Shmem: 2876 kB Slab: 121836 kB SReclaimable: 52932 kB SUnreclaim: 68904 kB [root@English6 wang]# grep -e "^s" -e "^S" /proc/meminfo SwapCached: 0 kB SwapTotal: 4095996 kB SwapFree: 4095996 kB Shmem: 2876 kB Slab: 121864 kB SReclaimable: 52928 kB SUnreclaim: 68936 kB
显示/etc/passwd文件中不以/bin/bash结尾的行
[root@English6 wang]# grep -v "/bin/bash$" /etc/passwd bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin rtkit:x:499:499:RealtimeKit:/proc:/sbin/nologin avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin saslauth:x:498:76:Saslauthd user:/var/empty/saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin pulse:x:497:495:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin
显示用户rpc默认的shell程序
[root@English6 wang]# grep "^rpc\>" /etc/passwd | cut -d: -f7 /sbin/nologin
找出/etc/passwd中的两位或三位数
[root@English6 wang]# grep "\<[0-9]\{2,3\}\>" /etc/passwd
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
显示/etc/grub2.cfg文件中,至少以一个空白字符开头的且后面存非空白字符的行
[root@English6 wang]# grep "^[[:space:]]\+[^[:space:]].*" /etc/grub.conf root (hd0,0) kernel /vmlinuz-2.6.32-642.el6.x86_64 ro root=UUID=33bb1eff-ce5c-4fd8-954e-191c7fb12e6d rd_NO_LUKS rd_NO_LVM.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet initrd /initramfs-2.6.32-642.el6.x86_64.img
找出‘netstat -tan’命令的结果中以‘LISTEN’后跟任意多个空白字符结尾的行
[root@English6 wang]# netstat -tan |grep "LISTEN[[:space:]]*$" tcp 0 0 0.0.0.0:49347 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN tcp 0 0 :::111 :::* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:631 :::* LISTEN tcp 0 0 ::1:6010 :::* LISTEN tcp 0 0 :::38618 :::* LISTEN
添加用户bash,testbash,basher,nologin(shell为/sbin/nologin)。然后找出/etc/passwd文件中用户名同shell名的行
[root@English6 wang]# useradd bash [root@English6 wang]# useradd basher [root@English6 wang]# useradd testbash [root@English6 wang]# useradd -s /sbin/nologin nologin [root@English6 wang]# grep "^\(.*\)\>.*\1$" /etc/passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt bash:x:501:501::/home/bash:/bin/bash nologin:x:504:504::/home/nologin:/sbin/nologin
显示三个用户root,mage,wang的uid和默认shell
[root@English6 wang]# grep -e "^root" -e "^wang" -e "^mage" /etc/passwd |cut -d: -f3,7 0:/bin/bash 505:/bin/bash 506:/bin/bash
找出/etc/rc.d/init.d/functions文件中行首为某单词(包括下划线)后面跟一个小括号的行
[root@English6 wang]# egrep "^[[:alpha:]_]+\(\)" /etc/rc.d/init.d/functions
fstab_decode_str() {
checkpid() {
__readlink() {
__fgrep() {
__kill_pids_term_kill_checkpids() {
__kill_pids_term_kill() {
__umount_loop() {
__source_netdevs_fstab() {
__source_netdevs_mtab() {
__umount_loopback_loop() {
__pids_var_run() {
__pids_pidof() {
daemon() {
killproc() {
pidfileofproc() {
pidofproc() {
status() {
echo_success() {
echo_failure() {
echo_passed() {
echo_warning() {
update_boot_stage() {
success() {
failure() {
passed() {
warning() {
action() {
action_silent() {
strstr() {
confirm() {
get_numeric_dev() {
is_ignored_file() {
is_true() {
is_false() {
apply_sysctl() {
key_is_random() {
find_crypto_mount_point() {
init_crypto() {
使用egrep取出/etc/ec.d/init.d/functions中其基名
[root@English6 ~]# echo "/etc/rc.d/init.d/functions" | egrep -o "[^/]+/?$" functions [root@English6 ~]# echo "/etc/rc.d/init.d/functions/" | egrep -o "[^/]+/?$" functions/
使用egrep取出/etc/ec.d/init.d/functions的目录名
[root@English6 ~]# echo "/etc/rc.d/init.d/functions" |egrep -o ".*\<" /etc/rc.d/init.d/ [root@English6 ~]# echo "/etc/rc.d/init.d/functions/" |egrep -o ".*\<" /etc/rc.d/init.d/
统计以root身份登录的每个进程主机ip地址的登录次数
[root@English6 ~]# last |grep -E -o "^root\>.*(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9|25{0-5])" | tr -s " " ":" |cut -d: -f1,3|sort |uniq -c
1 root:10.1.250.40
3 root:10.1.250.78
1 root:10.1.252.134
2 root:192.168.1.105
2 root:192.168.1.106
4 root:192.168.1.107
1 root:192.168.1.113
利用扩展正则表达式分别表示0-9,10-99,100-199,200-249,250-255
"(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
显示ifconfig命令结果中所有ipv4地址
[root@English6 wang]# ifconfig |egrep -o "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9|25{0-5])"
192.168.1.113
192.168.1.25
255.255.255.0
127.0.0.1
255.0.0.0
取本机ip地址
[root@English6 wang]# ifconfig |head -2|tail -n1|tr -s " " ":"|cut -d: -f4 192.168.1.113
取各分区利用率的数值
[root@English6 wang]# df | grep "^/dev/s"|tr -s " " "%"| cut -d% -f5 10 19 2 100
统计/etc/init.d/functions 文件中每个单词出现的次数,并按频率从高到低显示
[root@localhost ~]# cat /etc/init.d/functions |tr -cs '[:alpha:]' "\n" |sort|uniq -c|sort -nr 67 pid 55 if 54 file 51 echo 47 then 45 return 45 fi 33 n 29 base 24 z 23 in 23 d 21 RC 21 BOOTUP 20 local 20 a 19 p 17 is 16 sysctl 16 SETCOLOR 16 etc 15 systemctl 14 shift 14 dev 14 bin 13 x 13 var 13 run 13 program 13 o 13 color 12 pids 12 f 11 null 10 to 10 the 10 s 10 rc 10 LSB 10 for 9 user 9 try 9 systemd 9 pidfile 9 failure 9 else 9 done 9 do 8 running 8 pidof 8 lock 8 killlevel 8 delay 8 COL 8 cgroup 7 Usage 7 sysconfig 7 success 7 prog 7 not 7 nice 7 m 7 ignored 7 esac 7 checkpid 7 case 6 verbose 6 TO 6 r 6 NORMAL 6 MOVE 6 it 6 init 6 i 6 continue 6 c 5 WARNING 5 warning 5 that 5 Test 5 syntax 5 STRING 5 status 5 service 5 q 5 Program 5 PPID 5 of 5 ne 5 Log 5 force 5 eq 5 en 5 daemon 5 conf 5 be 5 action 5 A 4 via 4 usr 4 use 4 shutdown 4 reload 4 plymouth 4 passed 4 nicelevel 4 line 4 kill 4 gotbase 4 function 4 files 4 exit 4 e 4 dead 4 DAEMON 4 corelimit 4 CONSOLETYPE 4 check 3 yes 3 while 3 test 3 SUCCESS 3 subsys 3 stderr 3 start 3 SOURCED 3 something 3 show 3 serial 3 sbin 3 ret 3 restart 3 proc 3 or 3 options 3 only 3 NICELEVEL 3 lib 3 LANGSH 3 killproc 3 grep 3 FAILURE 3 exists 3 eE 3 command 3 CGROUP 3 but 3 arg 3 any 2 yY 2 v 2 usleep 2 update 2 up 2 umask 2 tT 2 This 2 they 2 TERM 2 SYSTEMCTL 2 sure 2 style 2 stop 2 startup 2 sS 2 signal 2 shvar 2 should 2 Set 2 set 2 See 2 sed 2 Save 2 sane 2 rpmsave 2 rpmorig 2 rpmnew 2 RES 2 Reloading 2 redirect 2 pidofproc 2 pidfileofproc 2 PATH 2 our 2 orig 2 OK 2 nN 2 mountpoint 2 Look 2 level 2 KILL 2 insufficient 2 initscripts 2 honor 2 had 2 functions 2 found 2 foo 2 First 2 find 2 fF 2 Evaluate 2 due 2 contains 2 configuration 2 COLUMNS 2 code 2 Check 2 cgexec 2 break 2 boot 2 booleans 2 bash 2 basename 2 bak 2 at 2 and 2 all 1 xtry 1 xstop 1 xstart 1 xrestart 1 xreload 1 xforce 1 xcondrestart 1 width 1 whether 1 uU 1 using 1 Useful 1 used 1 unset 1 unless 1 unknown 1 ulimit 1 txt 1 true 1 TEXTDOMAIN 1 t 1 sys 1 succeeded 1 SubState 1 strstr 1 Stopping 1 stopped 1 state 1 Starting 1 stage 1 specified 1 some 1 smhd 1 sleep 1 SKIP 1 Shell 1 shell 1 share 1 sh 1 settings 1 seem 1 second 1 search 1 scripts 1 script 1 screen 1 S 1 runuser 1 Run 1 RS 1 rR 1 rpm 1 rm 1 Returns 1 returns 1 Restarting 1 requested 1 Remove 1 RemainAfterExit 1 REDIRECT 1 recognizes 1 reality 1 Read 1 read 1 propagating 1 profile 1 processes 1 privileges 1 privilege 1 printf 1 plural 1 PIDs 1 path 1 PASSED 1 Output 1 output 1 out 1 oO 1 NOLOCALE 1 most 1 may 1 matching 1 Make 1 make 1 lt 1 Looks 1 looks 1 LOGLEVEL 1 locked 1 locale 1 LoadState 1 lL 1 little 1 LIMIT 1 lets 1 let 1 lang 1 l 1 Kill 1 its 1 installed 1 Inform 1 including 1 IGNORECASE 1 IGNORE 1 ignore 1 have 1 h 1 graphical 1 Get 1 generated 1 G 1 g 1 further 1 fsck 1 fs 1 from 1 first 1 Find 1 filter 1 false 1 FAILED 1 failed 1 fail 1 eyes 1 expression 1 export 1 exited 1 errors 1 END 1 elif 1 Echo 1 dump 1 doesn 1 doc 1 discard 1 directory 1 dies 1 details 1 DEPENDENCIES 1 dependencies 1 default 1 declared 1 daemons 1 current 1 could 1 COREFILE 1 core 1 consoletype 1 confusing 1 condrestart 1 Cgroups 1 caller 1 by 1 bit 1 bg 1 backup 1 awk 1 avoid 1 are 1 Apply 1 apply 1 anywhere 1 And 1 already 1 alive 1 adjust 1 ActiveState 1 active 1 abnormally 1 aA 1
/etc/rc.d/init.d/functions或/etc/rc.d/init.d/functions/" 取目录名
[root@localhost wang]# echo /etc/rc.d/init.d/functions |sed -r 's@[^/]+/?$@@' /etc/rc.d/init.d/ [root@localhost wang]# echo /etc/rc.d/init.d/functions/ |sed -r 's@[^/]+/?$@@' /etc/rc.d/init.d/
原创文章,作者:DYW,如若转载,请注明出处:http://www.178linux.com/30101
