四劍客面試真題-2

四劍客面試真題-2

1.擷取本機IP，並用IP:192.168.5.101 的格式顯示 使用ifconfig命令檢視並擷取
ip:192.168.5.101

ifconfig

ifconfig ens33 |grep -oE 'inet (addr:)?([0-9\.]+)' |grep -Eo '([0-9\.]+)'
ip addr show ens33 | grep -oP '(inet \d+(\.\d+){3})'
hostname -I |awk '{print "ip:"$1}'



實際效果演示



[root@master ~]# hostname -I |awk '{print "ip:"$1}'
ip:10.0.1.134

[root@master ~]# ifconfig | grep -oE "inet (addr:)?([0-9.]+)" | grep -v "127.0.0.1" | awk '{print "ip:"$2}'
ip:10.0.1.134


[root@master ~]# ifconfig eno16777736 | egrep -o 'inet (addr:(\b[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\b)|(\b[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\b))' | egrep -o '\b[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\b'
10.0.1.134
[root@master ~]# ifconfig eno16777736 |grep -oE 'inet (addr:)?([0-9\.]+)' |grep -Eo '([0-9\.]+)'
10.0.1.134

[root@master ~]# ip addr show eno16777736 |grep -oP '(inet \d+(\.\d+){3})'
inet 10.0.1.134

2 .匹配所有以root開頭的行

grep '^root' test.txt

awk '/^root/' test.txt

sed -n '/^root/p' test.txt
less test.txt |egrep '^root'
egrep '^root' test.txt



實際效果演示
[root@master ~]# grep '^root' test.txt
root
root
root
root
root
[root@master ~]# awk '/^root/' test.txt
root
root
root
root
root
[root@master ~]# sed -n '/^root/p' test.txt
root
root
root
root
root
[root@master ~]# less test.txt |egrep '^root'
root
root
root
root
root
[root@master ~]# egrep '^root' test.txt
root
root
root
root
root

3. 統計nginx日誌裡訪問次數最多的前10個IP

awk '{print $1}' access.log |sort | uniq -c |sort -nr |head -n 10

grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' access.log |sort |uniq -c |sort nr |head -10









實際效果演示

[root@master ~]# awk '{print $3}' access.log |sort |uniq -c|sort -nr|head -n 10
 251790 
  22890 GET
   2462 192.168.127.12
   1851 10.0.0.1
   1822 192.168.0.1
   1784 172.16.31.10
    962 209
    765 54
    711 111
    699 88

4 檢測nginx訪問成功狀態碼200 的IP及次數

awk '$9 == "200" {print $1}' access.log |sort |uniq -c |sort -nr

grep '200' access.log |cut -d' ' -f1|sort |uniq -c |sort -nr

grep '200' access.log | awk '{print $1}' | sort | uniq -c | sort -nr



實際效果演示

[root@master ~]# grep '200' access.log |cut -d' ' -f1|sort |uniq -c |sort -nr
    597 200
    404 200.46


[root@master ~]# grep '200' access.log | awk '{print $1}' | sort | uniq -c | sort -nr
    597 200
    404 200.46

5 檢視埠的程序號

lsof -i:22
netstat -tulpn
ss -tulpn
fuser -n tcp 22
netstat -anp |grep 22
ss -anp |grep 22
ps aux |grep 22



注意：fuser 需要安裝 包名psmisc





實際效果演示

[root@master ~]# fuser -n tcp 22 
22/tcp:               1133 12933 20200
[root@master ~]# lsof -i :22
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd     1133 root    3u  IPv4  17110      0t0  TCP 10.0.1.134:ssh->10.0.1.1:11729 (ESTABLISHED)
sshd    12933 root    3u  IPv4  66385      0t0  TCP 10.0.1.134:ssh->10.0.1.1:5394 (ESTABLISHED)
sshd    20200 root    3u  IPv4  77683      0t0  TCP *:ssh (LISTEN)
sshd    20200 root    4u  IPv6  77685      0t0  TCP *:ssh (LISTEN)
[root@master ~]# ss -tulpn |grep 22
tcp    LISTEN     0      128       *:22                    *:*                   users:(("sshd",pid=20200,fd=3))
tcp    LISTEN     0      128    [::]:22                 [::]:*                   users:(("sshd",pid=20200,fd=4))
[root@master ~]# netstat -tulpn |grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      20200/sshd          
tcp6       0      0 :::22                   :::*                    LISTEN      20200/sshd          
[root@master ~]# netstat -anp |grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      20200/sshd          
tcp        0     36 10.0.1.134:22           10.0.1.1:11729          ESTABLISHED 1133/sshd: root@pts 
tcp        0      0 10.0.1.134:22           10.0.1.1:5394           ESTABLISHED 12933/sshd: root@pt 
tcp6       0      0 :::22                   :::*                    LISTEN      20200/sshd          
unix  2      [ ]         DGRAM                    1057777  30224/pickup         
unix  3      [ ]         STREAM     CONNECTED     80228    20668/auditd         
unix  2      [ ]         DGRAM                    80226    20668/auditd         
unix  3      [ ]         STREAM     CONNECTED     80227    20668/auditd         
[root@master ~]# ss -an |grep 22
u_str  ESTAB      0      0         * 80228                 * 80227              
u_dgr  UNCONN     0      0         * 80226                 * 7953               
u_str  ESTAB      0      0         * 80227                 * 80228              
tcp    LISTEN     0      128       *:22                    *:*                  
tcp    ESTAB      0      0      10.0.1.134:22                 10.0.1.1:11729              
tcp    ESTAB      0      0      10.0.1.134:22                 10.0.1.1:5394               
tcp    LISTEN     0      128    [::]:22                 [::]:*                  
[root@master ~]# ps aux |grep 22
root          1  0.0  0.3  43572  3824 ?        Ss   Mar16   0:01 /usr/lib/systemd/systemd --system --deserialize 22
root         22  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuob/13]
root         31  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuob/22]
root        122  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuob/113]
root        131  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuob/122]
root        160  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuos/22]
root        220  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuos/82]
root        221  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuos/83]
root        222  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuos/84]
root        223  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuos/85]
root        224  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuos/86]
root        225  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuos/87]
root        226  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuos/88]
root        227  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuos/89]
root        228  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuos/90]
root        229  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuos/91]
root        260  0.0  0.0      0     0 ?        S    Mar16   0:00 [rcuos/122]
root      13017  0.1  0.2 148288  2232 pts/2    S+   00:23   0:26 top
polkitd   14251  0.0  1.2 612244 12132 ?        Ssl  00:24   0:00 /usr/lib/polkit-1/polkitd --no-debug
root      20304  0.0  0.2  89812  2228 ?        Ss   00:24   0:00 /usr/libexec/postfix/master -w
root      20524  0.0  0.3 224960  3500 ?        Ssl  00:24   0:01 /usr/sbin/rsyslogd -n
postfix   30224  0.0  0.4  89916  4100 ?        S    03:44   0:00 pickup -l -t unix -u
root      56178  0.0  0.0      0     0 ?        S    02:22   0:00 [kworker/u256:1]
root     128834  0.0  0.0 112812   976 pts/0    R+   04:42   0:00 grep --color=auto 22

6.使用grep找出/etc/passwd檔案中以root開頭以bash結尾的行，並顯示行號

grep -n '^root.*bash$' /etc/passwd












實際效果演示

[root@master ~]# grep -n '^root.*bash$' /etc/passwd
1:root:x:0:0:root:/root:/bin/bash

7. 使用find查詢/usr/最近7天修改過的檔案複製到/dir

find /usr/ -type f -mtime -7 -exec cp {} /dir/ \;











實際效果演示



[root@master usr]# find /usr/ -type f -mtime -7 -exec cp {} /dir/ \;
[root@master usr]# 


[root@master dir]# cd /dir
[root@master dir]# cd /usr/
[root@master usr]# ls
bin  etc  games  include  lib  lib64  libexec  local  sbin  share  src  tmp

8. 把/etc/passwd的第1-3行內容另存 testx.txt

head -n 3 /etc/passwd > testx.txt
sed -n '1,3p' /etc/passwd > testx.txt

awk 'NR>=1 && NR<=3' /etc/passwd > testx.txt





實際效果演示

[root@master ~]# head -n 3 /etc/passwd > testx.txt
[root@master ~]# cat testx.txt 
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
[root@master ~]# sed -n '1,3p' /etc/passwd > testx.txt
[root@master ~]# cat testx.txt 
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
[root@master ~]# awk 'NR>=1 && NR<=3' /etc/passwd > testx.txt
[root@master ~]# cat testx.txt 
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin