知识脑图
https://note.youdao.com/s/8tdJ04Rb
练习题目
1、文件内容查看:
(1)查看/etc/passwd文件的第6行
(2)查看/etc/selinux/config 以 SELINUX开头的行
(3)查找/etc/ssh/sshd_config 以no结尾的行
(4)过滤/etc/ssh/sshd_config 包含数字的行
2、文本处理命令:
(1)查看/etc/passwd文件以 : 为分隔符的第一列内容,并按字母逆序排序
(2)使用cut命令将当前主机的ip地址切割显示
题目答案
文件内容查看
(1)查看/etc/passwd文件的第6行
head -6 /etc/passwd 查看前6行
head -6 /etc/passwd | tail -1 第6行
[root@server ~]# head -6 /etc/passwd | tail -1
sync:x:5:0:sync:/sbin:/bin/sync
(2)查看/etc/selinux/config 以 SELINUX开头的行
[root@server ~]# grep "^SELINUX" /etc/selinux/config
SELINUX=enforcing
SELINUXTYPE=targeted
(3)查找/etc/ssh/sshd_config 以no结尾的行
[root@server ~]# grep "no$" /etc/ssh/sshd_config
#HostbasedAuthentication no
#IgnoreUserKnownHosts no
#PermitEmptyPasswords no
ChallengeResponseAuthentication no
#KerberosAuthentication no
#KerberosGetAFSToken no
GSSAPICleanupCredentials no
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no
#GatewayPorts no
PrintMotd no
#PermitUserEnvironment no
#UseDNS no
#PermitTunnel no
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
(4)过滤/etc/ssh/sshd_config 包含数字的行
[root@server ~]# grep -v "[0-9]" /etc/ssh/sshd_config
# This is the sshd server system-wide configuration file. See
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#AddressFamily any
#ListenAddress ::
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
# Ciphers and keying
#RekeyLimit default none
# This system is following system-wide crypto policy. The changes to
# crypto properties (Ciphers, MACs, ...) will not have any effect here.
# They will be overridden by command-line options passed to the server
# on command line.
# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
PermitRootLogin yes
#StrictModes yes
#PubkeyAuthentication yes
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
# problems.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
# It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd,
# as it is more configurable and versatile than the built-in version.
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#UseDNS no
#PidFile /var/run/sshd.pid
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
文本处理命令
(1)查看/etc/passwd文件以 : 为分隔符的第一列内容,并按字母逆序排序
[root@server ~]# cat /etc/passwd | cut -d : -f 1 | sort -r
usbmuxd
unbound
tss
tcpdump
systemd-resolve
systemd-coredump
sync
sssd
sshd
shutdown
setroubleshoot
saslauth
rtkit
rpcuser
rpc
root
radvd
qemu
pulse
polkitd
pipewire
operator
nobody
mail
lp
libstoragemgmt
halt
gnome-initial-setup
gluster
geoclue
gdm
games
ftp
flatpak
exercise
dnsmasq
dbus
daemon
colord
cockpit-wsinstance
cockpit-ws
clevis
chrony
bin
avahi
adm
(2)使用cut命令将当前主机的ip地址切割显示
ip a | grep -A 5 "^[0-9]: ens160" 找到ens160的下五行
ip a | grep -A 5 "^[0-9]: ens160" | tr -s " " | cut -d " " -f 3 去除空格并切割得到第三列
[root@server ~]# ip a | grep -A 5 "^[0-9]: ens160" | tr -s " " | cut -d " " -f 3 | cut -d / -f 1 | grep -v "[a-Z]" 去除网络掩码并查找得到没有字母的数据
[root@server ~]# ip a | grep -A 5 "^[0-9]: ens160" | tr -s " " | cut -d " " -f 3 | cut -d / -f 1 | grep -v "[a-Z]"
192.168.182.129