linux 命令总结

lsof

lsof -u userone,root  //用户userone,root打开的文件

lsof -c apach -c apach2 //apach 开头的进程名

lsof -p pid

lsof file1,file2

lsof +D dir//recurse dir

lsof 与grep组合

lsof -i

lsof -i tcp

lsof -i udp

lsof :25   || lsof :stmp || lsof udp:53

lsof -d 2  //fd

lsof -t -i //show pid

lsof -r 1//1s  recurse

a--->与    默认--->或   ^--->非



nc

nc -t -nvv -w2 -z  10.1.1.2  100-1000  //scan tcp    -n--->用 ip

nc -nvv ip port  < ~/a.txt   //scan & send file data

nc -l -p 80 //listen local 80

nc -l -p 80 -t -e ~/exe   //listen tcp80 & exe


strace

test@debian:~/test$strace ./ssss

execve("./ssss", ["./ssss"], [/* 30 vars */]) = 0
brk(0)                                  = 0xa6b000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f456a62d000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f456a62b000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=31718, ...}) = 0
mmap(NULL, 31718, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f456a623000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\342\1\0\0\0\0\0@"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1375536, ...}) = 0
mmap(NULL, 3482232, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f456a0c0000
mprotect(0x7f456a20a000, 2093056, PROT_NONE) = 0
mmap(0x7f456a409000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x149000) = 0x7f456a409000
mmap(0x7f456a40e000, 17016, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f456a40e000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f456a622000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f456a621000
arch_prctl(ARCH_SET_FS, 0x7f456a6216e0) = 0
mprotect(0x7f456a409000, 12288, PROT_READ) = 0
munmap(0x7f456a623000, 31718)           = 0
brk(0)                                  = 0xa6b000
brk(0xa8c000)                           = 0xa8c000
open("/etc/shadow", O_RDONLY)           = -1 EACCES (Permission denied)
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 13), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f456a62a000
write(1, "Error!\n"..., 7Error!
)              = 7
exit_group(-1)                          = ?


netstat
netstat -a | less
-t -u -p -l --verbose  -s -n -e -c -r

netstat -ie ---> ifconfig
netstat -ap | grep ssh  //show ssh info
netstat -rn  // route table
查看连接某服务端口最多的的IP地址
netstat -nat | grep " 192.168.1.15:22 " |awk ' {print $5} '|awk -F: ' {print $1} '|sort|uniq -c|sort -nr|head - 20


正则表达式
.   一个符号
\.   .号
^  在列首  ^root
$ 在列尾  root$
[] 范围内一个字符
[A-Z] [0-9] [a-z] [a-zA-Z] [^a-zA-Z]  [^0-9a-zA-Z]
*  前面符号出现0个以上   a*b  ---->   b,ab, aab, aaab,.....
\{,\}  前面符号出现的个数范围       [a-z]\{3,5\}  小写字母3-5个
\(....\)  把符合匹配的字符保存起来     a\(...\)b  把a,b间的3个符号保存起来   用\1,\2,\3  访问

sed
sed '1,4d' file1 file2 file3
sed '/La/d' file1  //删除所有含有La的行
sed '/[0-9]\{3\}/d' file1 //删除含有3位数的所有行
sed '/^$/d'  file1  //删除所有空行 
sed '/^$/!d'  file1  //删除所有非空行 
sed -n '/^$/!p file1  //将所有的非空行显示出来   -n  压制默认的全部显示(--quite --silent)  p显示查找到的
sed -n 's/exchange/bug/gp'  filw1 //查找并替换 g全局   不加g  只替换每行第一个
sed -n 's/exchange//gp'  file1    //删除exchange
sed 's/...$//'  file1  //删除每行最后3个字符
sed -n 's/\(exchange\)/\1id/gp file1   //exchange ---> exchangeid
sed  -n '/exchange/s/Sesc/des/gp' file1   //查找exchange,当前行进行替换
sed -n /AAA/,/DDD/s/exchange/exchg/gp' file1   //查找/AAA/,/DDD/之间的行  进行替换
sed -n '2,20s/a/b/gp' file1 //2,20行之间

sed 's/.*anonymous_enable=.*/anonymous_enable=$CMD/' /etc/vsftdd.conf > /tmp/tmp1
mv tmp.$$ source_file

awk

ps -ef | awk '{print $2}'
awk '/exch/' file1 显示含exch的行
awk "{print $1,$2}" file1
awk -F: '/exch/{print $3,$4}' /etc/passwd    //查找含exch的行,打印其前两列
awk -F: 'BEGIN{OFS="+++"}/^test/{print $1,$2,$3}'  /etc/passwd    用+++作为输出分割
#!/bin/bash
TMPF='/tmp/tmp2'
cat /etc/passwd/ | awk -F: 'BEGIN{OFS="+++"}/^doublek/{print $1,$2,$3,$4}' > $TMPF
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值