目录
1、显示/etc/passwd文件中以nologin结尾的行;
2、找出"netstat -tan"命令的结果中,以'LISTEN'后跟0或多个空白字符结尾的行
3、在/etc/fstab文件中不以#开头的行的行首增加#号
4、删除/tc/fstab文件中所有以#开头,后面至少跟一个空白字符的行的行首的#和空白字符
5、统计出apachel的access.log中访问量最多的5个lP
一、简介
awk是Linux以及UNIX环境中现有的功能最强大的数据处理工具,awk其名称得自于它的创始人 Alfred Aho 、Peter Weinberger 和 Brian Kernighan 姓氏的首个字母
awk是一种处理文本数据的编程语言,适合文本处理和报表生成,awk的设计使得它非常适合于处理由行和列组成的文本数据。
awk 还是一种编程语言环境,它提供了正则表达式的匹配,流程控制,运算符,表达式,变量以及函数等一系列的程序设计语言所具备的特性,它从C语言中获取了一些优秀的思想
二、正则表达式和文本三剑客
1、显示/etc/passwd文件中以nologin结尾的行;
两种方法皆可
[root@srever ~]# awk '/nologin/{print $NF}' /etc/passwd
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
User:/var/ftp:/sbin/nologin
User:/:/sbin/nologin
Dumper:/:/sbin/nologin
bus:/:/sbin/nologin
polkitd:/:/sbin/nologin
Stack:/var/run/avahi-daemon:/sbin/nologin
access:/dev/null:/sbin/nologin
colord:/var/lib/colord:/sbin/nologin
user:/var/cache/clevis:/usr/sbin/nologin
rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin
sssd:/:/sbin/nologin
geoclue:/var/lib/geoclue:/sbin/nologin
libstoragemgmt:/var/run/lsm:/sbin/nologin
server:/var/lib/setroubleshoot:/sbin/nologin
Daemon:/var/run/pipewire:/sbin/nologin
helper:/:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
service:/nonexisting:/sbin/nologin
instances:/nonexisting:/sbin/nologin
gnome-initial-setup:x:987:982::/run/gnome-initial-setup/:/sbin/nologin
SSH:/usr/share/empty.sshd:/sbin/nologin
chrony:x:986:981::/var/lib/chrony:/sbin/nologin
server:/var/lib/dnsmasq:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
Killer:/:/usr/sbin/nologin
[root@server ~]# grep -n "nologin$" /etc/passwd
2:bin:x:1:1:bin:/bin:/sbin/nologin
3:daemon:x:2:2:daemon:/sbin:/sbin/nologin
4:adm:x:3:4:adm:/var/adm:/sbin/nologin
5:lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
9:mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
10:operator:x:11:0:operator:/root:/sbin/nologin
11:games:x:12:100:games:/usr/games:/sbin/nologin
12:ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
13:nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
14:systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin
15:dbus:x:81:81:System message bus:/:/sbin/nologin
16:polkitd:x:998:996:User for polkitd:/:/sbin/nologin
17:avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbinnologin
18:tss:x:59:59:Account used for TPM access:/dev/null:/sbin/nologin
19:colord:x:997:993:User for colord:/var/lib/colord:/sbin/nologin
20:clevis:x:996:992:Clevis Decryption Framework unprivileged user:/var/cache/clevis:/usr/sbin/nologin
21:rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin
22:sssd:x:995:991:User for sssd:/:/sbin/nologin
23:geoclue:x:994:990:User for geoclue:/var/lib/geoclue:/sbin/nologin
24:libstoragemgmt:x:993:989:daemon account for libstoragemgmt:/var/run/lsm:/sbin/nologin
25:setroubleshoot:x:992:988:SELinux troubleshoot server:/var/lib/setroubleshoot:/sbin/nologin
26:pipewire:x:991:986:PipeWire System Daemon:/var/run/pipewire:/sbinnologin
27:flatpak:x:990:985:User for flatpak system helper:/:/sbin/nologin
28:gdm:x:42:42::/var/lib/gdm:/sbin/nologin
29:cockpit-ws:x:989:984:User for cockpit web service:/nonexisting:/sbin/nologin
30:cockpit-wsinstance:x:988:983:User for cockpit-ws instances:/nonexisting:/sbin/nologin
31:gnome-initial-setup:x:987:982::/run/gnome-initial-setup/:/sbin/nologin
32:sshd:x:74:74:Privilege-separated SSH:/usr/share/empty.sshd:/sbin/nologin
33:chrony:x:986:981::/var/lib/chrony:/sbin/nologin
34:dnsmasq:x:985:980:Dnsmasq DHCP and DNS server:/var/lib/dnsmasq:/sbin/nologin
35:tcpdump:x:72:72::/:/sbin/nologin
36:systemd-oom:x:978:978:systemd Userspace OOM Killer:/:/usr/sbin/nologin
2、找出"netstat -tan"命令的结果中,以'LISTEN'后跟0或多个空白字符结尾的行
[root@server ~]# netstat -tan | grep "LISTEN[[:space:]]*\>"
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:6011 :::* LISTEN
3、在/etc/fstab文件中不以#开头的行的行首增加#号
[root@server ~]# sed -r 's/^([^#])/#\1/' /etc/fstab
#
# /etc/fstab
# Created by anaconda on Fri Mar 17 05:01:37 2023
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
#/dev/mapper/rhel-root / xfs defaults 0 0
#UUID=956800fd-3f8e-47bc-adde-b14e1b8758a1 /boot xfs defaults 0 0
#/dev/mapper/rhel-swap none swap defaults 0 0
4、删除/tc/fstab文件中所有以#开头,后面至少跟一个空白字符的行的行首的#和空白字符
[root@server ~]# sed "s/#//" /etc/fstab
/etc/fstab
Created by anaconda on Fri Mar 17 05:01:37 2023
Accessible filesystems, by reference, are maintained under '/dev/disk/'.
See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
After editing this file, run 'systemctl daemon-reload' to update systemd
units generated from this file.
/dev/mapper/rhel-root / xfs defaults 0 0
UUID=956800fd-3f8e-47bc-adde-b14e1b8758a1 /boot xfs defaults 0 0
/dev/mapper/rhel-swap none swap defaults 0 0
5、统计出apachel的access.log中访问量最多的5个lP
[root@server ~]# cat access.log | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -5