linux运维实战练习案例-2015年12月20日-12月31日(第一次)
1、创建一个10G的文件系统,类型为ext4,要求开机可自动挂载至单独数据/data目录;
[root@localhost ~]# cat /proc/partitions
major minor #blocks name
8 16 20971520 sdb
8 0 20971520 sda
8 1 20970496 sda1
[root@localhost ~]# fdisk /dev/sdb
WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
switch off the mode (command 'c') and change display units to
sectors (command 'u').
Command (m for help): p
Disk /dev/sdb: 21.5 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xe7a51598
Device Boot Start End Blocks Id System
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-2610, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-2610, default 2610): +10G
Command (m for help): p
Disk /dev/sdb: 21.5 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xe7a51598
Device Boot Start End Blocks Id System
/dev/sdb1 1 1306 10490413+ 83 Linux
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@localhost ~]# mkfs.ext4 /dev/sdb1
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
655776 inodes, 2622603 blocks
131130 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2688548864
81 block groups
32768 blocks per group, 32768 fragments per group
8096 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 35 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
[root@localhost ~]# cat /proc/partitions
major minor #blocks name
8 16 20971520 sdb
8 17 10490413 sdb1
8 0 20971520 sda
8 1 20970496 sda1
[root@localhost ~]# mkdir /data
[root@localhost ~]# mount /dev/sdb1 /data/
[root@localhost ~]# cd /data/
[root@localhost data]# ll
total 16
drwx------. 2 root root 16384 Dec 27 21:31 lost+found
[root@localhost data]# touch aa
[root@localhost data]# ll
total 16
-rw-r--r--. 1 root root 0 Dec 27 21:32 aa
drwx------. 2 root root 16384 Dec 27 21:31 lost+found
[root@localhost data]# vim /etc/fstab
[root@localhost data]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Thu Dec 17 21:43:19 2015
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=5afe3401-f34c-4793-814b-49836d66563b / ext4 defaults 1 1
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/sdb1 /data ext4 defaults 0 02、显示`netstat -tan`命令结果中以‘LISTEN’后跟0个、1个或者多个空白字符结尾的行;
[root@localhost ~]# netstat -tan |grep 'LISTEN[ ]*$' tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:60224 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:631 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN tcp 0 0 :::49701 :::* LISTEN tcp 0 0 :::111 :::* LISTEN [root@localhost ~]# [root@localhost ~]# netstat -tan |grep 'LISTEN[[:space:]]*$' tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:60224 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:631 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN tcp 0 0 :::49701 :::* LISTEN tcp 0 0 :::111 :::* LISTEN
3、添加用户nginx、zabbix、tomcat以及hadoop用户(nologin用户的shell为/sbin/nologin);而后找出/etc/passwd文件中用户名与其shell名相同的行;
[root@localhost ~]# useradd nginx [root@localhost ~]# useradd zabbix [root@localhost ~]# useradd tomcat [root@localhost ~]# useradd hadoop [root@localhost ~]# useradd -s /sbin/nologin nologin [root@localhost ~]# grep '^\(\<[[:alnum:]]\+\>\).*\1$' /etc/passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt nologin:x:507:507::/home/nologin:/sbin/nologin
4、找出/etc/rc.d/init.d/functions文件中某单词(单词中间可以存在下划线)后面跟着一组小括号的行;
[root@localhost ~]# grep '\<.\+\>()' /etc/rc.d/init.d/functions
fstab_decode_str() {
checkpid() {
__readlink() {
__fgrep() {
__umount_loop() {
__umount_loopback_loop() {
__pids_var_run() {
__pids_pidof() {
daemon() {
killproc() {
pidfileofproc() {
pidofproc() {
status() {
echo_success() {
echo_failure() {
echo_passed() {
echo_warning() {
update_boot_stage() {
success() {
failure() {
passed() {
warning() {
action() {
strstr() {
confirm() {
get_numeric_dev() {
is_ignored_file() {
is_true() {
is_false() {
apply_sysctl() {
key_is_random() {
find_crypto_mount_point() {
init_crypto() {5、使用echo输出一个路径,而后egrep找出其路径基名;进一步的使用egrep取出其目录名(注意是目录名,而非目录路径);
[root@localhost ~]# echo /etc/sysconfig/network-scripts/ifcfg-eth0/ |grep -o -E '[^/]+/?$' | cut -d/ -f1 ifcfg-eth0 [root@localhost ~]# echo /etc/sysconfig/network-scripts/ifcfg-eth0 |grep -o -E '[^/]+/?$' | cut -d/ -f1 ifcfg-eth0 [root@localhost ~]# echo /etc/sysconfig/network-scripts/ifcfg-eth0 |grep -o -E '[^/]+/[^/]+/?$' | cut -d/ -f1 network-scripts [root@localhost ~]# echo /etc/sysconfig/network-scripts/ifcfg-eth0/ |grep -o -E '[^/]+/[^/]+/?$' | cut -d/ -f1 network-scripts
6、查找/usr目录下不属于root、bin或hadoop的所有文件;
[root@localhost ~]# find /usr/ -not \( -user root -o -user bin -o -user hadoop \) -ls 141960 12 -rwsr-xr-x 1 abrt abrt 10296 Oct 16 2014 /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache
7、某天系统被入侵了,黑客在你系统下留下木马文件:
现需要查找当前系统上没有属主或属组,且最近一周内曾被访问过的所有文件;
另外,需要查找/etc目录下大于20k且类型为普通文件的所有文件;
[root@localhost ~]# find / \( -nouser -a -nogroup \) -a -atime -7 -ls find: `/proc/2425/task/2425/fd/5': No such file or directory find: `/proc/2425/task/2425/fdinfo/5': No such file or directory find: `/proc/2425/fd/5': No such file or directory find: `/proc/2425/fdinfo/5': No such file or directory 665398 4 drwx------ 2 503 503 4096 Dec 27 18:19 /home/nginx 665399 4 -rw-r--r-- 1 503 503 176 Oct 16 2014 /home/nginx/.bash_profile 665400 4 -rw-r--r-- 1 503 503 124 Oct 16 2014 /home/nginx/.bashrc 665401 4 -rw-r--r-- 1 503 503 18 Oct 16 2014 /home/nginx/.bash_logout [root@localhost ~]# find /etc/ -size +20k -type f -ls 917659 772 -rw-r--r-- 1 root root 786601 Jul 14 2014 /etc/pki/tls/certs/ca-bundle.crt 917660 984 -rw-r--r-- 1 root root 1005005 Jul 14 2014 /etc/pki/tls/certs/ca-bundle.trust.crt 917892 64 -rw-r--r-- 1 root root 65536 Jan 13 2010 /etc/pki/nssdb/cert8.db 917655 176 -rw-r--r-- 1 root root 177130 Jul 14 2014 /etc/pki/java/cacerts 917665 188 -r--r--r-- 1 root root 191741 Dec 17 21:43 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem 917664 236 -r--r--r-- 1 root root 240762 Dec 17 21:43 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem 917666 188 -r--r--r-- 1 root root 191772 Dec 17 21:43 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem 917667 176 -r--r--r-- 1 root root 179212 Dec 17 21:43 /etc/pki/ca-trust/extracted/java/cacerts 917663 316 -r--r--r-- 1 root root 321332 Dec 17 21:43 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt 917543 628 -rw-r--r-- 1 root root 641020 Oct 2 2013 /etc/services 917909 36 -rw-r--r-- 1 root root 65536 Dec 17 21:44 /etc/openldap/certs/cert8.db 919623 60 -rw-r--r-- 1 root root 58444 Oct 16 2014 /etc/lvm/lvm.conf 919373 288 -rw------- 1 root root 292366 Dec 17 21:46 /etc/selinux/targeted/modules/active/file_contexts.template 919266 24 -rw------- 1 root root 23619 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/virt.pp 919203 32 -rw------- 1 root root 31595 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/postfix.pp 919216 28 -rw------- 1 root root 25839 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/rhcs.pp 919298 40 -rw------- 1 root root 36875 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/unprivuser.pp 919305 28 -rw------- 1 root root 26244 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/xguest.pp 919296 44 -rw------- 1 root root 42937 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/staff.pp 919125 24 -rw------- 1 root root 20562 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/cups.pp 919100 28 -rw------- 1 root root 27033 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/apache.pp 919295 32 -rw------- 1 root root 28800 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/unconfineduser.pp 919229 24 -rw------- 1 root root 24420 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/samba.pp 919189 24 -rw------- 1 root root 20718 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/nagios.pp 919379 7892 -rw-r--r-- 1 root root 8080641 Dec 17 21:46 /etc/selinux/targeted/modules/active/policy.kern 919089 240 -rw------- 1 root root 244785 Dec 17 21:45 /etc/selinux/targeted/modules/active/base.pp 919374 284 -rw------- 1 root root 286791 Dec 17 21:46 /etc/selinux/targeted/modules/active/file_contexts 919382 7892 -rw-r--r-- 1 root root 8080641 Dec 17 21:46 /etc/selinux/targeted/policy/policy.24 919384 284 -rw-r--r-- 1 root root 286791 Dec 17 21:46 /etc/selinux/targeted/contexts/files/file_contexts 917566 44 -rw-r--r-- 1 root root 43591 Sep 23 2011 /etc/mime.types 918298 124 -rw------- 1 root root 125811 Oct 15 2014 /etc/ssh/moduli 917934 24 -rw-r--r-- 1 root root 22521 Oct 16 2014 /etc/libreport/events/report_RHTSupport.xml 917935 24 -rw-r--r-- 1 root root 23001 Oct 16 2014 /etc/libreport/events/report_RHTSupportAttach.xml 918506 28 -rw-r--r-- 1 root root 27014 Feb 20 2014 /etc/postfix/main.cf 917683 28 -rw-r--r-- 1 root root 27779 Nov 11 2010 /etc/makedev.d/01linux-2.6.x 920908 40 -rw-r--r-- 1 root root 39837 Dec 17 21:46 /etc/ld.so.cache 918207 32 -rw-r--r-- 1 root root 29853 Jul 22 2014 /etc/sysconfig/network-scripts/network-functions-ipv6 917514 180 -rw-r--r-- 1 root root 182979 Dec 22 11:28 /etc/prelink.cache 919744 40 -rw-r--r-- 1 root root 39423 May 26 2009 /etc/bash_completion.d/subversion 918344 48 -rw-r--r-- 1 root root 45281 Mar 5 2013 /etc/bash_completion.d/git
8、创建目录/test/data,让某组内普通用户对其有写权限,且创建的所有文件的属组为目录所属的组;此外,每个用户仅能删除自己的文件。
[root@localhost ~]# useradd aa [root@localhost ~]# useradd bb [root@localhost ~]# groupadd aabb [root@localhost ~]# usermod -G aabb aa [root@localhost ~]# usermod -G aabb bb [root@localhost ~]# id aa uid=508(aa) gid=508(aa) groups=508(aa),510(aabb) [root@localhost ~]# id bb uid=509(bb) gid=509(bb) groups=509(bb),510(aabb) [root@localhost ~]# grep aabb /etc/group aabb:x:510:aa,bb [root@localhost ~]# mkdir -p /test/data [root@localhost ~]# chown :aabb /test/data [root@localhost ~]# ll -d /test/data drwxr-xr-x. 2 root aabb 4096 Dec 27 20:16 /test/data [root@localhost ~]# chmod g+ws /test/data [root@localhost ~]# ll -d /test/data drwxrwsr-x. 2 root aabb 4096 Dec 27 20:16 /test/data [root@localhost ~]# chmod o+t /test/data [root@localhost ~]# ll -d /test/data drwxrwsr-t. 2 root aabb 4096 Dec 27 20:16 /test/data [root@localhost ~]# su - aa [aa@localhost ~]$ touch /test/data/aa [aa@localhost ~]$ exit logout [root@localhost ~]# su - bb [bb@localhost ~]$ touch /test/data/bb [bb@localhost ~]$ ll /test/data/ total 0 -rw-rw-r--. 1 aa aabb 0 Dec 27 20:18 aa -rw-rw-r--. 1 bb aabb 0 Dec 27 20:18 bb [bb@localhost ~]$ rm -rf /test/data/aa rm: cannot remove `/test/data/aa': Operation not permitted [bb@localhost ~]$ exit logout [root@localhost ~]# su - aa [aa@localhost ~]$ rm -rf /test/data/bb rm: cannot remove `/test/data/bb': Operation not permitted [aa@localhost ~]$ rm -rf /test/data/aa [aa@localhost ~]$ ll /test/data/ total 0 -rw-rw-r--. 1 bb aabb 0 Dec 27 20:18 bb [aa@localhost ~]$ exit logout [root@localhost ~]# su - bb [bb@localhost ~]$ rm -rf /test/data/bb [bb@localhost ~]$ ll /test/data/ total 0
