linux运维实战练习案例-2015年12月20日-12月31日（第一次）

linux运维实战练习案例-2015年12月20日-12月31日（第一次）

1、创建一个10G的文件系统，类型为ext4，要求开机可自动挂载至单独数据/data目录；

[root@localhost ~]# cat /proc/partitions
major minor  #blocks  name
8       16   20971520 sdb
8        0   20971520 sda
8        1   20970496 sda1
[root@localhost ~]# fdisk /dev/sdb
WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
switch off the mode (command 'c') and change display units to
sectors (command 'u').
Command (m for help): p
Disk /dev/sdb: 21.5 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xe7a51598
Device Boot      Start         End      Blocks   Id  System
Command (m for help): n
Command action
e   extended
p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-2610, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-2610, default 2610): +10G
Command (m for help): p
Disk /dev/sdb: 21.5 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xe7a51598
Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1        1306    10490413+  83  Linux
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@localhost ~]# mkfs.ext4 /dev/sdb1
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
655776 inodes, 2622603 blocks
131130 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2688548864
81 block groups
32768 blocks per group, 32768 fragments per group
8096 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 35 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
[root@localhost ~]# cat /proc/partitions
major minor  #blocks  name
8       16   20971520 sdb
8       17   10490413 sdb1
8        0   20971520 sda
8        1   20970496 sda1
[root@localhost ~]# mkdir /data
[root@localhost ~]# mount /dev/sdb1 /data/
[root@localhost ~]# cd /data/
[root@localhost data]# ll
total 16
drwx------. 2 root root 16384 Dec 27 21:31 lost+found
[root@localhost data]# touch aa
[root@localhost data]# ll
total 16
-rw-r--r--. 1 root root     0 Dec 27 21:32 aa
drwx------. 2 root root 16384 Dec 27 21:31 lost+found
[root@localhost data]# vim /etc/fstab
[root@localhost data]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Thu Dec 17 21:43:19 2015
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=5afe3401-f34c-4793-814b-49836d66563b /                       ext4    defaults        1 1
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
/dev/sdb1        /data            ext4    defaults    0 0

2、显示`netstat -tan`命令结果中以‘LISTEN’后跟0个、1个或者多个空白字符结尾的行；

[root@localhost ~]# netstat -tan |grep 'LISTEN[ ]*$'
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:60224               0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN
tcp        0      0 :::22                       :::*                        LISTEN
tcp        0      0 ::1:631                     :::*                        LISTEN
tcp        0      0 ::1:25                      :::*                        LISTEN
tcp        0      0 :::49701                    :::*                        LISTEN
tcp        0      0 :::111                      :::*                        LISTEN
[root@localhost ~]#
[root@localhost ~]# netstat -tan |grep 'LISTEN[[:space:]]*$'
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:60224               0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN
tcp        0      0 :::22                       :::*                        LISTEN
tcp        0      0 ::1:631                     :::*                        LISTEN
tcp        0      0 ::1:25                      :::*                        LISTEN
tcp        0      0 :::49701                    :::*                        LISTEN
tcp        0      0 :::111                      :::*                        LISTEN

3、添加用户nginx、zabbix、tomcat以及hadoop用户（nologin用户的shell为/sbin/nologin）；而后找出/etc/passwd文件中用户名与其shell名相同的行；

[root@localhost ~]# useradd nginx
[root@localhost ~]# useradd zabbix
[root@localhost ~]# useradd tomcat
[root@localhost ~]# useradd hadoop
[root@localhost ~]# useradd -s /sbin/nologin nologin
[root@localhost ~]# grep '^\(\<[[:alnum:]]\+\>\).*\1$' /etc/passwd
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
nologin:x:507:507::/home/nologin:/sbin/nologin

4、找出/etc/rc.d/init.d/functions文件中某单词（单词中间可以存在下划线）后面跟着一组小括号的行；

[root@localhost ~]# grep '\<.\+\>()' /etc/rc.d/init.d/functions
fstab_decode_str() {
checkpid() {
__readlink() {
__fgrep() {
__umount_loop() {
__umount_loopback_loop() {
__pids_var_run() {
__pids_pidof() {
daemon() {
killproc() {
pidfileofproc() {
pidofproc() {
status() {
echo_success() {
echo_failure() {
echo_passed() {
echo_warning() {
update_boot_stage() {
success() {
failure() {
passed() {
warning() {
action() {
strstr() {
confirm() {
get_numeric_dev() {
is_ignored_file() {
is_true() {
is_false() {
apply_sysctl() {
key_is_random() {
find_crypto_mount_point() {
init_crypto() {

5、使用echo输出一个路径，而后egrep找出其路径基名；进一步的使用egrep取出其目录名（注意是目录名，而非目录路径）；

[root@localhost ~]# echo /etc/sysconfig/network-scripts/ifcfg-eth0/ |grep -o -E  '[^/]+/?$' | cut -d/ -f1
ifcfg-eth0
[root@localhost ~]# echo /etc/sysconfig/network-scripts/ifcfg-eth0 |grep -o -E  '[^/]+/?$' | cut -d/ -f1
ifcfg-eth0
[root@localhost ~]# echo /etc/sysconfig/network-scripts/ifcfg-eth0 |grep -o -E  '[^/]+/[^/]+/?$' | cut -d/ -f1
network-scripts
[root@localhost ~]# echo /etc/sysconfig/network-scripts/ifcfg-eth0/ |grep -o -E  '[^/]+/[^/]+/?$' | cut -d/ -f1
network-scripts

6、查找/usr目录下不属于root、bin或hadoop的所有文件；

[root@localhost ~]# find /usr/ -not \( -user root -o -user bin -o -user hadoop \) -ls
141960   12 -rwsr-xr-x   1 abrt     abrt        10296 Oct 16  2014 /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache

7、某天系统被入侵了，黑客在你系统下留下木马文件:
现需要查找当前系统上没有属主或属组，且最近一周内曾被访问过的所有文件；
另外，需要查找/etc目录下大于20k且类型为普通文件的所有文件；

[root@localhost ~]# find /  \( -nouser -a -nogroup \) -a -atime -7 -ls
find: `/proc/2425/task/2425/fd/5': No such file or directory
find: `/proc/2425/task/2425/fdinfo/5': No such file or directory
find: `/proc/2425/fd/5': No such file or directory
find: `/proc/2425/fdinfo/5': No such file or directory
665398    4 drwx------   2 503      503          4096 Dec 27 18:19 /home/nginx
665399    4 -rw-r--r--   1 503      503           176 Oct 16  2014 /home/nginx/.bash_profile
665400    4 -rw-r--r--   1 503      503           124 Oct 16  2014 /home/nginx/.bashrc
665401    4 -rw-r--r--   1 503      503            18 Oct 16  2014 /home/nginx/.bash_logout
[root@localhost ~]# find /etc/ -size +20k -type f  -ls
917659  772 -rw-r--r--   1 root     root       786601 Jul 14  2014 /etc/pki/tls/certs/ca-bundle.crt
917660  984 -rw-r--r--   1 root     root      1005005 Jul 14  2014 /etc/pki/tls/certs/ca-bundle.trust.crt
917892   64 -rw-r--r--   1 root     root        65536 Jan 13  2010 /etc/pki/nssdb/cert8.db
917655  176 -rw-r--r--   1 root     root       177130 Jul 14  2014 /etc/pki/java/cacerts
917665  188 -r--r--r--   1 root     root       191741 Dec 17 21:43 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
917664  236 -r--r--r--   1 root     root       240762 Dec 17 21:43 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
917666  188 -r--r--r--   1 root     root       191772 Dec 17 21:43 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
917667  176 -r--r--r--   1 root     root       179212 Dec 17 21:43 /etc/pki/ca-trust/extracted/java/cacerts
917663  316 -r--r--r--   1 root     root       321332 Dec 17 21:43 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
917543  628 -rw-r--r--   1 root     root       641020 Oct  2  2013 /etc/services
917909   36 -rw-r--r--   1 root     root        65536 Dec 17 21:44 /etc/openldap/certs/cert8.db
919623   60 -rw-r--r--   1 root     root        58444 Oct 16  2014 /etc/lvm/lvm.conf
919373  288 -rw-------   1 root     root       292366 Dec 17 21:46 /etc/selinux/targeted/modules/active/file_contexts.template
919266   24 -rw-------   1 root     root        23619 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/virt.pp
919203   32 -rw-------   1 root     root        31595 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/postfix.pp
919216   28 -rw-------   1 root     root        25839 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/rhcs.pp
919298   40 -rw-------   1 root     root        36875 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/unprivuser.pp
919305   28 -rw-------   1 root     root        26244 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/xguest.pp
919296   44 -rw-------   1 root     root        42937 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/staff.pp
919125   24 -rw-------   1 root     root        20562 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/cups.pp
919100   28 -rw-------   1 root     root        27033 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/apache.pp
919295   32 -rw-------   1 root     root        28800 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/unconfineduser.pp
919229   24 -rw-------   1 root     root        24420 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/samba.pp
919189   24 -rw-------   1 root     root        20718 Dec 17 21:45 /etc/selinux/targeted/modules/active/modules/nagios.pp
919379 7892 -rw-r--r--   1 root     root      8080641 Dec 17 21:46 /etc/selinux/targeted/modules/active/policy.kern
919089  240 -rw-------   1 root     root       244785 Dec 17 21:45 /etc/selinux/targeted/modules/active/base.pp
919374  284 -rw-------   1 root     root       286791 Dec 17 21:46 /etc/selinux/targeted/modules/active/file_contexts
919382 7892 -rw-r--r--   1 root     root      8080641 Dec 17 21:46 /etc/selinux/targeted/policy/policy.24
919384  284 -rw-r--r--   1 root     root       286791 Dec 17 21:46 /etc/selinux/targeted/contexts/files/file_contexts
917566   44 -rw-r--r--   1 root     root        43591 Sep 23  2011 /etc/mime.types
918298  124 -rw-------   1 root     root       125811 Oct 15  2014 /etc/ssh/moduli
917934   24 -rw-r--r--   1 root     root        22521 Oct 16  2014 /etc/libreport/events/report_RHTSupport.xml
917935   24 -rw-r--r--   1 root     root        23001 Oct 16  2014 /etc/libreport/events/report_RHTSupportAttach.xml
918506   28 -rw-r--r--   1 root     root        27014 Feb 20  2014 /etc/postfix/main.cf
917683   28 -rw-r--r--   1 root     root        27779 Nov 11  2010 /etc/makedev.d/01linux-2.6.x
920908   40 -rw-r--r--   1 root     root        39837 Dec 17 21:46 /etc/ld.so.cache
918207   32 -rw-r--r--   1 root     root        29853 Jul 22  2014 /etc/sysconfig/network-scripts/network-functions-ipv6
917514  180 -rw-r--r--   1 root     root       182979 Dec 22 11:28 /etc/prelink.cache
919744   40 -rw-r--r--   1 root     root        39423 May 26  2009 /etc/bash_completion.d/subversion
918344   48 -rw-r--r--   1 root     root        45281 Mar  5  2013 /etc/bash_completion.d/git

8、创建目录/test/data，让某组内普通用户对其有写权限，且创建的所有文件的属组为目录所属的组；此外，每个用户仅能删除自己的文件。

[root@localhost ~]# useradd aa
[root@localhost ~]# useradd bb
[root@localhost ~]# groupadd aabb
[root@localhost ~]# usermod -G aabb aa
[root@localhost ~]# usermod -G aabb bb
[root@localhost ~]# id aa
uid=508(aa) gid=508(aa) groups=508(aa),510(aabb)
[root@localhost ~]# id bb
uid=509(bb) gid=509(bb) groups=509(bb),510(aabb)
[root@localhost ~]# grep aabb /etc/group
aabb:x:510:aa,bb
[root@localhost ~]# mkdir -p /test/data
[root@localhost ~]# chown :aabb /test/data
[root@localhost ~]# ll -d /test/data
drwxr-xr-x. 2 root aabb 4096 Dec 27 20:16 /test/data
[root@localhost ~]# chmod g+ws /test/data
[root@localhost ~]# ll -d /test/data
drwxrwsr-x. 2 root aabb 4096 Dec 27 20:16 /test/data
[root@localhost ~]# chmod o+t /test/data
[root@localhost ~]# ll -d /test/data
drwxrwsr-t. 2 root aabb 4096 Dec 27 20:16 /test/data
[root@localhost ~]# su - aa
[aa@localhost ~]$ touch /test/data/aa
[aa@localhost ~]$ exit
logout
[root@localhost ~]# su - bb
[bb@localhost ~]$ touch /test/data/bb
[bb@localhost ~]$ ll /test/data/
total 0
-rw-rw-r--. 1 aa aabb 0 Dec 27 20:18 aa
-rw-rw-r--. 1 bb aabb 0 Dec 27 20:18 bb
[bb@localhost ~]$ rm -rf /test/data/aa
rm: cannot remove `/test/data/aa': Operation not permitted
[bb@localhost ~]$ exit
logout
[root@localhost ~]# su - aa
[aa@localhost ~]$ rm -rf /test/data/bb
rm: cannot remove `/test/data/bb': Operation not permitted
[aa@localhost ~]$ rm -rf /test/data/aa
[aa@localhost ~]$ ll /test/data/
total 0
-rw-rw-r--. 1 bb aabb 0 Dec 27 20:18 bb
[aa@localhost ~]$ exit
logout
[root@localhost ~]# su - bb
[bb@localhost ~]$ rm -rf /test/data/bb
[bb@localhost ~]$ ll /test/data/
total 0