一.第一部分 find
1、查找/var目录下属主为root,且属组为mail的所有文件
[root@centos8 ~]# find /var/ -user root -group mail -ls
67119549 0 drwxrwxr-x 2 root mail 57 Nov 29 22:31 /var/spool/mail
2、查找/var目录下不属于root、lp、gdm的所有文件
[root@centos8 ~]# find /var/ -! \( -user root -o -user lp -o -user gdm \) -ls
202076068 0 drwx------ 2 tss tss 6 Dec 14 2019 /var/lib/tpm
68224950 0 drwxr-xr-x 2 geoclue geoclue 6 Apr 7 2020 /var/lib/geoclue
877946 0 drwxr-xr-x 2 unbound unbound 22 Nov 28 00:00 /var/lib/unbound
660528 4 -rw-r--r-- 1 unbound unbound 1251 Nov 28 00:00 /var/lib/unbound/root.key
68623250 0 drwxr-xr-x 2 rpc rpc 6 Nov 13 17:49 /var/lib/rpcbind
68215670 0 drwxr-xr-x 2 chrony chrony 6 Nov 19 2019 /var/lib/chrony
916775 0 drwx------ 2 setroubleshoot setroubleshoot 6 Apr 24 2020 /var/lib/setroubleshoot
69259994 0 drwxr-x--x 8 qemu qemu 85 Nov 13 19:11 /var/lib/libvirt/qemu
202178762 0 drwxr-xr-x 2 qemu qemu 6 Nov 13 19:11 /var/lib/libvirt/qemu/save
660517 0 drwxr-xr-x 2 qemu qemu 6 Nov 13 19:11 /var/lib/libvirt/qemu/snapshot
69126683 0 drwxr-xr-x 2 qemu qemu 6 Nov 13 19:11 /var/lib/libvirt/qemu/dump
135543204 0 drwxr-xr-x 3 qemu qemu 20 Nov 13 19:11 /var/lib/libvirt/qemu/channel
202178763 0 drwxr-xr-x 2 qemu qemu 6 Nov 13 19:11 /var/lib/libvirt/qemu/channel/target
660519 0 drwxr-xr-x 2 qemu qemu 6 Nov 13 19:11 /var/lib/libvirt/qemu/nvram
69458879 0 drwxr-xr-x 3 qemu qemu 21 Nov 13 19:11 /var/lib/libvirt/qemu/ram
1274367 0 drwx------ 2 sssd sssd 109 Nov 13 19:11 /var/lib/sss/db
135168368 0 drwxr-xr-x 2 sssd sssd 6 Apr 24 2020 /var/lib/sss/gpo_cache
202482777 0 drwxrwxr-x 2 sssd sssd 51 Nov 29 22:31 /var/lib/sss/mc
202569732 8212 -rw-rw-r-- 1 sssd sssd 8406312 Nov 29 22:48 /var/lib/sss/mc/passwd
202569731 6260 -rw-rw-r-- 1 sssd sssd 6406312 Nov 29 22:48 /var/lib/sss/mc/group
202569728 10164 -rw-rw-r-- 1 sssd sssd 10406312 Nov 29 22:31 /var/lib/sss/mc/initgroups
1277632 0 drwxr-xr-x 3 sssd sssd 32 Nov 29 20:42 /var/lib/sss/pipes
69189931 0 drwxr-x--- 2 sssd root 90 Nov 29 20:42 /var/lib/sss/pipes/private
135168369 0 drwxr-xr-x 3 sssd sssd 28 Nov 13 17:53 /var/lib/sss/pubconf
135168372 0 drwxr-xr-x 2 sssd sssd 6 Apr 24 2020 /var/lib/sss/pubconf/krb5.include.d
135168376 0 drwx------ 2 sssd sssd 6 Apr 24 2020 /var/lib/sss/keytabs
135221544 0 drwxr-xr-x 4 colord colord 67 Nov 13 19:13 /var/lib/colord
202523306 0 drwxr-xr-x 2 colord colord 6 May 14 2019 /var/lib/colord/icc
135543217 16 -rw-r--r-- 1 colord colord 16384 Nov 13 19:13 /var/lib/colord/mapping.db
135543218 28 -rw-r--r-- 1 colord colord 28672 Nov 13 19:13 /var/lib/colord/storage.db
1777295 0 drwx------ 2 colord colord 6 Nov 13 19:13 /var/lib/colord/.cache
69259982 0 drwx------ 4 rpcuser rpcuser 30 Nov 13 17:53 /var/lib/nfs/statd
135263227 0 drwx------ 2 rpcuser rpcuser 6 Apr 24 2020 /var/lib/nfs/statd/sm
202550898 0 drwx------ 2 rpcuser rpcuser 6 Apr 24 2020 /var/lib/nfs/statd/sm.bak
134759325 0 drwxr-xr-x 2 chrony chrony 6 Nov 19 2019 /var/log/chrony
1277633 0 drwxr-x--- 2 sssd sssd 142 Nov 29 21:36 /var/log/sssd
1359982 0 drwxr-x--- 3 qemu qemu 26 Nov 13 19:11 /var/cache/libvirt/qemu
68623245 0 -rw-rw---- 1 rpc mail 0 Nov 13 17:49 /var/spool/mail/rpc
68630971 0 -rw-rw---- 1 neteagle mail 0 Nov 13 18:01 /var/spool/mail/neteagle
68630905 0 -rw-rw---- 1 hehe mail 0 Nov 29 21:17 /var/spool/mail/haha
68630907 0 -rw-rw---- 1 hehe mail 0 Nov 29 21:20 /var/spool/mail/hehe
3、查找/var目录下最近一周内其内容修改过,同时属主不为root,也不是postfix的文件
[root@centos8 ~]# find /var/ -mtime -7 -! \( -user root -o -user postfix \) -ls
877946 0 drwxr-xr-x 2 unbound unbound 22 Nov 28 00:00 /var/lib/unbound
660528 4 -rw-r--r-- 1 unbound unbound 1251 Nov 28 00:00 /var/lib/unbound/root.key
202482777 0 drwxrwxr-x 2 sssd sssd 51 Nov 29 22:50 /var/lib/sss/mc
202569736 8212 -rw-rw-r-- 1 sssd sssd 8406312 Nov 29 22:50 /var/lib/sss/mc/passwd
202569737 6260 -rw-rw-r-- 1 sssd sssd 6406312 Nov 29 22:50 /var/lib/sss/mc/group
202569728 10164 -rw-rw-r-- 1 sssd sssd 10406312 Nov 29 22:50 /var/lib/sss/mc/initgroups
1277632 0 drwxr-xr-x 3 sssd sssd 32 Nov 29 20:42 /var/lib/sss/pipes
69189931 0 drwxr-x--- 2 sssd root 90 Nov 29 20:42 /var/lib/sss/pipes/private
135262536 0 drwxrwx--T 6 gdm gdm 82 Nov 29 20:42 /var/lib/gdm
1777281 12 -rw-r--r-- 1 gdm gdm 12288 Nov 29 20:42 /var/lib/gdm/.config/pulse/2427c8e67a2349b89d9f80037054bb24-device-volumes.tdb
1777296 4 -rw-r--r-- 1 gdm gdm 1 Nov 29 20:43 /var/lib/gdm/.config/pulse/2427c8e67a2349b89d9f80037054bb24-default-sink
1777297 4 -rw-r--r-- 1 gdm gdm 1 Nov 29 20:43 /var/lib/gdm/.config/pulse/2427c8e67a2349b89d9f80037054bb24-default-source
1777285 0 drwx------ 2 gdm gdm 56 Nov 29 20:42 /var/lib/gdm/.config/ibus/bus
1777287 4 -rw------- 1 gdm gdm 168 Nov 29 20:42 /var/lib/gdm/.config/ibus/bus/2427c8e67a2349b89d9f80037054bb24-unix-1024
135543185 4 -rw------- 1 gdm gdm 1550 Nov 29 20:42 /var/lib/gdm/.ICEauthority
202398902 0 drwxr-xr-x 2 lp sys 135 Nov 29 21:36 /var/log/cups
1277633 0 drwxr-x--- 2 sssd sssd 142 Nov 29 21:36 /var/log/sssd
68630905 0 -rw-rw---- 1 hehe mail 0 Nov 29 21:17 /var/spool/mail/haha
68630907 0 -rw-rw---- 1 hehe mail 0 Nov 29 21:20 /var/spool/mail/hehe
4、查找当前系统上没有属主或属组,且最近一个周内曾被访问过的文件
[root@centos8 ~]# find / \( -nouser -o -nogroup -a -atime -7 \)
find: ‘/proc/5422/task/5422/fd/8’: No such file or directory
find: ‘/proc/5422/task/5422/fdinfo/8’: No such file or directory
find: ‘/proc/5422/fd/9’: No such file or directory
find: ‘/proc/5422/fdinfo/9’: No such file or directory
5、查找/etc目录下大于1M且类型为普通文件的所有文件
[root@centos8 ~]# find /etc/ -size +1M -a -type f|xargs ls -alh
-rw-r--r--. 1 root root 8.5M Nov 13 17:52 /etc/selinux/targeted/policy/policy.31
-r--r--r--. 1 root root 9.0M Nov 13 19:10 /etc/udev/hwdb.bin
6、查找/etc目录下所有用户都没有写权限的文件
[root@centos8 ~]# find /etc/ -! -perm /222|xargs ls -l
-r--r--r--. 1 root root 460 Apr 24 2020 /etc/dbus-1/system.d/cups.conf
---------- 1 root root 818 Nov 29 22:50 /etc/gshadow
----------. 1 root root 806 Nov 29 22:31 /etc/gshadow-
-r--r--r--. 1 root root 67 May 8 2020 /etc/ld.so.conf.d/kernel-4.18.0-193.el8.x86_64.conf
-r--r--r--. 1 root root 531 Feb 11 2020 /etc/lvm/profile/cache-mq.profile
-r--r--r--. 1 root root 339 Feb 11 2020 /etc/lvm/profile/cache-smq.profile
-r--r--r--. 1 root root 3020 Apr 25 2020 /etc/lvm/profile/command_profile_template.profile
-r--r--r--. 1 root root 2309 Feb 11 2020 /etc/lvm/profile/lvmdbusd.profile
-r--r--r--. 1 root root 828 Apr 25 2020 /etc/lvm/profile/metadata_profile_template.profile
-r--r--r--. 1 root root 76 Feb 11 2020 /etc/lvm/profile/thin-generic.profile
-r--r--r--. 1 root root 80 Feb 11 2020 /etc/lvm/profile/thin-performance.profile
-r--r--r--. 1 root root 563 Feb 11 2020 /etc/lvm/profile/vdo-small.profile
-r--r--r--. 1 root root 33 Nov 13 17:48 /etc/machine-id
-r--r--r--. 1 root root 146 Apr 24 2020 /etc/pam.d/cups
-r--r--r--. 1 root root 161250 Nov 13 17:48 /etc/pki/ca-trust/extracted/edk2/cacerts.bin
-r--r--r--. 1 root root 161905 Nov 13 17:48 /etc/pki/ca-trust/extracted/java/cacerts
-r--r--r--. 1 root root 261737 Nov 13 17:48 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-r--r--r--. 1 root root 173023 Nov 13 17:48 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
-r--r--r--. 1 root root 0 Nov 13 17:48 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
-r--r--r--. 1 root root 222148 Nov 13 17:48 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
---------- 1 root root 1420 Nov 29 22:50 /etc/shadow
----------. 1 root root 1390 Nov 29 22:31 /etc/shadow-
-r--r-----. 1 root root 4328 Apr 24 2020 /etc/sudoers
-r--r--r--. 1 root root 9339625 Nov 13 19:10 /etc/udev/hwdb.bin
7、查找/etc目录下至少有一类用户没有执行权限的文件
[root@centos8 ~]# find /etc/ -! -perm -111|xargs ls -l
8、查找/etc/init.d目录下,所有用户都有执行权限,且其它用户有写权限的文件
[root@centos8 ~]# find /etc/init.d/ -perm -111 -a -perm -002
