9.文件查找和压缩-案例分析

1.查找/var目录下属主为root,且属组为mail的所有文件

[16:03:08 root@centos7 ~]# ll /var/
total 16
drwxr-xr-x.  2 root root   19 Jun 27 23:09 account
drwxr-xr-x.  2 root root    6 Apr 11  2018 adm
drwxr-xr-x. 13 root root  159 Jun 27 23:19 cache
drwxr-xr-x.  2 root root    6 Apr  2 21:27 crash
drwxr-xr-x.  3 root root   34 Jun 27 23:09 db
drwxr-xr-x.  3 root root   18 Jun 27 23:08 empty
drwxr-xr-x.  2 root root    6 Apr 11  2018 games
drwxr-xr-x.  2 root root    6 Apr 11  2018 gopher
drwxr-xr-x.  3 root root   18 Jun 27 23:02 kerberos
drwxr-xr-x. 61 root root 4096 Jun 27 23:19 lib
drwxr-xr-x.  2 root root    6 Apr 11  2018 local
lrwxrwxrwx.  1 root root   11 Jun 27 23:00 lock -> ../run/lock
drwxr-xr-x. 20 root root 4096 Aug 15 16:03 log
lrwxrwxrwx.  1 root root   10 Jun 27 23:00 mail -> spool/mail
drwxr-xr-x.  2 root root    6 Apr 11  2018 nis
drwxr-xr-x.  2 root root    6 Apr 11  2018 opt
drwxr-xr-x.  2 root root    6 Apr 11  2018 preserve
lrwxrwxrwx.  1 root root    6 Jun 27 23:00 run -> ../run
drwxr-xr-x. 12 root root  140 Jun 27 23:09 spool
drwxr-xr-x.  4 root root   28 Jun 27 23:04 target
drwxrwxrwt.  7 root root 4096 Aug 15 15:15 tmp
drwxr-xr-x.  2 root root    6 Apr 11  2018 yp
[16:04:54 root@centos7 ~]#find /var/ -user root -group mail -ls
134321917    0 drwxrwxr-x   2 root     mail           51 Aug  8 21:21 /var/spool/mail
135814106    4 -rw-------   1 root     mail         1942 Jul 18 19:42 /var/spool/mail/root

2.查找/var目录下不属于root、 lp、 gdm的所有文件

[16:08:32 root@centos7 ~]#find /var/ -!  \( -user root -o -user lp -o -user gdm \) -ls
1629072    0 drwxr-xr-x   2 abrt     abrt            6 Jun 27 23:19 /var/tmp/abrt
645018    0 drwxr-xr-x   4 colord   colord         67 Jun 28 21:14 /var/lib/colord
68568262    0 drwxr-xr-x   2 colord   colord          6 Apr  1 10:23 /var/lib/colord/icc
1634912    4 -rw-r--r--   1 colord   colord       4096 Jun 28 21:14 /var/lib/colord/mapping.db
1634913    8 -rw-r--r--   1 colord   colord       7168 Jun 28 21:14 /var/lib/colord/storage.db
70063893    0 drwx------   2 colord   colord          6 Jun 28 21:14 /var/lib/colord/.cache
202364414    0 drwx------   2 rpc      rpc             6 Apr  1 12:19 /var/lib/rpcbind
135295376    0 drwxr-xr-x   2 chrony   chrony          6 Aug  8  2019 /var/lib/chrony
202425995    0 drwxr-xr-x   2 ntp      ntp             6 Aug  8  2019 /var/lib/ntp
202425996    0 drwxr-xr-x   2 unbound  unbound        22 Jul 12 15:26 /var/lib/unbound
202425997    4 -rw-r--r--   1 unbound  unbound       758 Jul 12 15:26 /var/lib/unbound/root.key
727035    0 drwx------   2 tss      tss             6 Aug  4  2017 /var/lib/tpm
1181197    0 drwxr-x--x   8 qemu     qemu           85 Jun 27 23:19 /var/lib/libvirt/qemu
135354099    0 drwxr-xr-x   2 qemu     qemu            6 Jun 27 23:19 /var/lib/libvirt/qemu/save
201326669    0 drwxr-xr-x   2 qemu     qemu            6 Jun 27 23:19 /var/lib/libvirt/qemu/snapshot
1634883    0 drwxr-xr-x   2 qemu     qemu            6 Jun 27 23:19 /var/lib/libvirt/qemu/dump
70063875    0 drwxr-xr-x   3 qemu     qemu           20 Jun 27 23:19 /var/lib/libvirt/qemu/channel
135404788    0 drwxr-xr-x   2 qemu     qemu            6 Jun 27 23:19 /var/lib/libvirt/qemu/channel/target
201326670    0 drwxr-xr-x   2 qemu     qemu            6 Jun 27 23:19 /var/lib/libvirt/qemu/nvram
1634884    0 drwxr-xr-x   3 qemu     qemu           21 Jun 27 23:19 /var/lib/libvirt/qemu/ram
135354077    0 drwx------   2 sssd     sssd            6 Apr  1 09:30 /var/lib/sss/db
728809    0 drwxr-xr-x   2 sssd     sssd            6 Apr  1 09:30 /var/lib/sss/gpo_cache
68765386    0 drwxrwxr-x   2 sssd     sssd            6 Apr  1 09:30 /var/lib/sss/mc
135354078    0 drwxr-xr-x   3 sssd     sssd           21 Jun 27 23:05 /var/lib/sss/pipes
202427398    0 drwxr-x---   2 sssd     root            6 Apr  1 09:30 /var/lib/sss/pipes/private
728810    0 drwxr-xr-x   3 sssd     sssd           28 Jun 27 23:05 /var/lib/sss/pubconf
728811    0 drwxr-xr-x   2 sssd     sssd            6 Apr  1 09:30 /var/lib/sss/pubconf/krb5.include.d
135354092    0 drwx------   2 sssd     sssd            6 Apr  1 09:30 /var/lib/sss/keytabs
202445126    0 drwxr-xr-x   2 geoclue  geoclue         6 Oct 31  2018 /var/lib/geoclue
202466783    0 drwx------   2 setroubleshoot setroubleshoot       71 Jun 28 22:03 /var/lib/setroubleshoot
201326707    4 -rw-------   1 setroubleshoot setroubleshoot     3330 Jun 28 22:14 /var/lib/setroubleshoot/setroubleshoot_database.xml
201326719    0 -rw-------   1 setroubleshoot setroubleshoot        0 Jun 28 22:03 /var/lib/setroubleshoot/email_alert_recipients
202490794    0 drwx------   2 pulse    pulse           6 Apr 13  2018 /var/lib/pulse
202847356    0 drwx------   4 rpcuser  rpcuser        30 Jun 27 23:07 /var/lib/nfs/statd
1181192    0 drwx------   2 rpcuser  rpcuser         6 Apr  1 11:55 /var/lib/nfs/statd/sm
69170871    0 drwx------   2 rpcuser  rpcuser         6 Apr  1 11:55 /var/lib/nfs/statd/sm.bak
69170872    0 -rw-r--r--   1 rpcuser  rpcuser         0 Apr  1 11:55 /var/lib/nfs/state
203093485    0 drwx------   2 postfix  root           25 Jun 27 23:19 /var/lib/postfix
201326672    4 -rw-------   1 postfix  postfix        33 Aug 15 15:14 /var/lib/postfix/master.lock
202425942    0 drwxr-xr-x   2 chrony   chrony          6 Aug  8  2019 /var/log/chrony
726956    0 drwxr-xr-x   2 ntp      ntp             6 Aug  8  2019 /var/log/ntpstats
135354079    0 drwxr-x---   2 sssd     sssd            6 Apr  1 09:30 /var/log/sssd
202425506    0 drwxrwxr-x   2 abrt     abrt            6 Apr  2 23:58 /var/cache/abrt-di
202818913    0 drwxr-x---   3 qemu     qemu           26 Jun 27 23:19 /var/cache/libvirt/qemu
134979945    0 -rw-rw----   1 rpc      mail            0 Jun 27 23:04 /var/spool/mail/rpc
134320207    0 -rw-rw----   1 wen      mail            0 Jun 27 23:17 /var/spool/mail/wen
134321352    0 -rw-rw----   1 tom      mail            0 Aug  8 21:21 /var/spool/mail/tom
202425505    0 drwx------   2 abrt     abrt            6 Apr  2 23:58 /var/spool/abrt-upload
70017081    0 drwx------   2 postfix  root            6 Jul 18 19:42 /var/spool/postfix/active
135673257    0 drwx------   2 postfix  root            6 Apr  1 12:08 /var/spool/postfix/bounce
203093486    0 drwx------   2 postfix  root            6 Apr  1 12:08 /var/spool/postfix/corrupt
1600554    0 drwx------   2 postfix  root            6 Apr  1 12:08 /var/spool/postfix/defer
70017082    0 drwx------   2 postfix  root            6 Apr  1 12:08 /var/spool/postfix/deferred
135673258    0 drwx------   2 postfix  root            6 Apr  1 12:08 /var/spool/postfix/flush
203093487    0 drwx------   2 postfix  root            6 Apr  1 12:08 /var/spool/postfix/hold
1600555    0 drwx------   2 postfix  root            6 Jul 18 19:42 /var/spool/postfix/incoming
70017083    0 drwx-wx---   2 postfix  postdrop        6 Jul 18 19:42 /var/spool/postfix/maildrop
203093488    0 drwx------   2 postfix  root          256 Aug 15 15:14 /var/spool/postfix/private
203092353    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/tlsmgr
203092354    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/rewrite
203092356    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/bounce
203092358    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/defer
203092359    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/trace
203092363    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/verify
203092365    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/proxymap
203092404    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/proxywrite
203092405    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/smtp
203092408    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/relay
203092411    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/error
203092412    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/retry
203113932    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/discard
203113933    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/local
203103829    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/virtual
203103830    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/lmtp
203103831    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/anvil
203103832    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/private/scache
1600556    0 drwx--x---   2 postfix  postdrop       73 Aug 15 15:14 /var/spool/postfix/public
  2892    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/public/pickup
1629073    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/public/cleanup
1629074    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/public/qmgr
1629083    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/public/flush
1629084    0 srw-rw-rw-   1 postfix  postfix         0 Aug 15 15:14 /var/spool/postfix/public/showq
70017084    0 drwx------   2 postfix  root            6 Apr  1 12:08 /var/spool/postfix/saved
135673260    0 drwx------   2 postfix  root            6 Apr  1 12:08 /var/spool/postfix/trace

3.查找/var目录下最近一周内其内容修改过,同时属主不为root,也不是postfix的文件

[16:12:26 root@centos7 ~]#find /var/ -mtime -7 -! \( -user root -o -user postfix \) -ls
1164717    0 drwxrwx--T   7 gdm      gdm            97 Aug 15 15:14 /var/lib/gdm
135759457    4 -rw-r--r--   1 gdm      gdm            43 Aug 15 15:14 /var/lib/gdm/.pulse/612f95f4585142bc8ed2d8b3c84e1198-default-sink
135759458    4 -rw-r--r--   1 gdm      gdm            42 Aug 15 15:14 /var/lib/gdm/.pulse/612f95f4585142bc8ed2d8b3c84e1198-default-source
201326676    4 -rw-r--r--   1 gdm      gdm           465 Aug 15 15:14 /var/lib/gdm/.dbus/session-bus/612f95f4585142bc8ed2d8b3c84e1198-0
1634900    4 -rw-------   1 gdm      gdm          2480 Aug 15 15:14 /var/lib/gdm/.ICEauthority
1634903    0 drwx------   2 gdm      gdm            53 Aug 15 15:14 /var/lib/gdm/.config/ibus/bus
1634882    4 -rw-r--r--   1 gdm      gdm           168 Aug 15 15:14 /var/lib/gdm/.config/ibus/bus/612f95f4585142bc8ed2d8b3c84e1198-unix-0
892183    0 drwxr-xr-x   2 lp       sys           165 Aug  9 15:49 /var/log/cups
134321352    0 -rw-rw----   1 tom      mail            0 Aug  8 21:21 /var/spool/mail/tom

4.查找当前系统上没有属主或属组,且最近一个周内曾被访问过的文件

[16:12:30 root@centos7 ~]#find / \( -nouser -o -nogroup -a -atime -7 \)
find: ‘/proc/2390/task/2390/fd/5’: No such file or directory
find: ‘/proc/2390/task/2390/fdinfo/5’: No such file or directory
find: ‘/proc/2390/fd/6’: No such file or directory
find: ‘/proc/2390/fdinfo/6’: No such file or directory

5.查找/etc目录下大于1M且类型为普通文件的所有文件

[16:22:54 root@centos7 ~]#find /etc/ -size +1M -a -type f|xargs ls -alh
-rw-r--r--. 1 root root 1.4M Apr 11  2018 /etc/brltty/zh-tw.ctb
-rw-------. 1 root root 3.8M Jun 27 23:15 /etc/selinux/targeted/active/policy.kern
-rw-------. 1 root root 3.8M Jun 27 23:15 /etc/selinux/targeted/active/policy.linked
-rw-r--r--. 1 root root 1.4M Jun 27 23:15 /etc/selinux/targeted/contexts/files/file_contexts.bin
-rw-r--r--. 1 root root 3.8M Jun 27 23:15 /etc/selinux/targeted/policy/policy.31
-r--r--r--. 1 root root 8.2M Jun 27 23:19 /etc/udev/hwdb.bin

6.查找/etc目录下所有用户都没有写权限的文件

[16:25:25 root@centos7 ~]#find /etc/ -! -perm /222|xargs ls -l
-r--r--r--. 1 root root     460 Apr  1 10:23 /etc/dbus-1/system.d/cups.conf
----------  1 root root     803 Aug  8 21:21 /etc/gshadow
----------. 1 root root     795 Jul  4 16:03 /etc/gshadow-
-r--r--r--. 1 root root      63 Apr  1 07:40 /etc/ld.so.conf.d/kernel-3.10.0-1127.el7.x86_64.conf
-r--r--r--. 1 root root     531 Aug 27  2019 /etc/lvm/profile/cache-mq.profile
-r--r--r--. 1 root root     339 Aug 27  2019 /etc/lvm/profile/cache-smq.profile
-r--r--r--. 1 root root    3020 Apr  1 09:29 /etc/lvm/profile/command_profile_template.profile
-r--r--r--. 1 root root    2309 Aug 27  2019 /etc/lvm/profile/lvmdbusd.profile
-r--r--r--. 1 root root     828 Apr  1 09:29 /etc/lvm/profile/metadata_profile_template.profile
-r--r--r--. 1 root root      76 Aug 27  2019 /etc/lvm/profile/thin-generic.profile
-r--r--r--. 1 root root      80 Aug 27  2019 /etc/lvm/profile/thin-performance.profile
-r--r--r--. 1 root root      33 Jun 27 23:03 /etc/machine-id
-r--------. 1 root root      45 Jun 27 23:03 /etc/openldap/certs/password
-r--r--r--. 1 root root     146 Apr  1 10:23 /etc/pam.d/cups
-r--r--r--. 1 root root  161905 Jun 27 23:01 /etc/pki/ca-trust/extracted/java/cacerts
-r--r--r--. 1 root root  261737 Jun 27 23:01 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-r--r--r--. 1 root root  173023 Jun 27 23:01 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
-r--r--r--. 1 root root       0 Jun 27 23:01 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
-r--r--r--. 1 root root  222148 Jun 27 23:01 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
----------  1 root root    1384 Aug  8 21:21 /etc/shadow
----------. 1 root root    1262 Jun 27 23:17 /etc/shadow-
-r--r-----. 1 root root    4328 Nov 28  2019 /etc/sudoers
-r--r--r--. 1 root root 8522143 Jun 27 23:19 /etc/udev/hwdb.bin

7.查找/etc目录下至少有一类用户没有执行权限的文件

[16:28:52 root@centos7 ~]#find /etc/ -! -perm -111|xargs ls -l|head
-rw-r--r--    1 root    root           0 Jul 12 13:39 /etc/2xaaa
-rw-r--r--.   1 root    root         850 Apr  2 23:58 /etc/abrt/abrt-action-save-package-data.conf
-rw-r--r--.   1 root    root        2118 Apr  2 23:58 /etc/abrt/abrt.conf
-rw-r--r--.   1 root    root          31 Apr  2 23:58 /etc/abrt/gpg_keys.conf
-rw-r--r--.   1 root    root        2147 Apr  2 23:58 /etc/abrt/plugins/CCpp.conf
-rw-r--r--.   1 root    root         263 Apr  2 23:58 /etc/abrt/plugins/oops.conf
-rw-r--r--.   1 root    root         204 Apr  2 23:58 /etc/abrt/plugins/python.conf
-rw-r--r--.   1 root    root         160 Apr  2 23:58 /etc/abrt/plugins/vmcore.conf
-rw-r--r--.   1 root    root         175 Apr  2 23:58 /etc/abrt/plugins/xorg.conf
-rw-r--r--.   1 root    root          16 Jun 27 23:17 /etc/adjtime
xargs: ls: terminated by signal 13

8.查找/etc/init.d目录下,所有用户都有执行权限,且其它用户有写权限的文件

[16:43:34 root@centos7 init.d]#ll
total 40
-rw-r--r--. 1 root root 18281 Aug 19  2019 functions
-rwxr-xr-x. 1 root root  4569 Aug 19  2019 netconsole
-rwxr-xr-x. 1 root root  7928 Aug 19  2019 network
-rw-r--r--. 1 root root  1160 Apr  1 09:30 README
[16:43:35 root@centos7 init.d]#touch test
[16:43:42 root@centos7 init.d]#ll
total 40
-rw-r--r--. 1 root root 18281 Aug 19  2019 functions
-rwxr-xr-x. 1 root root  4569 Aug 19  2019 netconsole
-rwxr-xr-x. 1 root root  7928 Aug 19  2019 network
-rw-r--r--. 1 root root  1160 Apr  1 09:30 README
-rw-r--r--  1 root root     0 Aug 15 16:43 test
[16:43:43 root@centos7 init.d]#chmod 113 test 
[16:43:52 root@centos7 init.d]#ll
total 40
-rw-r--r--. 1 root root 18281 Aug 19  2019 functions
-rwxr-xr-x. 1 root root  4569 Aug 19  2019 netconsole
-rwxr-xr-x. 1 root root  7928 Aug 19  2019 network
-rw-r--r--. 1 root root  1160 Apr  1 09:30 README
---x--x-wx  1 root root     0 Aug 15 16:43 test
[16:43:53 root@centos7 init.d]#find /etc/init.d/ -perm -113
/etc/init.d/test
[16:44:03 root@centos7 init.d]#find /etc/init.d/ -perm -111 -a -perm -002
/etc/init.d/test
posted @ 2020-08-15 16:36  人生值得  阅读(286)  评论(0编辑  收藏  举报