1、复制/etc/skel目录为/home/tuser1,要求/home/tuser1及其内部文件的属组和其它用户均没有任何访问权限。
[[email protected] ~]# cp -r /etc/skel /home/tuser1 [[email protected] ~]# ll -d /home/tuser1/ drwxr-xr-x 2 root root 62 Jun 3 16:47 /home/tuser1/ [[email protected] ~]# ll -a /home/tuser1/ total 12 drwxr-xr-x 2 root root 62 Jun 3 16:47 . drwxr-xr-x. 3 root root 20 Jun 3 16:47 .. -rw-r--r-- 1 root root 18 Jun 3 16:47 .bash_logout -rw-r--r-- 1 root root 193 Jun 3 16:47 .bash_profile -rw-r--r-- 1 root root 231 Jun 3 16:47 .bashrc [[email protected] ~]# chmod g=--- -R /home/tuser1/ [[email protected] ~]# chmod o=--- -R /home/tuser1/ [[email protected] ~]# ll -d /home/tuser1/ drwx------ 2 root root 62 Jun 3 16:47 /home/tuser1/ [[email protected] ~]# ll -a /home/tuser1/ total 12 drwx------ 2 root root 62 Jun 3 16:47 . drwxr-xr-x. 3 root root 20 Jun 3 16:47 .. -rw------- 1 root root 18 Jun 3 16:47 .bash_logout -rw------- 1 root root 193 Jun 3 16:47 .bash_profile -rw------- 1 root root 231 Jun 3 16:47 .bashrc
2、编辑/etc/group文件,添加组hadoop。
[[email protected] ~]# echo "hadoop:x:1000:" >> /etc/group [[email protected] ~]# tail -1 /etc/group hadoop:x:1000:
3、手动编辑/etc/passwd文件新增一行,添加用户hadoop,其基本组ID为hadoop组的id号;其家目录为/home/hadoop。
[[email protected] ~]# echo "hadoop:x:1000:1000:hadoop:/home/hadoop:/bin/bash" >> /etc/passwd [[email protected] ~]# tail -1 /etc/passwd hadoop:x:1000:1000:hadoop:/home/hadoop:/bin/bash
4、复制/etc/skel目录为/home/hadoop,要求修改hadoop目录的属组和其它用户没有任何访问权限。
[[email protected] ~]# cp -r /etc/skel /home/hadoop [[email protected] ~]# chmod g=--- -R /home/hadoop [[email protected] ~]# chmod o=--- -R /home/hadoop [[email protected] ~]# ll -d /home/hadoop/ drwx------ 2 root root 62 Jun 3 17:01 /home/hadoop/ [[email protected] ~]# ll -a /home/hadoop/ total 12 drwx------ 2 root root 62 Jun 3 17:01 . drwxr-xr-x. 4 root root 34 Jun 3 17:01 .. -rw------- 1 root root 18 Jun 3 17:01 .bash_logout -rw------- 1 root root 193 Jun 3 17:01 .bash_profile -rw------- 1 root root 231 Jun 3 17:01 .bashrc
5、修改/home/hadoop目录及其内部所有文件的属主为hadoop,属组为hadoop。
[[email protected] ~]# chown -R hadoop:hadoop /home/hadoop [[email protected] ~]# ll -d /home/hadoop/ drwx------ 2 hadoop hadoop 62 Jun 3 17:01 /home/hadoop/ [[email protected] ~]# ll -a /home/hadoop/ total 12 drwx------ 2 hadoop hadoop 62 Jun 3 17:01 . drwxr-xr-x. 4 root root 34 Jun 3 17:01 .. -rw------- 1 hadoop hadoop 18 Jun 3 17:01 .bash_logout -rw------- 1 hadoop hadoop 193 Jun 3 17:01 .bash_profile -rw------- 1 hadoop hadoop 231 Jun 3 17:01 .bashrc
6、显示/proc/meminfo文件中以大写或小写S开头的行;用两种方式;
[[email protected] ~]# grep -E "^(s|S)" /proc/meminfo SwapCached: 0 kB SwapTotal: 1048572 kB SwapFree: 1048572 kB Shmem: 4400 kB Slab: 34604 kB SReclaimable: 23448 kB SUnreclaim: 11156 kB [[email protected] ~]# grep "^[sS]" /proc/meminfo SwapCached: 0 kB SwapTotal: 1048572 kB SwapFree: 1048572 kB Shmem: 4400 kB Slab: 34604 kB SReclaimable: 23448 kB SUnreclaim: 11156 kB [[email protected] ~]# grep -i "^s" /proc/meminfo SwapCached: 0 kB SwapTotal: 1048572 kB SwapFree: 1048572 kB Shmem: 4400 kB Slab: 34604 kB SReclaimable: 23448 kB SUnreclaim: 11156 kB
7、显示/etc/passwd文件中其默认shell为非/sbin/nologin的用户;
[[email protected] ~]# grep -v "/sbin/nologin$" /etc/passwd | cut -d‘:‘ -f1 root sync shutdown halt hadoop
8、显示/etc/passwd文件中其默认shell为/bin/bash的用户;
[[email protected] ~]# grep "/bin/bash$" /etc/passwd | cut -d‘:‘ -f1 root hadoop
9、找出/etc/passwd文件中的一位数或两位数;
[[email protected] ~]# grep -E "\<[0-9]\>|\<[0-9]{2}\>" /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
10、显示/boot/grub/grub.conf中以至少一个空白字符开头的行;
[[email protected] ~]# grep -E "^[[:space:]]+" /boot/grub/grub.conf root (hd0,0) kernel /vmlinuz-2.6.32-696.el6.x86_64 ro root=UUID=b8383511-7dd4-4ca8-97ec-aa9cf6c7891a rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet initrd /initramfs-2.6.32-696.el6.x86_64.img
11、显示/etc/rc.d/rc.sysinit文件中以#开头,后面跟至少一个空白字符,而后又有至少一个非空白字符的行;
[[email protected] ~]# grep -E "^#[[:space:]]+[^[:space:]]" /etc/rc.d/rc.sysinit # /etc/rc.d/rc.sysinit - run once at boot time # Taken in part from Miquel van Smoorenburg‘s bcheckrc. # Check SELinux status # Print a text banner. # Only read this once. # Initialize hardware # Set default affinity # Load other user-defined modules # Load modules (for backward compatibility with VARs) # Configure kernel parameters # Set the hostname. # Sync waiting for storage. # Device mapper & related initialization # Start any MD RAID arrays that haven‘t been started yet # Remount the root filesystem read-write. # Clean up SELinux labels # If relabeling,relabel mount points. # Mount all other filesystems (except for NFS and /proc,which is already # mounted). Contrary to standard usage,# filesystems are NOT unmounted in single user mode. # The ‘no‘ applies to all listed filesystem types. See mount(8). # Check to see if a full relabel is needed # Update quotas if necessary # Initialize pseudo-random number generator # Configure machine if necessary. # Clean out /. # Do we need (w|u)tmpx files? We don‘t set them up,but the sysadmin might... # Clean up /var. # Clean up utmp/wtmp # Clean up varIoUs /tmp bits # Make ICE directory # Start up swapping. # Set up binfmt_misc # Boot time profiles. Yes,this should be somewhere else. # Now that we have all of our basic modules loaded and the kernel going,# let‘s dump the syslog ring somewhere so we can find it later # create the crash indicator flag to warn on crashes,offer fsck with timeout # Let rhgb kNow that we‘re leaving rc.sysinit
12、打出netstat -tan命令执行结果中以‘LISTEN’,后或跟空白字符结尾的行;
[[email protected] ~]# netstat -tan | grep "LISTEN[[:space:]]*$" tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN
13、添加用户bash,testbash,basher,nologin (此一个用户的shell为/sbin/nologin),而后找出当前系统上其用户名和默认shell相同的用户的信息;
[[email protected] ~]# useradd bash [[email protected] ~]# useradd testbash [[email protected] ~]# useradd basher [[email protected] ~]# useradd -s /sbin/nologin nologin [[email protected] ~]# grep -E "^(\<[[:alnum:]]+\>).*\1$" /etc/passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt bash:x:1001:1001::/home/bash:/bin/bash nologin:x:1004:1004::/home/nologin:/sbin/nologin
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
