This is the fifth day of my participation in Gwen Challenge
Click “like” to see, pay attention to collection, habit formation, win the future
There are many commands for searching in Linux operating system. Today we will focus on the following commands:
Which looks at the location of the executable
Whereis looks at the location of the executable and related files
Locate works with the database cache to quickly view file locations
Grep filters matches, which is a file search tool
Find Finds related files
1. Whereis it?
The easiest use of which and whereis is to find executable locations and related files – let’s take a look at an example:
Case study:
[root@zmgaosh ~]# which cd
/usr/bin/cd
[root@zmgaosh ~]# whereis cd
cd: /usr/bin/cd /usr/share/man/man1/cd.1.gz
[root@zmgaosh ~]# whereis ls
ls: /usr/bin/ls /usr/share/man/man1/ls.1.gz
Copy the code2
1) Introduction to Locate
The locate command and find -name function the same, is it another way, but the search much faster than the find, because the find command to find specific directory file, and locate the search is a database/var/lib/mlocate/mlocate db, This database holds all local file information;
This database is automatically created by Linux and automatically updated daily.
/usr/bin/updatedb is used to update the database. Done automatically by the crontab/usr/bin/locate query file location/etc/updatedb. Conf updatedb configuration file/var/lib/mlocate/mlocate db stored information fileCopy the code2) Locate
-b, --basename match only the basename of path names -c, --count Print only the number found -d, --database DBPATH use the database specified by DBPATH, Instead of the default database/var/lib/mlocate/mlocate db - e,, existing onlyprint entries for currently existing files
-L, --follow follow trailing symbolic links when checking file existence (default)
-h, --helpDisplay help -i, --ignore-case ignores case -l, --limit, -n LIMIT limit output (or counting) to LIMIT entries
-m, --mmap ignored, for backward compatibility
-P, --nofollow, -H don't follow trailing symbolic links when checking file existence -0, --null separate entries with NUL on output -S, --statistics don't search for entries, printStatistics about eachUsed database -q, --quiet -r, --regexp regexp uses basic regular expressions --regex uses extended regular expressions -s, --stdio ignored,forBackward Compatibility -v, --version Displays version information -w, --wholename match whole path name (default)Copy the code3) Locate installation
[root@zmgaosh ~]# yum install mlocate && updatedb
[root@zmgaosh ~]# ls check local directory, there is zmedu. TXT file
a.sh a.txt file test zmedu.txt
[root@zmgaosh ~]# locate zmedu. TXT # locate zmedu. TXT
/root/zmedu.txt
[root@zmgaosh ~]# create zmeduv2.txt
[root@zmgaosh ~]# locate zmeduv2.txt # locate zmeduv2.txt
[root@zmgaosh ~]# updatedb # update
[root@zmgaosh ~]# locate zmeduv2.txt # locate zmeduv2.txt
/root/zmeduv2.txt
[root@zmgaosh ~]#
Copy the codeAs the above example fully illustrates, the new file cannot be located and can only be quickly found after using update.
Let’s take a look at the updatedb configuration file
Updatedb configuration file
[root@zmgaosh ~]# cat /etc/updatedb.conf
PRUNE_BIND_MOUNTS = "yes" # Whether to restrict search
PRUNEFS = "9p afs anon_inodefs auto autofs bdev binfmt_misc cgroup cifs coda configfs cpuset debugfs devpts ecryptfs exofs fuse fuse.sshfs fusectl gfs gfs2 gpfs hugetlbfs inotifyfs iso9660 jffs2 lustre mqueue ncpfs nfs nfs4 nfsd pipefs proc ramfs rootfs rpc_pipefs securityfs selinuxfs sfs sockfs sysfs tmpfs ubifs udf usbfs fuse.glusterfs ceph fuse.ceph" # exclude search for files with suffixes
PRUNENAMES = ".git .hg .svn"
PRUNEPATHS = "/afs /media /mnt /net /sfs /tmp /udev /var/cache/ccache /var/lib/yum/yumdb /var/spool/cups /var/spool/squid /var/tmp /var/lib/ceph" The files and subfolders listed in the path are skipped and not searched
Copy the codeThe use of grep
1) Functions of grep
Filter, which uses regular expressions to search text and print out the results
2) Common parameters:
-v takes the inverse -i, ignoring case ^# starts with #
#$ends with #^ $empty lines - n combined with the content of the filter line Numbers | or meanCopy the code3.
[root@zmgaosh ~]# ps -aux |grep sshd |grep -v grepRoot 4700 0.2 0.1 157640 6348? Ss 13:55 0:51 SSHD: root@pts/0, PTS /1 root 9315 0.0 0.1 112920 4312? Ss 6月17 0:00 /usr/sbin/sshdCopy the codeGrep -v grep refers to the query statement without grep.
If no grep -v is used, the following output is displayed:
[root@zmgaosh ~]# ps -aux |grep sshd Root 4700 0.2 0.1 157640 6348? Ss 13:55 0:51 sshd: root@pts/0, PTS /1 root 9146 0.0 0.0 112732 968 PTS /0 S+ 21:03 0:00 grep --color=auto SSHD root 9315 0.0 0.1 112920 4312? Ss 6月17 0:00 /usr/sbin/sshdCopy the codeIn general, you can use grep to check whether there is a backdoor account
[root@zmgaosh ~]# grep /bin/bash /etc/passwd
root:x:0:0:root:/root:/bin/bash
Copy the codeWhen we want to query how many current Nologin users there are
[root@zmgaosh ~]# grep "nologin" /etc/passwd |wc -l
Copy the codeUse of the find command (emphasis)
1) format
Format: find pathname-options [-print] command word pathname option output
2) Common parameters of the find command
Find command options: -name Searches for files by filename. Name -perm finds files by file permissions. -user Searches for files by file owner. -group Searches for files by file group. -mtime -n / +n Searches for files by file change time. -n indicates that the file change time is within N days agotypeSearch for a certain type of file B - Block device file D - Directory C - Character device file P - Pipe file L - Symbolic link file f - Common file -size n Search for a file that matches the specified file size -execExecute the other Linux commands given by this parameter on the matching files, in the form of'command {} \; , note {} and \; {} represents the found contentCopy the code3) sample
Find all TXT files in the current directory
[root@zmgaosh ~]# find . -name "*.txt"
./zmedu.txt
./a.txt
./zmeduv2.txt
Copy the codeFind files by change time or access time, etc
Mtime: time when the file was last modified atime: time when the file was last accessed ctime: time when the file was last changed, that is, when the file was modified
For example, search for files in the root directory that have been modified within one day
[root@zmgaosh ~]# find /root/ -mtime -1
/root/
/root/.viminfo
/root/a.sh
/root/zmedu.txt
/root/.mysql_history
/root/a.txt
/root/test
/root/.bash_history
/root/zmeduv2.txt
/root/file
[root@zmgaosh ~]#
Copy the codeFind and execute the appropriate command
Use the exec option
[root@zmgaosh ~]Bak # create three files
[root@zmgaosh ~]# ls
1.bak 3.bak a.txt test zmeduv2.txt
2.bak a.sh file zmedu.txt
[root@zmgaosh ~]# find . -name "*.bak" -exec rm {} \; Find files ending in.bak and delete them
[root@zmgaosh ~]# ls
a.sh a.txt file test zmedu.txt zmeduv2.txt
Copy the codeFind the formulation file in one directory and copy it to another directory
[root@zmgaosh ~]# ls
a.sh a.txt file test zmedu.txt zmeduv2.txt
[root@zmgaosh ~]# find . -name "*.txt" -exec cp {} /opt \;
[root@zmgaosh ~]# ls /opt/
a.txt zmedu.txt zmeduv2.txt
Copy the codeFind multiple type files
Use of comparators: -a and and -o or + over - belowCopy the codeSearch for files whose sizes are larger than 20 KB and smaller than 50 KB in /etc//etc/and count the number of files
[root@zmgaosh ~]# find /etc -size +20k -a -size -50k |wc -l
17
Copy the codeSearch by permission -perm
Find a file or directory whose /etc permission is 755
[root@zmgaosh ~]# find /etc -perm 755 |wc -l
232
Copy the codeConclusion:
Among the search commands, find and grep are the most commonly used, and are also frequently used in interviews
Mnemonic tips: Use find to find files, grep to view contents