centos grep color centos镜像
大家好,今天小编来为大家解答centos grep color这个问题,centos镜像很多人还不知道,现在让我们一起来看看吧!
linux中yum update被占用的解决办法
使用yum安装计划任务功能,结果提示:
代码如下:
# yum-y install vixie-cron
Loaded plugins: fastestmirror, refresh-packagekit, security
Existing lock/var/run/yum.pid: another copy is running as pid font color="#ff0000"25960/font.
Another app is currently holding the yum lock; waiting for it to exit...
可能是系统自动升级正在运行,yum在锁定状态中。
已经有一个yum进程在运行了,使用kill干掉它:
代码如下:
# kill-s 9 25960
# ps aux|grep yum
root 6744 0.0 0.0 103260 900 pts/1 S+ 14:59 0:00 grep yum
root 25960 0.0 0.0 0 0? Z Sep19 0:01 [yumBackend.py] defunct
很遗憾,kill对付不了它,那怎么办呢?
可以通过强制关掉yum进程:
#rm-f/var/run/yum.pid
然后就可以使用yum了。如果不行可以重启yum
/sbin/service yum-updatesd restart
以下是其它网友的补充:
补充一、
有时,在linux下yum update会提示:
Another app is currently holding the yum lock解决方案
解决办法是干掉缓存中的yum进程,重启yum。
清掉缓存中的进程:
rm-f/var/run/yum.pid
重启yum(我的系统是fedora)
systemctl status yum-updatesd.service
centos用户使用:
/sbin/service yum-updatesd restart
补充二、
在CentOS上yum-y install gcc* gcc-c++* autoconf* automake* zlib* libxml* ncurses-devel* libmcrypt* libtool*时出现错误:
1)怎么回事呢?根据提示,原来是系统进程已经有一个update在运行了。在进程里查看下:ps-ef| grep update
2)通过kill杀掉这个进程,可杀掉之后,错误依旧。原来在/var/run目录下,还有yum这个进程ID,需要将这个进程id文件强制删除掉:
3)同时重启下yum更新服务,如下:
4)最后重新yum-y install gcc* gcc-c++* autoconf* automake* zlib* libxml* ncurses-devel* libmcrypt* libtool*,已正常
rootkit的检测工具使用介绍(chkrootkit和rootkit hunter)
用了两个工具,一个chkrootkit,另外一个rootkit huntur。在使用了这两个产品后,觉得rootkit的信息更加详细一些。现在就对两个工具的操作和使用写一个记录,也方便之后自己查看。
1. chkrootkit的使用
project:
download:
1.1解压安装
#tar-zxvf chkrootkit.tar.gz
#make sense
1.2运行监测
#./chkrootkit
运行结果在
判断有问题的信息如下:
Checking `ifconfig'... INFECTED
Checking `ls'... INFECTED
Checking `netstat'... INFECTED
Checking `ps'... INFECTED
Checking `top'... INFECTED
Searching for Madalin rootkit default files... Possible Madalin rootkit installed
Checking `bindshell'... INFECTED(PORTS: 145)
Checking `lkm'... You have 77 process hidden for readdir command
You have 77 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
Checking `sniffer'... eth0: PROMISC
不幸中招,系统只能够重新安装了。在看了这个文档之后,对chkrootkit这个工具又看了一些其他资料。可以做rootkit的自动检查操作
具体可以看
1.3 chkrootkit参数说明
Usage:./chkrootkit [options] [test...]
Options:
-h显示帮助信息
-V显示版本信息
-l显示测试内容
-d debug模式,显示检测过程的相关指令程序
-q安静模式,只显示有问题部分,
-x高级模式,显示所有检测结果
-r dir设定指定的目录为根目录
-p dir1:dir2:dirN检测指定目录
-n跳过NFS连接的目录
2. rootkit hunter的使用
Project:
download:
2.1解压安装
解压
#tar-zxvf rkhunter-1.3.4.tar.gz
安装
#cd rkhunter-1.3.4
#./installer.sh-h
Usage:./installer.sh parameters
Ordered valid parameters:
--help(-h):显示帮助
--examples:显示安装实例
--layout value:选择安装模板(安装必选参数).
模板选择:
- default:(FHS compliant),
-/usr,
-/usr/local,
- oldschool:之前版本安装路径,
- custom:自定义安装路径,
- RPM: for building RPM's. Requires$RPM_BUILD_ROOT.
- DEB: for building DEB's. Requires$DEB_BUILD_ROOT.
--striproot: Strip path from custom layout(for package maintainers).
--install:根据选择目录安装
--show:显示安装路径
--remove:卸载rkhunter
--version:显示安装版本
我使用的安装指令
#./installer.sh--layout default--install
2.2 rkhunter操作
#/usr/local/bin/rkhunter--propupd
#/usr/local/bin/rkhunter-c--sk--rwo
Warning: File'/bin/awk' has the immutable-bit set.
Warning: File'/bin/basename' has the immutable-bit set.
Warning: File'/bin/bash' has the immutable-bit set.
Warning: File'/bin/cat' has the immutable-bit set.
Warning: File'/bin/chmod' has the immutable-bit set.
Warning: File'/bin/chown' has the immutable-bit set.
Warning: File'/bin/cp' has the immutable-bit set.
Warning: File'/bin/csh' has the immutable-bit set.
Warning: File'/bin/cut' has the immutable-bit set.
Warning: File'/bin/date' has the immutable-bit set.
Warning: File'/bin/df' has the immutable-bit set.
Warning: File'/bin/dmesg' has the immutable-bit set.
Warning: File'/bin/echo' has the immutable-bit set.
Warning: File'/bin/ed' has the immutable-bit set.
Warning: File'/bin/egrep' has the immutable-bit set.
Warning: File'/bin/env' has the immutable-bit set.
Warning: File'/bin/fgrep' has the immutable-bit set.
Warning: File'/bin/grep' has the immutable-bit set.
Warning: File'/bin/kill' has the immutable-bit set.
Warning: File'/bin/login' has the immutable-bit set.
Warning: File'/bin/ls' has the immutable-bit set.
Warning: File'/bin/mail' has the immutable-bit set.
Warning: File'/bin/mktemp' has the immutable-bit set.
Warning: File'/bin/more' has the immutable-bit set.
Warning: File'/bin/mount' has the immutable-bit set.
Warning: File'/bin/mv' has the immutable-bit set.
Warning: File'/bin/netstat' has the immutable-bit set.
Warning: File'/bin/ps' has the immutable-bit set.
Warning: File'/bin/pwd' has the immutable-bit set.
Warning: File'/bin/rpm' has the immutable-bit set.
Warning: File'/bin/sed' has the immutable-bit set.
Warning: File'/bin/sh' has the immutable-bit set.
Warning: File'/bin/sort' has the immutable-bit set.
Warning: File'/bin/su' has the immutable-bit set.
Warning: File'/bin/touch' has the immutable-bit set.
Warning: File'/bin/uname' has the immutable-bit set.
Warning: File'/bin/gawk' has the immutable-bit set.
Warning: File'/bin/tcsh' has the immutable-bit set.
Warning: File'/usr/bin/awk' has the immutable-bit set.
Warning: File'/usr/bin/cut' has the immutable-bit set.
Warning: File'/usr/bin/env' has the immutable-bit set.
Warning: The command'/usr/bin/GET' has been replaced by a script:/usr/bin/GET: perl script text executable
Warning: The command'/usr/bin/groups' has been replaced by a script:/usr/bin/groups: Bourne shell script text executable
Warning: File'/usr/bin/kill' has the immutable-bit set.
Warning: The command'/usr/bin/ldd' has been replaced by a script:/usr/bin/ldd: Bourne shell script text executable
Warning: File'/usr/bin/top' has the immutable-bit set.
Warning: The command'/usr/bin/whatis' has been replaced by a script:/usr/bin/whatis: Bourne shell script text executable
Warning: File'/usr/bin/gawk' has the immutable-bit set.
Warning: File'/sbin/chkconfig' has the immutable-bit set.
Warning: File'/sbin/depmod' has the immutable-bit set.
Warning: File'/sbin/fuser' has the immutable-bit set.
Warning: File'/sbin/ifconfig' has the immutable-bit set.
Warning: File'/sbin/ifdown' has the immutable-bit set.
Warning: The command'/sbin/ifdown' has been replaced by a script:/sbin/ifdown: Bourne-Again shell script text executable
Warning: File'/sbin/ifup' has the immutable-bit set.
Warning: The command'/sbin/ifup' has been replaced by a script:/sbin/ifup: Bourne-Again shell script text executable
Warning: File'/sbin/init' has the immutable-bit set.
Warning: File'/sbin/insmod' has the immutable-bit set.
Warning: File'/sbin/ip' has the immutable-bit set.
Warning: File'/sbin/lsmod' has the immutable-bit set.
Warning: File'/sbin/modinfo' has the immutable-bit set.
Warning: File'/sbin/modprobe' has the immutable-bit set.
Warning: File'/sbin/nologin' has the immutable-bit set.
Warning: File'/sbin/rmmod' has the immutable-bit set.
Warning: File'/sbin/runlevel' has the immutable-bit set.
Warning: File'/sbin/sulogin' has the immutable-bit set.
Warning: File'/sbin/sysctl' has the immutable-bit set.
Warning: File'/sbin/syslogd' has the immutable-bit set.
Warning: File'/usr/sbin/adduser' has the immutable-bit set.
Warning: No hash value found for file'/usr/sbin/amd' in the rkhunter.dat file.
Warning: File'/usr/sbin/amd' has the immutable-bit set.
Warning: File'/usr/sbin/chroot' has the immutable-bit set.
Warning: File'/usr/sbin/groupadd' has the immutable-bit set.
Warning: File'/usr/sbin/groupdel' has the immutable-bit set.
Warning: File'/usr/sbin/groupmod' has the immutable-bit set.
Warning: File'/usr/sbin/grpck' has the immutable-bit set.
Warning: File'/usr/sbin/kudzu' has the immutable-bit set.
Warning: File'/usr/sbin/lsof' has the immutable-bit set.
Warning: File'/usr/sbin/prelink' has the immutable-bit set.
Warning: File'/usr/sbin/pwck' has the immutable-bit set.
Warning: File'/usr/sbin/sestatus' has the immutable-bit set.
Warning: File'/usr/sbin/tcpd' has the immutable-bit set.
Warning: File'/usr/sbin/useradd' has the immutable-bit set.
Warning: File'/usr/sbin/userdel' has the immutable-bit set.
Warning: File'/usr/sbin/usermod' has the immutable-bit set.
Warning: File'/usr/sbin/vipw' has the immutable-bit set.
Warning: File'/usr/sbin/xinetd' has the immutable-bit set.
Warning: Dreams Rootkit [ Warning ]
File'/usr/bin/sense' found
File'/usr/bin/sl2' found
File'/usr/bin/(swapd)' found
Warning: Checking for possible rootkit strings [ Warning ]
Found string'/dev/ttyoa' in file'/bin/netstat'. Possible rootkit: Sin Rootkit
Warning: Found possible sniffer log file:/usr/lib/libice.log
Warning: Found enabled xinetd service:/etc/xinetd.d/auth
Warning: Found enabled xinetd service:/etc/xinetd.d/cups-lpd
Warning: Found enabled xinetd service:/etc/xinetd.d/swat
Warning: Found enabled xinetd service:/etc/xinetd.d/vmware-authd
Warning: Possible promiscuous interfaces:
'ifconfig' command output:
'ip' command output: eth0
Warning: Account'test' is root equivalent(UID= 0)
Warning: Account'james' is root equivalent(UID= 0)
Warning: Account'master' is root equivalent(UID= 0)
Warning: Account'admin' is root equivalent(UID= 0)
Warning: The SSH configuration option'PermitRootLogin' has not been set.
The default value may be'yes', to allow root access.
Warning: The SSH configuration option'Protocol' has not been set.
The default value may be'2,1', to allow the use of protocol version 1.
Warning: Hidden file found:/usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
Warning: Application'exim', version'4.43', is out of date, and possibly a security risk.
Warning: Application'gpg', version'1.2.6', is out of date, and possibly a security risk.
Warning: Application'openssl', version'0.9.7a', is out of date, and possibly a security risk.
Warning: Application'php', version'4.3.9', is out of date, and possibly a security risk.
One or more warnings have been found while checking the system.
Please check the log file(/var/log/rkhunter.log)
结果就是“中招”,基本上就是重新安装系统的命了。不过从检查的结果来看,可以判断所中的rootkit的类型和被替换的系统文件。同时对一些程序版本进行检测,提供的信息比较多。
2.3指令参数说明
#/usr/local/bin/rkhunter
Usage: rkhunter{--check|--update|--versioncheck|
--propupd [{filename| directory| package name},...]|
--list [{tests|{lang| languages}| rootkits},...]|
--version|--help} [options]
Current options are:
--append-log在日志文件后追加日志,而不覆盖原有日志
--bindir directory... Use the specified command directories
-c,--check检测当前系统
--cs2,--color-set2 Use the second color set for output
--configfile file使用特定的配置文件
--cronjob作为cron定期运行
(包含参数-c,--sk,--nocolors)
--dbdir directory Use the specified database directory
--debug Debug模式(不要使用除非要求使用)
--disable test[,test...]跳过指定检查对象(默认为无)
--display-logfile在最后显示日志文件内容
--enable test[,test...]对指定检测对象进行检查
(默认检测所有对象)
--hash{MD5| SHA1| NONE|使用指定的文件哈希函数
command}(Default is SHA1)
-h,--help显示帮助菜单
--lang,--language language指定使用的语言
(Default is English)
--list [tests| languages|罗列测试对象明朝,使用语言,可检测的木马程序
rootkits]
-l,--logfile [file]写到指定的日志文件名
(Default is/var/log/rkhunter.log)
--noappend-log不追加日志,直接覆盖日志文件
--nocolors输出只显示黑白两色
--nolog不写入日志文件
--nomow,--no-mail-on-warning如果有警告信息,不发送邮件
--ns,--nosummary不显示检查结果的统计数据
--novl,--no-verbose-logging不显示详细记录
--pkgmgr{RPM| DPKG| BSD|使用特定的包管理用于文件的哈希值验证
NONE}(Default is NONE)
--propupd [file| directory|更新整个文件属性数据库或仅仅更新指定条目
package]...
-q,--quiet安静模式(no output at all)
--rwo,--report-warnings-only只显示警告信息
-r,--rootdir directory使用指定的root目录
--sk,--skip-keypress自动完成所有检测,跳过键盘输入
--summary显示检测结果的统计信息
(This is the default)
--syslog [facility.priority]记录检测启动和结束时间到系统日志中
(Default level is authpriv.notice)
--tmpdir directory使用指定的临时目录
--update检测更新内容
--vl,--verbose-logging使用详细日志记录(on by default)
-V,--version显示版本信息
--versioncheck检测最新版本
-x,--autox当X在使用时,自动启动检测
-X,--no-autox当X在使用时,不自启检测
CentOS里egrep命令详解
在CentOS环境中,egrep命令是一种强大的文本搜索工具,它与grep命令的-E选项功能相似,但有一些特定的区别。egrep允许用户使用扩展的正则表达式,这使得搜索模式更为灵活。它的核心特点在于几个特殊的符号:+表示重复,?表示零次或多次,|表示选择,()用于定义组和重复组,!用作普通字符,.表示匹配任意单个字符。下面是一些egrep命令的使用实例:
1.搜索以"Ne"或"NO"开头的用户信息:
[root@LiWenTong test4]# egrep'N(e|o)+'/etc/passwd
这个命令将匹配到以"Ne"或"NO"开头的行,如'nobody'。
2.搜索包含"network admin"或"uucp admin"的行:
[root@LiWenTong test4]# egrep'(network|uucp)'/etc/passwd
这将返回包含这两个短语的行,如'uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin'。
3.搜索没有数字的行:
[root@linux-lwt tmp]# egrep'^[^0-9]+$' 1.txt
这个命令将匹配所有不包含数字的行,如'asdfasfEASDF'。
总的来说,egrep命令通过使用扩展正则表达式,让用户在CentOS系统中更精确地查找和筛选文本内容。
