Filter content in Linux 在 Linux 中過濾內容
In this reading, you’ll continue exploring Linux commands, which can help you filter for the information you need. You’ll learn a new Linux command, find, which can help you search files and directories for specific information.
在這篇閱讀中,您將繼續探索 Linux 命令,這些命令可以幫助您過濾所需的信息。您將學習一個新的 Linux 命令 find,它可以幫助您在文件和目錄中搜尋特定的信息。
Filtering for information
過濾信息
You previously explored how filtering for information is an important skill for security analysts. Filtering is selecting data that match a certain condition. For example, if you had a virus in your system that only affected the .txt files, you could use filtering to find these files quickly. Filtering allows you to search based on specific criteria, such as file extension or a string of text.
您之前已經探索過過濾信息對於安全分析師來說是一項重要技能。過濾是選擇符合某個條件的數據。例如,如果您的系統中有一個只影響 .txt 文件的病毒,您可以使用過濾來快速找到這些文件。過濾允許您根據特定的標準進行搜尋,例如文件擴展名或一串文字。
grep
The grep command searches a specified file and returns all lines in the file containing a specified string or text. The grep command commonly takes two arguments: a specific string to search for and a specific file to search through.
grep 指令會搜尋指定的檔案,並返回檔案中包含指定字串或文字的所有行。grep 指令通常需要兩個參數:要搜尋的特定字串和要搜尋的特定檔案。
For example, entering grep OS updates.txt returns all lines containing OS in the updates.txt file. In this example, OS is the specific string to search for, and updates.txt is the specific file to search through.
例如,輸入 grep OS updatestxt 會返回 updatestxt 檔案中所有包含 OS 的行。在這個例子中,OS 是要搜尋的特定字串,而 updates.txt 是要搜尋的特定檔案。
Let’s look at another example: grep error time_logs.txt. Here grep is used to search for the text pattern. error is the term you are looking for in the time_logs.txt file. When you run this command, grep will scan the time_logs.txt file and print only the lines containing the word error
讓我們看看另一個例子:grep error time_logs.txt。在這裡,grep 用於搜尋文字模式。error 是您在 time_logs.txt 檔案中要尋找的詞。當您執行此指令時,grep 會掃描 time_logs.txt 檔案,並僅列印包含單詞 error 的行。.
Piping 管道
The pipe command is accessed using the pipe character (|). Piping sends the standard output of one command as standard input to another command for further processing. As a reminder, standard output is information returned by the OS through the shell, and standard input is information received by the OS via the command line.
管道命令使用管道字符(|)來訪問。管道將一個命令的標準輸出作為標準輸入發送到另一個命令以進行進一步處理。提醒一下,標準輸出是操作系統通過 shell 返回的信息,而標準輸入是操作系統通過命令行接收的信息。
The pipe character (|) is located in various places on a keyboard. On many keyboards, it’s located on the same key as the backslash character (\). On some keyboards, the | can look different and have a small space through the middle of the line. If you can’t find the |, search online for its location on your particular keyboard.
管道符號(|)在鍵盤上的位置各不相同。在許多鍵盤上,它與反斜線符號(\)位於同一個鍵上。在某些鍵盤上,| 可能看起來不同,並且在線的中間有一個小空隙。如果找不到 |,可以在線搜尋您特定鍵盤上的位置。
When used with grep, the pipe can help you find directories and files containing a specific word in their names. For example, ls /home/analyst/reports | grep users returns the file and directory names in the reports directory that contain users. Before the pipe, ls indicates to list the names of the files and directories in reports. Then, it sends this output to the command after the pipe. In this case, grep users returns all of the file or directory names containing users from the input it received.
當與 grep 一起使用時,管道可以幫助你找到名稱中包含特定單詞的目錄和文件。例如,ls /home/analyst/reports | grep users 會返回 reports 目錄中包含 users 的文件和目錄名稱。在管道之前,ls 表示列出 reports 中的文件和目錄名稱。然後,它將此輸出發送到管道後的命令。在這種情況下,grep users 會返回從接收到的輸入中包含 users 的所有文件或目錄名稱。
Note: Piping is a general form of redirection in Linux and can be used for multiple tasks other than filtering. You can think of piping as a general tool that you can use whenever you want the output of one command to become the input of another command.
注意:管道是一種在 Linux 中的通用重定向形式,除了過濾之外還可以用於多種任務。你可以將管道視為一種通用工具,當你希望一個命令的輸出成為另一個命令的輸入時可以使用。
find
The find command searches for directories and files that meet specified criteria. There’s a wide range of criteria that can be specified with find. For example, you can search for files and directories that
find 命令用於搜索符合指定條件的目錄和文件。find 可以指定的條件範圍非常廣泛。例如,你可以搜索文件和目錄,這些文件和目錄符合某些條件。
Contain a specific string in the name,
名稱中包含特定字串,Are a certain file size, or
是特定的檔案大小,或Were last modified within a certain time frame.
在特定時間範圍內最後修改。
When using find, the first argument after find indicates where to start searching. For example, entering find /home/analyst/projects searches for everything starting at the projects directory.
使用 find 時,find 之後的第一個參數表示從哪裡開始搜尋。例如,輸入 find /home/analyst/projects 會從 projects 目錄開始搜尋所有內容。
After this first argument, you need to indicate your criteria for the search. If you don’t include a specific search criteria with your second argument, your search will likely return a lot of directories and files.
在第一個參數之後,你需要指明搜尋的條件。如果你沒有在第二個參數中包含特定的搜尋條件,你的搜尋結果可能會返回大量的目錄和檔案。
Specifying criteria involves options. Options modify the behavior of a command and commonly begin with a hyphen (-).
指定條件涉及選項。選項用於修改命令的行為,通常以連字號(-)開頭。
-name and -iname -name 和 -iname
One key criteria analysts might use with find is to find file or directory names that contain a specific string. The specific string you’re searching for must be entered in quotes after the -name or -iname options. The difference between these two options is that -name is case-sensitive, and -iname is not.
分析師可能會使用的一個關鍵標準是尋找包含特定字串的檔案或目錄名稱。您要搜尋的特定字串必須在 -name 或 -iname 選項後以引號輸入。這兩個選項的區別在於 -name 是區分大小寫的,而 -iname 則不區分大小寫。
For example, you might want to find all files in the projects directory that contain the word “log” in the file name. To do this, you’d enter find /home/analyst/projects -name "*log*". You could also enter find /home/analyst/projects -iname "*log*"
例如,您可能想要在 projects 目錄中找到所有檔名中包含「log」的檔案。要做到這一點,您可以輸入 find /home/analyst/projects -name "*log*"。您也可以輸入 find /home/analyst/projects -iname "*log*".
In these examples, the output would be all files in the projects directory that contain log surrounded by zero or more characters. The "*log*" portion of the command is the search criteria that indicates to search for the string “log”. When -name is the option, files with names that include Log or LOG, for example, wouldn’t be returned because this option is case-sensitive. However, they would be returned when -iname is the option.
在這些例子中,輸出將是 projects 目錄中所有檔名中包含 log 並被零個或多個字元包圍的檔案。命令中的 "*log*" 部分是搜尋標準,表示要搜尋字串「log」。當選項是 -name 時,檔名中包含 Log 或 LOG 的檔案不會被返回,因為此選項區分大小寫。然而,當選項是 -iname 時,它們會被返回。
Note: An asterisk (*) is used as a wildcard to represent zero or more unknown characters.
注意:星號(*)用作通配符以表示零個或多個未知字符。
-mtime
Security analysts might also use find to find files or directories last modified within a certain time frame. The -mtime option can be used for this search. For example, entering find /home/analyst/projects -mtime -3 returns all files and directories in the projects directory that have been modified within the past three days.
安全分析師也可能使用 find 指令來查找在特定時間範圍內最後修改的檔案或目錄。可以使用 -mtime 選項來進行此類搜尋。例如,輸入 find /home/analyst/projects -mtime -3 會返回在過去三天內於 projects 目錄中被修改的所有檔案和目錄。
The -mtime option search is based on days, so entering -mtime +1 indicates all files or directories last modified more than one day ago, and entering -mtime -1 indicates all files or directories last modified less than one day ago.
-mtime 選項的搜尋是基於天數,因此輸入 -mtime +1 表示搜尋所有在一天前修改過的檔案或目錄,而輸入 -mtime -1 則表示搜尋所有在一天內修改過的檔案或目錄。
Note: The option -mmin can be used instead of -mtime if you want to base the search on minutes rather than days.
注意:如果您希望基於分鐘而非天數進行搜尋,可以使用 -mmin 選項來代替 -mtime。
Key takeaways 關鍵要點
Filtering for information using Linux commands is an important skill for security analysts so that they can customize data to fit their needs. Three key Linux commands for this are grep, piping (|), and find. These commands can be used to navigate and filter for information in the file system.
使用 Linux 命令過濾資訊是安全分析師的一項重要技能,這樣他們可以自訂數據以符合需求。三個關鍵的 Linux 命令是 grep、管道 (|) 和 find。這些命令可以用來在檔案系統中導航和過濾資訊。
Consider the privacy and security implications of using AI. Consider how using AI tools may affect the security of other people or organizations.
考慮使用 AI 的隱私和安全影響。考慮使用 AI 工具可能如何影響其他人或組織的安全性。