存档

‘shell’ 分类的存档

几行bash分析日志并报警强力蜘蛛

2008年8月25日
3 条评论

被SB蜘蛛抓烦了,今天早上一看,有2个IP一小时就抓了我80G的页面,还都是动态页面。

首先让 Apache 记的日志最小化,好处不用说了。


SetEnvIfNoCase Request_URI \.gif$ dontlog
SetEnvIfNoCase Request_URI \.jpg$ dontlog
SetEnvIfNoCase Request_URI \.png$ dontlog
SetEnvIfNoCase Request_URI \.swf$ dontlog
SetEnvIfNoCase Request_URI \.css$ dontlog
SetEnvIfNoCase Request_URI \.js$ dontlog
SetEnvIfNoCase Request_URI \.ico$ dontlog
CustomLog "|/usr/local/sbin/cronolog /var/log/httpd/%Y-%m/%d-%H.ip" "%{X-Forwarded-For}i" env=!dontlog

因为我的 Apache 是躲在 n 层代理的后面,所以只能记录 %{X-Forwarded-For},里面包含真实 IP,但是需要下一步分析去取出。


cd /var/log/httpd
f=`date -d '1 hours ago' +%Y-%m/%d-%H.ip`
ip=`sed 's#^\([0-9\.]\{1,\}\)[0-9 \.,\s]\{1,\}#\1#' $f | awk '{a[$1]++ } END{for(i in a){print a[i] " " i}}' | sort -rn | head`
curl -u 机器人的饭否登录名:密码 -d status="$ip" http://api.fanfou.com/statuses/update.xml
rm $f

测试下来一小时 10M 的 log,分析一下也就 3 秒左右,还有1秒是发送给饭否的报警的。如果记录的直接就是真实 IP,那可以去掉 sed 那段,分析应该还会快很多(log文件就小很多了)。

看到有夸张的,不是常规搜索引擎蜘蛛的话,就咔嚓掉。

iptables -A INPUT -s xxx.xxx.xxx.xxx/29 -j DROP

1 202.106.186.* 163蜘蛛
2 202.108.36.* 163蜘蛛
3 202.108.44.* 163蜘蛛
4 202.108.45.* 163蜘蛛
5 202.108.5.* 163蜘蛛
6 202.108.9.* 163蜘蛛
7 220.181.12.* 163蜘蛛
8 220.181.13.* 163蜘蛛
9 220.181.14.* 163蜘蛛
10 220.181.15.* 163蜘蛛
11 220.181.28.* 163蜘蛛
12 220.181.31.* 163蜘蛛
13 222.185.245.* 163蜘蛛
14 202.165.100.* 3721蜘蛛
15 220.181.19.* 百度蜘蛛
16 159.226.50.* 百度蜘蛛
17 202.108.11.* 百度蜘蛛
18 202.108.22.* 百度蜘蛛
19 202.108.23.* 百度蜘蛛
20 202.108.249.* 百度蜘蛛
21 202.108.250.* 百度蜘蛛
22 61.135.145.* 百度蜘蛛
23 61.135.146.* 百度蜘蛛
24 64.124.85.* become.com
25 61.151.243.* china蜘蛛
26 202.165.96.* gais.cs.ccu.edu.tw
27 216.239.33.* google蜘蛛
28 216.239.35.* google蜘蛛
29 216.239.37.* google蜘蛛
30 216.239.39.* google蜘蛛
31 216.239.51.* google蜘蛛
32 216.239.53.* google蜘蛛
33 216.239.55.* google蜘蛛
34 216.239.57.* google蜘蛛
35 216.239.59.* google蜘蛛
36 64.233.161.* google蜘蛛
37 64.233.189.* google蜘蛛
38 66.102.11.* google蜘蛛
39 66.102.7.* google蜘蛛
40 66.102.9.* google蜘蛛
41 66.249.64.* google蜘蛛
42 66.249.65.* google蜘蛛
43 66.249.66.* google蜘蛛
44 66.249.71.* google蜘蛛
45 66.249.72.* google蜘蛛
46 72.14.207.* google蜘蛛
47 61.135.152.* iask蜘蛛
48 65.54.188.* msn蜘蛛
49 65.54.225.* msn蜘蛛
50 65.54.226.* msn蜘蛛
51 65.54.228.* msn蜘蛛
52 65.54.229.* msn蜘蛛
53 207.46.98.* msn蜘蛛
54 207.68.157.* msn蜘蛛
55 194.224.199.* noxtrumbot
56 220.181.8.* Outfox
57 221.239.209.* Outfox
58 217.212.224.* psbot
59 219.133.40.* QQ蜘蛛
60 202.96.170.* QQ蜘蛛
61 202.104.129.* QQ蜘蛛
62 61.135.157.* QQ蜘蛛
63 219.142.118.* sina蜘蛛
64 219.142.78.* sina蜘蛛
65 61.135.132.* sohu蜘蛛
66 220.181.26.* sohu蜘蛛
220.181.19.*
67 61.135.158.* tom蜘蛛
68 66.196.90.* yahoo蜘蛛
69 66.196.91.* yahoo蜘蛛
70 68.142.249.* yahoo蜘蛛
71 68.142.250.* yahoo蜘蛛
72 68.142.251.* yahoo蜘蛛
73 202.165.102.* yahoo中国蜘蛛
74 202.160.178.* yahoo中国蜘蛛
75 202.160.179.* yahoo中国蜘蛛
76 202.160.180.* yahoo中国蜘蛛
77 202.160.181.* yahoo中国蜘蛛
78 202.160.183.* yahoo中国蜘蛛
79 72.30.101.* yahoo蜘蛛
80 72.30.102.* yahoo蜘蛛
81 72.30.103.* yahoo蜘蛛
82 72.30.104.* yahoo蜘蛛
83 72.30.107.* yahoo蜘蛛
84 72.30.110.* yahoo蜘蛛
85 72.30.111.* yahoo蜘蛛
86 72.30.128.* yahoo蜘蛛
87 72.30.129.* yahoo蜘蛛
88 72.30.131.* yahoo蜘蛛
89 72.30.133.* yahoo蜘蛛
90 72.30.134.* yahoo蜘蛛
91 72.30.135.* yahoo蜘蛛
92 72.30.216.* yahoo蜘蛛
93 72.30.226.* yahoo蜘蛛
94 72.30.252.* yahoo蜘蛛
95 72.30.97.* yahoo蜘蛛
96 72.30.98.* yahoo蜘蛛
97 72.30.99.* yahoo蜘蛛
98 74.6.74.* yahoo蜘蛛
99 202.108.4.* 中搜蜘蛛
100 202.108.4.* 中搜蜘蛛
101 202.108.33.* 中搜蜘蛛
102 202.96.51.* 中搜蜘蛛
103 219.142.53.* 中搜蜘蛛

xdanger bash, shell

iphone 1.1.3/1.1.4 完美破解指南

2008年3月15日
没有评论

首先用itunes将iphone升级至1.1.3/1.1.4
然后运行ziphone激活,破解,解锁……
安装openssh
root登陆,密码:alpine
安全起见 #chmod -x /usr/bin/passwd
这里生成密码,salt为/s,用它替换root密码(/etc/master.passwd)
然后移动 /Application /Library 到第二分区

Kafeifei Bsd, MacosX, Unix, shell

iPhone的通讯录以拼音排序

2007年10月6日
1 条评论

在iphone中安装php
将代码保存为py.php
ssh 登陆iphone或者在iphone安装Term-vt100
执行 php py.php 等待重启完成
结束

支持的中文貌似很有限,拼音表的处理看来要自己搞一个了,这个在网上找的。

py.php

<?php
/**
 * @desc 将iPhone的通讯录以拼音排序, 需要安装PHP
 * @author Kafeifei <http://www.nimab.org>
 * @version 0.2beta
 */
error_reporting(0);
$sqlite_file = '/private/var/root/Library/AddressBook/AddressBook.sqlitedb'; // 1.1.3 以前的版本
$sqlite_file = '/private/var/mobile/Library/AddressBook/AddressBook.sqlitedb'; // 1.1.3 以后的版本
if (!file_exists($sqlite_file)) {
	println("SQLiteDB:File Notfound.");
	die;
}
$dsn = "sqlite:{$sqlite_file}";
try {
    $dbh = new PDO($dsn);
    println("Open {$dsn}   OK.");
} catch (Exception $e) {
    println("Open {$dsn}   ERROR:".$e->getMessage());
    die;
}
$stmt = $dbh->query("SELECT ROWID, First, Last FROM ABPerson");
while ($person = $stmt->fetch(PDO::FETCH_ASSOC)) {
	$first = ucfirst(Py::parse(u2g($person['First'])));
	$last  = ucfirst(Py::parse(u2g($person['Last'])));
	$dbh->query("update ABPerson set FirstSort='{$first}', LastSort='{$last}' where ROWID = {$person['ROWID']} ;\n");
	println("{$person['ROWID']}\tOK.");
}
println("done.");
println("rebooting...");
system('launchctl stop com.apple.SpringBoard');

function u2g($str) {
    return iconv('utf-8', 'gbk', $str);
}

function println($str) {
    echo "$str\n";
    flush();
}

class Py {
    private static $table = array(
        array("a",-20319),
        array("ai",-20317),
        array("an",-20304),
        array("ang",-20295),
        array("ao",-20292),
        array("ba",-20283),
        array("bai",-20265),
        array("ban",-20257),
        array("bang",-20242),
        array("bao",-20230),
        array("bei",-20051),
        array("ben",-20036),
        array("beng",-20032),
        array("bi",-20026),
        array("bian",-20002),
        array("biao",-19990),
        array("bie",-19986),
        array("bin",-19982),
        array("bing",-19976),
        array("bo",-19805),
        array("bu",-19784),
        array("ca",-19775),
        array("cai",-19774),
        array("can",-19763),
        array("cang",-19756),
        array("cao",-19751),
        array("ce",-19746),
        array("ceng",-19741),
        array("cha",-19739),
        array("chai",-19728),
        array("chan",-19725),
        array("chang",-19715),
        array("chao",-19540),
        array("che",-19531),
        array("chen",-19525),
        array("cheng",-19515),
        array("chi",-19500),
        array("chong",-19484),
        array("chou",-19479),
        array("chu",-19467),
        array("chuai",-19289),
        array("chuan",-19288),
        array("chuang",-19281),
        array("chui",-19275),
        array("chun",-19270),
        array("chuo",-19263),
        array("ci",-19261),
        array("cong",-19249),
        array("cou",-19243),
        array("cu",-19242),
        array("cuan",-19238),
        array("cui",-19235),
        array("cun",-19227),
        array("cuo",-19224),
        array("da",-19218),
        array("dai",-19212),
        array("dan",-19038),
        array("dang",-19023),
        array("dao",-19018),
        array("de",-19006),
        array("deng",-19003),
        array("di",-18996),
        array("dian",-18977),
        array("diao",-18961),
        array("die",-18952),
        array("ding",-18783),
        array("diu",-18774),
        array("dong",-18773),
        array("dou",-18763),
        array("du",-18756),
        array("duan",-18741),
        array("dui",-18735),
        array("dun",-18731),
        array("duo",-18722),
        array("e",-18710),
        array("en",-18697),
        array("er",-18696),
        array("fa",-18526),
        array("fan",-18518),
        array("fang",-18501),
        array("fei",-18490),
        array("fen",-18478),
        array("feng",-18463),
        array("fo",-18448),
        array("fou",-18447),
        array("fu",-18446),
        array("ga",-18239),
        array("gai",-18237),
        array("gan",-18231),
        array("gang",-18220),
        array("gao",-18211),
        array("ge",-18201),
        array("gei",-18184),
        array("gen",-18183),
        array("geng",-18181),
        array("gong",-18012),
        array("gou",-17997),

        array("gu",-17988),
        array("gua",-17970),
        array("guai",-17964),
        array("guan",-17961),
        array("guang",-17950),
        array("gui",-17947),
        array("gun",-17931),
        array("guo",-17928),
        array("ha",-17922),
        array("hai",-17759),
        array("han",-17752),
        array("hang",-17733),
        array("hao",-17730),
        array("he",-17721),
        array("hei",-17703),
        array("hen",-17701),
        array("heng",-17697),
        array("hong",-17692),
        array("hou",-17683),
        array("hu",-17676),
        array("hua",-17496),
        array("huai",-17487),
        array("huan",-17482),
        array("huang",-17468),
        array("hui",-17454),
        array("hun",-17433),
        array("huo",-17427),
        array("ji",-17417),
        array("jia",-17202),
        array("jian",-17185),
        array("jiang",-16983),
        array("jiao",-16970),
        array("jie",-16942),
        array("jin",-16915),
        array("jing",-16733),
        array("jiong",-16708),
        array("jiu",-16706),
        array("ju",-16689),
        array("juan",-16664),
        array("jue",-16657),
        array("jun",-16647),
        array("ka",-16474),
        array("kai",-16470),
        array("kan",-16465),
        array("kang",-16459),
        array("kao",-16452),
        array("ke",-16448),
        array("ken",-16433),
        array("keng",-16429),
        array("kong",-16427),
        array("kou",-16423),
        array("ku",-16419),
        array("kua",-16412),
        array("kuai",-16407),
        array("kuan",-16403),
        array("kuang",-16401),
        array("kui",-16393),
        array("kun",-16220),
        array("kuo",-16216),
        array("la",-16212),
        array("lai",-16205),
        array("lan",-16202),
        array("lang",-16187),
        array("lao",-16180),
        array("le",-16171),
        array("lei",-16169),
        array("leng",-16158),
        array("li",-16155),
        array("lia",-15959),
        array("lian",-15958),
        array("liang",-15944),
        array("liao",-15933),
        array("lie",-15920),
        array("lin",-15915),
        array("ling",-15903),
        array("liu",-15889),
        array("long",-15878),
        array("lou",-15707),
        array("lu",-15701),
        array("lv",-15681),
        array("luan",-15667),
        array("lue",-15661),
        array("lun",-15659),
        array("luo",-15652),
        array("ma",-15640),
        array("mai",-15631),
        array("man",-15625),
        array("mang",-15454),
        array("mao",-15448),
        array("me",-15436),
        array("mei",-15435),
        array("men",-15419),
        array("meng",-15416),
        array("mi",-15408),
        array("mian",-15394),
        array("miao",-15385),
        array("mie",-15377),
        array("min",-15375),
        array("ming",-15369),
        array("miu",-15363),
        array("mo",-15362),
        array("mou",-15183),
        array("mu",-15180),
        array("na",-15165),
        array("nai",-15158),
        array("nan",-15153),
        array("nang",-15150),
        array("nao",-15149),
        array("ne",-15144),
        array("nei",-15143),
        array("nen",-15141),
        array("neng",-15140),
        array("ni",-15139),
        array("nian",-15128),
        array("niang",-15121),
        array("niao",-15119),
        array("nie",-15117),
        array("nin",-15110),
        array("ning",-15109),
        array("niu",-14941),
        array("nong",-14937),
        array("nu",-14933),
        array("nv",-14930),
        array("nuan",-14929),
        array("nue",-14928),
        array("nuo",-14926),
        array("o",-14922),
        array("ou",-14921),
        array("pa",-14914),
        array("pai",-14908),
        array("pan",-14902),
        array("pang",-14894),
        array("pao",-14889),
        array("pei",-14882),
        array("pen",-14873),
        array("peng",-14871),
        array("pi",-14857),
        array("pian",-14678),
        array("piao",-14674),
        array("pie",-14670),
        array("pin",-14668),
        array("ping",-14663),
        array("po",-14654),
        array("pu",-14645),
        array("qi",-14630),
        array("qia",-14594),
        array("qian",-14429),
        array("qiang",-14407),
        array("qiao",-14399),
        array("qie",-14384),
        array("qin",-14379),
        array("qing",-14368),
        array("qiong",-14355),
        array("qiu",-14353),
        array("qu",-14345),
        array("quan",-14170),
        array("que",-14159),
        array("qun",-14151),
        array("ran",-14149),
        array("rang",-14145),
        array("rao",-14140),
        array("re",-14137),
        array("ren",-14135),
        array("reng",-14125),
        array("ri",-14123),
        array("rong",-14122),
        array("rou",-14112),
        array("ru",-14109),
        array("ruan",-14099),
        array("rui",-14097),
        array("run",-14094),
        array("ruo",-14092),
        array("sa",-14090),
        array("sai",-14087),
        array("san",-14083),
        array("sang",-13917),
        array("sao",-13914),
        array("se",-13910),
        array("sen",-13907),
        array("seng",-13906),
        array("sha",-13905),
        array("shai",-13896),
        array("shan",-13894),
        array("shang",-13878),
        array("shao",-13870),
        array("she",-13859),
        array("shen",-13847),
        array("sheng",-13831),
        array("shi",-13658),
        array("shou",-13611),
        array("shu",-13601),
        array("shua",-13406),
        array("shuai",-13404),
        array("shuan",-13400),
        array("shuang",-13398),
        array("shui",-13395),
        array("shun",-13391),
        array("shuo",-13387),
        array("si",-13383),
        array("song",-13367),
        array("sou",-13359),
        array("su",-13356),
        array("suan",-13343),
        array("sui",-13340),
        array("sun",-13329),
        array("suo",-13326),
        array("ta",-13318),
        array("tai",-13147),
        array("tan",-13138),
        array("tang",-13120),
        array("tao",-13107),
        array("te",-13096),
        array("teng",-13095),
        array("ti",-13091),
        array("tian",-13076),
        array("tiao",-13068),
        array("tie",-13063),
        array("ting",-13060),
        array("tong",-12888),
        array("tou",-12875),
        array("tu",-12871),
        array("tuan",-12860),
        array("tui",-12858),
        array("tun",-12852),
        array("tuo",-12849),
        array("wa",-12838),
        array("wai",-12831),
        array("wan",-12829),
        array("wang",-12812),
        array("wei",-12802),
        array("wen",-12607),
        array("weng",-12597),
        array("wo",-12594),
        array("wu",-12585),
        array("xi",-12556),
        array("xia",-12359),
        array("xian",-12346),
        array("xiang",-12320),
        array("xiao",-12300),
        array("xie",-12120),
        array("xin",-12099),
        array("xing",-12089),
        array("xiong",-12074),
        array("xiu",-12067),
        array("xu",-12058),
        array("xuan",-12039),
        array("xue",-11867),
        array("xun",-11861),
        array("ya",-11847),
        array("yan",-11831),
        array("yang",-11798),
        array("yao",-11781),
        array("ye",-11604),
        array("yi",-11589),
        array("yin",-11536),
        array("ying",-11358),
        array("yo",-11340),
        array("yong",-11339),
        array("you",-11324),
        array("yu",-11303),
        array("yuan",-11097),
        array("yue",-11077),
        array("yun",-11067),
        array("za",-11055),
        array("zai",-11052),
        array("zan",-11045),
        array("zang",-11041),
        array("zao",-11038),
        array("ze",-11024),
        array("zei",-11020),
        array("zen",-11019),
        array("zeng",-11018),
        array("zha",-11014),
        array("zhai",-10838),
        array("zhan",-10832),
        array("zhang",-10815),
        array("zhao",-10800),
        array("zhe",-10790),
        array("zhen",-10780),
        array("zheng",-10764),
        array("zhi",-10587),
        array("zhong",-10544),
        array("zhou",-10533),
        array("zhu",-10519),
        array("zhua",-10331),
        array("zhuai",-10329),
        array("zhuan",-10328),
        array("zhuang",-10322),
        array("zhui",-10315),
        array("zhun",-10309),
        array("zhuo",-10307),
        array("zi",-10296),
        array("zong",-10281),
        array("zou",-10274),
        array("zu",-10270),
        array("zuan",-10262),
        array("zui",-10260),
        array("zun",-10256),
        array("zuo",-10254)
    );
    
    private function __construct() {}
    
    private static function get($num) {
        if($num > 0 && $num < 160){
            return chr($num);
        } elseif($num < -20319 || $num > -10247) {
            return '';
        } else {
            for ($i = count(self::$table)-1; $i>=0; $i--) {
                if(self::$table[$i][1] <= $num) break;
            }
            return self::$table[$i][0];
        }
    }
    
    public static function parse($str) {
        if (empty($str)) {
        	return '';
        }
        $r="";
        for($i = 0; $i < strlen($str); $i++) {
            $p = ord(substr($str, $i, 1));
            if($p > 160){
                $q = ord(substr($str, ++$i, 1));
                $p = $p * 256 + $q - 65536;
            }
            $r .= self::get($p);
        }
        return $r;
    }
}
?>

----
update 把重起iphone改为重启SpringBoard
update 修正代码中一个逻辑错误和改进一个描述 2008/4/6
update iphone 1.1.3 以后,数据库地址改变

Kafeifei MacosX, php, shell

都是dash惹的祸

2007年3月6日
5 条评论

困扰我一个春天的问题!
Ubuntu
某天下了一个nerolinux,然后安装
安装失败,提示某脚本出错,看上去是语法错误
出错嘛就删除了哦
结果删除失败,提示同样的错误
导致使用apt-get任何时候都提示这个错误
几经搞整以后造成“新立得”无法正常运行
准备好光盘准备重装了
同时继续寻找希望,搜编google没有正解
其中错误包括:

dpkg (子进程):无法执行新的 post-removal script: No such file or directory
dpkg: 作下列清理工作时发生错误:
子进程·post-removal script·返回了错误号·2
在处理时有错误发生:
-------------------------------------
软件包nerolinux 需要重新安装,但是我无法找到相应的安装文件。

仔细看了一下错误文件
/var/lib/dpkg/info/nerolinux.xxx
打开一看,语法好像不太寻常,我看到了 function 字样
再看头部 #!/bin/sh
改为 #!/bin/bash 后解决问题
ls -l /bin/sh 这个东西是链接到 dash 而不是 bash的
自从ubuntu 6.10 开始就是这样,很让人头痛,很多脚本运行有问题
见过有人为了装一个软件先把 bash->sh 装完了再 dash->sh 回去

妈B的,不改回去了,也没见哪个脚本运行不正常的!
最后,不知道这个dash是啥东东,本来想大骂一顿的,不过…… 还是算了……

Kafeifei Bsd, Linux, MacosX, Unix, bash, dash, shell

ssh SendEnv 问题

2007年3月5日
没有评论

远程主机不支持 zh_CN.UTF-8 我机器确是
ssh时:

debug1: Sending environment.
debug1: Sending env LANG = zh_CN.UTF-8
debug1: Sending env LC_CTYPE = zh_CN.UTF-8

造成远程很多程序不能运行

我认为既是远程,就不管那么多了,语言环境随它去比较好

修改
/etc/ssh/ssh_config
注销掉 SendEnv LANG LC_*
即可

Kafeifei Linux, MacosX, Unix, bash, shell

再谈 jre / ZendStudio 中文字体问题

2007年1月23日
没有评论

找了若干资料,终于有了结果
原来如此简单:

把 Courier New 的几个字体文件 copy 到 jre/lib/fonts/

cd xxx/jre/lib/fonts
mkfontscale
cp fonts.scale fonts.dir
cd ../
cp fontconfig.properties.src fontconfig.properties
vi fontconfig.properties

修改相关位置:

monospaced.plain.latin-1=-monotype-courier new-medium-r-normal--0-0-0-0-m-0-iso8859-1
monospaced.bold.latin-1=-monotype-courier new-bold-r-normal--0-0-0-0-m-0-iso8859-1
monospaced.italic.latin-1=-monotype-courier new-medium-i-normal--0-0-0-0-m-0-iso8859-1
monospaced.bolditalic.latin-1=-monotype-courier new-bold-i-normal--0-0-0-0-m-0-iso8859-1

最后再 cp 一个你喜欢的中文字体到 xxx/jre/fonts/fallback/
打开 ZDE,设置字体为 monospaced
这下爽了,我顶你个肺!

注意:此方法只在 Ubuntu 下测试通过,另外 Windows 是不适用的,如果是suse或者redhat之类的系统,主意看 xxx/jre/lib 下面的fontconfig.xxxx 文件,与当前系统相关做相应的修改就可以(没试过)

相关网址:http://java.sun.com/j2se/1.5.0/docs/guide/intl/fontconfig.html

Kafeifei Linux, Zend, bash, java, php, shell

bash 中的正则表达式

2006年9月13日
没有评论

类似

$ps ax | grep -v grep | grep httpd | tr -s ' ' | cut -d ' ' -f1

的方法来取得pid确实还挺好用的,不过今天要取得这个程序执行了多长时间,这个就麻烦了,因为时间中间有空格
翻了半天的man还是没好的解决方案,换了台机器,ubuntu 的,发现 ps 有不小的区别,可以这样:

$ps -eo pid,lstart,args | grep httpd | grep -v grep
2374 Wed Sep 13 00:41:59 2006 /usr/local/httpd/bin/httpd -k restart
2469 Wed Sep 13 00:42:03 2006 /usr/local/httpd/bin/httpd -k restart
22470 Wed Sep 13 00:42:03 2006 /usr/local/httpd/bin/httpd -k restart
22472 Wed Sep 13 00:42:03 2006 /usr/local/httpd/bin/httpd -k restart
22474 Wed Sep 13 00:42:03 2006 /usr/local/httpd/bin/httpd -k restart

其中最前面的数字是pid 中间 Wed Sep 13 00:41:59 2006 是开始时间,后面的所有是"args" (linux下面的ps有lstart这个参数)
这个就麻烦了,args自然只是为了匹配进程特征,中间的时间才是我要的东西。
再找找关于grep的说明(这些小工具都强到一种境界,据说一个sed就写了一本书),一个 -o 参数搞定

$pid=ps -eo pid,lstart,args | grep httpd | grep -v grep | egrep -o ^\ ?[0-9]+\

注意最后有一个空格 "\ " 这样比较保险一点
发现出来的内容

2374
2469
22470
22472
22474

有空格,加一个 tr:

$pid=ps -eo pid,lstart,args | grep httpd | grep -v grep | egrep -o ^\ ?[0-9]+\ | tr -d ' '

同理时间也就简单了:

$ps -eo pid,lstart,args | grep httpd | grep -v grep | egrep -o \ [A-Z][a-zA-Z0-9\ :]+\ [0-9]{4}

转换成时间戳:

$ps -eo pid,lstart,args | grep httpd | grep -v grep | egrep -o \ [A-Z][a-zA-Z0-9\ :]+\ [0-9]{4} | ......

操,卡住了,做的时候都是传的变量。。。

幸好高人(hightman)指点

$ps -eo pid,lstart,args | grep httpd | grep -v grep | egrep -o \ [A-Z][a-zA-Z0-9\ :]+\ [0-9]{4} | xargs -ishit date -d "shit" +%s
1157349945
1158050727
1158144618
1158145964
1158147191

Kafeifei Linux, bash, shell