我做的某公司 SRE 职位的面试题

发表于 更新于

简介

这是之前有一家公司招 SRE,我投了简历,然后被给了份题让先做一下,于是便有了这篇“水”文。

当然,最终我并没有拿到这个 offer,最早是说一周内安排面试的,后来又说是这个岗位暂停了。

详情

第一题

题目有效时间只有 4 小时,当时没记下来,现在只能凭记忆力大概写一下了。

大概是系统有个进程在写文件 /tmp/hugelog

第一题第一问

这一问肯定是要求将其找出来(找到 process id)

1
lsof | grep /tmp/hugelog

seeknhide 773 root 3w REG 252,3 6887024 655475 /tmp/hugelog
seeknhide 773 802 seeknhide root 3w REG 252,3 6887024 655475 /tmp/hugelog
seeknhide 773 804 seeknhide root 3w REG 252,3 6887024 655475 /tmp/hugelog
seeknhide 773 805 seeknhide root 3w REG 252,3 6887024 655475 /tmp/hugelog

1
ps auxww | grep 773

root 773 0.0 0.2 710484 2136 ? Sl Jun18 0:22 /root/challs/01_seeknhide/seeknhide
root 5877 0.0 0.2 6608 2484 pts/0 S+ 13:53 0:00 grep –color=auto 773

so, the process is /root/challs/01_seeknhide/seeknhide, process id is: 773

第一题第二问

/tmp/hugelog 的程序文件已经被删除,但请算出其的 md5 码

1
readlink -f /proc/773/exe

/root/challs/01_seeknhide/seeknhide (deleted)

1
2
cp /proc/773/exe a
md5sum a

eba0e82f5b454a492077c67ab89ae033 a

so the execute file is: /root/challs/01_seeknhide/seeknhide, but it was deleted.

and the md5sum is: eba0e82f5b454a492077c67ab89ae033

第一题第三问

将这个 process 杀掉

1
kill 773

第二题

有一个 app 代码项目,有代码,有 Dockerfile。

第二题第一问

需要 build 并运行一个 docker 容器,其监听主机的 8888 端口,可以用命令 curl http://127.0.0.1:8888 来测试(返回 Hello, World!)。

1
2
3
4
cd app
docker build -t app:latest .
docker run -it -d -p 8888:4657 app:latest
curl http://127.0.0.1:8888

curl: (52) Empty reply from server

1
2
3
4
# backup firstly
cp serve.py serve.py.ori
vim serve.py
# change from localhost to 0.0.0.0
1
2
3
4
5
6
7
8
docker build -t app:new .
# stop and delete the old container
docker stop cool_germain
docker rm cool_germain
# then run it by new image
docker run -it -d -p 8888:4567 app:new
# test it
curl http://127.0.0.1:8888

Hello, World!

第二题第二问

做了什么修改以及为什么要做这个修改。

我的答案是:fix it by binding host from ‘localhot’ to ‘0.0.0.0’

第三题

日志文件 jwt.log 里有一些数据纪录,有些是真的,有些是假的,需要找出来真的数据纪录的条数。(有代码的要附上源码)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
import jwt
import base64
import hashlib
import hmac
import sys

secret = "_welcome_to_chaitin_"

def verify_jwt(token):
    try:
        header, payload, signature = token.split('.')
        header_json = base64.urlsafe_b64decode(header + '===').decode()
        payload_json = base64.urlsafe_b64decode(payload + '===').decode()
        message = f'{header}.{payload}'
        secret_bytes = secret.encode()
        message_bytes = message.encode()
        expected_signature = base64.urlsafe_b64encode(hmac.new(secret_bytes, message_bytes, hashlib.sha256).digest()).rstrip(b'=')
        if signature.encode() == expected_signature:
            return True
    except Exception as e:
        print(f"Error verifying JWT: {e}", file=sys.stderr)
    return False


authentic_count = 0
fake_count = 0

print("Script execution started.")
with open('jwt.log', 'r') as file:
    for line in file:
        jwt_token = line.strip()
        if verify_jwt(jwt_token):
            authentic_count += 1
        else:
            fake_count += 1
print("Script execution finished.")

print(f"Number of authentic JWTs: {authentic_count}")
print(f"Number of fake JWTs: {fake_count}")
1
python3 jwt.py

Script execution started.
Script execution finished.
Number of authentic JWTs: 768
Number of fake JWTs: 90
Script execution started.
Script execution finished.
Number of authentic JWTs: 768
Number of fake JWTs: 90

so, The number of authentic JWTs is: 768

第四题

有个文件:make_me_happy

第四题第一问

尽量找出这个文件相关的信息。

这个程序执行时会去连本地的一个接口,把这个接口找出来。

1
file make_me_happy

make_me_happy: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, Go BuildID=w3cEj7RamW7-qGzf3Nhs/UpW-8zX_rMqqAZOxch9q/g8QtiW2olQfv2K-oXiQs/KuNmNVsa3dhXuFD3EuZR, with debug_info, not stripped

1
ls -l make_me_happy

-rw-r–r– 1 root root 6777227 Feb 16 2023 make_me_happy

has no execute permission.

1
ldd make_me_happy
1
2
3
4
linux-vdso.so.1 (0x00007ffcd23ca000)
libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007fdcb92fc000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fdcb90d4000)
/lib64/ld-linux-x86-64.so.2 (0x00007fdcb9319000) 
1
strings make_me_happy | grep -iE '(http|https|server|socket)://127'

……invalid signature: parent certificate cannot sign this kind of certificatehttp://127.0.0.1:7777/pow?q=give_me_a_string_whose_sha256sum_in_hex_begins_with_%srefusing to use HTTP_PROXY value in CGI environment……

1
2
3
# make make_me_happy excutable with /usr/bin/chmod has no execute permission
# using python3
python3
1
2
import os
os.chmod('make_me_happy', 0o755)
1
strace ./make_me_happy

……openat(AT_FDCWD, “/root/.config/make_me_happy.conf”, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
write(1, “Not OK\n”, 7Not OK

1
2
touch /root/.config/make_me_happy.conf
strace ./make_me_happy

……connect(7, {sa_family=AF_INET, sin_port=htons(7777), sin_addr=inet_addr(“127.0.0.1”)}, 16) = -1 EINPROGRESS (Operation now in progress)
epoll_ctl(4, EPOLL_CTL_ADD, 7, {events=EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, data={u32=4114591560, u64=140651408633672}}) = 0
epoll_pwait(4, [{events=EPOLLIN|EPOLLOUT|EPOLLERR|EPOLLHUP|EPOLLRDHUP, data={u32=4114591560, u64=140651408633672}}], 128, 0, NULL, 0) = 1
getsockopt(7, SOL_SOCKET, SO_ERROR, [ECONNREFUSED], [4]) = 0
epoll_ctl(4, EPOLL_CTL_DEL, 7, 0xc0000bf074) = 0
close(7) = 0
write(1, “Not OK\n”, 7Not OK

1
nc -4l 7777 &

[1] 7379

1
./make_me_happy

GET /pow?q=give_me_a_string_whose_sha256sum_in_hex_begins_with_7865 HTTP/1.1
Host: 127.0.0.1:7777
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip

第四题第二问

想办法让这个程序在执行的时候,正确返回。

1
python3 server.py &

Start HTTP server on port 7777…

1
./make_me_happy

127.0.0.1 - - [19/Jun/2024 17:19:02] “GET /pow?q=give_me_a_string_whose_sha256sum_in_hex_begins_with_e7ba HTTP/1.1” 200 -
OK! Thank you, I’m happy now!

1
echo $?

0

第四题第三问

贴出来第二问的源码(如果有的话)。

我的答案:

the whole code(server.py) is:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
import hashlib
import string
import random
from urllib.parse import urlparse, parse_qs
from http.server import SimpleHTTPRequestHandler, HTTPServer

def find_sha256_prefix(prefix):
    while True:
        candidate = ''.join(random.choices(string.ascii_letters + string.digits, k=16))
        sha256sum = hashlib.sha256(candidate.encode()).hexdigest()
        if sha256sum.startswith(prefix):
            return candidate

class CustomHandler(SimpleHTTPRequestHandler):
    def do_GET(self):
        if self.path.startswith("/pow"):
            query_components = parse_qs(urlparse(self.path).query)
            prefix_template = query_components.get('q', [''])[0]

            if "with_" in prefix_template:
                prefix = prefix_template.split("with_")[1]
                suffix = find_sha256_prefix(prefix)
                response = suffix.encode()
                self.send_response(200)
                self.send_header('Content-type', 'text/plain')
                self.send_header('Content-length', len(response))
                self.end_headers()
                self.wfile.write(response)
        else:
            self.send_response(404)
            self.end_headers()

def run():
    server_address = ('', 7777)
    httpd = HTTPServer(server_address, CustomHandler)
    print('Start HTTP server on port 7777...')
    httpd.serve_forever()

if __name__ == "__main__":
    run()

总结

这倒还真是 SRE 的题目,基本上都跟开发有关系。这里由于需要的环境简单,而且公司方面提供了一个完整的试验环境,所以所有的 python 程序我都做过测试。

本文由 老杨 原创,转载请注明出处。