1、显示/etc/rc.d/rc.sysinit文件中以不区分大小的h开头的行;
[root@shell ~]# grep "^[hH]" /etc/rc.d/rc.rc.sysinit
2、显示/etc/passwd中以sh结尾的行;
[root@shell ~]# grep "sh$" /etc/passwd
root:x:0:0:root:/root:/bin/bash
kxy:x:1000:1000:kxy:/home/kxy:/bin/bash
fox:x:1001:1001::/home/fox:/bin/bash
3、显示/etc/fstab中以#开头,且后面跟一个或多个空白字符,而后又跟了任意非空白字符的行;
[root@shell ~]# egrep "^#[[:space:]]+[^[:space:]]*" /etc/fstab
/etc/fstab
Created by anaconda on Sun Sep 17 13:46:24 2023
Accessible filesystems, by reference, are maintained under '/dev/disk/'.
See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
After editing this file, run 'systemctl daemon-reload' to update systemd
units generated from this file.
4、查找/etc/rc.d/rc.local中包含"以to开始并以to结尾"的字串行;
[root@shell ~]# egrep -w -o "(to)[a-z]+\1" /etc/rc.d/rc.local
5、查找/etc/inittab中含有"以s开头,并以d结尾的单词"模式的行;
[root@shell ~]# grep -w -o "s[a-z]*d" /etc/inittab
systemd
systemd
6、查找ifconfig命令结果中的1-255之间的整数;
[root@shell ~]# ifconfig | egrep -o -w "[1-9]{1}|([1-9]{1}[0-9]{1})|[1-2]{1}([0-9]{1,2})" | awk '{printf "%s ",$0} END {print ""}'
192 168 110 132 255 255 255 192 168 110 255 64 29 78 73 5 3 73 127 1 255 1 128 17 1 9 17 1 9
7、显示/var/log/secure文件中包含"Failed"或"FAILED"的行
[root@shell ~]# egrep "(Failed|FAILED)" /var/log/secure
[root@shell ~]# grep -i "Failed" /var/log/secure
8、在/etc/passwd中取出默认shell为bash
[root@shell ~]# grep "bash$" /etc/passwd
root:x:0:0:root:/root:/bin/bash
kxy:x:1000:1000:kxy:/home/kxy:/bin/bash
fox:x:1001:1001::/home/fox:/bin/bash
9、以长格式列出/etc/目录下以ns开头、.conf结尾的文件信息
[root@shell ~]# ll /etc/ | grep '^.*/ns.*\.conf$'
lrwxrwxrwx. 1 root root 29 Sep 17 21:55 nsswitch.conf -> /etc/authselect/nsswitch.conf
[root@shell ~]# ll /etc/ns*.conf
lrwxrwxrwx. 1 root root 29 Sep 17 21:55 /etc/nsswitch.conf -> /etc/authselect/nsswitch.conf
10、高亮显示passwd文件中冒号,及其两侧的字符
[root@shell ~]# grep -o ".:." /etc/passwd
11、匹配/etc/services中开头结尾字母一样的单词
[root@shell ~]# egrep -o -w "([a-z])[a-z]+\1" /etc/services
12.file.txt文件内容:
[root@shell ~]# cat file.txt
48 Dec 3BC1977 LPSX 68.00 LVX2A 138
483 Sept 5AP1996 USP 65.00 LVX2C 189
47 Oct 3ZL1998 LPSX 43.00 KVM9D 512
219 dec 2CC1999 CAD 23.00 PLV2C 68
484 nov 7PL1996 CAD 49.00 PLV2C 234
483 may 5PA1998 USP 37.00 KVM9D 644
216 sept 3ZL1998 USP 86.00 KVM9E 234
(1)含有"48"字符串的行的总数
[root@shell ~]# grep "48" file.txt
(2)显示含有"48"字符串的所有行的行号
[root@shell ~]# grep -n "48" file.txt
(3)精确匹配只含有"48字符串的行
[root@shell ~]# grep -w "48" file.txt
(4)抽取代码为484和483的城市位置
[root@shell ~]# grep "^48[34]" file.txt
[root@shell ~]# egrep "^48(3|4)" file.txt
(5)显示行首不是4或8
[root@shell ~]# grep "^[^48]" file.txt
(6)显示含有九月份(Sept)的行
[root@shell ~]# grep -i "Sept" file.txt
(7)显示以K开头,以D结尾的所有代码
[root@shell ~]# grep "K.*D" file.txt
(8)显示头两个是大写字母,中间至少两个任意,并以C结尾的代码
[root@shell ~]# egrep "[A-Z]{2}..C" file.txt
(9)查询所有以5开始以1996或1998结尾的所有记录
[root@shell ~]# egrep "5.*199(6|8)" file.txt
13、显示/etc/passwd文件中以bash结尾的行;
[root@shell ~]# grep 'bash$' /etc/passwd
root:x:0:0:root:/root:/bin/bash
kxy:x:1000:1000:kxy:/home/kxy:/bin/bash
fox:x:1001:1001::/home/fox:/bin/bash
14、找出/etc/passwd文件中的三位或四位数;
[root@shell ~]# egrep -o "[[:digit:]]{3,4}" /etc/passwd
100
6553
6553
......
1001
977
977
这里太多了,可以使用awk再做处理,用printf格式化输出
[root@shell ~]# egrep -o "[[:digit:]]{3,4}" /etc/passwd | awk '{ printf "%s ", $0 } END { print "" }'
100 6553 6553 999 997 998 996 997 993 996 992 172 172 995 991 994 990 993 989 992 988 991 986 990 985 989 984 988 983 987 982 986 981 985 980 978 978 1000 1000 1001 1001 977 977
这里解释一下吧!
printf "%s "注意%s后有个空格,$0为awk的内置变量,表示当前行的全部内容,这里使用格式化输出printf取消换行符并用空格隔开,END为awk的动作,这里为再结尾打印一个空行,实质上就是一个换行符
15、找出/etc/grub2.cfg文件中,以至少一个空白字符开头,后面又跟了非空白字符的行
[root@shell ~]# egrep "^[[:space:]]+[^[:space:]]*" /etc/grub2.cfg
load_env -f ${config_directory}/grubenv
load_env
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
set default="${saved_entry}"
......
source ${config_directory}/custom.cfg
source $prefix/custom.cfg
16、找出"netstat -tan"命令的结果中,以'LISTEN'后跟0或多个空白字符结尾的行;
[root@shell ~]# netstat -tan | egrep "LISTEN[[:space:]]*$"
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
17、找出"fdisk -l"命令的结果中,包含以/dev/后跟sd或hd及一个字母的行;
[root@shell ~]# fdisk -l | egrep "/dev/(sd|hd)[[:alpha:]]" #这里没有结果
18、找出"ldd /usr/bin/cat"命令的结果中文件路径;
[root@shell ~]# ldd /usr/bin/cat
linux-vdso.so.1 (0x00007fff8df01000)
libc.so.6 => /lib64/libc.so.6 (0x00007f3f05dec000)
/lib64/ld-linux-x86-64.so.2 (0x00007f3f0600b000)
[root@shell ~]# ldd /usr/bin/cat | grep -o "/[^ ]*"
/lib64/libc.so.6
/lib64/ld-linux-x86-64.so.2
19、找出/proc/meminfo文件中,所有以大写或小写s开头的行;至少用三种方式实现;
[root@shell ~]# egrep "^(S|s)" /proc/meminfo
[root@shell ~]# grep -i "^s" /proc/meminfo
[root@shell ~]# egrep "^[sS]" /proc/meminfo
20、显示当前系统上root、apache或nginx用户的相关信息;
[root@shell ~]# egrep "^(root|apache|nginx)" /etc/passwd
root:x:0:0:root:/root:/bin/bash
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
nginx:x:977:977:Nginx web server:/var/lib/nginx:/sbin/nologin
21、echo输出一个绝对路径,使用egrep取出其基名;
[root@shell ~]# echo "/var/www/html/index.html" | egrep -o [^/]+$ # [^/]表示不包含/
index.html
22、找出ifconfig命令结果中的1-255之间的整数;
[root@shell ~]# ifconfig | egrep -o -w "[1-9]{1}|([1-9]{1}[0-9]{1})|[1-2]{1}([0-9]{1,2})" | awk '{printf "%s ",$0} END {print ""}'
192 168 110 132 255 255 255 192 168 110 255 64 29 78 73 5 3 73 127 1 255 1 128 17 1 9 17 1 9
23、找出系统中其用户名与shell名相同的用户。
[root@shell ~]# egrep "^(.+):.*\1$" /etc/passwd | cut -d: -f1
sync
shutdown
halt
[root@shell ~]# egrep "^(sync|shutdown|halt)" /etc/passwd #检测一下是否正确
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt