1、显示/etc/rc.d/rc.sysinit文件中以不区分大小的h开头的行;
root@shell \~\]# grep "\^\[hH\]" /etc/rc.d/rc.rc.sysinit
2、显示/etc/passwd中以sh结尾的行;
root@shell \~\]# grep "sh$" /etc/passwd root:x:0:0:root:/root:/bin/bash kxy:x:1000:1000:kxy:/home/kxy:/bin/bash fox:x:1001:1001::/home/fox:/bin/bash 
3、显示/etc/fstab中以#开头,且后面跟一个或多个空白字符,而后又跟了任意非空白字符的行;
root@shell \~\]# egrep "\^#\[\[:space:\]\]+\[\^\[:space:\]\]\*" /etc/fstab # /etc/fstab # Created by anaconda on Sun Sep 17 13:46:24 2023 # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. 
4、查找/etc/rc.d/rc.local中包含"以to开始并以to结尾"的字串行;
root@shell \~\]# egrep -w -o "(to)\[a-z\]+\\1" /etc/rc.d/rc.local
5、查找/etc/inittab中含有"以s开头,并以d结尾的单词"模式的行;
root@shell \~\]# grep -w -o "s\[a-z\]\*d" /etc/inittab systemd systemd 
6、查找ifconfig命令结果中的1-255之间的整数;
root@shell \~\]# ifconfig \| egrep -o -w "\[1-9\]{1}\|(\[1-9\]{1}\[0-9\]{1})\|\[1-2\]{1}(\[0-9\]{1,2})" \| awk '{printf "%s ",$0} END {print ""}' 192 168 110 132 255 255 255 192 168 110 255 64 29 78 73 5 3 73 127 1 255 1 128 17 1 9 17 1 9 
7、显示/var/log/secure文件中包含"Failed"或"FAILED"的行
root@shell \~\]# egrep "(Failed\|FAILED)" /var/log/secure \[root@shell \~\]# grep -i "Failed" /var/log/secure
8、在/etc/passwd中取出默认shell为bash
root@shell \~\]# grep "bash$" /etc/passwd root:x:0:0:root:/root:/bin/bash kxy:x:1000:1000:kxy:/home/kxy:/bin/bash fox:x:1001:1001::/home/fox:/bin/bash
9、以长格式列出/etc/目录下以ns开头、.conf结尾的文件信息
root@shell \~\]# ll /etc/ \| grep '\^.\*/ns.\*\\.conf$' lrwxrwxrwx. 1 root root 29 Sep 17 21:55 nsswitch.conf -\> /etc/authselect/nsswitch.conf \[root@shell \~\]# ll /etc/ns\*.conf lrwxrwxrwx. 1 root root 29 Sep 17 21:55 /etc/nsswitch.conf -\> /etc/authselect/nsswitch.conf 
10、高亮显示passwd文件中冒号,及其两侧的字符
root@shell \~\]# grep -o ".:." /etc/passwd 
11、匹配/etc/services中开头结尾字母一样的单词
root@shell \~\]# egrep -o -w "(\[a-z\])\[a-z\]+\\1" /etc/services 
12.file.txt文件内容:
root@shell \~\]# cat file.txt 48 Dec 3BC1977 LPSX 68.00 LVX2A 138 483 Sept 5AP1996 USP 65.00 LVX2C 189 47 Oct 3ZL1998 LPSX 43.00 KVM9D 512 219 dec 2CC1999 CAD 23.00 PLV2C 68 484 nov 7PL1996 CAD 49.00 PLV2C 234 483 may 5PA1998 USP 37.00 KVM9D 644 216 sept 3ZL1998 USP 86.00 KVM9E 234
(1)含有"48"字符串的行的总数
root@shell \~\]# grep "48" file.txt 
(2)显示含有"48"字符串的所有行的行号
root@shell \~\]# grep -n "48" file.txt 
(3)精确匹配只含有"48字符串的行
root@shell \~\]# grep -w "48" file.txt 
(4)抽取代码为484和483的城市位置
root@shell \~\]# grep "\^48\[34\]" file.txt \[root@shell \~\]# egrep "\^48(3\|4)" file.txt 
(5)显示行首不是4或8
root@shell \~\]# grep "\^\[\^48\]" file.txt 
(6)显示含有九月份(Sept)的行
root@shell \~\]# grep -i "Sept" file.txt 
(7)显示以K开头,以D结尾的所有代码
root@shell \~\]# grep "K.\*D" file.txt 
(8)显示头两个是大写字母,中间至少两个任意,并以C结尾的代码
root@shell \~\]# egrep "\[A-Z\]{2}..C" file.txt 
(9)查询所有以5开始以1996或1998结尾的所有记录
root@shell \~\]# egrep "5.\*199(6\|8)" file.txt 
13、显示/etc/passwd文件中以bash结尾的行;
root@shell \~\]# grep 'bash$' /etc/passwd root:x:0:0:root:/root:/bin/bash kxy:x:1000:1000:kxy:/home/kxy:/bin/bash fox:x:1001:1001::/home/fox:/bin/bash 
14、找出/etc/passwd文件中的三位或四位数;
root@shell \~\]# egrep -o "\[\[:digit:\]\]{3,4}" /etc/passwd 100 6553 6553 ...... 1001 977 977  这里太多了,可以使用awk再做处理,用printf格式化输出 \[root@shell \~\]# egrep -o "\[\[:digit:\]\]{3,4}" /etc/passwd \| awk '{ printf "%s ", $0 } END { print "" }' 100 6553 6553 999 997 998 996 997 993 996 992 172 172 995 991 994 990 993 989 992 988 991 986 990 985 989 984 988 983 987 982 986 981 985 980 978 978 1000 1000 1001 1001 977 977  这里解释一下吧! printf "%s "注意%s后有个空格,$0为awk的内置变量,表示当前行的全部内容,这里使用格式化输出printf取消换行符并用空格隔开,END为awk的动作,这里为再结尾打印一个空行,实质上就是一个换行符
15、找出/etc/grub2.cfg文件中,以至少一个空白字符开头,后面又跟了非空白字符的行
root@shell \~\]# egrep "\^\[\[:space:\]\]+\[\^\[:space:\]\]\*" /etc/grub2.cfg load_env -f ${config_directory}/grubenv load_env set default="${next_entry}" set next_entry= save_env next_entry set boot_once=true set default="${saved_entry}" ...... source ${config_directory}/custom.cfg source $prefix/custom.cfg 
16、找出"netstat -tan"命令的结果中,以'LISTEN'后跟0或多个空白字符结尾的行;
root@shell \~\]# netstat -tan \| egrep "LISTEN\[\[:space:\]\]\*$" tcp 0 0 0.0.0.0:22 0.0.0.0:\* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:\* LISTEN tcp6 0 0 :::22 :::\* LISTEN tcp6 0 0 ::1:631 :::\* LISTEN 
17、找出"fdisk -l"命令的结果中,包含以/dev/后跟sd或hd及一个字母的行;
root@shell \~\]# fdisk -l \| egrep "/dev/(sd\|hd)\[\[:alpha:\]\]" #这里没有结果
18、找出"ldd /usr/bin/cat"命令的结果中文件路径;
root@shell \~\]# ldd /usr/bin/cat linux-vdso.so.1 (0x00007fff8df01000) libc.so.6 =\> /lib64/libc.so.6 (0x00007f3f05dec000) /lib64/ld-linux-x86-64.so.2 (0x00007f3f0600b000) \[root@shell \~\]# ldd /usr/bin/cat \| grep -o "/\[\^ \]\*" /lib64/libc.so.6 /lib64/ld-linux-x86-64.so.2 
19、找出/proc/meminfo文件中,所有以大写或小写s开头的行;至少用三种方式实现;
root@shell \~\]# egrep "\^(S\|s)" /proc/meminfo \[root@shell \~\]# grep -i "\^s" /proc/meminfo \[root@shell \~\]# egrep "\^\[sS\]" /proc/meminfo 
20、显示当前系统上root、apache或nginx用户的相关信息;
root@shell \~\]# egrep "\^(root\|apache\|nginx)" /etc/passwd root:x:0:0:root:/root:/bin/bash apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin nginx:x:977:977:Nginx web server:/var/lib/nginx:/sbin/nologin 
21、echo输出一个绝对路径,使用egrep取出其基名;
root@shell \~\]# echo "/var/www/html/index.html" \| egrep -o \[\^/\]+$ # \[\^/\]表示不包含/ index.html 
22、找出ifconfig命令结果中的1-255之间的整数;
root@shell \~\]# ifconfig \| egrep -o -w "\[1-9\]{1}\|(\[1-9\]{1}\[0-9\]{1})\|\[1-2\]{1}(\[0-9\]{1,2})" \| awk '{printf "%s ",$0} END {print ""}' 192 168 110 132 255 255 255 192 168 110 255 64 29 78 73 5 3 73 127 1 255 1 128 17 1 9 17 1 9 
23、找出系统中其用户名与shell名相同的用户。
root@shell \~\]# egrep "\^(.+):.\*\\1$" /etc/passwd \| cut -d: -f1 sync shutdown halt \[root@shell \~\]# egrep "\^(sync\|shutdown\|halt)" /etc/passwd #检测一下是否正确 sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt 