Linux文本三剑客grep练习

1、显示/etc/rc.d/rc.sysinit文件中以不区分大小的h开头的行;

root@shell \~\]# grep "\^\[hH\]" /etc/rc.d/rc.rc.sysinit

2、显示/etc/passwd中以sh结尾的行;

root@shell \~\]# grep "sh$" /etc/passwd root:x:0:0:root:/root:/bin/bash kxy:x:1000:1000:kxy:/home/kxy:/bin/bash fox:x:1001:1001::/home/fox:/bin/bash ![](https://file.jishuzhan.net/article/1736371495560548353/e40f364da8743699bc5915f5b757d7bc.webp)

3、显示/etc/fstab中以#开头,且后面跟一个或多个空白字符,而后又跟了任意非空白字符的行;

root@shell \~\]# egrep "\^#\[\[:space:\]\]+\[\^\[:space:\]\]\*" /etc/fstab # /etc/fstab # Created by anaconda on Sun Sep 17 13:46:24 2023 # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. ![](https://file.jishuzhan.net/article/1736371495560548353/f21fc1da311389c8fed8f88d7b275182.webp)

4、查找/etc/rc.d/rc.local中包含"以to开始并以to结尾"的字串行;

root@shell \~\]# egrep -w -o "(to)\[a-z\]+\\1" /etc/rc.d/rc.local

5、查找/etc/inittab中含有"以s开头,并以d结尾的单词"模式的行;

root@shell \~\]# grep -w -o "s\[a-z\]\*d" /etc/inittab systemd systemd ![](https://file.jishuzhan.net/article/1736371495560548353/b02e8761db86b566bc8556d2c97abe43.webp)

6、查找ifconfig命令结果中的1-255之间的整数;

root@shell \~\]# ifconfig \| egrep -o -w "\[1-9\]{1}\|(\[1-9\]{1}\[0-9\]{1})\|\[1-2\]{1}(\[0-9\]{1,2})" \| awk '{printf "%s ",$0} END {print ""}' 192 168 110 132 255 255 255 192 168 110 255 64 29 78 73 5 3 73 127 1 255 1 128 17 1 9 17 1 9 ![](https://file.jishuzhan.net/article/1736371495560548353/09e029a3a747e022a1b6fa371289fc0a.webp)

7、显示/var/log/secure文件中包含"Failed"或"FAILED"的行

root@shell \~\]# egrep "(Failed\|FAILED)" /var/log/secure \[root@shell \~\]# grep -i "Failed" /var/log/secure

8、在/etc/passwd中取出默认shell为bash

root@shell \~\]# grep "bash$" /etc/passwd root:x:0:0:root:/root:/bin/bash kxy:x:1000:1000:kxy:/home/kxy:/bin/bash fox:x:1001:1001::/home/fox:/bin/bash

9、以长格式列出/etc/目录下以ns开头、.conf结尾的文件信息

root@shell \~\]# ll /etc/ \| grep '\^.\*/ns.\*\\.conf$' lrwxrwxrwx. 1 root root 29 Sep 17 21:55 nsswitch.conf -\> /etc/authselect/nsswitch.conf \[root@shell \~\]# ll /etc/ns\*.conf lrwxrwxrwx. 1 root root 29 Sep 17 21:55 /etc/nsswitch.conf -\> /etc/authselect/nsswitch.conf ![](https://file.jishuzhan.net/article/1736371495560548353/26e1dbb53c476c56c3c9270abea8a231.webp)

10、高亮显示passwd文件中冒号,及其两侧的字符

root@shell \~\]# grep -o ".:." /etc/passwd ![](https://file.jishuzhan.net/article/1736371495560548353/0deae0b33c33a01216fde03f48d5a058.webp)

11、匹配/etc/services中开头结尾字母一样的单词

root@shell \~\]# egrep -o -w "(\[a-z\])\[a-z\]+\\1" /etc/services ![](https://file.jishuzhan.net/article/1736371495560548353/10c1c970c779f6319d14686703f5f985.webp)

12.file.txt文件内容:

root@shell \~\]# cat file.txt 48 Dec 3BC1977 LPSX 68.00 LVX2A 138 483 Sept 5AP1996 USP 65.00 LVX2C 189 47 Oct 3ZL1998 LPSX 43.00 KVM9D 512 219 dec 2CC1999 CAD 23.00 PLV2C 68 484 nov 7PL1996 CAD 49.00 PLV2C 234 483 may 5PA1998 USP 37.00 KVM9D 644 216 sept 3ZL1998 USP 86.00 KVM9E 234

(1)含有"48"字符串的行的总数

root@shell \~\]# grep "48" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/65074aabb098fda6637d575d67a2b81e.webp)

(2)显示含有"48"字符串的所有行的行号

root@shell \~\]# grep -n "48" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/a68d5921e9d230b54cdb41424d4ee0b6.webp)

(3)精确匹配只含有"48字符串的行

root@shell \~\]# grep -w "48" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/1b50e440eea2d113f3f6ca991124fbda.webp)

(4)抽取代码为484和483的城市位置

root@shell \~\]# grep "\^48\[34\]" file.txt \[root@shell \~\]# egrep "\^48(3\|4)" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/5be337551247dc0efad579c9952c1471.webp)

(5)显示行首不是4或8

root@shell \~\]# grep "\^\[\^48\]" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/d2d691338df6ed879ca48bf88e004f63.webp)

(6)显示含有九月份(Sept)的行

root@shell \~\]# grep -i "Sept" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/87ac26b4f9e1b097cb5fa8cbb43f3cd7.webp)

(7)显示以K开头,以D结尾的所有代码

root@shell \~\]# grep "K.\*D" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/ad9f82049062c9f350811794dca3d5d2.webp)

(8)显示头两个是大写字母,中间至少两个任意,并以C结尾的代码

root@shell \~\]# egrep "\[A-Z\]{2}..C" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/1d1c966a8ac57dfe265da5e36fdbac68.webp)

(9)查询所有以5开始以1996或1998结尾的所有记录

root@shell \~\]# egrep "5.\*199(6\|8)" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/bcdc0c22bd3af96ff66d7b10030c3df0.webp)

13、显示/etc/passwd文件中以bash结尾的行;

root@shell \~\]# grep 'bash$' /etc/passwd root:x:0:0:root:/root:/bin/bash kxy:x:1000:1000:kxy:/home/kxy:/bin/bash fox:x:1001:1001::/home/fox:/bin/bash ![](https://file.jishuzhan.net/article/1736371495560548353/3936e6fe2786dd30c378c15788c24005.webp)

14、找出/etc/passwd文件中的三位或四位数;

root@shell \~\]# egrep -o "\[\[:digit:\]\]{3,4}" /etc/passwd 100 6553 6553 ...... 1001 977 977 ![](https://file.jishuzhan.net/article/1736371495560548353/d41421eea2771a641dc1cc7ea8facb48.webp) 这里太多了,可以使用awk再做处理,用printf格式化输出 \[root@shell \~\]# egrep -o "\[\[:digit:\]\]{3,4}" /etc/passwd \| awk '{ printf "%s ", $0 } END { print "" }' 100 6553 6553 999 997 998 996 997 993 996 992 172 172 995 991 994 990 993 989 992 988 991 986 990 985 989 984 988 983 987 982 986 981 985 980 978 978 1000 1000 1001 1001 977 977 ![](https://file.jishuzhan.net/article/1736371495560548353/970d9c5df4bc53acf6f63f18ee020b5f.webp) 这里解释一下吧! printf "%s "注意%s后有个空格,$0为awk的内置变量,表示当前行的全部内容,这里使用格式化输出printf取消换行符并用空格隔开,END为awk的动作,这里为再结尾打印一个空行,实质上就是一个换行符

15、找出/etc/grub2.cfg文件中,以至少一个空白字符开头,后面又跟了非空白字符的行

root@shell \~\]# egrep "\^\[\[:space:\]\]+\[\^\[:space:\]\]\*" /etc/grub2.cfg load_env -f ${config_directory}/grubenv load_env set default="${next_entry}" set next_entry= save_env next_entry set boot_once=true set default="${saved_entry}" ...... source ${config_directory}/custom.cfg source $prefix/custom.cfg ![](https://file.jishuzhan.net/article/1736371495560548353/a947ddd1be372e082cb7d23213c3f92c.webp)

16、找出"netstat -tan"命令的结果中,以'LISTEN'后跟0或多个空白字符结尾的行;

root@shell \~\]# netstat -tan \| egrep "LISTEN\[\[:space:\]\]\*$" tcp 0 0 0.0.0.0:22 0.0.0.0:\* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:\* LISTEN tcp6 0 0 :::22 :::\* LISTEN tcp6 0 0 ::1:631 :::\* LISTEN ![](https://file.jishuzhan.net/article/1736371495560548353/eec462c2126f1cb8452ca4ef0eb7046f.webp)

17、找出"fdisk -l"命令的结果中,包含以/dev/后跟sd或hd及一个字母的行;

root@shell \~\]# fdisk -l \| egrep "/dev/(sd\|hd)\[\[:alpha:\]\]" #这里没有结果

18、找出"ldd /usr/bin/cat"命令的结果中文件路径;

root@shell \~\]# ldd /usr/bin/cat linux-vdso.so.1 (0x00007fff8df01000) libc.so.6 =\> /lib64/libc.so.6 (0x00007f3f05dec000) /lib64/ld-linux-x86-64.so.2 (0x00007f3f0600b000) \[root@shell \~\]# ldd /usr/bin/cat \| grep -o "/\[\^ \]\*" /lib64/libc.so.6 /lib64/ld-linux-x86-64.so.2 ![](https://file.jishuzhan.net/article/1736371495560548353/d21975a530050cff827ce0b6caba33d9.webp)

19、找出/proc/meminfo文件中,所有以大写或小写s开头的行;至少用三种方式实现;

root@shell \~\]# egrep "\^(S\|s)" /proc/meminfo \[root@shell \~\]# grep -i "\^s" /proc/meminfo \[root@shell \~\]# egrep "\^\[sS\]" /proc/meminfo ![](https://file.jishuzhan.net/article/1736371495560548353/d74e819833849af95b9aab912108a10c.webp)

20、显示当前系统上root、apache或nginx用户的相关信息;

root@shell \~\]# egrep "\^(root\|apache\|nginx)" /etc/passwd root:x:0:0:root:/root:/bin/bash apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin nginx:x:977:977:Nginx web server:/var/lib/nginx:/sbin/nologin ![](https://file.jishuzhan.net/article/1736371495560548353/0b18257a598ee6e603afde216c78d08e.webp)

21、echo输出一个绝对路径,使用egrep取出其基名;

root@shell \~\]# echo "/var/www/html/index.html" \| egrep -o \[\^/\]+$ # \[\^/\]表示不包含/ index.html ![](https://file.jishuzhan.net/article/1736371495560548353/26c6631f293b67a05230d7e721a68af1.webp)

22、找出ifconfig命令结果中的1-255之间的整数;

root@shell \~\]# ifconfig \| egrep -o -w "\[1-9\]{1}\|(\[1-9\]{1}\[0-9\]{1})\|\[1-2\]{1}(\[0-9\]{1,2})" \| awk '{printf "%s ",$0} END {print ""}' 192 168 110 132 255 255 255 192 168 110 255 64 29 78 73 5 3 73 127 1 255 1 128 17 1 9 17 1 9 ![](https://file.jishuzhan.net/article/1736371495560548353/09e029a3a747e022a1b6fa371289fc0a.webp)

23、找出系统中其用户名与shell名相同的用户。

root@shell \~\]# egrep "\^(.+):.\*\\1$" /etc/passwd \| cut -d: -f1 sync shutdown halt \[root@shell \~\]# egrep "\^(sync\|shutdown\|halt)" /etc/passwd #检测一下是否正确 sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt ![](https://file.jishuzhan.net/article/1736371495560548353/99d0736613762d77a4d0e6aa19595b30.webp)

相关推荐
绝不偷吃1 小时前
ELK日志分析系统
运维·elk·jenkins
朱包林2 小时前
day45-nginx复杂跳转与https
linux·运维·服务器·网络·云计算
孙克旭_2 小时前
day045-nginx跳转功能补充与https
linux·运维·nginx·https
孞㐑¥4 小时前
Linux之Socket 编程 UDP
linux·服务器·c++·经验分享·笔记·网络协议·udp
Hacker_Oldv4 小时前
软件测试(功能、工具、接口、性能、自动化、测开)详解
运维·自动化
Java樱木4 小时前
使用字节Trae + MCP,UI 到网页自动化。
运维·自动化
无敌暴龙兽z7 小时前
离线环境安装elk及设置密码认证
运维·elk
M4K07 小时前
Linux百度网盘优化三板斧
linux
好奇的菜鸟7 小时前
如何在 Ubuntu 24.04 (Noble) 上使用阿里源
linux·运维·ubuntu
bcbobo21cn8 小时前
初步了解Linux etc/profile文件
linux·运维·服务器·shell·profile