Linux文本三剑客grep练习

1、显示/etc/rc.d/rc.sysinit文件中以不区分大小的h开头的行;

root@shell \~\]# grep "\^\[hH\]" /etc/rc.d/rc.rc.sysinit

2、显示/etc/passwd中以sh结尾的行;

root@shell \~\]# grep "sh$" /etc/passwd root:x:0:0:root:/root:/bin/bash kxy:x:1000:1000:kxy:/home/kxy:/bin/bash fox:x:1001:1001::/home/fox:/bin/bash ![](https://file.jishuzhan.net/article/1736371495560548353/e40f364da8743699bc5915f5b757d7bc.webp)

3、显示/etc/fstab中以#开头,且后面跟一个或多个空白字符,而后又跟了任意非空白字符的行;

root@shell \~\]# egrep "\^#\[\[:space:\]\]+\[\^\[:space:\]\]\*" /etc/fstab # /etc/fstab # Created by anaconda on Sun Sep 17 13:46:24 2023 # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. ![](https://file.jishuzhan.net/article/1736371495560548353/f21fc1da311389c8fed8f88d7b275182.webp)

4、查找/etc/rc.d/rc.local中包含"以to开始并以to结尾"的字串行;

root@shell \~\]# egrep -w -o "(to)\[a-z\]+\\1" /etc/rc.d/rc.local

5、查找/etc/inittab中含有"以s开头,并以d结尾的单词"模式的行;

root@shell \~\]# grep -w -o "s\[a-z\]\*d" /etc/inittab systemd systemd ![](https://file.jishuzhan.net/article/1736371495560548353/b02e8761db86b566bc8556d2c97abe43.webp)

6、查找ifconfig命令结果中的1-255之间的整数;

root@shell \~\]# ifconfig \| egrep -o -w "\[1-9\]{1}\|(\[1-9\]{1}\[0-9\]{1})\|\[1-2\]{1}(\[0-9\]{1,2})" \| awk '{printf "%s ",$0} END {print ""}' 192 168 110 132 255 255 255 192 168 110 255 64 29 78 73 5 3 73 127 1 255 1 128 17 1 9 17 1 9 ![](https://file.jishuzhan.net/article/1736371495560548353/09e029a3a747e022a1b6fa371289fc0a.webp)

7、显示/var/log/secure文件中包含"Failed"或"FAILED"的行

root@shell \~\]# egrep "(Failed\|FAILED)" /var/log/secure \[root@shell \~\]# grep -i "Failed" /var/log/secure

8、在/etc/passwd中取出默认shell为bash

root@shell \~\]# grep "bash$" /etc/passwd root:x:0:0:root:/root:/bin/bash kxy:x:1000:1000:kxy:/home/kxy:/bin/bash fox:x:1001:1001::/home/fox:/bin/bash

9、以长格式列出/etc/目录下以ns开头、.conf结尾的文件信息

root@shell \~\]# ll /etc/ \| grep '\^.\*/ns.\*\\.conf$' lrwxrwxrwx. 1 root root 29 Sep 17 21:55 nsswitch.conf -\> /etc/authselect/nsswitch.conf \[root@shell \~\]# ll /etc/ns\*.conf lrwxrwxrwx. 1 root root 29 Sep 17 21:55 /etc/nsswitch.conf -\> /etc/authselect/nsswitch.conf ![](https://file.jishuzhan.net/article/1736371495560548353/26e1dbb53c476c56c3c9270abea8a231.webp)

10、高亮显示passwd文件中冒号,及其两侧的字符

root@shell \~\]# grep -o ".:." /etc/passwd ![](https://file.jishuzhan.net/article/1736371495560548353/0deae0b33c33a01216fde03f48d5a058.webp)

11、匹配/etc/services中开头结尾字母一样的单词

root@shell \~\]# egrep -o -w "(\[a-z\])\[a-z\]+\\1" /etc/services ![](https://file.jishuzhan.net/article/1736371495560548353/10c1c970c779f6319d14686703f5f985.webp)

12.file.txt文件内容:

root@shell \~\]# cat file.txt 48 Dec 3BC1977 LPSX 68.00 LVX2A 138 483 Sept 5AP1996 USP 65.00 LVX2C 189 47 Oct 3ZL1998 LPSX 43.00 KVM9D 512 219 dec 2CC1999 CAD 23.00 PLV2C 68 484 nov 7PL1996 CAD 49.00 PLV2C 234 483 may 5PA1998 USP 37.00 KVM9D 644 216 sept 3ZL1998 USP 86.00 KVM9E 234

(1)含有"48"字符串的行的总数

root@shell \~\]# grep "48" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/65074aabb098fda6637d575d67a2b81e.webp)

(2)显示含有"48"字符串的所有行的行号

root@shell \~\]# grep -n "48" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/a68d5921e9d230b54cdb41424d4ee0b6.webp)

(3)精确匹配只含有"48字符串的行

root@shell \~\]# grep -w "48" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/1b50e440eea2d113f3f6ca991124fbda.webp)

(4)抽取代码为484和483的城市位置

root@shell \~\]# grep "\^48\[34\]" file.txt \[root@shell \~\]# egrep "\^48(3\|4)" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/5be337551247dc0efad579c9952c1471.webp)

(5)显示行首不是4或8

root@shell \~\]# grep "\^\[\^48\]" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/d2d691338df6ed879ca48bf88e004f63.webp)

(6)显示含有九月份(Sept)的行

root@shell \~\]# grep -i "Sept" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/87ac26b4f9e1b097cb5fa8cbb43f3cd7.webp)

(7)显示以K开头,以D结尾的所有代码

root@shell \~\]# grep "K.\*D" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/ad9f82049062c9f350811794dca3d5d2.webp)

(8)显示头两个是大写字母,中间至少两个任意,并以C结尾的代码

root@shell \~\]# egrep "\[A-Z\]{2}..C" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/1d1c966a8ac57dfe265da5e36fdbac68.webp)

(9)查询所有以5开始以1996或1998结尾的所有记录

root@shell \~\]# egrep "5.\*199(6\|8)" file.txt ![](https://file.jishuzhan.net/article/1736371495560548353/bcdc0c22bd3af96ff66d7b10030c3df0.webp)

13、显示/etc/passwd文件中以bash结尾的行;

root@shell \~\]# grep 'bash$' /etc/passwd root:x:0:0:root:/root:/bin/bash kxy:x:1000:1000:kxy:/home/kxy:/bin/bash fox:x:1001:1001::/home/fox:/bin/bash ![](https://file.jishuzhan.net/article/1736371495560548353/3936e6fe2786dd30c378c15788c24005.webp)

14、找出/etc/passwd文件中的三位或四位数;

root@shell \~\]# egrep -o "\[\[:digit:\]\]{3,4}" /etc/passwd 100 6553 6553 ...... 1001 977 977 ![](https://file.jishuzhan.net/article/1736371495560548353/d41421eea2771a641dc1cc7ea8facb48.webp) 这里太多了,可以使用awk再做处理,用printf格式化输出 \[root@shell \~\]# egrep -o "\[\[:digit:\]\]{3,4}" /etc/passwd \| awk '{ printf "%s ", $0 } END { print "" }' 100 6553 6553 999 997 998 996 997 993 996 992 172 172 995 991 994 990 993 989 992 988 991 986 990 985 989 984 988 983 987 982 986 981 985 980 978 978 1000 1000 1001 1001 977 977 ![](https://file.jishuzhan.net/article/1736371495560548353/970d9c5df4bc53acf6f63f18ee020b5f.webp) 这里解释一下吧! printf "%s "注意%s后有个空格,$0为awk的内置变量,表示当前行的全部内容,这里使用格式化输出printf取消换行符并用空格隔开,END为awk的动作,这里为再结尾打印一个空行,实质上就是一个换行符

15、找出/etc/grub2.cfg文件中,以至少一个空白字符开头,后面又跟了非空白字符的行

root@shell \~\]# egrep "\^\[\[:space:\]\]+\[\^\[:space:\]\]\*" /etc/grub2.cfg load_env -f ${config_directory}/grubenv load_env set default="${next_entry}" set next_entry= save_env next_entry set boot_once=true set default="${saved_entry}" ...... source ${config_directory}/custom.cfg source $prefix/custom.cfg ![](https://file.jishuzhan.net/article/1736371495560548353/a947ddd1be372e082cb7d23213c3f92c.webp)

16、找出"netstat -tan"命令的结果中,以'LISTEN'后跟0或多个空白字符结尾的行;

root@shell \~\]# netstat -tan \| egrep "LISTEN\[\[:space:\]\]\*$" tcp 0 0 0.0.0.0:22 0.0.0.0:\* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:\* LISTEN tcp6 0 0 :::22 :::\* LISTEN tcp6 0 0 ::1:631 :::\* LISTEN ![](https://file.jishuzhan.net/article/1736371495560548353/eec462c2126f1cb8452ca4ef0eb7046f.webp)

17、找出"fdisk -l"命令的结果中,包含以/dev/后跟sd或hd及一个字母的行;

root@shell \~\]# fdisk -l \| egrep "/dev/(sd\|hd)\[\[:alpha:\]\]" #这里没有结果

18、找出"ldd /usr/bin/cat"命令的结果中文件路径;

root@shell \~\]# ldd /usr/bin/cat linux-vdso.so.1 (0x00007fff8df01000) libc.so.6 =\> /lib64/libc.so.6 (0x00007f3f05dec000) /lib64/ld-linux-x86-64.so.2 (0x00007f3f0600b000) \[root@shell \~\]# ldd /usr/bin/cat \| grep -o "/\[\^ \]\*" /lib64/libc.so.6 /lib64/ld-linux-x86-64.so.2 ![](https://file.jishuzhan.net/article/1736371495560548353/d21975a530050cff827ce0b6caba33d9.webp)

19、找出/proc/meminfo文件中,所有以大写或小写s开头的行;至少用三种方式实现;

root@shell \~\]# egrep "\^(S\|s)" /proc/meminfo \[root@shell \~\]# grep -i "\^s" /proc/meminfo \[root@shell \~\]# egrep "\^\[sS\]" /proc/meminfo ![](https://file.jishuzhan.net/article/1736371495560548353/d74e819833849af95b9aab912108a10c.webp)

20、显示当前系统上root、apache或nginx用户的相关信息;

root@shell \~\]# egrep "\^(root\|apache\|nginx)" /etc/passwd root:x:0:0:root:/root:/bin/bash apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin nginx:x:977:977:Nginx web server:/var/lib/nginx:/sbin/nologin ![](https://file.jishuzhan.net/article/1736371495560548353/0b18257a598ee6e603afde216c78d08e.webp)

21、echo输出一个绝对路径,使用egrep取出其基名;

root@shell \~\]# echo "/var/www/html/index.html" \| egrep -o \[\^/\]+$ # \[\^/\]表示不包含/ index.html ![](https://file.jishuzhan.net/article/1736371495560548353/26c6631f293b67a05230d7e721a68af1.webp)

22、找出ifconfig命令结果中的1-255之间的整数;

root@shell \~\]# ifconfig \| egrep -o -w "\[1-9\]{1}\|(\[1-9\]{1}\[0-9\]{1})\|\[1-2\]{1}(\[0-9\]{1,2})" \| awk '{printf "%s ",$0} END {print ""}' 192 168 110 132 255 255 255 192 168 110 255 64 29 78 73 5 3 73 127 1 255 1 128 17 1 9 17 1 9 ![](https://file.jishuzhan.net/article/1736371495560548353/09e029a3a747e022a1b6fa371289fc0a.webp)

23、找出系统中其用户名与shell名相同的用户。

root@shell \~\]# egrep "\^(.+):.\*\\1$" /etc/passwd \| cut -d: -f1 sync shutdown halt \[root@shell \~\]# egrep "\^(sync\|shutdown\|halt)" /etc/passwd #检测一下是否正确 sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt ![](https://file.jishuzhan.net/article/1736371495560548353/99d0736613762d77a4d0e6aa19595b30.webp)

相关推荐
●^●7 分钟前
Linux 权限修改详解:chmod 命令与权限数字的秘密
linux
唯独失去了从容10 分钟前
WebRTC服务器Coturn服务器中的通信协议
运维·服务器·webrtc
光而不耀@lgy1 小时前
C++初登门槛
linux·开发语言·网络·c++·后端
joker_zsl1 小时前
docker的安装和简单使用(ubuntu环境)
运维·docker·容器
偶尔微微一笑1 小时前
AI网络渗透kali应用(gptshell)
linux·人工智能·python·自然语言处理·编辑器
Run1.1 小时前
深入解析 Linux 中动静态库的加载机制:从原理到实践
linux·运维·服务器
VI8664956I261 小时前
全链路自动化AIGC内容工厂:构建企业级智能内容生产系统
运维·自动化·aigc
The Mr.Nobody2 小时前
STM32MPU开发之旅:从零开始构建嵌入式Linux镜像
linux·stm32·嵌入式硬件
老兵发新帖2 小时前
Ubuntu 上安装 Conda
linux·ubuntu·conda
秋秋秋秋秋雨2 小时前
linux安装单节点Elasticsearch(es),安装可视化工具kibana
linux·elasticsearch·jenkins