本文中主要介绍了linu系统下grep命令、正则表达式的基本参数和使用格式、方法:
grep的理解:
文本搜索工具,根据用户指定的文本模式对目标文件进行逐行搜索,显示能够被模式所匹配到的行;
grep (global search regular expression=\‘#\‘" ) and print out the line,全面搜索正则表达式并把行打印出来)是一种强大的文本搜索工具,它能使用正则表达式搜索文本,并把匹配的行打印出来;
egrep命令是一个搜索文件获得模式,使用该命令可以任意搜索文件中的字符串和符号,也可以为你搜索一个多个文件的字符串,一个提示符可以是单个字符、一个字符串、一个字、一个句子;
fgrep 命令搜索 File 参数指定的输入文件(缺省为标准输入)中的匹配模式的行。fgrep 命令特别搜索 Pattern 参数,它们是固定的字符串。如果在 File 参数中指定一个以上的文件 fgrep 命令将显示包含匹配行的文件。
功能说明:查找文件里符合条件的字符串
命令格式: grep [options] ‘PATTERN’ file,…
基本正则表达式和扩展正则表达式:
1. grep 常用选项:
-v: 反向查找,显示不能被模式所匹配到的行;
-o: 仅显示被模式匹配到的字串,而非整行;
-i: 不区分字符大小写;
-E: 支持扩展的正则表达式;
--color=auto:符合条件后以颜色显示
-A #:显示匹配到字符的那行的后面n行;
-B #:显示匹配到字符的那行的前面n行;
-C #:显示匹配到字符的那行的前后n行;
下面是 常用选项 应用举例:
1).查看/etc/fstab文件中以非#号开头的行--># grep -v "^#" /etc/inittab
[root@localhost ~]# grep -v "^#" /etc/inittab id:3:initdefault: [root@localhost ~]#
2).搜索/etc/passwd文件中字所有行中为-->root的关键字:--># grep -o "root" /etc/passwd
[root@localhost ~]# grep -o "root" /etc/passwd root root root root root root root root [root@localhost ~]#
3).搜索/etc/passwd文件中字符以为root的关键字:-->grep -i "^root" /etc/passwd
[root@localhost ~]# grep -i "^root" /etc/passwd root:x:0:0:root:/root:/bin/bash rooter:x:500:500::/home/rooter:/bin/bash ROOT:x:501:501::/home/ROOT:/bin/bash [root@localhost ~]#
4).搜索出以 shhd 的行,并列出行号:--># grep -n "sshd" /etc/passwd
[root@localhost ~]# grep -n "sshd" /etc/passwd 32:sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin [root@localhost ~]#
5).搜索没有shhd的行,并输出行号 :--># grep -nv ‘shhd‘ /etc/passwd
[root@localhost ~]# grep -nv ‘shhd‘ /etc/passwd 1:root:x:0:0:root:/root:/bin/bash 2:bin:x:1:1:bin:/bin:/sbin/nologin ... 36:rroot:x:502:502::/home/rroot:/bin/bash [root@localhost ~]#
6).搜索匹配ftp下面的1行:--># grep -A 1 "ftp" /etc/passwd
[root@localhost ~]# grep -A 1 "ftp" /etc/passwd ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin [root@localhost ~]#
7).显示匹配sshd上面的1行:--># cat /etc/passwd|grep -B 1 sshd
[root@localhost ~]# cat /etc/passwd|grep -B 1 sshd pulse:x:497:496:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin [root@localhost ~]#
8).显示匹配ftp上下各一行以及本行:-->#
[root@localhost ~]# cat /etc/passwd|grep -C 2 sshd nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin pulse:x:497:496:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin rooter:x:500:500::/home/rooter:/bin/bash [root@localhost ~]#
2. 字符匹配:
. :匹配任意单个字符;
[]:指定范围内的任意单个字符;
[0-9], [a-z], [A-Z], [0-9a-zA-Z]:
[[:digit:]]表示所有数字
[[:lower:]]表示所有小写字母
[[:upper:]] 表示所有大写字母
[[:alpha:]]表示所有大小写字母;
[[:alnum:]]:表示数字、大小写字母;
[[:space:]]:表示空白字符(新行,空格,制表符);
[[:punct:]]表示所有标点符号
[^]:匹配指定字符范围外的任意单个字符;
下面是 字符匹配 应用举例:
1).匹配/etc/passwd文件下的所有以r开头t结尾的用户:--># grep "r..t" /etc/passwd
[root@localhost ~]# grep "r..t" /etc/passwd root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin rooter:x:500:500::/home/rooter:/bin/bash rroot:x:502:502::/home/rroot:/bin/bash [root@localhost ~]#
2).匹配以小写字母(数字、大写字母)开头的行:--># grep -n ‘^[A-Z]‘ /etc/passwd
[root@localhost ~]# grep -n ‘^[A-Z]‘ /etc/passwd 35:ROOT:x:501:501::/home/ROOT:/bin/bash [root@localhost ~]#
3).匹配xiaoma.txt中的所有数字并将其显示出来:--># grep [[:digit:]] xiaoma.txt
[root@localhost ~]# grep [[:digit:]] xiaoma.txt 1command a5bxyza5b a5bxyza6b [root@localhost ~]#
4).搜索xiaoma.txt文件中除了数字以外的字符显示出来:--># grep --color=auto "[^[:digit:]]" xiaoma.txt
[root@localhost ~]# grep --color=auto "[^[:digit:]]" xiaoma.txt comand 1command commmand commmmand commmmmand commmmmmmand a5bxyza5b a5bxyza6b [root@localhost ~]#
3. 次数匹配:
*:用来指定匹配其前面的字符任意次;
.*:匹配任意长度的任意字符;
\?:匹配其前面的字符的0次或1次;
\{m\}: 匹配m次
\{m,n\}:
\{m,\}: 至少m次;
\{0,n\}:至多n次;
下面是 次数匹配 应用举例:
1).查找/etc/man.config文件中包含com且o出现0次或0次以上的行:--># grep "com*" /etc/man.config
[root@localhost ~]# grep "com*" /etc/man.config # Generated automatically from man.conf.in by the # configure script. # man.conf from man-1.6f # and man.conf(5). ... # text twice. (But compressed pages compare unequal.) # Decompress with given decompressor when input file has given extension # The command given must act as a filter. # If MAKEWHATISDBUPDATES variable is uncommented [root@localhost ~]#
2).查找/etc/man.config文件中包含com的行(贪婪模式):--># grep "com.*" /etc/man.config
[root@localhost ~]# grep "com.*" /etc/man.config # Certain versions of the FSSTND recommend putting formatted versions # Certain versions of the FHS recommend putting formatted versions of ... # The command given must act as a filter. # If MAKEWHATISDBUPDATES variable is uncommented [root@localhost ~]#
3).查找/etc/man.config文件中包含co且m出现0或1次:--># grep ‘com\?‘ /etc/man.config
[root@localhost ~]# grep ‘com\?‘ /etc/man.config # Generated automatically from man.conf.in by the # configure script. # man.conf from man-1.6f ... # The command given must act as a filter. # If MAKEWHATISDBUPDATES variable is uncommented [root@localhost ~]#
4>查找/etc/man.config文件中包含com且m只出现2次的行:--># grep "com\{2\}" /etc/man.config
[root@localhost ~]# grep "com\{2\}" /etc/man.config
# Certain versions of the FSSTND recommend putting formatted versions
# Certain versions of the FHS recommend putting formatted versions of
# Uncomment if you want to include one of these by default
# The command "man -a xyzzy" will show all man pages for xyzzy.
# The command given must act as a filter.
# If MAKEWHATISDBUPDATES variable is uncommented
[root@localhost ~]#5).查找/etc/man.config文件中包含com且m最少出现一次最多出现4次的行:--># grep "com\{1,3\}" /etc/man.config
[root@localhost ~]# grep "com\{1,3\}" /etc/man.config
# Certain versions of the FSSTND recommend putting formatted versions
...
# Decompress with given decompressor when input file has given extension
# The command given must act as a filter.
# If MAKEWHATISDBUPDATES variable is uncommented
[root@localhost ~]#6).查找/etc/man.config文件中包含com且m最少出现一次的行:--># grep "com\{1,\}" /etc/man.config
[root@localhost ~]# grep "com\{1,\}" /etc/man.config
# Certain versions of the FSSTND recommend putting formatted versions
# Certain versions of the FHS recommend putting formatted versions of
...
# If MAKEWHATISDBUPDATES variable is uncommented
[root@localhost ~]#7).查找/etc/man.config文件中包含com且m最少出现0次,最多出现5次的行:--># grep "com\{0,5\}" /etc/man.config
[root@localhost ~]# grep "com\{0,5\}" /etc/man.config
# Generated automatically from man.conf.in by the
...
# If MAKEWHATISDBUPDATES variable is uncommented
[root@localhost ~]# 4. 位置锚定:用于指定字符出现的位置
^: 锚定行首,(^char:就是以char开头的行);
$: 锚定行尾,(char$:就是以char结尾的行);
^$: 空白行,(就是以空白开头的行);
\< 或b: 锚定词首;
\>或\b: 锚定词尾;
下面是 位置锚定 应用举例:
1).查找/etc/fstab文件中以#开头的行: --># grep "^#" /etc/fstab
[root@localhost ~]# grep "^#" /etc/fstab # # /etc/fstab # Created by anaconda on Sun Feb 9 13:43:51 2014 # # Accessible filesystems, by reference, are maintained under ‘/dev/disk‘ # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # [root@localhost ~]#
2).查找/etc/passwd文件中行尾以bash结尾的用户:--># grep "bash$" /etc/passwd
[root@localhost ~]# grep "bash$" /etc/passwd root:x:0:0:root:/root:/bin/bash rooter:x:500:500::/home/rooter:/bin/bash ROOT:x:501:501::/home/ROOT:/bin/bash rroot:x:502:502::/home/rroot:/bin/bash [root@localhost ~]#
3).查找/etc/fstab文件中的空白行:--># grep "^$" /etc/fstab
4).查找root且root前面不包含任何字符的行(\< 或b):--># grep "\<root" /etc/passwd
[root@localhost ~]# grep "\<root" /etc/passwd root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin rooter:x:500:500::/home/rooter:/bin/bash [root@localhost ~]#
5).查找root且root后面不包含任何字符的行(\>或\b):--># grep "root\>" /etc/passwd
[root@localhost ~]# grep "root\>" /etc/passwd root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin rroot:x:502:502::/home/rroot:/bin/bash [root@localhost ~]#
5. 分组:
\(\);
6.引用:
\1
\2
...
例子: 分组与后向引用共同用: grep "\(a.b\).*\1" xiaoma.txt
下面是一些其他的例子:
1.显示/proc/meminfo文件中以大小写s开头的行;
# grep "^[sS]" /proc/meminfo
# grep -i "^s" /proc/meminfo
2、取出默认shell为非bash的用户;
# grep -v "bash$" /etc/passwd | cut -d: -f1
3、取出默认shell为bash的且其ID号最大的用户;
# grep "bash$" /etc/passwd | sort -n -t: -k3 | tail -1 | cut -d: -f1
4、显示/etc/rc.d/rc.sysinit文件中,以#开头,后面跟至少一个空白字符,而后又有至少一个非空白字符的行;
# grep "^#[[:space:]]\{1,\}[^[:space:]]\{1,\}" /etc/rc.d/rc.sysinit
5、显示/boot/grub/grub.conf中以至少一个空白字符开头的行;
# grep "^[[:space:]]\{1,\}[^[:space:]]\{1,\}" /boot/grub/grub.conf
6、找出/etc/passwd文件中一位数或两位数;
# grep --color=auto "\<[0-9]\{1,2\}\>" /etc/passwd
7、找出ifconfig命令结果中的1到255之间的整数;
# ifconfig | grep -E --color=auto "\<([1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\>"
8、查看当前系统上root用户的所有信息;
# grep "^root\>" /etc/passwd
9、添加用户bash和testbash、basher,而后找出当前系统上其用户名和默认shell相同的用户;
# grep --color=auto "^\([[:alnum:]]\{1,\}\)\>.*\1$" /etc/passwd
10、取出当前系统上所有用户的shell,要求:每种shell只显示一次,且按升序显示;
# cut -d: -f7 /etc/passwd | sort -u
11.挑战题:写一个模式,能匹配真正意义上的IP地址;
# ifconfig |grep -A 1 "^eth" |grep "\<[0-9.]\{1,\} |cut -d: -f2
12.找出命令:ifconfig查询结果中是1-255的整数:
#ifconfig | egrep ‘\b[0-9][0-9]\b?|\b1[0-9][0-9]\b|\b2[0-4][0-9]\b|\b25[0-5]\b‘ --color
......
欢迎纠错吆!!
----->>> 小马子!!
本文出自 “马亮亮” 博客,请务必保留此出处http://xiaomazi.blog.51cto.com/5891742/1361984
原文:http://xiaomazi.blog.51cto.com/5891742/1361984