1.grep introduction
grep filter general-purpose regular expression analysis program grep,egrep,fgrep Filter by matching grep [options] pattern [files] or grep [-abcEFGhHilLnqrsvVwxy][-A<Number of displayed rows>][-B<Number of displayed columns>][-C<Number of displayed columns>][-d<Perform action>][-e<Template style>][- f<template file>][--help][template style][file or directory...] pattern - represents the string or regular expression to find. files - represents the file name to be searched. Multiple files can be searched at the same time. If the files parameter is omitted, the data will be read from the standard input by default. Purpose: Find and display the lines containing the specified string in the file Format: grep [options]... pattern target file -i: ignore case when searching -v: Reverse the search and output lines that do not match the pattern -n: Display line numbers that meet the pattern requirements -r: Search all files recursively -o: Only display matching content -E: Supports more metacharacters (supports extended regular expressions) -A: Find the matching line and the following lines -B: Output matching lines and previous lines If you feel that these commands are missing, you can man grep to see other options
2.Using grep options
# -i: ignore case when searching # If the -i option is used, all lines with ports will be checked, ignoring case. Words with ports in them will also be checked. [root@test ~]# grep -i "port" /etc/ssh/sshd_config # If you want to change the port on a SELinux system, you have to tell # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER #Port 22 # WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several #GatewayPorts no # -v: Reverse the search and output lines that do not match the pattern # Here is to find all lines without the letter d [root@test shell-test]# cat a.txt aabbcc a2 b2 c2 d2 a3 b3 c3 [root@test shell-test]# grep -v "d" a.txt aabbcc a3 b3 c3 # -n: Display line numbers that meet the pattern requirements # Can operate with multiple options [root@test shell-test]# grep -nv "d" a.txt 1:aabbcc 3:a3 b3 c3 # -r: Search all files recursively [root@test test_dir]# cat test.txt test test.py [root@test test_dir]# echo "test66" >>test2.txt [root@test test_dir]# echo "test555" >>test2.txt [root@test test_dir]# grep -r "test" . # . is the current file ./test.txt:test ./test.txt:test.py ./test2.txt:test66 ./test2.txt:test555 # -o: Only display matching content [root@test test_dir]# grep -or "test" . ./test.txt:test ./test.txt:test ./test2.txt:test ./test2.txt:test # -E: Supports more metacharacters (supports extended regular expressions) with the same effect as egerp # Find lines starting with aa [root@test shell-test]# grep -E "^aa" a.txt aabbcc [root@test shell-test]# egrep "^aa" a.txt aabbcc # -A: Find the matching line and the following lines # -B: Output matching lines and previous lines [root@test shell-test]# egrep -A 2 "^aa" a.txt aabbcc a2 b2 c2 d2 a3 b3 c3 [root@test shell-test]# egrep -B 2 "^a3" a.txt aabbcc a2 b2 c2 d2 a3 b3 c3
3. Simple regular rules
# ^aa Lines starting with aa # aa$ represents lines ending with aa # [] represents a character set [a-z] Take one from a-z [^a-z] Do not take characters a-z ^[^a-zA-Z0-9_] displays lines that do not start with letters, numbers, or underscores -v ^[a-zA-Z0-9_] # wildcard * represents matching the previous item any number of times 0-n ? Represents matching the previous item 0 times or 1 time 0,1 + means matching the previous item one to multiple times 1-n . placeholder any character except \ {n,m} matches the previous item n to m times # \bmatch word boundaries \b.*\b # \B does not match word boundaries # \w matches word characters (a-z, A-Z, 0-9, Chinese) # \W does not match word characters # \s matches whitespace characters (space, tab) # \S matches non-whitespace characters
4. Practice
4.1. Title
#1. Copy /etc/passwd to the current directory, and then operate passwd to create a new user with the surname liu in advance. #2. Find the lines starting with ftp or mail in the current passwd file and output them to the screen. #3. Find the lines in the current passwd file that do not start with r, m, or f. #4. Find the lines ending with bash in the current passwd #5. Find the valid lines in the /etc/login.defs file (blank lines and comment lines are not displayed, lines starting with #) #6. Find 15-letter words in the /var/log/messages document #7. Find the user whose user name contains liu in the /etc/passwd file and who uses bash. #8. Find lines containing 2 consecutive characters in the /etc/ssh/sshd_config file. #9. Find lines containing special characters #10. Find lines that do not contain numbers #11. Find the ip address in /var/log/secure
4.2 Questions 1-5
[root@test shell-test]# cp /etc/passwd . cp: overwrite "./passwd"? y #2. Find the lines starting with ftp or mail in the current passwd file and output them to the screen. [root@test shell-test]# grep -E "^ftp|^mail" passwd mail:x:8:12:mail:/var/spool/mail:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin # 3. Find lines in the current passwd file that do not start with r, m, or f. [root@test shell-test]# egrep -v "^r|^m|^f" passwd bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync [root@test shell-test]# grep -E "^[^rmf]" passwd bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync # 4. Find the lines ending with bash in the current passwd [root@test shell-test]# egrep "bash$" passwd root:x:0:0:root:/root:/bin/bash gala:x:1000:1000::/home/gala:/bin/bash liuliu:x:1001:1001::/home/liuliu:/bin/bash haoliu:x:1002:1002::/home/haoliu:/bin/bash sc:x:1003:1003:liliu:/home/sc:/bin/bash # 5. Find the valid lines in the /etc/login.defs file (do not display blank lines and comment lines, lines starting with #) [root@test shell-test]# grep -vE "^#|^$" /etc/login.defs MAIL_DIR /var/spool/mail PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7 UID_MIN 1000 UID_MAX 60000 SYS_UID_MIN 201 SYS_UID_MAX 999 GID_MIN 1000 GID_MAX 60000 SYS_GID_MIN 201 SYS_GID_MAX 999 CREATE_HOME yes UMASK 077 USERGROUPS_ENAB yes ENCRYPT_METHOD SHA512 [root@test shell-test]# egrep "^[^#$]" /etc/login.defs MAIL_DIR /var/spool/mail PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7 UID_MIN 1000 UID_MAX 60000 SYS_UID_MIN 201 SYS_UID_MAX 999 GID_MIN 1000 GID_MAX 60000 SYS_GID_MIN 201 SYS_GID_MAX 999 CREATE_HOME yes UMASK 077 USERGROUPS_ENAB yes ENCRYPT_METHOD SHA512
4.3 Questions 6-10
# 6. Find 15-letter words in the /var/log/messages document [root@test shell-test]# egrep -i "\b[a-z]{15}\b" /var/log/messages Sep 27 11:30:18 test kernel: Booting paravirtualized kernel on VMware hypervisor Sep 27 14:22:52 test kernel: Booting paravirtualized kernel on VMware hypervisor Sep 27 15:12:01 test kernel: Booting paravirtualized kernel on VMware hypervisor Sep 27 15:23:11 test kernel: Booting paravirtualized kernel on VMware hypervisor Sep 27 16:14:41 test kernel: Booting paravirtualized kernel on VMware hypervisor Sep 27 16:16:52 test kernel: Booting paravirtualized kernel on VMware hypervisor Sep 27 16:36:43 test kernel: Booting paravirtualized kernel on VMware hypervisor Sep 27 18:59:15 test kernel: Booting paravirtualized kernel on VMware hypervisor # [a-Z] == [a-zA-Z] Linux is sorted by dictionary, and python is ascii code, so python cannot use [a-Z]. # Because they are not adjacent [root@test shell-test]# grep -E "\b[a-Z]{15}\b" /var/log/messages Sep 27 11:30:18 test kernel: Booting paravirtualized kernel on VMware hypervisor Sep 27 14:22:52 test kernel: Booting paravirtualized kernel on VMware hypervisor Sep 27 15:12:01 test kernel: Booting paravirtualized kernel on VMware hypervisor Sep 27 15:23:11 test kernel: Booting paravirtualized kernel on VMware hypervisor Sep 27 16:14:41 test kernel: Booting paravirtualized kernel on VMware hypervisor Sep 27 16:16:52 test kernel: Booting paravirtualized kernel on VMware hypervisor Sep 27 16:36:43 test kernel: Booting paravirtualized kernel on VMware hypervisor Sep 27 18:59:15 test kernel: Booting paravirtualized kernel on VMware hypervisor # 7. Find users whose usernames in the /etc/passwd file include liu and use bash. # Simple regular expression can be used without connecting -E [root@test shell-test]# egrep "^[^:]*liu[^:]*:" passwd |grep bash$ liuliu:x:1001:1001::/home/liuliu:/bin/bash haoliu:x:1002:1002::/home/haoliu:/bin/bash haoliua:x:1004:1004::/home/haoliua:/bin/bash [root@test shell-test]# egrep "^[0-Z_]*liu[0-Z_]*:" passwd |grep bash$ liuliu:x:1001:1001::/home/liuliu:/bin/bash haoliu:x:1002:1002::/home/haoliu:/bin/bash haoliua:x:1004:1004::/home/haoliua:/bin/bash # 8. Find lines containing 2 consecutive characters in the /etc/ssh/sshd_config file [root@test shell-test]# grep -E "(.)\1" /etc/ssh/sshd_config # 9. Find lines containing special characters [root@test shell-test]# egrep "[^0-Z]" /etc/ssh/sshd_config #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no #PermitTTY no # ForceCommand cvs server # 10. Find lines that do not contain numbers [root@test shell-test]# cat a.txt aabbcc a2 b2 c2 d2 a3 b3 c3 [root@test shell-test]# egrep -v "[0-9]" a.txt aabbcc
Question 4.4.11
# Find the ip address in /var/log/secure Use the enumeration method to list them one by one. Pay attention to the placeholder. Any character except \ must be represented by \. "((((25[0-5])|(2[0-4][0-9])|(1[0-9][0-9])|([1-9][0- 9])|([0-9]))\.){3})((25[0-5])|(2[0-4][0-9])|(1[0-9] [0-9])|([1-9][0-9])|([0-9]))" [root@test shell-test]# grep -oE "((((25[0-5])|(2[0-4][0-9])|(1[0-9][0-9 ])|([1-9][0-9])|([0-9]))\.){3})((25[0-5])|(2[0-4][0 -9])|(1[0-9][0-9])|([1-9][0-9])|([0-9]))" /var/log/secure 0.0.0.0 192.168.249.1 0.0.0.0 192.168.249.1 0.0.0.0 192.168.249.1 0.0.0.0 192.168.249.1 0.0.0.0 192.168.249.1 0.0.0.0 192.168.249.1 0.0.0.0 192.168.249.1 0.0.0.0 192.168.249.1