一、grep基本使用
grep命令是Globally search a Regular Expression and Print的缩写,表示进行全局的正则匹配并进行打印。grep的相关扩展命令包括egrep和fgrep,其中egrep支持更多的正则匹配,fgrep只进行字符的匹配,不支持正则表达式。
[root@localhost ~]# grep '^#' /etc/ssh/ssh_config # 过滤以#号开头的行
[root@localhost ~]# grep -v '^#' /etc/ssh/ssh_config # -v:取反,表示反向查找
[root@localhost ~]# grep 'sendenv' /etc/ssh/ssh_config
[root@localhost ~]# grep -i 'sendenv' /etc/ssh/ssh_config # -i忽略大小写
[root@localhost ~]# grep 'bash' /opt/test/ # 过滤某个目录下面带有bash的行
[root@localhost ~]# grep -r 'bash' /opt/test/ # -[r|R]表示递归查询
-v # 取反
-i # 忽略大小写
-r # 递归查询
二、grep正则匹配
2.1 基本元字符
2.2 实例
(1) *
匹配0或多个字符
[root@linux-server ~]# useradd abrt
[root@linux-server ~]# grep 'abr*' /etc/passwd
abrt:x:1041:1041::/home/abrt:/bin/bash
(2)\< and \>
\<:词首定位符号
\>:词尾定位符号
[root@linux-server ~]# cat jack.txt
Jack JACK JAck jackly jack
:% s/\<[Jj]ack\>/123/g
(3)^
匹配以什么开头
[root@linux-server ~]# grep '^root' /etc/passwd
root:x:0:0:root:/root:/bin/bash
(4)2.4 $
匹配以什么结尾
[root@linux-server ~]# grep 'bash$' /etc/passwd
root:x:0:0:root:/root:/bin/bash
confluence:x:1000:1000:Atlassian Confluence:/home/confluence:/bin/bash
to:x:1003:1003::/home/to:/bin/bash
(5).
匹配任意单个字符
[root@linux-server ~]# grep 'r..t' /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
dockerroot:x:998:995:Docker User:/var/lib/docker:/sbin/nologin
[root@linux-server ~]# grep 'r.t' /etc/passwd
operator:x:11:0:operator:/root:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
(6).*
匹配任意多个字符
[root@linux-server ~]# grep 'r.*t' /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin polkitd:x:999:997:User for polkitd:/:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dockerroot:x:998:995:Docker User:/var/lib/docker:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
abrt:x:1041:1041::/home/abrt:/bin/bash
(7)[ ]
匹配方括号中的任意一个字符
[root@linux-server ~]# grep 'Root' /etc/passwd
[root@linux-server ~]# grep '[Rr]oot' /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
dockerroot:x:998:995:Docker User:/var/lib/docker:/sbin/nologin
(8)[ - ]
匹配指定范围内的一个字符
[root@linux-server ~]# grep [a-z]oot /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
dockerroot:x:998:995:Docker User:/var/lib/docker:/sbin/nologin
(9)[ ^ ]
匹配不在指定组内的字符,非的意思
[root@linux-server ~]# grep '[^0-9]oot' /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
dockerroot:x:998:995:Docker User:/var/lib/docker:/sbin/nologin
[root@linux-server ~]# grep '[^0-9A-Z]oot' /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
dockerroot:x:998:995:Docker User:/var/lib/docker:/sbin/nologin
[root@linux-server ~]# grep '[^0-9A-Za-z]oot' /etc/passwd #A-Z值是大写的
[root@linux-server ~]#
[root@newrain ~]# useradd Root
[root@newrain ~]# grep '[a-z]oot' /etc/passwd #a-z
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
dockerroot:x:998:995:Docker User:/var/lib/docker:/sbin/nologin Root:x:1042:1042::/home/Root:/bin/bash
[root@linux-server ~]# grep '^[rc]oot' /etc/passwd
root:x:0:0:root:/root:/bin/bash
注意:^在[ ]内表示取反,^在[ ]外表示以什么开头。
(10)\(\)
匹配后的标签
[root@linux-server ~]# cat file1.txt
IPADDR=192.168.1.123
GATEWAY=192.168.1.1
NETMASK=255.255.255.0
DNS=114.114.114.114
:%s/\(192.168.1.\)123/\12/
:%s/\(192.\)\(168.\)\(1.\)2/\1\2\35/
:%s/\(192.\)\(168.\)\(1.\)\(5\)/\1\26.\4/
三、egrep拓展正则匹配
3.1 拓展元字符
3.2 实例
(1)[ ] 和 { }
[root@linux-server ~]# egrep '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' /etc/resolv.conf
nameserver 192.168.246.2
(2)+
匹配一次或多次前导字符
[root@linux-server ~]# egrep 'ro+t' /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
dockerroot:x:998:995:Docker User:/var/lib/docker:/sbin/nologin
(3)?
匹配零次或一次前导字符
[root@linux-server ~]# egrep 'ro?t' /etc/passwd
abrt:x:1041:1041::/home/abrt:/bin/bash
(4)a|b
匹配a或b
[root@linux-server ~]# netstat -anlp|egrep ':80|:22'
[root@linux-server ~]# egrep 'root|alice' /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
dockerroot:x:998:995:Docker User:/var/lib/docker:/sbin/nologin
(5)x{m}
字符x重复m次
[root@linux-server ~]# cat a.txt
love
love.
loove
looooove
[root@linux-server ~]# egrep 'o{2}' a.txt
loove
looooove
[root@linux-server ~]# egrep 'o{2,}' a.txt
loove
looooove
[root@linux-server ~]# egrep 'o{6,7}' a.txt
小结:
(1)没有括号看前面的一个字符
love* # 出现0-n次
love? # 出现0-1次
love+ # 出现1-n次
love{2} # 出现2次
(2)有括号表示一个组
lo(ve)* # 出现0-n次
lo(ve)? # 出现0-1次
l(ove)+ # 出现1-n次
lo(ve){4} # 出现4次