1. Concept:
-
Regular expressions are used to find, replace, and delete one or more lines of text strings through the arrangement of some special characters.
-
In the Shell command line, users can use the grep command to test
parameter illustrate -b For each line of output, display the byte offset in the file of the line containing the matching string. -c Show only the number of rows found -i Shows the found lines, comparing case-insensitively -h Instruct grep not to prepend filenames to output when finding multiple files -l Display the file name of the first matching string separated by newlines. When a matching string appears multiple times in a file, the file name will not be displayed repeatedly. -n Display the found line and the line number (the line number of the first line of the file is 1) -O Show only matching content -A If the match is successful, the matching line and the following n lines are printed together. -B If the match is successful, print the matching line and its first n lines together. -C If the match is successful, print the matching line and n lines before and after it. -AND equal to egrep, extended --color Highlight color to display matching strings -in Show lines with no matching string -In match words -x Only show rows that match exactly the entire row -P Matches characters between specified strings -
grep: supports the use of basic regular expressions (note: grep needs to escape {}, {}, egrep does not need to be escaped)
grep ^SELINUX /etc/selinux/config # 查找以SELINUX开头的行数据 -
egrep: supports the use of extended regular expressions
-
fgrep: Using regular expressions is not supported
-
2. Basic regular expressions:
-
Basic Regular Expression (BRE), also known as standard regular expression
-
character:
character illustrate character illustrate ^word Match at the beginning of each line [str] Match any single character in str word$ Match at the end of each line [^str] Matches any single character not in str . Match any single character [a-b] Matches any character between a and b * Match the previous item 0 or more times \ Ignore the special meaning of the following character \b Any characters following it must appear as the beginning or end of a word {n,m} Match n to m times, the previous character .* Match all characters, 0 to many times {n,} At least N times, no limit to more ^.* Start with any number of characters {n} n times ^$ Represents a blank line, not a space {,m} At most m times, no limit if less \ <word Any characters following it must appear as the beginning of a word word> Any characters preceding it must appear as the end of the word \In Matches any word character including an underscore \IN Matches any non-word character. Equivalent to "A-Za-z0-9_" \d Matches a numeric character \D Matches a non-numeric character. Equivalent to 0-9. \s whitespace \S non-whitespace [root@quruixiang shellstudy]# echo "1234578125" |grep '5$' 1234578125[root@quruixiang shellstudy]# echo "1234578125" |grep '12.' 1234578125[root@quruixiang shellstudy]# echo "1234578125" |grep '1*' 1234578125[root@quruixiang shellstudy]# echo "123asdfegv123" |grep [ab] 123asdfegv123[root@quruixiang shellstudy]# echo "123asdfegv123" |grep [a-zA-Z] 123asdfegv123[root@quruixiang shellstudy]# echo "3.1415926" |grep '1\{1,\}' # grep命令使用{}需要转义 3.1415926[root@quruixiang shellstudy]# echo "abcdefg" | grep '\babc' abcdefg[root@quruixiang shellstudy]# grep "bash\>" /etc/passwd# 5、查找/etc/inittab中含有“以s开头,并以d结尾的单词”模式的行; [root@quruixiang shellstudy]# grep "\<s[a-z]*d\>" /etc/inittab -
Regular expression character set: (grep + parameter E)
character illustrate [[:alnum:]] Matches any letter or number, equivalent to [A-Za-z0-9] [[:alpha:]] Matches any letter, equivalent to [A-Za-z] [[:digit:]] Matches any number, equivalent to 0-9 [[:lower:]] Matches any lowercase letter, equivalent to a-z [[:upper:]] Matches any uppercase letter, equivalent to A-Z [[:space:]] matches anywhitespace character, including space, tab, newline and page break [[:blank:]] Match spaces and tabs [[:graph:]] Matches any visible printable character, excluding whitespace characters [[:print:]] Matches any printable character, including whitespace characters, but does not include control characters, string terminator '\0', EOF end of file character (-1) [[:cntrl:]] Matches any control character, the first 32 characters in the ASCII character set. For example, line breaks, tabs, etc. [[:point:]] Match any punctuation mark, such as "[]", "{}" or "," etc. [[:xdigit:]] Matches hexadecimal digits, i.e. 0-9, a-f, and A-F
3. Extended regular expressions:
-
Extended Regular Expression (ERE) supports more metacharacters than basic regular expressions, but extended regular expressions do not support some metacharacters supported by basic regular expressions.
-
character:
character illustrate character illustrate + Match the previous item one or more times {j} Match the previous item j times ? Match the previous item 0 or 1 times {j,} Match the previous item j or more times (?=exp) Assert that the position after which it appears can match the expression exp {,k} Match the previous item at most k times (s|t) Match one of s or t items ( ) Treat the contents in brackets as a whole (word).\1 Define the start and end positions of the subexpression (beginning and end of string) [root@quruixiang shellstudy]# grep -E "^(s|S)" /proc/meminfo# 8、显示当前系统上root、centos或spark用户的相关信息; [root@quruixiang shellstudy]# grep -E -w "^(root|centos|spark)" /etc/passwd # -w匹配单词 # 匹配数据库列表中没有Database或者information_schema的数据库 mysql -h127.0.0.1 -uroot -p110119 -e "show databases;" | grep -Ev "Database|information_schema"# 4、查找/etc/rc.d/rc.local中包含“以to开始并以to结尾”的字串行; [root@quruixiang shellstudy]# grep -E -w "(to).*\1" /etc/rc.d/rc.local # \1表示引用to[root@quruixiang ~]# echo "window10" | grep -P "window(?=10)" window10
4. Exercise:
# 1、显示/etc/passwd文件中以bash结尾的行;
[root@quruixiang shellstudy]# grep "bash\>" /etc/passwd
# 2、找出/etc/passwd文件中的三位或四位数;
[root@quruixiang shellstudy]# grep "[0-9]\{3,4\}" /etc/passwd
# 3、找出/etc/grub2.cfg文件中,以至少一个空白字符开头,后面又跟了非空白字符的行;
[root@quruixiang shellstudy]# grep -E "^[[:space:]].*" /etc/grub2.cfg
# 4、找出"netstat -tan”命令的结果中,以‘LISTEN’后跟0个或多个空白字符结尾的行;;
[root@quruixiang shellstudy]# netstat -tan | grep -E "LISTEN[[:space:]]*\>"
# 5、找出"fdisk -l“命令的结果中,包含以/dev/后跟sd或hd及一个字母的行;
[root@quruixiang shellstudy]# fdisk -l | grep "/dev/[sh]d[a-z]"
# 6、找出”ldd /usr/bin/cat“命令的结果中文件路径;
[root@quruixiang shellstudy]# ldd /usr/bin/cat | grep -o "/[^[:space:]]\{1,\}" # -o只显示匹配到的内容
# 7、找出/proc/meminfo文件中,所有以大写或小写s开头的行;至少用三种方式实现;
[root@quruixiang shellstudy]# grep "^[Ss]" /proc/meminfo
[root@quruixiang shellstudy]# grep -i "^s" /proc/meminfo # -i忽略大小写
[root@quruixiang shellstudy]# grep -E "^(s|S)" /proc/meminfo
# 8、显示当前系统上root、centos或spark用户的相关信息;
[root@quruixiang shellstudy]# grep -E -w "^(root|centos|spark)" /etc/passwd # -w匹配单词
# 9、echo输出一个绝对路径,使用egrep取出其基名;
[root@quruixiang shellstudy]# echo /usr/shellstudy/ | grep -E -o "[^/]+/?$" | cut -d "/" -f 1
# 10、找出ifconfig命令结果中的1-255之间的整数;
[root@quruixiang shellstudy]# ifconfig | grep -E -o "([1-9]|[1-9][1-9]|1[0-9][0-9]|2[0-5][0-5])"
# 11、找出系统中其用户名与shell名相同的用户。
[root@localhost ~]# grep "^\(.*\):.*\1$" passwd# 1、显示/etc/rc.d/rc.sysinit文件中以不区分大小的h开头的行;
[root@quruixiang shellstudy]# grep -i h /etc/rc.d/rc.sysinit
# 2、显示/etc/passwd中以sh结尾的行;
[root@quruixiang shellstudy]# grep "sh$" /etc/passwd
# 3、显示/etc/fstab中以#开头,且后面跟一个或多个空白字符,而后又跟了任意非空白字符的行;
[root@quruixiang shellstudy]# grep "^#[[:space:]]\{1,\}[^[:space:]]\{1,\}" /etc/fstab
# 4、查找/etc/rc.d/rc.local中包含“以to开始并以to结尾”的字串行;
[root@quruixiang shellstudy]# grep -E -w "(to).*\1" /etc/rc.d/rc.local
# 5、查找/etc/inittab中含有“以s开头,并以d结尾的单词”模式的行;
[root@quruixiang shellstudy]# grep "\<s[a-z]*d\>" /etc/inittab
# 6、查找ifconfig命令结果中的1-255之间的整数;
[root@quruixiang shellstudy]# ifconfig | grep -E -o "([1-9]|[1-9][1-9]|1[0-9][0-9]|2[0-5][0-5])"
# 7、显示/var/log/secure文件中包含“Failed”或“FAILED”的行;
[root@quruixiang shellstudy]# grep -E -w "(failed|FAILED)" /var/log/secure
# 8、在/etc/passwd中取出默认shell为bash的行;
[root@quruixiang shellstudy]# grep "bash$" /etc/passwd
# 9、以长格式列出/etc/目录下以ns开头、.conf结尾的文件信息;
[root@quruixiang shellstudy]# ls /etc | grep "ns[a-zA-Z0-9_]\{1,\}.conf$"
# 10、高亮显示passwd文件中冒号,及其两侧的字符;
[root@quruixiang shellstudy]# grep --color ".:." /etc/passwd