linux 学习笔记-026-正则介绍,grep,egrep

发布于 2018-01-30  297 次阅读


什么是正则

正则就是一串有规律的字符串

掌握好正则对于编写 shell 脚本有很大帮助

各种编程语言中都有正则,原理是一样的

grep

样板文件:

root@am-01:~# mkdir grep

root@am-01:~# cd grep/

root@am-01:~/grep# cp /etc/passwd .

root@am-01:~/grep# ls

passwd

root@am-01:~/grep# pwd

/root/grep

grep 标准格式:

grep [-cinvABC] 'word' filename

root@am-01:~/grep# grep 'nologin' passwd

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

operator:x:11:0:operator:/root:/sbin/nologin

games:x:12:100:games:/usr/games:/sbin/nologin

ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

nobody:x:99:99:Nobody:/:/sbin/nologin

avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin

dbus:x:81:81:System message bus:/:/sbin/nologin

polkitd:x:999:998:User for polkitd:/:/sbin/nologin

tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin

postfix:x:89:89::/var/spool/postfix:/sbin/nologin

sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

ntp:x:38:38::/etc/ntp:/sbin/nologin

user4:x:1004:1005::/home/aming111:/sbin/nologin

参数

-c 行数

root@am-01:~/grep# grep -c 'nologin' passwd

17

-i 不区分大小写

root@am-01:~/grep# vim passwd

bin:x:1:1:bin:/bin:/sbin/NOLogin

root@am-01:~/grep# grep -ni 'nologin' passwd

2:bin:x:1:1:bin:/bin:/sbin/NOLogin

3:daemon:x:2:2:daemon:/sbin:/sbin/nologin

4:adm:x:3:4:adm:/var/adm:/sbin/nologin

5:lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

9:mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

10:operator:x:11:0:operator:/root:/sbin/nologin

11:games:x:12:100:games:/usr/games:/sbin/nologin

12:ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

13:nobody:x:99:99:Nobody:/:/sbin/nologin

14:avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin

15:dbus:x:81:81:System message bus:/:/sbin/nologin

16:polkitd:x:999:998:User for polkitd:/:/sbin/nologin

17:tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin

18:postfix:x:89:89::/var/spool/postfix:/sbin/nologin

19:sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

21:ntp:x:38:38::/etc/ntp:/sbin/nologin

25:user4:x:1004:1005::/home/aming111:/sbin/nologin

-n 显示行号

root@am-01:~/grep# grep -n 'nologin' passwd

2:bin:x:1:1:bin:/bin:/sbin/nologin

3:daemon:x:2:2:daemon:/sbin:/sbin/nologin

4:adm:x:3:4:adm:/var/adm:/sbin/nologin

5:lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

9:mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

10:operator:x:11:0:operator:/root:/sbin/nologin

11:games:x:12:100:games:/usr/games:/sbin/nologin

12:ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

13:nobody:x:99:99:Nobody:/:/sbin/nologin

14:avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin

15:dbus:x:81:81:System message bus:/:/sbin/nologin

16:polkitd:x:999:998:User for polkitd:/:/sbin/nologin

17:tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin

18:postfix:x:89:89::/var/spool/postfix:/sbin/nologin

19:sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

21:ntp:x:38:38::/etc/ntp:/sbin/nologin

25:user4:x:1004:1005::/home/aming111:/sbin/nologin

-v 取反

root@am-01:~/grep# grep -nvi 'nologin' passwd

1:root:x:0:0:root:/root:/bin/bash

6:sync:x:5:0:sync:/sbin:/bin/sync

7:shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown

8:halt:x:7:0:halt:/sbin:/sbin/halt

20:aming:x:1000:1000::/home/aming:/bin/bash

22:user1:x:1001:1001::/home/user1:/bin/bash

23:user2:x:1002:1002::/home/user2:/bin/bash

24:user3:x:1003:1005::/home/user3:/bin/bash

26:user5:x:1005:1006::/home/user5:/bin/bash

27:user6:x:1007:1007::/home/user6:/bin/bash

-r 遍历所有子目录

root@am-01:~/grep# grep -r 'root' /etc/

/etc/pki/ca-trust/extracted/README:root CA certificates.

/etc/pki/ca-trust/extracted/java/README:root CA certificates.

匹配到二进制文件 /etc/pki/ca-trust/extracted/java/cacerts

/etc/pki/ca-trust/extracted/openssl/README:root CA certificates.

/etc/pki/ca-trust/extracted/pem/README:root CA certificates.

/etc/pki/tls/certs/make-dummy-cert: echo root@localhost.localdomain

/etc/pki/tls/openssl.cnf:dir = ./demoCA # TSA root directory

/etc/rpm/macros.perl:%define perl_br_testdir %{buildroot}%{perl_testdir}/%{cpan_dist_name} \

/etc/rpm/macros.perl:%defattr(-,root,root,-)\

/etc/yum/pluginconf.d/fastestmirror.conf:# as root).

………………省略部分输出信息………………

/etc/sudoers:## cdrom as root

匹配到二进制文件 /etc/aliases.db

/etc/updatedb.conf:PRUNEFS = "9p afs anon_inodefs auto autofs bdev binfmt_misc cgroup cifs coda configfs cpuset debugfs devpts ecryptfs exofs fuse fuse.sshfs fusectl gfs gfs2 gpfs hugetlbfs inotifyfs iso9660 jffs2 lustre mqueue ncpfs nfs nfs4 nfsd pipefs proc ramfs rootfs rpc_pipefs securityfs selinuxfs sfs sockfs sysfs tmpfs ubifs udf usbfs"

-A 后面跟数字,过滤出符合要求的行以及下面 n 行

root@am-01:~/grep# grep -nA3 'root' passwd

1:root:x:0:0:root:/root:/bin/bash

2-bin:x:1:1:bin:/bin:/sbin/NOLogin

3-daemon:x:2:2:daemon:/sbin:/sbin/nologin

4-adm:x:3:4:adm:/var/adm:/sbin/nologin

--

10:operator:x:11:0:operator:/root:/sbin/nologin

11-games:x:12:100:games:/usr/games:/sbin/nologin

12-ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

13-nobody:x:99:99:Nobody:/:/sbin/nologin

-B 同上,过滤出符合要求的行以及上面 n 行

root@am-01:~/grep# grep -nB2 'root' passwd

1:root:x:0:0:root:/root:/bin/bash

--

8-halt:x:7:0:halt:/sbin:/sbin/halt

9-mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

10:operator:x:11:0:operator:/root:/sbin/nologin

-C 同上,同时过滤出符合要求的行以及上下各 n 行

root@am-01:~/grep# grep -nC2 'root' passwd

1:root:x:0:0:root:/root:/bin/bash

2-bin:x:1:1:bin:/bin:/sbin/NOLogin

3-daemon:x:2:2:daemon:/sbin:/sbin/nologin

--

8-halt:x:7:0:halt:/sbin:/sbin/halt

9-mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

10:operator:x:11:0:operator:/root:/sbin/nologin

11-games:x:12:100:games:/usr/games:/sbin/nologin

12-ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

grep 实例

查找带数字的行

root@am-01:~/grep# grep '[0-9]' passwd

root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/NOLogin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

sync:x:5:0:sync:/sbin:/bin/sync

shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown

halt:x:7:0:halt:/sbin:/sbin/halt

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

operator:x:11:0:operator:/root:/sbin/nologin

games:x:12:100:games:/usr/games:/sbin/nologin

ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

nobody:x:99:99:Nobody:/:/sbin/nologin

avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin

dbus:x:81:81:System message bus:/:/sbin/nologin

polkitd:x:999:998:User for polkitd:/:/sbin/nologin

tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin

postfix:x:89:89::/var/spool/postfix:/sbin/nologin

sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

aming:x:1000:1000::/home/aming:/bin/bash

ntp:x:38:38::/etc/ntp:/sbin/nologin

user1:x:1001:1001::/home/user1:/bin/bash

user2:x:1002:1002::/home/user2:/bin/bash

user3:x:1003:1005::/home/user3:/bin/bash

user4:x:1004:1005::/home/aming111:/sbin/nologin

user5:x:1005:1006::/home/user5:/bin/bash

user6:x:1007:1007::/home/user6:/bin/bash

查找不带数字的行并显示行号

root@am-01:~/grep# grep -vn '[0-9]' /etc/inittab

1:# inittab is no longer used when using systemd.

2:#

3:# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.

4:#

5:# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target

6:#

7:# systemd uses 'targets' instead of runlevels. By default, there are two main targets:

8:#

11:#

12:# To view current default target, run:

13:# systemctl get-default

14:#

15:# To set a default target, run:

16:# systemctl set-default TARGET.target

17:#

查询不以#号开头的行

root@am-01:~/grep# cp /etc/inittab ./

root@am-01:~/grep# vim inittab    #把 5/7/9/10 行的#号删除

# inittab is no longer used when using systemd.

#

# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.

#

Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target

#

systemd uses 'targets' instead of runlevels. By default, there are two main targets:

#

multi-user.target: analogous to runlevel 3

graphical.target: analogous to runlevel 5

#

# To view current default target, run:

# systemctl get-default

#

# To set a default target, run:

# systemctl set-default TARGET.target

#

root@am-01:~/grep# grep -vn '^#' inittab

5:Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target

7:systemd uses 'targets' instead of runlevels. By default, there are two main targets:

9:multi-user.target: analogous to runlevel 3

10:graphical.target: analogous to runlevel 5

只要不是方括号内的内容都查询出来

root@am-01:~/grep# vim inittab    #添加一行数字开头,中间夹着字母

1235785a111

root@am-01:~/grep# grep -n '[^0-9]' inittab

1:# inittab is no longer used when using systemd.

2:#

3:# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.

4:#

5:Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target

6:#

7:systemd uses 'targets' instead of runlevels. By default, there are two main targets:

8:#

9:multi-user.target: analogous to runlevel 3

10:graphical.target: analogous to runlevel 5

11:1235785a111

12:#

13:# To view current default target, run:

14:# systemctl get-default

15:#

16:# To set a default target, run:

17:# systemctl set-default TARGET.target

18:#

只要不是方括号里面的内容所开头的,都查询出来

root@am-01:~/grep# grep -n '^[^0-9]' inittab

1:# inittab is no longer used when using systemd.

2:#

3:# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.

4:#

5:Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target

6:#

7:systemd uses 'targets' instead of runlevels. By default, there are two main targets:

8:#

9:multi-user.target: analogous to runlevel 3

10:graphical.target: analogous to runlevel 5

12:#

13:# To view current default target, run:

14:# systemctl get-default

15:#

16:# To set a default target, run:

17:# systemctl set-default TARGET.target

18:#

root@am-01:~/grep# grep -vn '^[^0-9]' inittab

11:1235785a111

例子 r.o,匹配 r 开头,o 结尾,中间任意字符的行

root@am-01:~/grep# vim passwd    #增加两条记录做实验

sadas:r.o

dsgfgf:r1o:

root@am-01:~/grep# grep 'r.o' passwd

root:x:0:0:root:/root:/bin/bash

sadas:r.o

dsgfgf:r1o:

operator:x:11:0:operator:/root:/sbin/nologin

例子 o*o,匹配*号左边的字符 n 次的行打印出来,如 没 o/o/oo/ooo/oooo 等

root@am-01:~/grep# vim passwd    #便于做实验,修改两个,一个 3 个 o,一个 4 个 o

root:x:0:0:rooot:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/NOLogin

sadas:r.oooo

root@am-01:~/grep# grep 'o*o' passwd

root:x:0:0:rooot:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/NOLogin

sadas:r.oooo

dsgfgf:r1o:

………………省略部分输出信息………………

user4:x:1004:1005::/home/aming111:/sbin/nologin

user5:x:1005:1006::/home/user5:/bin/bash

user6:x:1007:1007::/home/user6:/bin/bash

匹配任意开头任意结尾的字符的行.*

root@am-01:~/grep# grep '.*' passwd

root:x:0:0:rooot:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/NOLogin

sadas:r.oooo

dsgfgf:r1o:

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

………………省略部分输出信息………………

postfix:x:89:89::/var/spool/postfix:/sbin/nologin

sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

aming:x:1000:1000::/home/aming:/bin/bash

ntp:x:38:38::/etc/ntp:/sbin/nologin

user1:x:1001:1001::/home/user1:/bin/bash

user2:x:1002:1002::/home/user2:/bin/bash

user3:x:1003:1005::/home/user3:/bin/bash

user4:x:1004:1005::/home/aming111:/sbin/nologin

user5:x:1005:1006::/home/user5:/bin/bash

user6:x:1007:1007::/home/user6:/bin/bash

root@am-01:~/grep# grep 'ntp.*nologin' passwd

ntp:x:38:38::/etc/ntp:/sbin/nologin

例子 o\{2\},匹配带有连续两个 o 的行,o\{0,2\}匹配带有 0 个,1 个,2 个 o 的行(这个了解即可)

root@am-01:~/grep# grep 'o\{2\}' passwd

root:x:0:0:rooot:/root:/bin/bash

sadas:r.oooo

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

operator:x:11:0:operator:/root:/sbin/nologin

postfix:x:89:89::/var/spool/postfix:/sbin/nologin

grep 加-E 参数和 egrep 一个作用

root@am-01:~/grep# grep -E 'o{2}' passwd

root:x:0:0:rooot:/root:/bin/bash

sadas:r.oooo

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

operator:x:11:0:operator:/root:/sbin/nologin

postfix:x:89:89::/var/spool/postfix:/sbin/nologin

root@am-01:~/grep# egrep 'o{2}' passwd

root:x:0:0:rooot:/root:/bin/bash

sadas:r.oooo

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

operator:x:11:0:operator:/root:/sbin/nologin

postfix:x:89:89::/var/spool/postfix:/sbin/nologin

例子(oo){2},匹配带有连续两次两个 o 的行

root@am-01:~/grep# grep -E '(oo){2}' passwd

sadas:r.oooo

例子 o+o 和 o+b,匹配+号左边的字符 1 次或多次的行打印出来,如 o/oo/ooo/oooo 等(注意和 o*o 的区别)

root@am-01:~/grep# egrep 'o+o' passwd

root:x:0:0:rooot:/root:/bin/bash

sadas:r.oooo

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

operator:x:11:0:operator:/root:/sbin/nologin

postfix:x:89:89::/var/spool/postfix:/sbin/nologin

root@am-01:~/grep# egrep 'o+b' passwd

nobody:x:99:99:Nobody:/:/sbin/nologin

例子 o?t,匹配?号左边的字符 0 个或 1 个的行打印出来,并且左边那个字符无论有没有都会打印出来

root@am-01:~/grep# egrep 'o?t' passwd

root:x:0:0:rooot:/root:/bin/bash

shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown

halt:x:7:0:halt:/sbin:/sbin/halt

operator:x:11:0:operator:/root:/sbin/nologin

ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin

dbus:x:81:81:System message bus:/:/sbin/nologin

polkitd:x:999:998:User for polkitd:/:/sbin/nologin

tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin

postfix:x:89:89::/var/spool/postfix:/sbin/nologin

sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

ntp:x:38:38::/etc/ntp:/sbin/nologin

例子 root|nologin,匹配带有 root 或者 nologin 的行

root@am-01:~/grep# egrep 'root|nologin' passwd

root:x:0:0:rooot:/root:/bin/bash

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

operator:x:11:0:operator:/root:/sbin/nologin

games:x:12:100:games:/usr/games:/sbin/nologin

ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

nobody:x:99:99:Nobody:/:/sbin/nologin

avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin

dbus:x:81:81:System message bus:/:/sbin/nologin

polkitd:x:999:998:User for polkitd:/:/sbin/nologin

tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin

postfix:x:89:89::/var/spool/postfix:/sbin/nologin

sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

ntp:x:38:38::/etc/ntp:/sbin/nologin

user4:x:1004:1005::/home/aming111:/sbin/nologin

扩展

把一个目录下,过滤所有*.php 文档中含有 eval 的行

grep -r --include="*.php" 'eval' /data/