符号 | 意义 | |
* | 匹配紧挨在其前面的字符0次或多次重复 | |
. | 匹配单个字符 | |
.* | 匹配任意长度字符 | |
^ | 锚定行首的符合条件的内容 | |
& | 锚定行尾的符合条件的内容 | |
^$ | 空白行 | |
\{m,n\} | 匹配前面字符出现了m-n次 | |
\{0,n\} | 匹配前面字符至多出现n次 | |
\{m,\} | 匹配前面字符至少出现m次 | |
\{m\} | 匹配前面字符出现了m次 | |
\< | 锚定词首 | |
\> | 锚定词尾 | |
\<\> | 锚定单词 | |
\(\) | 分组 | |
[] | 匹配指定范围内的任意单个字符 | |
[^] | 匹配指定范围外的任意单个字符 | |
\? | 匹配紧挨在其前面的字符0次或1次 | |
+ | 匹配其前面的字符至少1次 | |
| | 或 |
选项 | 意义 |
--color | 添加颜色 |
-v | 反向选取,只显示不符合模式的行 |
-o | 只显示被模式匹配到的字串,而不是整个行; |
-i | 不区分字符大小写; |
-A # | 显示匹配到的行时,顺带显示其后面的#个行; |
-B # | 显示匹配到的行时,顺带显示其前面的#个行; |
-C # | 显示匹配到的行时,顺带显示其前后面的#个行; |
-E | 使用扩展正则表达式 |
字符 | 意义 |
[:digit:] | 所有数字, 相当于0-9 或者\d |
[:lower:] | 所有的小写字母 |
[:upper:] | 所有的大写字母 |
[:alpha:] | 所有的字母 |
[:alnum:] | 相当于[0-9a-zA-Z] |
[:space:] | 空白字符 相当于\s |
[:punct:] | 所有标点符号 |
\S | 匹配任何非空白字符。与 [^ \f\n\r\t\v] 等效 |
\w | 匹配任何字类字符,包括下划线。与“[A-Za-z0-9_]”等效。 |
\W | 与任何非单词字符匹配。与“[^A-Za-z0-9_]”等效。 |
1 2 3 | [root@localhost /]# grep "^root" /etc/passwd root:x: 0 : 0 :root:/root:/bin/bash [root@localhost /]# |
1 2 3 4 5 | [root@localhost /]# grep "/bin/bash$" /etc/passwd root:x: 0 : 0 :root:/root:/bin/bash mandriva:x: 4004 : 501 ::/home/mandriva:/bin/bash mysql:x: 495 : 2004 ::/home/mysql:/bin/bash [root@localhost /]# |
1 2 3 | [root@localhost /]# grep "^r.*h$" /etc/passwd root:x: 0 : 0 :root:/root:/bin/bash [root@localhost /]# |
1 2 3 4 5 | [root@localhost /]# grep "ro\{1,2\}" /etc/passwd root:x: 0 : 0 :root:/root:/bin/bash operator:x: 11 : 0 :operator:/root:/sbin/nologin rtkit:x: 499 : 497 :RealtimeKit:/proc:/sbin/nologin [root@localhost /]# |
1 2 3 4 5 6 | [root@localhost /]# grep "rpc" /etc/passwd 查找rpc的行 rpc:x: 32 : 32 :Rpcbind Daemon:/ var /cache/rpcbind:/sbin/nologin rpcuser:x: 29 : 29 :RPC Service User:/ var /lib/nfs:/sbin/nologin [root@localhost /]# grep "\<rpc\>" /etc/passwd 精确匹配rpc的行 rpc:x: 32 : 32 :Rpcbind Daemon:/ var /cache/rpcbind:/sbin/nologin [root@localhost /]# |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | [root@localhost /]# grep "[Ss]" /proc/meminfo Buffers: 47272 kB SwapCached: 0 kB SwapTotal: 2097144 kB SwapFree: 2097144 kB AnonPages: 43056 kB Shmem: 252 kB Slab: 97532 kB SReclaimable: 71464 kB SUnreclaim: 26068 kB KernelStack: 1400 kB PageTables: 4736 kB NFS_Unstable: 0 kB Committed_AS: 154500 kB VmallocUsed: 276328 kB AnonHugePages: 2048 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 HugePages_Surp: 0 Hugepagesize: 2048 kB [root@localhost /]# |
1 2 3 | [root@localhost /]# grep -E "Failed password | FAILED LOGIN" / var /log/secure Jul 14 14 : 01 : 52 localhost sshd[ 2950 ]: Failed password for root from 172.16 . 254.22 port 57650 ssh2 [root@localhost /]#( |
1 2 3 4 5 6 7 8 9 10 11 | [root@localhost /]# grep "^S." /proc/meminfo SwapCached: 0 kB SwapTotal: 2097144 kB SwapFree: 2097144 kB Shmem: 252 kB Slab: 97544 kB SReclaimable: 71468 kB SUnreclaim: 26076 kB [root@localhost /]# grep "^S..b" /proc/meminfo Slab: 97536 kB [root@localhost /]# |
1 2 3 4 5 6 7 8 9 10 11 12 13 | [root@localhost /]# grep "^#[[:space:]]\{1,\}[^[:space:]]" /etc/rc.d/rc.sysinit # /etc/rc.d/rc.sysinit - run once at boot time # Taken in part from Miquel van Smoorenburg's bcheckrc. # Check SELinux status # Print a text banner. # Only read this once. # Initialize hardware # Set default affinity # Load other user-defined modules # Load modules ( for backward compatibility with VARs) # Configure kernel parameters # Set the hostname. # Sync waiting for storage. |
1 2 3 4 5 6 7 8 9 10 | [root@localhost /]# grep --color=auto ".n.*.n" /etc/rc.d/rc.sysinit # /etc/rc.d/rc.sysinit - run once at boot time # Taken in part from Miquel van Smoorenburg's bcheckrc. HOSTNAME=$(/bin/hostname) if [ -f /etc/sysconfig/network ]; then
. /etc/sysconfig/network if [ -z "$HOSTNAME" -o "$HOSTNAME" = "(none)" ]; then if [ ! -e /proc/mounts ]; then
mount -n -t proc /proc /proc
mount -n -t sysfs /sys /sys >/dev/ null 2 >& 1 |
1 2 3 4 5 6 7 8 | [root@localhost /]# grep --color=auto "\(.n\).*\1" /etc/rc.d/rc.sysinit # Taken in part from Miquel van Smoorenburg's bcheckrc. mount -n -o remount /dev/shm >/dev/ null 2 >& 1 if [ -e "/selinux/enforce" ] && [ "$(cat /proc/self/attr/current)" != "kernel" ]; then
if [ -r "/selinux/enforce" ] ; then
echo $ "*** Warning -- SELinux is active"
echo $ "*** Disabling security enforcement for system recovery."
echo $ "*** Run 'setenforce 1' to reenable." |
1 2 3 4 5 6 7 8 9 10 | [root@localhost /]# cat > phone.txt << EOF 0511 - 440533 0212 - 7878909 0313 - 99797780 23937974320432840324894820 EOF [root@localhost /]# grep -E "[0-9]{3}-[0-9]{8}|[0-9]{4}-[0-9]{7}" phone.txt 0212 - 7878909 0313 - 99797780 [root@localhost /]# |
1 2 3 4 5 6 7 8 9 10 11 | [root@localhost /]# cat > email.txt << EOF > 903U948HH@qq.com > wejojodffslf@ 126 .com > 3joefjowfmfj@ 163 .com > dfk;dkf;f;;wkererm > EOF [root@localhost /]# grep -E "\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*" email.txt 903U948HH@qq.com wejojodffslf@ 126 .com 3joefjowfmfj@ 163 .com [root@localhost /]# |