9.1 正则介绍 grep上
什么是正则
·正则就是一串有规律的字符串
·掌握好正则对于编写shell脚本有很大帮助
·各种编程语言中都有正则,原理是一样的
·本章将要学习 grep / egrep 、sed、awk
grep [-cinvABC] '关键词' 文件名
-c 行数
-i 不区分大小写
-n 显示行号
-v 取反
-r 遍历所有子目录
-A 后面跟数字,过滤出符合要求的行以及下面n行
-B 同上,过滤出符合要求的行以及上面n行
-C 同上,同时过滤出符合要求的行以及上下各n行
准备工作,cp /etc/passwd 到新建的 grep 目录下
[root@arslinux-01 ~]# mkdir grep [root@arslinux-01 ~]# cd grep/ [root@arslinux-01 grep]# cp /etc/passwd . [root@arslinux-01 grep]# ls passwd
[root@arslinux-01 ~]# mkdir grep [root@arslinux-01 ~]# cd grep/ [root@arslinux-01 grep]# cp /etc/passwd . [root@arslinux-01 grep]# ls passwd [root@arslinux-01 grep]# grep 'nologin' passwd bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:998:User for polkitd:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin chrony:x:998:996::/var/lib/chrony:/sbin/nologin user4:x:1006:1005::/home/arslinux:/sbin/nologin
grep -c 显示行数
[root@arslinux-01 grep]# grep -c 'nologin' passwd 16
grep -n 显示行号
[root@arslinux-01 grep]# grep -n 'nologin' passwd 2:bin:x:1:1:bin:/bin:/sbin/nologin 3:daemon:x:2:2:daemon:/sbin:/sbin/nologin 4:adm:x:3:4:adm:/var/adm:/sbin/nologin 5:lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin 9:mail:x:8:12:mail:/var/spool/mail:/sbin/nologin 10:operator:x:11:0:operator:/root:/sbin/nologin 11:games:x:12:100:games:/usr/games:/sbin/nologin 12:ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin 13:nobody:x:99:99:Nobody:/:/sbin/nologin 14:systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin 15:dbus:x:81:81:System message bus:/:/sbin/nologin 16:polkitd:x:999:998:User for polkitd:/:/sbin/nologin 17:sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin 18:postfix:x:89:89::/var/spool/postfix:/sbin/nologin 19:chrony:x:998:996::/var/lib/chrony:/sbin/nologin 24:user4:x:1006:1005::/home/arslinux:/sbin/nologin
将 passwd 文件中其中一个 nologin 更换成 NOlogin,然后试验不区分大小写
grep -i 不区分大小写
[root@arslinux-01 grep]# grep -n 'nologin' passwd 2:bin:x:1:1:bin:/bin:/sbin/nologin 3:daemon:x:2:2:daemon:/sbin:/sbin/nologin 4:adm:x:3:4:adm:/var/adm:/sbin/nologin 9:mail:x:8:12:mail:/var/spool/mail:/sbin/nologin 10:operator:x:11:0:operator:/root:/sbin/nologin 11:games:x:12:100:games:/usr/games:/sbin/nologin 12:ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin 13:nobody:x:99:99:Nobody:/:/sbin/nologin 14:systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin 15:dbus:x:81:81:System message bus:/:/sbin/nologin 16:polkitd:x:999:998:User for polkitd:/:/sbin/nologin 17:sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin 18:postfix:x:89:89::/var/spool/postfix:/sbin/nologin 19:chrony:x:998:996::/var/lib/chrony:/sbin/nologin 24:user4:x:1006:1005::/home/arslinux:/sbin/nologin [root@arslinux-01 grep]# grep -in 'nologin' passwd 2:bin:x:1:1:bin:/bin:/sbin/nologin 3:daemon:x:2:2:daemon:/sbin:/sbin/nologin 4:adm:x:3:4:adm:/var/adm:/sbin/nologin 5:lp:x:4:7:lp:/var/spool/lpd:/sbin/NOlogin 9:mail:x:8:12:mail:/var/spool/mail:/sbin/nologin 10:operator:x:11:0:operator:/root:/sbin/nologin 11:games:x:12:100:games:/usr/games:/sbin/nologin 12:ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin 13:nobody:x:99:99:Nobody:/:/sbin/nologin 14:systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin 15:dbus:x:81:81:System message bus:/:/sbin/nologin 16:polkitd:x:999:998:User for polkitd:/:/sbin/nologin 17:sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin 18:postfix:x:89:89::/var/spool/postfix:/sbin/nologin 19:chrony:x:998:996::/var/lib/chrony:/sbin/nologin 24:user4:x:1006:1005::/home/arslinux:/sbin/nologin
第 5 行在使用 i 选项之前没有显示出来,因为尾部的NOlogin
grep -v 显反(显示剩余的行)
[root@arslinux-01 grep]# grep -ivn 'nologin' passwd 1:root:x:0:0:root:/root:/bin/bash 6:sync:x:5:0:sync:/sbin:/bin/sync 7:shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown 8:halt:x:7:0:halt:/sbin:/sbin/halt 20:arslinux:x:1000:1000::/home/arslinux:/bin/bash 21:user1:x:1001:1001::/home/user1:/bin/bash 22:user2:x:1002:1006::/home/user2:/bin/bash 23:user3:x:1004:1005::/home/user3:/bin/bash 25:user5:x:1007:1007::/home/user5:/bin/bash 26:user6:x:1008:1010::/home/user6:/bin/bash
grep -r 遍历所有子目录
[root@arslinux-01 grep]# grep -r 'Streaming' /etc/ 匹配到二进制文件 /etc/udev/hwdb.bin /etc/services:nmsp 537/tcp # Networked Media Streaming Protocol /etc/services:nmsp 537/udp # Networked Media Streaming Protocol /etc/services:h263-video 2979/tcp # H.263 Video Streaming /etc/services:h263-video 2979/udp # H.263 Video Streaming /etc/services:daqstream 7411/tcp # Streaming of measurement /etc/services:daqstream 7411/udp # Streaming of measurement /etc/services:hp-pdl-datastr 9100/udp pdl-datastream # PDL Data Streaming Port /etc/services:bmdss 13823/tcp # Blackmagic Design Streaming Server
grep -A数字 过滤出符合要求的行以及后面几行(具体几行由 A 后面的数字决定)
[root@arslinux-01 grep]# grep -nA2 'root' passwd 1:root:x:0:0:root:/root:/bin/bash 2-bin:x:1:1:bin:/bin:/sbin/nologin 3-daemon:x:2:2:daemon:/sbin:/sbin/nologin -- 10:operator:x:11:0:operator:/root:/sbin/nologin 11-games:x:12:100:games:/usr/games:/sbin/nologin 12-ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
上面的例子中,过滤出了第一行及它的后两行,第十行及它的后两行
grep -B数字 和A相反,是该行和该行的上几行
[root@arslinux-01 grep]# grep -nA2 'root' passwd 1:root:x:0:0:root:/root:/bin/bash 2-bin:x:1:1:bin:/bin:/sbin/nologin 3-daemon:x:2:2:daemon:/sbin:/sbin/nologin -- 10:operator:x:11:0:operator:/root:/sbin/nologin 11-games:x:12:100:games:/usr/games:/sbin/nologin 12-ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
grep -C数字 过滤出符合要求的行和该行的上下各两行
[root@arslinux-01 grep]# grep -nC2 'root' passwd 1:root:x:0:0:root:/root:/bin/bash 2-bin:x:1:1:bin:/bin:/sbin/nologin 3-daemon:x:2:2:daemon:/sbin:/sbin/nologin -- 8-halt:x:7:0:halt:/sbin:/sbin/halt 9-mail:x:8:12:mail:/var/spool/mail:/sbin/nologin 10:operator:x:11:0:operator:/root:/sbin/nologin 11-games:x:12:100:games:/usr/games:/sbin/nologin 12-ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
9.2 grep中
包含数字的行
[root@arslinux-01 grep]# cp /etc/inittab . [root@arslinux-01 grep]# grep '[0-9]' /etc/inittab # multi-user.target: analogous to runlevel 3 # graphical.target: analogous to runlevel 5
不包含数字的行
[root@arslinux-01 grep]# grep -v '[0-9]' /etc/inittab # inittab is no longer used when using systemd. # # ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM. # # Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target # # systemd uses 'targets' instead of runlevels. By default, there are two main targets: # # # To view current default target, run: # systemctl get-default # # To set a default target, run: # systemctl set-default TARGET.target # [root@arslinux-01 grep]#
以 # 开头的行,^表示开头
[root@arslinux-01 grep]# grep '^#' inittab # inittab is no longer used when using systemd. # # ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM. # # Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target # # systemd uses 'targets' instead of runlevels. By default, there are two main targets: # # multi-user.target: analogous to runlevel 3 # graphical.target: analogous to runlevel 5 # To view current default target, run: # systemctl get-default # # To set a default target, run: # systemctl set-default TARGET.target #
不以 # 开头的行
在inittab文件中刚加入不含 # 开头的一些行,然后在过滤 [root@arslinux-01 grep]# grep -v '^#' inittab &,&&&adsfda 111111111a3333333 adslfkjas;dkfja;lsdkfja;l aaaaaaa 11111111
含有非数字的行,^在括号里表示非
[root@arslinux-01 grep]# grep '[^0-9]' inittab # inittab is no longer used when using systemd. # # ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM. # # Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target # # systemd uses 'targets' instead of runlevels. By default, there are two main targets: &,&&&adsfda # 111111111a3333333 # multi-user.target: analogous to runlevel 3 # graphical.target: analogous to runlevel 5 adslfkjas;dkfja;lsdkfja;l # To view current default target, run: # systemctl get-default aaaaaaa # # To set a default target, run: # systemctl set-default TARGET.target #
以非数字开头的行
[root@arslinux-01 grep]# grep '^[^0-9]' inittab # inittab is no longer used when using systemd. # # ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM. # # Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target # # systemd uses 'targets' instead of runlevels. By default, there are two main targets: &,&&&adsfda # # multi-user.target: analogous to runlevel 3 # graphical.target: analogous to runlevel 5 adslfkjas;dkfja;lsdkfja;l # To view current default target, run: # systemctl get-default aaaaaaa # # To set a default target, run: # systemctl set-default TARGET.target #
以数字开头的行(以不是非数字开始的行)
[root@arslinux-01 grep]# grep -v '^[^0-9]' inittab 111111111a3333333 11111111
9.3 grep下
. 一个任意字符
* *前面的字符重复0个或多次(*要和前面的字符组合起来用)
.* 通配,无论有没有字符都匹配
{} 表示{}前面的字符重复次数范围 ,{2}前面字符重复2次
+ +前面的字符重复1次或多次
? ?前面的字符重复0次或1次
| | 表示或者
. 表示任意一个字符
[root@arslinux-01 grep]# grep 'r.o' passwd root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin roooooooooooooooot
* 表示 * 前的字符重复0次或多次
[root@arslinux-01 grep]# grep 'ro*o' passwd root:x:0:0:root:/root:/bin/bash ada:ro.odaf operator:x:11:0:operator:/root:/sbin/nologin chrony:x:998:996::/var/lib/chrony:/sbin/nologin roooooooooooooooot
.* 通配,无论有没有字符都匹配(任意个任意字符)
[root@arslinux-01 grep]# grep '.*' passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/NOlogin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown ada:ro.odaf halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:998:User for polkitd:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin chrony:x:998:996::/var/lib/chrony:/sbin/nologin arslinux:x:1000:1000::/home/arslinux:/bin/bash user1:x:1001:1001::/home/user1:/bin/bash user2:x:1002:1006::/home/user2:/bin/bash user3:x:1004:1005::/home/user3:/bin/bash user4:x:1006:1005::/home/arslinux:/sbin/nologin user5:x:1007:1007::/home/user5:/bin/bash user6:x:1008:1010::/home/user6:/bin/bash roooooooooooooooot
{} 表示{}前面的字符重复次数范围 ,{2}前面字符重复2次,{}需要脱义
[root@arslinux-01 grep]# grep 'o\{2\}' passwd
root:x:0:0:root:/root:/bin/bash
lp:x:4:7:lp:/var/spool/lpd:/sbin/NOlogin
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
roooooooooooooooot
o出现0次或3次
[root@arslinux-01 grep]# grep 'o\{0,3\}' passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/NOlogin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
ada:ro.odaf
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
chrony:x:998:996::/var/lib/chrony:/sbin/nologin
arslinux:x:1000:1000::/home/arslinux:/bin/bash
user1:x:1001:1001::/home/user1:/bin/bash
user2:x:1002:1006::/home/user2:/bin/bash
user3:x:1004:1005::/home/user3:/bin/bash
user4:x:1006:1005::/home/arslinux:/sbin/nologin
user5:x:1007:1007::/home/user5:/bin/bash
user6:x:1008:1010::/home/user6:/bin/bash
roooooooooooooooot
egrep = grep -E
如果不想用脱义符,那么用 egrep 或 grep -E
[root@arslinux-01 grep]# egrep 'o{2}' passwd
root:x:0:0:root:/root:/bin/bash
lp:x:4:7:lp:/var/spool/lpd:/sbin/NOlogin
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
roooooooooooooooot
[root@arslinux-01 grep]# egrep '(oo){2}' passwd
roooooooooooooooot
+ +前面的字符重复1次或多次
[root@arslinux-01 grep]# egrep 'o+o' passwd root:x:0:0:root:/root:/bin/bash lp:x:4:7:lp:/var/spool/lpd:/sbin/NOlogin mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin roooooooooooooooot [root@arslinux-01 grep]# egrep 'o+b' passwd nobody:x:99:99:Nobody:/:/sbin/nologin
? ?前面的字符重复0次或1次
[root@arslinux-01 grep]# egrep 'o?b' passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/NOlogin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:998:User for polkitd:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin chrony:x:998:996::/var/lib/chrony:/sbin/nologin arslinux:x:1000:1000::/home/arslinux:/bin/bash user1:x:1001:1001::/home/user1:/bin/bash user2:x:1002:1006::/home/user2:/bin/bash user3:x:1004:1005::/home/user3:/bin/bash user4:x:1006:1005::/home/arslinux:/sbin/nologin user5:x:1007:1007::/home/user5:/bin/bash user6:x:1008:1010::/home/user6:/bin/bash
| | 表示或者
[root@arslinux-01 grep]# egrep 'root|nologin' passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:998:User for polkitd:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin chrony:x:998:996::/var/lib/chrony:/sbin/nologin user4:x:1006:1005::/home/arslinux:/sbin/nologin
易混淆:
? 0或1
+ 1或多
* 0或多
扩展
把一个目录下,过滤所有*.php文档中含有eval的行
grep -r --include="*.php" 'eval' /data/