Linux文本处理三剑客之grep及正则表达式详解
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.Linux文本处理三剑客概述
grep:
全称:"Global search REgular expression and Print out the line",简称grep,它是文本过滤(模式:pattern)工具,在man帮助中grep, egrep(相当于grep -E), fgrep(相当于grep -F,不支持正则表达式搜索)三个命令均是grep命令的变种。
作用:文本搜索工具,根据用户指定的“模式”对目标文本逐行进行匹配检查,打印匹配到的行(因此我们说grep是进行逐行处理的程序)。
模式:由正则表达式字符及文本字符所编写的过滤条件。 sed:
stream editor,文本编辑工具。 awk:
Linux上的实现gawk,文本报告生成器。 注意:以上所说三剑客均支持正则表达式,这三个命令一个比一个复杂,我们先从简单的开始,本片博客主要详解grep的用法。
二.grep命令详解(注意,在执行命令时最好添加别名"alias grep='grep --color=auto"看出的效果更明显)
1>.查看grep命令常用选项
[root@node101.yinzhengjie.org.cn ~]# grep --help #查看该命令的帮助信息
Usage: grep [OPTION]... PATTERN [FILE]...
Search for PATTERN in each FILE or standard input.
PATTERN is, by default, a basic regular expression (BRE).
Example: grep -i 'hello world' menu.h main.c Regexp selection and interpretation:
-E, --extended-regexp PATTERN is an extended regular expression (ERE)
-F, --fixed-strings PATTERN is a set of newline-separated fixed strings
-G, --basic-regexp PATTERN is a basic regular expression (BRE)
-P, --perl-regexp PATTERN is a Perl regular expression
-e, --regexp=PATTERN use PATTERN for matching
-f, --file=FILE obtain PATTERN from FILE
-i, --ignore-case ignore case distinctions
-w, --word-regexp force PATTERN to match only whole words
-x, --line-regexp force PATTERN to match only whole lines
-z, --null-data a data line ends in byte, not newline Miscellaneous:
-s, --no-messages suppress error messages
-v, --invert-match select non-matching lines
-V, --version display version information and exit
--help display this help text and exit Output control:
-m, --max-count=NUM stop after NUM matches
-b, --byte-offset print the byte offset with output lines
-n, --line-number print line number with output lines
--line-buffered flush output on every line
-H, --with-filename print the file name for each match
-h, --no-filename suppress the file name prefix on output
--label=LABEL use LABEL as the standard input file name prefix
-o, --only-matching show only the part of a line matching PATTERN
-q, --quiet, --silent suppress all normal output
--binary-files=TYPE assume that binary files are TYPE;
TYPE is 'binary', 'text', or 'without-match'
-a, --text equivalent to --binary-files=text
-I equivalent to --binary-files=without-match
-d, --directories=ACTION how to handle directories;
ACTION is 'read', 'recurse', or 'skip'
-D, --devices=ACTION how to handle devices, FIFOs and sockets;
ACTION is 'read' or 'skip'
-r, --recursive like --directories=recurse
-R, --dereference-recursive
likewise, but follow all symlinks
--include=FILE_PATTERN
search only files that match FILE_PATTERN
--exclude=FILE_PATTERN
skip files and directories matching FILE_PATTERN
--exclude-from=FILE skip files matching any file pattern from FILE
--exclude-dir=PATTERN directories that match PATTERN will be skipped.
-L, --files-without-match print only names of FILEs containing no match
-l, --files-with-matches print only names of FILEs containing matches
-c, --count print only a count of matching lines per FILE
-T, --initial-tab make tabs line up (if needed)
-Z, --null print byte after FILE name Context control:
-B, --before-context=NUM print NUM lines of leading context
-A, --after-context=NUM print NUM lines of trailing context
-C, --context=NUM print NUM lines of output context
-NUM same as --context=NUM
--group-separator=SEP use SEP as a group separator
--no-group-separator use empty string as a group separator
--color[=WHEN],
--colour[=WHEN] use markers to highlight the matching strings;
WHEN is 'always', 'never', or 'auto'
-U, --binary do not strip CR characters at EOL (MSDOS/Windows)
-u, --unix-byte-offsets report offsets as if CRs were not there
(MSDOS/Windows) 'egrep' means 'grep -E'. 'fgrep' means 'grep -F'.
Direct invocation as either 'egrep' or 'fgrep' is deprecated.
When FILE is -, read standard input. With no FILE, read . if a command-line
-r is given, - otherwise. If fewer than two FILEs are given, assume -h.
Exit status is if any line is selected, otherwise;
if any error occurs and -q is not given, the exit status is . Report bugs to: bug-grep@gnu.org
GNU Grep home page: <http://www.gnu.org/software/grep/>
General help using GNU software: <http://www.gnu.org/gethelp/>
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep --help #查看该命令的帮助信息
--color=auto:
对匹配到的文本着色显示
-m:
# 匹配#次后停止 -v:
取反,即显示不被pattern匹配到的行 -i:
忽略字符大小写 -n:
显示匹配的行号 -c:
统计匹配的行数 -o:
仅显示匹配到的字符串 -q:
静默模式,不输出任何信息 -A:
after, 需要指定匹配的后几行
-B:
before, 需要指定匹配的前几行 -C:
# context, 前后各#行 -e:
实现多个选项间的逻辑or关系,举列:"grep –e ‘cat ’ -e ‘dog’ file" -w:
匹配整个单词 -E:
使用ERE -F:
相当于fgrep,不支持正则表达式 -f file:
根据模式文件处理
2>."-i"选项案例展示
[root@node101.yinzhengjie.org.cn ~]# ifconfig docker0
docker0: flags=<UP,BROADCAST,RUNNING,MULTICAST> mtu
inet 192.168.100.254 netmask 255.255.255.0 broadcast 192.168.100.255
ether :::4f::da txqueuelen (Ethernet)
RX packets bytes (3.4 MiB)
RX errors dropped overruns frame
TX packets bytes (36.6 KiB)
TX errors dropped overruns carrier collisions [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ifconfig docker0 | grep Mask
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ifconfig docker0 | grep mask
inet 192.168.100.254 netmask 255.255.255.0 broadcast 192.168.100.255
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ifconfig docker0 | grep -i Mask #取出包含Mask字样的行,忽略大小写
inet 192.168.100.254 netmask 255.255.255.0 broadcast 192.168.100.255
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ifconfig docker0 | grep -i Mask #取出包含Mask字样的行,忽略大小写
3>."-v"选项案例展示
[root@node101.yinzhengjie.org.cn ~]# grep root /etc/passwd #取出包含root的行
root:x:::root:/root:/bin/bash
operator:x:::operator:/root:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -v root /etc/passwd #取出不包含root的行
bin:x:::bin:/bin:/sbin/nologin
daemon:x:::daemon:/sbin:/sbin/nologin
adm:x:::adm:/var/adm:/sbin/nologin
lp:x:::lp:/var/spool/lpd:/sbin/nologin
sync:x:::sync:/sbin:/bin/sync
shutdown:x:::shutdown:/sbin:/sbin/shutdown
halt:x:::halt:/sbin:/sbin/halt
mail:x:::mail:/var/spool/mail:/sbin/nologin
games:x:::games:/usr/games:/sbin/nologin
ftp:x:::FTP User:/var/ftp:/sbin/nologin
nobody:x:::Nobody:/:/sbin/nologin
systemd-network:x:::systemd Network Management:/:/sbin/nologin
dbus:x:::System message bus:/:/sbin/nologin
polkitd:x:::User for polkitd:/:/sbin/nologin
sshd:x:::Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x::::/var/spool/postfix:/sbin/nologin
ntp:x::::/etc/ntp:/sbin/nologin
mysql:x::::/home/mysql:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -v root /etc/passwd #取出不包含root的行
4>."-m"选项案例展示
[root@node101.yinzhengjie.org.cn ~]# grep root /etc/passwd
root:x:::root:/root:/bin/bash
operator:x:::operator:/root:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -v root /etc/passwd
bin:x:::bin:/bin:/sbin/nologin
daemon:x:::daemon:/sbin:/sbin/nologin
adm:x:::adm:/var/adm:/sbin/nologin
lp:x:::lp:/var/spool/lpd:/sbin/nologin
sync:x:::sync:/sbin:/bin/sync
shutdown:x:::shutdown:/sbin:/sbin/shutdown
halt:x:::halt:/sbin:/sbin/halt
mail:x:::mail:/var/spool/mail:/sbin/nologin
games:x:::games:/usr/games:/sbin/nologin
ftp:x:::FTP User:/var/ftp:/sbin/nologin
nobody:x:::Nobody:/:/sbin/nologin
systemd-network:x:::systemd Network Management:/:/sbin/nologin
dbus:x:::System message bus:/:/sbin/nologin
polkitd:x:::User for polkitd:/:/sbin/nologin
sshd:x:::Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x::::/var/spool/postfix:/sbin/nologin
ntp:x::::/etc/ntp:/sbin/nologin
mysql:x::::/home/mysql:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -v root -m /etc/passwd #只取出前5个不包含root的行
bin:x:::bin:/bin:/sbin/nologin
daemon:x:::daemon:/sbin:/sbin/nologin
adm:x:::adm:/var/adm:/sbin/nologin
lp:x:::lp:/var/spool/lpd:/sbin/nologin
sync:x:::sync:/sbin:/bin/sync
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -v root -m 5 /etc/passwd #只取出前5个不包含root的行
5>."-n"选项案例展示
[root@node101.yinzhengjie.org.cn ~]# grep root /etc/passwd
root:x:::root:/root:/bin/bash
operator:x:::operator:/root:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep root -n /etc/passwd #显示匹配到的行的所在行号
:root:x:::root:/root:/bin/bash
:operator:x:::operator:/root:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# cat -n /etc/passwd | head #验证上面命令是否准确,果不其然,第1行和第10行的确都有root关键词
root:x:::root:/root:/bin/bash
bin:x:::bin:/bin:/sbin/nologin
daemon:x:::daemon:/sbin:/sbin/nologin
adm:x:::adm:/var/adm:/sbin/nologin
lp:x:::lp:/var/spool/lpd:/sbin/nologin
sync:x:::sync:/sbin:/bin/sync
shutdown:x:::shutdown:/sbin:/sbin/shutdown
halt:x:::halt:/sbin:/sbin/halt
mail:x:::mail:/var/spool/mail:/sbin/nologin
operator:x:::operator:/root:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep root -n /etc/passwd #显示匹配到的行的所在行号
6>."-c"选项案例展示
[root@node101.yinzhengjie.org.cn ~]# grep root /etc/passwd
root:x:::root:/root:/bin/bash
operator:x:::operator:/root:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep root /etc/passwd | wc -l [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep root -c /etc/passwd #显示匹配到的行所在行号 [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep root -c /etc/passwd #显示匹配到的行所在行号
7>."-o"选项案例展示
[root@node101.yinzhengjie.org.cn ~]# grep root /etc/passwd
root:x:::root:/root:/bin/bash
operator:x:::operator:/root:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep root -o /etc/passwd #仅显示匹配到的字符串
root
root
root
root
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep root -o /etc/passwd | wc -l #结合wc命令就可以统计匹配到root单词的次数 [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep root -o /etc/passwd #仅显示匹配到的字符串
8>."-q"选项案例展示
[root@node101.yinzhengjie.org.cn ~]# grep yinzhengjie /etc/passwd #没有找到包含"yinzhengjie"的字符串
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep root /etc/passwd #找到了包含"root"的字符串所在的行
root:x:::root:/root:/bin/bash
operator:x:::operator:/root:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -q root /etc/passwd #尽管找到了不做任何输出
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# echo $? #如果结果返回为"",则表示上条命令找到了匹配到的行
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -q yinzhengjie /etc/passwd #无论找不找的到"yinzhengjie"字样的行,都不做任何输出,相当于把搜索结果丢给了"/dev/null"
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# echo $? #如果结果返回非"",则表示上调命令未找到匹配到的行
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep root /etc/passwd &> /dev/null #"-q"选项相当于将匹配到的结果丢尽了垃圾箱,
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# echo $? #很显然,上调命令搜索到匹配的行啦 [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep yinzhengjie /etc/passwd &> /dev/null
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# echo $? [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -q yinzhengjie /etc/passwd #无论找不找的到"yinzhengjie"字样的行,都不做任何输出,相当于把搜索结果丢给了"/dev/null"
9>."-B"选项案例展示
[root@node101.yinzhengjie.org.cn ~]# yum -y install nmap #安装一个nmap软件包
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.huaweicloud.com
* extras: mirrors.huaweicloud.com
* updates: mirrors..com
base//x86_64/primary_db | 6.0 MB ::
Resolving Dependencies
--> Running transaction check
---> Package nmap.x86_64 :6.40-.el7 will be installed
--> Processing Dependency: nmap-ncat = :6.40-.el7 for package: :nmap-6.40-.el7.x86_64
--> Processing Dependency: libpcap.so.()(64bit) for package: :nmap-6.40-.el7.x86_64
--> Running transaction check
---> Package libpcap.x86_64 :1.5.-.el7 will be installed
---> Package nmap-ncat.x86_64 :6.40-.el7 will be installed
--> Finished Dependency Resolution Dependencies Resolved =======================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================
Installing:
nmap x86_64 :6.40-.el7 base 3.9 M
Installing for dependencies:
libpcap x86_64 :1.5.-.el7 base k
nmap-ncat x86_64 :6.40-.el7 base k Transaction Summary
=======================================================================================================================================
Install Package (+ Dependent packages) Total download size: 4.3 M
Installed size: M
Downloading packages:
(/): libpcap-1.5.-.el7.x86_64.rpm | kB ::
(/): nmap-ncat-6.40-.el7.x86_64.rpm | kB ::
(/): nmap-6.40-.el7.x86_64.rpm | 3.9 MB ::
---------------------------------------------------------------------------------------------------------------------------------------
Total kB/s | 4.3 MB ::
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : :libpcap-1.5.-.el7.x86_64 /
Installing : :nmap-ncat-6.40-.el7.x86_64 /
Installing : :nmap-6.40-.el7.x86_64 /
Verifying : :nmap-ncat-6.40-.el7.x86_64 /
Verifying : :libpcap-1.5.-.el7.x86_64 /
Verifying : :nmap-6.40-.el7.x86_64 / Installed:
nmap.x86_64 :6.40-.el7 Dependency Installed:
libpcap.x86_64 :1.5.-.el7 nmap-ncat.x86_64 :6.40-.el7 Complete!
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# yum -y install nmap #安装一个nmap软件包
[root@node101.yinzhengjie.org.cn ~]# nmap -v -sP 172.30.1.0/ > /data/nmap.log #我们扫描172.30.1./24这个网段的主机是否存活并将结果保存到文件中便于咱们测试
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# cat /data/nmap.log Starting Nmap 6.40 ( http://nmap.org ) at 2019-10-19 20:58 CST
Initiating ARP Ping Scan at :
Scanning hosts [ port/host]
Completed ARP Ping Scan at :, .91s elapsed ( total hosts)
Initiating Parallel DNS resolution of hosts. at :
Completed Parallel DNS resolution of hosts. at :, .56s elapsed
Nmap scan report for 172.30.1.0 [host down]
Nmap scan report for 172.30.1.1 [host down]
Nmap scan report for 172.30.1.2 [host down]
Nmap scan report for 172.30.1.3 [host down]
Nmap scan report for 172.30.1.4 [host down]
Nmap scan report for 172.30.1.5 [host down]
Nmap scan report for 172.30.1.6 [host down]
Nmap scan report for 172.30.1.7 [host down]
Nmap scan report for 172.30.1.8 [host down]
Nmap scan report for 172.30.1.9 [host down]
Nmap scan report for 172.30.1.10 [host down]
Nmap scan report for 172.30.1.11 [host down]
Nmap scan report for 172.30.1.12 [host down]
Nmap scan report for 172.30.1.13 [host down]
Nmap scan report for 172.30.1.14 [host down]
Nmap scan report for 172.30.1.15 [host down]
Nmap scan report for 172.30.1.16 [host down]
Nmap scan report for 172.30.1.17 [host down]
Nmap scan report for 172.30.1.18 [host down]
Nmap scan report for 172.30.1.19 [host down]
Nmap scan report for 172.30.1.20 [host down]
Nmap scan report for 172.30.1.21 [host down]
Nmap scan report for 172.30.1.22 [host down]
Nmap scan report for 172.30.1.23 [host down]
Nmap scan report for 172.30.1.24 [host down]
Nmap scan report for 172.30.1.25 [host down]
Nmap scan report for 172.30.1.26 [host down]
Nmap scan report for 172.30.1.27 [host down]
Nmap scan report for 172.30.1.28 [host down]
Nmap scan report for 172.30.1.29 [host down]
Nmap scan report for 172.30.1.30 [host down]
Nmap scan report for 172.30.1.31 [host down]
Nmap scan report for 172.30.1.32 [host down]
Nmap scan report for 172.30.1.33 [host down]
Nmap scan report for 172.30.1.34 [host down]
Nmap scan report for 172.30.1.35 [host down]
Nmap scan report for 172.30.1.36 [host down]
Nmap scan report for 172.30.1.37 [host down]
Nmap scan report for 172.30.1.38 [host down]
Nmap scan report for 172.30.1.39 [host down]
Nmap scan report for 172.30.1.40 [host down]
Nmap scan report for 172.30.1.41 [host down]
Nmap scan report for 172.30.1.42 [host down]
Nmap scan report for 172.30.1.43 [host down]
Nmap scan report for 172.30.1.44 [host down]
Nmap scan report for 172.30.1.45 [host down]
Nmap scan report for 172.30.1.46 [host down]
Nmap scan report for 172.30.1.47 [host down]
Nmap scan report for 172.30.1.48 [host down]
Nmap scan report for 172.30.1.49 [host down]
Nmap scan report for 172.30.1.50 [host down]
Nmap scan report for 172.30.1.51 [host down]
Nmap scan report for 172.30.1.52 [host down]
Nmap scan report for 172.30.1.53 [host down]
Nmap scan report for 172.30.1.54 [host down]
Nmap scan report for 172.30.1.55 [host down]
Nmap scan report for 172.30.1.56 [host down]
Nmap scan report for 172.30.1.57 [host down]
Nmap scan report for 172.30.1.58 [host down]
Nmap scan report for 172.30.1.59 [host down]
Nmap scan report for 172.30.1.60 [host down]
Nmap scan report for 172.30.1.61 [host down]
Nmap scan report for 172.30.1.62 [host down]
Nmap scan report for 172.30.1.63 [host down]
Nmap scan report for 172.30.1.64 [host down]
Nmap scan report for 172.30.1.65 [host down]
Nmap scan report for 172.30.1.66 [host down]
Nmap scan report for 172.30.1.67 [host down]
Nmap scan report for 172.30.1.68 [host down]
Nmap scan report for 172.30.1.69 [host down]
Nmap scan report for 172.30.1.70 [host down]
Nmap scan report for 172.30.1.71 [host down]
Nmap scan report for 172.30.1.72 [host down]
Nmap scan report for 172.30.1.73 [host down]
Nmap scan report for 172.30.1.74 [host down]
Nmap scan report for 172.30.1.75 [host down]
Nmap scan report for 172.30.1.76 [host down]
Nmap scan report for 172.30.1.77 [host down]
Nmap scan report for 172.30.1.78 [host down]
Nmap scan report for 172.30.1.79 [host down]
Nmap scan report for 172.30.1.80 [host down]
Nmap scan report for 172.30.1.81 [host down]
Nmap scan report for 172.30.1.82 [host down]
Nmap scan report for 172.30.1.83 [host down]
Nmap scan report for 172.30.1.84 [host down]
Nmap scan report for 172.30.1.85 [host down]
Nmap scan report for 172.30.1.86 [host down]
Nmap scan report for 172.30.1.87 [host down]
Nmap scan report for 172.30.1.88 [host down]
Nmap scan report for 172.30.1.89 [host down]
Nmap scan report for 172.30.1.90 [host down]
Nmap scan report for 172.30.1.91 [host down]
Nmap scan report for 172.30.1.92 [host down]
Nmap scan report for 172.30.1.93 [host down]
Nmap scan report for 172.30.1.94 [host down]
Nmap scan report for 172.30.1.95 [host down]
Nmap scan report for 172.30.1.96 [host down]
Nmap scan report for 172.30.1.97 [host down]
Nmap scan report for 172.30.1.98 [host down]
Nmap scan report for 172.30.1.99 [host down]
Nmap scan report for 172.30.1.100 [host down]
Nmap scan report for node102.yinzhengjie.org.cn (172.30.1.102) #该行和下一行已经提示咱们,该主机是存货的。
Host is up (.00037s latency).
MAC Address: :::1D:D2: (Cadmus Computer Systems)
Nmap scan report for node103.yinzhengjie.org.cn (172.30.1.103)
Host is up (.00072s latency).
MAC Address: :::3A:DA:A7 (Cadmus Computer Systems)
Nmap scan report for 172.30.1.104 [host down]
Nmap scan report for 172.30.1.105 [host down]
Nmap scan report for 172.30.1.106 [host down]
Nmap scan report for 172.30.1.107 [host down]
Nmap scan report for 172.30.1.108 [host down]
Nmap scan report for 172.30.1.109 [host down]
Nmap scan report for 172.30.1.110 [host down]
Nmap scan report for 172.30.1.111 [host down]
Nmap scan report for 172.30.1.112 [host down]
Nmap scan report for 172.30.1.113 [host down]
Nmap scan report for 172.30.1.114 [host down]
Nmap scan report for 172.30.1.115 [host down]
Nmap scan report for 172.30.1.116 [host down]
Nmap scan report for 172.30.1.117 [host down]
Nmap scan report for 172.30.1.118 [host down]
Nmap scan report for 172.30.1.119 [host down]
Nmap scan report for 172.30.1.120 [host down]
Nmap scan report for 172.30.1.121 [host down]
Nmap scan report for 172.30.1.122 [host down]
Nmap scan report for 172.30.1.123 [host down]
Nmap scan report for 172.30.1.124 [host down]
Nmap scan report for 172.30.1.125 [host down]
Nmap scan report for 172.30.1.126 [host down]
Nmap scan report for 172.30.1.127 [host down]
Nmap scan report for 172.30.1.128 [host down]
Nmap scan report for 172.30.1.129 [host down]
Nmap scan report for 172.30.1.130 [host down]
Nmap scan report for 172.30.1.131 [host down]
Nmap scan report for 172.30.1.132 [host down]
Nmap scan report for 172.30.1.133 [host down]
Nmap scan report for 172.30.1.134 [host down]
Nmap scan report for 172.30.1.135 [host down]
Nmap scan report for 172.30.1.136 [host down]
Nmap scan report for 172.30.1.137 [host down]
Nmap scan report for 172.30.1.138 [host down]
Nmap scan report for 172.30.1.139 [host down]
Nmap scan report for 172.30.1.140 [host down]
Nmap scan report for 172.30.1.141 [host down]
Nmap scan report for 172.30.1.142 [host down]
Nmap scan report for 172.30.1.143 [host down]
Nmap scan report for 172.30.1.144 [host down]
Nmap scan report for 172.30.1.145 [host down]
Nmap scan report for 172.30.1.146 [host down]
Nmap scan report for 172.30.1.147 [host down]
Nmap scan report for 172.30.1.148 [host down]
Nmap scan report for 172.30.1.149 [host down]
Nmap scan report for 172.30.1.150 [host down]
Nmap scan report for 172.30.1.151 [host down]
Nmap scan report for 172.30.1.152 [host down]
Nmap scan report for 172.30.1.153 [host down]
Nmap scan report for 172.30.1.154 [host down]
Nmap scan report for 172.30.1.155 [host down]
Nmap scan report for 172.30.1.156 [host down]
Nmap scan report for 172.30.1.157 [host down]
Nmap scan report for 172.30.1.158 [host down]
Nmap scan report for 172.30.1.159 [host down]
Nmap scan report for 172.30.1.160 [host down]
Nmap scan report for 172.30.1.161 [host down]
Nmap scan report for 172.30.1.162 [host down]
Nmap scan report for 172.30.1.163 [host down]
Nmap scan report for 172.30.1.164 [host down]
Nmap scan report for 172.30.1.165 [host down]
Nmap scan report for 172.30.1.166 [host down]
Nmap scan report for 172.30.1.167 [host down]
Nmap scan report for 172.30.1.168 [host down]
Nmap scan report for 172.30.1.169 [host down]
Nmap scan report for 172.30.1.170 [host down]
Nmap scan report for 172.30.1.171 [host down]
Nmap scan report for 172.30.1.172 [host down]
Nmap scan report for 172.30.1.173 [host down]
Nmap scan report for 172.30.1.174 [host down]
Nmap scan report for 172.30.1.175 [host down]
Nmap scan report for 172.30.1.176 [host down]
Nmap scan report for 172.30.1.177 [host down]
Nmap scan report for 172.30.1.178 [host down]
Nmap scan report for 172.30.1.179 [host down]
Nmap scan report for 172.30.1.180 [host down]
Nmap scan report for 172.30.1.181 [host down]
Nmap scan report for 172.30.1.182 [host down]
Nmap scan report for 172.30.1.183 [host down]
Nmap scan report for 172.30.1.184 [host down]
Nmap scan report for 172.30.1.185 [host down]
Nmap scan report for 172.30.1.186 [host down]
Nmap scan report for 172.30.1.187 [host down]
Nmap scan report for 172.30.1.188 [host down]
Nmap scan report for 172.30.1.189 [host down]
Nmap scan report for 172.30.1.190 [host down]
Nmap scan report for 172.30.1.191 [host down]
Nmap scan report for 172.30.1.192 [host down]
Nmap scan report for 172.30.1.193 [host down]
Nmap scan report for 172.30.1.194 [host down]
Nmap scan report for 172.30.1.195 [host down]
Nmap scan report for 172.30.1.196 [host down]
Nmap scan report for 172.30.1.197 [host down]
Nmap scan report for 172.30.1.198 [host down]
Nmap scan report for 172.30.1.199 [host down]
Nmap scan report for 172.30.1.200 [host down]
Nmap scan report for 172.30.1.201 [host down]
Nmap scan report for 172.30.1.202 [host down]
Nmap scan report for 172.30.1.203 [host down]
Nmap scan report for 172.30.1.204 [host down]
Nmap scan report for 172.30.1.205 [host down]
Nmap scan report for 172.30.1.206 [host down]
Nmap scan report for 172.30.1.207 [host down]
Nmap scan report for 172.30.1.208 [host down]
Nmap scan report for 172.30.1.209 [host down]
Nmap scan report for 172.30.1.210 [host down]
Nmap scan report for 172.30.1.211 [host down]
Nmap scan report for 172.30.1.212 [host down]
Nmap scan report for 172.30.1.213 [host down]
Nmap scan report for 172.30.1.214 [host down]
Nmap scan report for 172.30.1.215 [host down]
Nmap scan report for 172.30.1.216 [host down]
Nmap scan report for 172.30.1.217 [host down]
Nmap scan report for 172.30.1.218 [host down]
Nmap scan report for 172.30.1.219 [host down]
Nmap scan report for 172.30.1.220 [host down]
Nmap scan report for 172.30.1.221 [host down]
Nmap scan report for 172.30.1.222 [host down]
Nmap scan report for 172.30.1.223 [host down]
Nmap scan report for 172.30.1.224 [host down]
Nmap scan report for 172.30.1.225 [host down]
Nmap scan report for 172.30.1.226 [host down]
Nmap scan report for 172.30.1.227 [host down]
Nmap scan report for 172.30.1.228 [host down]
Nmap scan report for 172.30.1.229 [host down]
Nmap scan report for 172.30.1.230 [host down]
Nmap scan report for 172.30.1.231 [host down]
Nmap scan report for 172.30.1.232 [host down]
Nmap scan report for 172.30.1.233 [host down]
Nmap scan report for 172.30.1.234 [host down]
Nmap scan report for 172.30.1.235 [host down]
Nmap scan report for 172.30.1.236 [host down]
Nmap scan report for 172.30.1.237 [host down]
Nmap scan report for 172.30.1.238 [host down]
Nmap scan report for 172.30.1.239 [host down]
Nmap scan report for 172.30.1.240 [host down]
Nmap scan report for 172.30.1.241 [host down]
Nmap scan report for 172.30.1.242 [host down]
Nmap scan report for 172.30.1.243 [host down]
Nmap scan report for 172.30.1.244 [host down]
Nmap scan report for 172.30.1.245 [host down]
Nmap scan report for 172.30.1.246 [host down]
Nmap scan report for 172.30.1.247 [host down]
Nmap scan report for 172.30.1.248 [host down]
Nmap scan report for 172.30.1.249 [host down]
Nmap scan report for 172.30.1.250 [host down]
Nmap scan report for 172.30.1.251 [host down]
Nmap scan report for 172.30.1.252 [host down]
Nmap scan report for bogon (172.30.1.253)
Host is up (.00027s latency).
MAC Address: :::3E:EC:D4 (Cadmus Computer Systems)
Nmap scan report for bogon (172.30.1.254)
Host is up (.00011s latency).
MAC Address: 0A:::::0F (Unknown)
Nmap scan report for 172.30.1.255 [host down]
Nmap scan report for node101.yinzhengjie.org.cn (172.30.1.101)
Host is up.
Read data files from: /usr/bin/../share/nmap
Nmap done: IP addresses ( hosts up) scanned in 11.54 seconds
Raw packets sent: (.168KB) | Rcvd: (112B)
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# nmap -v -sP 172.30.1.0/24 > /data/nmap.log #我们扫描172.30.1.0/24这个网段的主机是否存活并将结果保存到文件中便于咱们测试
[root@node101.yinzhengjie.org.cn ~]# grep -B up /data/nmap.log #匹配包含up关键词的行及其上一行。
Nmap scan report for node102.yinzhengjie.org.cn (172.30.1.102)
Host is up (.00037s latency).
--
Nmap scan report for node103.yinzhengjie.org.cn (172.30.1.103)
Host is up (.00072s latency).
--
Nmap scan report for bogon (172.30.1.253)
Host is up (.00027s latency).
--
Nmap scan report for bogon (172.30.1.254)
Host is up (.00011s latency).
--
Nmap scan report for node101.yinzhengjie.org.cn (172.30.1.101)
Host is up.
Read data files from: /usr/bin/../share/nmap
Nmap done: IP addresses ( hosts up) scanned in 11.54 seconds
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -B up /data/nmap.log | grep "report" |cut -d " " -f #我们可以根据上面的结果结合cut命令可以取出对应的IP地址
(172.30.1.102)
(172.30.1.103)
(172.30.1.253)
(172.30.1.254)
(172.30.1.101)
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -B 1 up /data/nmap.log #匹配包含up关键词的行及其上一行的内容。
10>."-A"选项案例展示
[root@node101.yinzhengjie.org.cn ~]# grep root /etc/passwd
root:x:::root:/root:/bin/bash
operator:x:::operator:/root:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -A root /etc/passwd #找到root所在的行及其下面3行的内容
root:x:::root:/root:/bin/bash
bin:x:::bin:/bin:/sbin/nologin
daemon:x:::daemon:/sbin:/sbin/nologin
adm:x:::adm:/var/adm:/sbin/nologin
--
operator:x:::operator:/root:/sbin/nologin
games:x:::games:/usr/games:/sbin/nologin
ftp:x:::FTP User:/var/ftp:/sbin/nologin
nobody:x:::Nobody:/:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -nA root /etc/passwd #找到root所在的行及其下面3行的内容并显示所在行号
:root:x:::root:/root:/bin/bash
-bin:x:::bin:/bin:/sbin/nologin
-daemon:x:::daemon:/sbin:/sbin/nologin
-adm:x:::adm:/var/adm:/sbin/nologin
--
:operator:x:::operator:/root:/sbin/nologin
-games:x:::games:/usr/games:/sbin/nologin
-ftp:x:::FTP User:/var/ftp:/sbin/nologin
-nobody:x:::Nobody:/:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -nA 3 root /etc/passwd #找到root所在的行及其下面3行的内容并显示所在行号
11>."-e"选项案例展示
[root@node101.yinzhengjie.org.cn ~]# grep root /etc/passwd
root:x:::root:/root:/bin/bash
operator:x:::operator:/root:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -e root -e nologin /etc/passwd #找到包含"root"的行或者包含"nologin"的行
root:x:::root:/root:/bin/bash
bin:x:::bin:/bin:/sbin/nologin
daemon:x:::daemon:/sbin:/sbin/nologin
adm:x:::adm:/var/adm:/sbin/nologin
lp:x:::lp:/var/spool/lpd:/sbin/nologin
mail:x:::mail:/var/spool/mail:/sbin/nologin
operator:x:::operator:/root:/sbin/nologin
games:x:::games:/usr/games:/sbin/nologin
ftp:x:::FTP User:/var/ftp:/sbin/nologin
nobody:x:::Nobody:/:/sbin/nologin
systemd-network:x:::systemd Network Management:/:/sbin/nologin
dbus:x:::System message bus:/:/sbin/nologin
polkitd:x:::User for polkitd:/:/sbin/nologin
sshd:x:::Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x::::/var/spool/postfix:/sbin/nologin
ntp:x::::/etc/ntp:/sbin/nologin
mysql:x::::/home/mysql:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -e root -e nologin /etc/passwd #找到包含"root"的行或者包含"nologin"的行
12>."-w"选项案例展示
[root@node101.yinzhengjie.org.cn ~]# cat f1.txt
hello
hello world
def myhello():pass
adminhello
helloGoogle
123hello
--hello--
abchello
__hello__
hello;
hello,
hello.
hello!
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -w hello f1.txt #匹配包含"hello"单词的行,从输出结果来看默认匹配的单词如果连接的有数字,字母,下划线就不算一个完整的单词!
hello
hello world
--hello--
hello;
hello,
hello.
hello!
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -w hello f1.txt #匹配包含"hello"单词的行,从输出结果来看默认匹配的单词如果连接的有数字,字母,下划线就不算一个完整的单词!
13>."-f"选项案例展示
[root@node101.yinzhengjie.org.cn ~]# cat pattern.txt
root
nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -f pattern.txt /etc/passwd #对指定文件的内容逐行匹配,将匹配到的内容当作关键词进行搜索
root:x:::root:/root:/bin/bash
bin:x:::bin:/bin:/sbin/nologin
daemon:x:::daemon:/sbin:/sbin/nologin
adm:x:::adm:/var/adm:/sbin/nologin
lp:x:::lp:/var/spool/lpd:/sbin/nologin
mail:x:::mail:/var/spool/mail:/sbin/nologin
operator:x:::operator:/root:/sbin/nologin
games:x:::games:/usr/games:/sbin/nologin
ftp:x:::FTP User:/var/ftp:/sbin/nologin
nobody:x:::Nobody:/:/sbin/nologin
systemd-network:x:::systemd Network Management:/:/sbin/nologin
dbus:x:::System message bus:/:/sbin/nologin
polkitd:x:::User for polkitd:/:/sbin/nologin
sshd:x:::Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x::::/var/spool/postfix:/sbin/nologin
ntp:x::::/etc/ntp:/sbin/nologin
mysql:x::::/home/mysql:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -f pattern.txt /etc/passwd #对指定文件的内容逐行匹配,将匹配到的内容当作关键词进行搜索
三.正则表达式概述(注意,在执行命令时最好添加别名"alias grep='grep --color=auto"看出的效果更明显)
1>.什么是正则表达式
正则表达式英文名称为:"Regular Expressions(简称re)",由一类特殊字符及文本字符所编写的模式,其中有些字符(元字符)不表示字符字面意义,而表示控制或通配的功能.
2>.Linux中支持正则表达式的常见软件
程序支持:grep,sed,awk,vim, less,nginx,varnish等。 几乎所有的编程语言都支持正则表达式。
3>.正则表达式分类
基本正则表达式:BRE
扩展正则表达式:ERE
4>.正则表达式引擎
采用不同算法,检查处理正则表达式的软件模块PCRE(Perl Compatible Regular Expressions)。 几乎所有高级语言都是PCRE的方言或者变种。Python从1.6开始使用SRE正则表达式引擎,可以认为是PCRE 的子集,见模块re。
5>.元字符分类
字符匹配、匹配次数、位置锚定、分组
6>.查看正则表达式的帮助信息
[root@node101.yinzhengjie.org.cn ~]# man regex
REGEX() Linux Programmer's Manual REGEX(7) NAME
regex - POSIX. regular expressions DESCRIPTION
Regular expressions ("RE"s), as defined in POSIX., come in two forms: modern REs (roughly those of egrep; POSIX. calls
these "extended" REs) and obsolete REs (roughly those of ed(); POSIX. "basic" REs). Obsolete REs mostly exist for back‐
ward compatibility in some old programs; they will be discussed at the end. POSIX. leaves some aspects of RE syntax and
semantics open; "(!)" marks decisions on these aspects that may not be fully portable to other POSIX. implementations. A (modern) RE is one(!) or more nonempty(!) branches, separated by '|'. It matches anything that matches one of the
branches. A branch is one(!) or more pieces, concatenated. It matches a match for the first, followed by a match for the second, etc. An atom is a regular expression enclosed in "()" (matching a match for the regular expression), an empty set of "()" (match‐
ing the null string)(!), a bracket expression (see below), '.' (matching any single character), '^' (matching the null
string at the beginning of a line), '$' (matching the null string at the end of a line), a '\' followed by one of the char‐
acters "^.[$()|*+?{\" (matching that character taken as an ordinary character), a '\' followed by any other character(!)
(matching that character taken as an ordinary character, as if the '\' had not been present(!)), or a single character with
no other significance (matching that character). A '{' followed by a character other than a digit is an ordinary character,
not the beginning of a bound(!). It is illegal to end an RE with '\'. A bracket expression is a list of characters enclosed in "[]". It normally matches any single character from the list (but
see below). If the list begins with '^', it matches any single character (but see below) not from the rest of the list. If
two characters in the list are separated by '-', this is shorthand for the full range of characters between those two
(inclusive) in the collating sequence, for example, "[0-9]" in ASCII matches any decimal digit. It is illegal(!) for two
ranges to share an endpoint, for example, "a-c-e". Ranges are very collating-sequence-dependent, and portable programs
should avoid relying on them. To include a literal ']' in the list, make it the first character (following a possible '^'). To include a literal '-',
make it the first or last character, or the second endpoint of a range. To use a literal '-' as the first endpoint of a
range, enclose it in "[." and ".]" to make it a collating element (see below). With the exception of these and some combi‐
nations using '[' (see next paragraphs), all other special characters, including '\', lose their special significance within
a bracket expression. Within a bracket expression, a collating element (a character, a multicharacter sequence that collates as if it were a sin‐
gle character, or a collating-sequence name for either) enclosed in "[." and ".]" stands for the sequence of characters of
that collating element. The sequence is a single element of the bracket expression's list. A bracket expression containing
a multicharacter collating element can thus match more than one character, for example, if the collating sequence includes a
"ch" collating element, then the RE "[[.ch.]]*c" matches the first five characters of "chchcc". Within a bracket expression, a collating element enclosed in "[=" and "=]" is an equivalence class, standing for the
sequences of characters of all collating elements equivalent to that one, including itself. (If there are no other equiva‐
lent collating elements, the treatment is as if the enclosing delimiters were "[." and ".]".) For example, if o and ^ are
the members of an equivalence class, then "[[=o=]]", "[[=^=]]", and "[o^]" are all synonymous. An equivalence class may
not(!) be an endpoint of a range. Within a bracket expression, the name of a character class enclosed in "[:" and ":]" stands for the list of all characters
belonging to that class. Standard character class names are: alnum digit punct
alpha graph space
blank lower upper
cntrl print xdigit These stand for the character classes defined in wctype(). A locale may provide others. A character class may not be used
as an endpoint of a range. In the event that an RE could match more than one substring of a given string, the RE matches the one starting earliest in
the string. If the RE could match more than one substring starting at that point, it matches the longest. Subexpressions
also match the longest possible substrings, subject to the constraint that the whole match be as long as possible, with sub‐
expressions starting earlier in the RE taking priority over ones starting later. Note that higher-level subexpressions thus
take priority over their lower-level component subexpressions. Match lengths are measured in characters, not collating elements. A null string is considered longer than no match at all.
For example, "bb*" matches the three middle characters of "abbbc", "(wee|week)(knights|nights)" matches all ten characters
of "weeknights", when "(.*).*" is matched against "abc" the parenthesized subexpression matches all three characters, and
when "(a*)*" is matched against "bc" both the whole RE and the parenthesized subexpression match the null string. If case-independent matching is specified, the effect is much as if all case distinctions had vanished from the alphabet.
When an alphabetic that exists in multiple cases appears as an ordinary character outside a bracket expression, it is effec‐
tively transformed into a bracket expression containing both cases, for example, 'x' becomes "[xX]". When it appears inside
a bracket expression, all case counterparts of it are added to the bracket expression, so that, for example, "[x]" becomes
"[xX]" and "[^x]" becomes "[^xX]". No particular limit is imposed on the length of REs(!). Programs intended to be portable should not employ REs longer than
bytes, as an implementation can refuse to accept such REs and remain POSIX-compliant. Obsolete ("basic") regular expressions differ in several respects. '|', '+', and '?' are ordinary characters and there is
no equivalent for their functionality. The delimiters for bounds are "\{" and "\}", with '{' and '}' by themselves ordinary
characters. The parentheses for nested subexpressions are "\(" and "\)", with '(' and ')' by themselves ordinary charac‐
ters. '^' is an ordinary character except at the beginning of the RE or(!) the beginning of a parenthesized subexpression,
'$' is an ordinary character except at the end of the RE or(!) the end of a parenthesized subexpression, and '*' is an ordi‐
nary character if it appears at the beginning of the RE or the beginning of a parenthesized subexpression (after a possible
leading '^'). Finally, there is one new type of atom, a back reference: '\' followed by a nonzero decimal digit d matches the same
sequence of characters matched by the dth parenthesized subexpression (numbering subexpressions by the positions of their
opening parentheses, left to right), so that, for example, "\([bc]\)\1" matches "bb" or "cc" but not "bc". BUGS
Having two kinds of REs is a botch. The current POSIX. spec says that ')' is an ordinary character in the absence of an unmatched '('; this was an uninten‐
tional result of a wording error, and change is likely. Avoid relying on it. Back references are a dreadful botch, posing major problems for efficient implementations. They are also somewhat vaguely
defined (does "a\(\(b\)*\2\)*d" match "abbbd"?). Avoid using them. POSIX.'s specification of case-independent matching is vague. The "one case implies all cases" definition given above is
current consensus among implementors as to the right interpretation. AUTHOR
This page was taken from Henry Spencer's regex package. SEE ALSO
grep(), regex() POSIX., section 2.8 (Regular Expression Notation). COLOPHON
This page is part of release 3.53 of the Linux man-pages project. A description of the project, and information about
reporting bugs, can be found at http://www.kernel.org/doc/man-pages/. -- REGEX() A piece is an atom possibly followed by a single(!) '*', '+', '?', or bound. An atom followed by '*' matches a sequence of
or more matches of the atom. An atom followed by '+' matches a sequence of or more matches of the atom. An atom fol‐
lowed by '?' matches a sequence of or matches of the atom. A bound is '{' followed by an unsigned decimal integer, possibly followed by ',' possibly followed by another unsigned deci‐
mal integer, always followed by '}'. The integers must lie between and RE_DUP_MAX ((!)) inclusive, and if there are
two of them, the first may not exceed the second. An atom followed by a bound containing one integer i and no comma matches
a sequence of exactly i matches of the atom. An atom followed by a bound containing one integer i and a comma matches a
sequence of i or more matches of the atom. An atom followed by a bound containing two integers i and j matches a sequence
of i through j (inclusive) matches of the atom.
[root@node101.yinzhengjie.org.cn ~]# man 7 regex #查看正则表达式的帮助信息
[root@node101.yinzhengjie.org.cn ~]# yum -y install man-pages #如果是最小化安装CentOS可能不支持上面的命令,需要安装该软件包
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.huaweicloud.com
* extras: mirrors.huaweicloud.com
* updates: mirrors..com
Resolving Dependencies
--> Running transaction check
---> Package man-pages.noarch :3.53-.el7 will be installed
--> Finished Dependency Resolution Dependencies Resolved =======================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================
Installing:
man-pages noarch 3.53-.el7 base 5.0 M Transaction Summary
=======================================================================================================================================
Install Package Total download size: 5.0 M
Installed size: 4.6 M
Downloading packages:
man-pages-3.53-.el7.noarch.rpm | 5.0 MB ::
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : man-pages-3.53-.el7.noarch /
Verifying : man-pages-3.53-.el7.noarch / Installed:
man-pages.noarch :3.53-.el7 Complete!
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# yum -y install man-pages #如果是最小化安装CentOS可能不支持上面的命令,需要安装该软件包
四.元字符分类详解-字符匹配(注意,在执行命令时最好添加别名"alias grep='grep --color=auto"看出的效果更明显)
1>."." 匹配任意单个字符
[root@node101.yinzhengjie.org.cn ~]# ll
total
-rw-r--r-- root root Oct : f1.txt
drwxr-xr-x root root Jul : mysql-5.7.-linux-glibc2.-x86_64
-rw-r--r-- root root Jun : mysql-5.7.-linux-glibc2.-x86_64.tar.gz
drwxr-xr-x root root Aug mysql-connector-java-5.1.
-rw-r--r-- root root Aug mysql-connector-java-5.1..tar.gz
-rw-r--r-- root root Oct : pattern.txt
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ls | grep -w '..\.txt' #匹配2个任意字符且后缀包含".txt",第三个"."前面有一个"\"表示转义,表示原意"."。
f1.txt
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ls | grep -w '..\.txt' #匹配2个任意字符且后缀包含".txt",第三个"."前面有一个"\"表示转义,表示原意"."。
[root@node101.yinzhengjie.org.cn ~]# grep r..t /etc/passwd #在字母r和t之间匹配2个任意字符的行
root:x:::root:/root:/bin/bash
operator:x:::operator:/root:/sbin/nologin
ftp:x:::FTP User:/var/ftp:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -w r..t /etc/passwd #找到在字母r和t之间匹配2个任意字符且为单词的行
root:x:::root:/root:/bin/bash
operator:x:::operator:/root:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep r..t /etc/passwd #在字母r和t之间匹配2个任意字符的行
2>."[]" 匹配指定范围内的任意单个字符,示例:[wang] [0-9] [a-z] [a-zA-Z]
[root@node101.yinzhengjie.org.cn ~]# grep [Xyf] /etc/passwd #匹配包含"X","y","f"的行
sync:x:::sync:/sbin:/bin/sync
ftp:x:::FTP User:/var/ftp:/sbin/nologin
nobody:x:::Nobody:/:/sbin/nologin
systemd-network:x:::systemd Network Management:/:/sbin/nologin
dbus:x:::System message bus:/:/sbin/nologin
polkitd:x:::User for polkitd:/:/sbin/nologin
sshd:x:::Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x::::/var/spool/postfix:/sbin/nologin
mysql:x::::/home/mysql:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep [Xyf] /etc/passwd #匹配包含"X","y","f"的行
3>."[^]" 匹配指定范围外的任意单个字符
[root@node101.yinzhengjie.org.cn ~]# grep [^Xyf] /etc/passwd #和上面的结果相反,只不过不匹配字母"X","y","f"的行
root:x:::root:/root:/bin/bash
bin:x:::bin:/bin:/sbin/nologin
daemon:x:::daemon:/sbin:/sbin/nologin
adm:x:::adm:/var/adm:/sbin/nologin
lp:x:::lp:/var/spool/lpd:/sbin/nologin
sync:x:::sync:/sbin:/bin/sync
shutdown:x:::shutdown:/sbin:/sbin/shutdown
halt:x:::halt:/sbin:/sbin/halt
mail:x:::mail:/var/spool/mail:/sbin/nologin
operator:x:::operator:/root:/sbin/nologin
games:x:::games:/usr/games:/sbin/nologin
ftp:x:::FTP User:/var/ftp:/sbin/nologin
nobody:x:::Nobody:/:/sbin/nologin
systemd-network:x:::systemd Network Management:/:/sbin/nologin
dbus:x:::System message bus:/:/sbin/nologin
polkitd:x:::User for polkitd:/:/sbin/nologin
sshd:x:::Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x::::/var/spool/postfix:/sbin/nologin
ntp:x::::/etc/ntp:/sbin/nologin
mysql:x::::/home/mysql:/sbin/nologin
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep [^Xyf] /etc/passwd #和上面的结果相反,只不过不匹配字母"X","y","f"的行
4>."[:alnum:]" 字母和数字
[root@node101.yinzhengjie.org.cn ~]# ifconfig lo | grep '[[:digit:]]' #只匹配数字
lo: flags=<UP,LOOPBACK,RUNNING> mtu
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen (Local Loopback)
RX packets bytes (0.0 B)
RX errors dropped overruns frame
TX packets bytes (0.0 B)
TX errors dropped overruns carrier collisions
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ifconfig lo | grep '[[:digit:]a-zA-Z]' #匹配数字,小写字母和大写字母
lo: flags=<UP,LOOPBACK,RUNNING> mtu
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen (Local Loopback)
RX packets bytes (0.0 B)
RX errors dropped overruns frame
TX packets bytes (0.0 B)
TX errors dropped overruns carrier collisions
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ifconfig lo | grep '[[:alnum:]]' #匹配字母和数字
lo: flags=<UP,LOOPBACK,RUNNING> mtu
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen (Local Loopback)
RX packets bytes (0.0 B)
RX errors dropped overruns frame
TX packets bytes (0.0 B)
TX errors dropped overruns carrier collisions
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ifconfig lo | grep '[[:alnum:]]' #匹配字母和数字
5>.其他字符匹配
[:alpha:]
代表任何英文大小写字符,亦即 A-Z, a-z
[:lower:]
小写字母 [:upper:] 大写字母
[:blank:]
空白字符(空格和制表符)
[:space:]
水平和垂直的空白字符(比[:blank:]包含的范围广)
[:cntrl:]
不可打印的控制字符(退格、删除、警铃...)
[:digit:]
十进制数字 [:xdigit:]
十六进制数字
[:graph:]
可打印的非空白字符
[:print:]
可打印字符
[:punct:]
标点符号
五.元字符分类详解-匹配次数(注意,在执行命令时最好添加别名"alias grep='grep --color=auto"看出的效果更明显)
1>."*"匹配前面的字符任意次,包括0次(贪婪模式:尽可能长的匹配)
[root@node101.yinzhengjie.org.cn ~]# cat -n test.log
google gooooooooogle ggle gogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n "go*gle" test.log #"*"匹配前面字符"o"任意次包括0次,但是空行并没有被匹配上
:gooooooooogle
:ggle
:gogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n "go*gle" test.log #"*"匹配前面字符"o"任意次包括0次,但是空行并没有被匹配上
[root@node101.yinzhengjie.org.cn ~]# cat -n test.log
google gooooooooogle ggle gogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n ".*" test.log #贪婪模式会尽可能多的匹配
:
:gooooooooogle
:
:ggle
:
:
:
:
:gogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n ".*" test.log #贪婪模式会尽可能多的匹配
2>.".*" 任意长度的任意字符
[root@node101.yinzhengjie.org.cn ~]# cat -n test.log
google gooooooooogle ggle gogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n "g.*e" test.log #".*"可以匹配任意长度的字符
:gooooooooogle
:ggle
:gogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n "g.*e" test.log #".*"可以匹配任意长度的字符
3>."\?"匹配其前面的字符0或1次
[root@node101.yinzhengjie.org.cn ~]# cat test.log
omage Borg
docker
k8s
gooooooooogle
ggle
ggoole gogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n "g\?o" test.log #此处对"g"字符可以匹配0次或者1次
:omage
:Borg
:docker
:gooooooooogle
:ggoole
:gogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n "g\?o" test.log #此处对"g"字符可以匹配0次或者1次
4>.\+ 匹配其前面的字符至少1次
[root@node101.yinzhengjie.org.cn ~]# cat -n test.log
omage Borg
docker
k8s
gooooooooogle
ggle
ggoole gogle
[root@node101.yinzhengjie.org.cn ~]# grep -n "o\+" test.log #此处对字符"o"最少匹配1次
:omage
:Borg
:docker
:gooooooooogle
:ggoole
:gogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n "o\+" test.log #此处对字符"o"最少匹配1次
5>."\{n\}"匹配前面的字符n次
[root@node101.yinzhengjie.org.cn ~]# cat -n test.log
omage Borg
docker
k8s
gooooooooogle
ggle
ggoole gogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n "go\{2\}" test.log #仅对字符"o"匹配2次
:gooooooooogle
:ggoole
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n "go\{2\}" test.log #仅对字符"o"匹配2次
6>."\{m,n\}"匹配前面的字符至少m次,至多n次
[root@node101.yinzhengjie.org.cn ~]# cat -n test.log
omage Borg
docker
k8s
gooooooooogle
ggle
ggoole gogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n "go\{3,5\}" test.log #最少对字符"o"匹配3次,最多匹配5次
:gooooooooogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n "go\{3,5\}" test.log #最少对字符"o"匹配3次,最多匹配5次
7>."\{,n\}"匹配前面的字符至多n次
[root@node101.yinzhengjie.org.cn ~]# cat -n test.log
omage Borg
docker
k8s
gooooooooogle
ggle
ggoole gogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n "go\{,3\}" test.log #对字符""最多匹配3次
:omage
:Borg
:gooooooooogle
:ggle
:ggoole
:gogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n "go\{,3\}" test.log #对字符"0"最多匹配3次
8>."\{n,\}"匹配前面的字符至少n次
[root@node101.yinzhengjie.org.cn ~]# cat -n test.log
omage Borg
docker
k8s
gooooooooogle
ggle
ggoole gogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n "go\{3,\}" test.log #对字符"o"最少匹配3次
:gooooooooogle
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -n "go\{3,\}" test.log #对字符"o"最少匹配3次
六.元字符分类详解-位置锚定(注意,在执行命令时最好添加别名"alias grep='grep --color=auto"看出的效果更明显)
1>."^"行首锚定,用于模式的最左侧
[root@node102.yinzhengjie.org.cn ~]# grep "root" /etc/passwd #匹配包含"root"的行
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# grep "^root" /etc/passwd #过滤以"root"为开头的行
root:x:0:0:root:/root:/bin/bash
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# grep "^root" /etc/passwd #过滤以"root"为开头的行
[root@node102.yinzhengjie.org.cn ~]# cat /etc/fstab #
# /etc/fstab
# Created by anaconda on Mon Jul 8 16:25:07 2019
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=923617f2-2f0b-4029-9367-25204e66e99e /boot xfs defaults 0 0
/dev/mapper/centos-home /home xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# grep -v "^#" /etc/fstab #过滤以"#"开头的行 /dev/mapper/centos-root / xfs defaults 0 0
UUID=923617f2-2f0b-4029-9367-25204e66e99e /boot xfs defaults 0 0
/dev/mapper/centos-home /home xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# grep -v "^#" /etc/fstab #过滤以"#"开头的行
[root@node102.yinzhengjie.org.cn ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/centos-root 52403200 1802632 50600568 4% /
devtmpfs 1928200 0 1928200 0% /dev
tmpfs 1940316 0 1940316 0% /dev/shm
tmpfs 1940316 8720 1931596 1% /run
tmpfs 1940316 0 1940316 0% /sys/fs/cgroup
/dev/sda1 1038336 148560 889776 15% /boot
/dev/mapper/centos-home 990543300 426376 990116924 1% /home
tmpfs 388064 0 388064 0% /run/user/0
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# df | grep "^/dev/sd" | tr -s ' ' % | cut -d % -f 5 | sort -nr #查看各个分区对磁盘使用情况,若有多个磁盘分区效果更为明显。
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# df | grep "^/dev/sd" | tr -s ' ' % | cut -d % -f 5 | sort -nr #查看各个分区对磁盘使用情况,若有多个磁盘分区效果更为明显。
2>."$"行尾锚定,用于模式的最右侧
[root@node102.yinzhengjie.org.cn ~]# grep "bash$" /etc/passwd #过滤以"bash"结尾的行
root:x:0:0:root:/root:/bin/bash
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# useradd yinzhengjie
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# grep "bash$" /etc/passwd
root:x:0:0:root:/root:/bin/bash
yinzhengjie:x:1000:1000::/home/yinzhengjie:/bin/bash
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# grep "bash$" /etc/passwd #过滤以"bash"结尾的行
3>."^PATTERN$"用于模式匹配整行
[root@node102.yinzhengjie.org.cn ~]# cat /etc/fstab #
# /etc/fstab
# Created by anaconda on Mon Jul 8 16:25:07 2019
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=923617f2-2f0b-4029-9367-25204e66e99e /boot xfs defaults 0 0
/dev/mapper/centos-home /home xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# grep -v "^#" /etc/fstab /dev/mapper/centos-root / xfs defaults 0 0
UUID=923617f2-2f0b-4029-9367-25204e66e99e /boot xfs defaults 0 0
/dev/mapper/centos-home /home xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# grep -v -e "^#" -e "^$" /etc/fstab #过滤以"#"开头和空行的行并取反
/dev/mapper/centos-root / xfs defaults 0 0
UUID=923617f2-2f0b-4029-9367-25204e66e99e /boot xfs defaults 0 0
/dev/mapper/centos-home /home xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# grep -v -e "^#" -e "^$" /etc/fstab #过滤以"#"开头和空行的行并取反
[root@node102.yinzhengjie.org.cn ~]# cat /etc/fstab #
# /etc/fstab
# Created by anaconda on Mon Jul 8 16:25:07 2019
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=923617f2-2f0b-4029-9367-25204e66e99e /boot xfs defaults 0 0
/dev/mapper/centos-home /home xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# grep -v -e "^#" -e "^[[:space:]]*$" /etc/fstab #过滤以"#"开头和空行的行并取反
/dev/mapper/centos-root / xfs defaults 0 0
UUID=923617f2-2f0b-4029-9367-25204e66e99e /boot xfs defaults 0 0
/dev/mapper/centos-home /home xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# grep -v -e "^#" -e "^[[:space:]]*$" /etc/fstab #过滤以"#"开头和空行的行并取反(效果同上)
4>."\< 或 \b" 词首锚定,用于单词模式的左侧
[root@node102.yinzhengjie.org.cn ~]# echo "hello world" | grep "\<hello"
hello world
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# echo "hello world" | grep "\<world"
hello world
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# echo "123helloabcd" | grep "\<hello"
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# echo "123-helloabcd" | grep "\<hello" #匹配字符串单词的词首,匹配成功
123-helloabcd
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# echo "123_helloabcd" | grep "\<hello"
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# echo "123-helloabcd" | grep "\<hello" #匹配字符串单词的词首,匹配成功
[root@node102.yinzhengjie.org.cn ~]# echo "123-helloabcd" | grep "\bhello" #"\b"既可以表示词首也可以表示词尾,在这里表示为词首以"hello"开头
-helloabcd
[root@node102.yinzhengjie.org.cn ~]#
5>."\> 或 \b" 词尾锚定,用于单词模式的右侧
[root@node102.yinzhengjie.org.cn ~]# echo "hello world" | grep "\<hello"
hello world
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# echo "hello world" | grep "\<world"
hello world
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# echo "123helloabcd" | grep "\<hello"
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# echo "123-helloabcd" | grep "\<hello" #匹配字符串是否以"hello"为词首,匹配成功
123-helloabcd
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# echo "123_helloabcd" | grep "\<hello"
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# echo "123-helloabcd" | grep "\<hello" #匹配字符串是否以"hello"为词首,匹配成功
[root@node102.yinzhengjie.org.cn ~]# echo "helloworld" | grep "world\b" #"\b"既可以表示词首也可以表示词尾,在这里表示为词尾以"world"结尾
helloworld
[root@node102.yinzhengjie.org.cn ~]#
6>."\<PATTERN\>"匹配整个单词
[root@node102.yinzhengjie.org.cn ~]# echo "hello world,I'm Python" | grep "\<world\>" #匹配"world"整个单词,匹配成功
hello world,I'm Python
[root@node102.yinzhengjie.org.cn ~]#
七.元字符分类详解-分组(注意,在执行命令时最好添加别名"alias grep='grep --color=auto"看出的效果更明显)
1>.什么是分组
分组是将"\(\)" 将一个或多个字符捆绑在一起,当作一个整体处理,如:"\(root\)\+",表示匹配"root"关键词,注意这里的"\"表示转义。 分组括号中的模式匹配到的内容会被正则表达式引擎记录于内部的变量中,这些变量的命名方式正bash中为:"\1", "\2", "\3", ...,而在其它编程语言或者应用程序可能用"$1","$2",...来替换,比如nginx中使用正则表达式就是使用"$"字符来代替bash的"\"。
"\1"表示从左侧起第一个左括号以及与之匹配右括号之间的模式所匹配到的字符,在nginx想要引用则使用"$1"。 案例如下:
正则表达式:\(yinzhengjie\(dao ci yi you\(2019\)\)\)
解析说明:
1>.首先我们翻译一下转义字符"\",得到正则字符为"(yinzhengjie(dao ci yi you(2019)))"
2>.紧接着我们就开始数括号,很显然这里是三队括号,这三对括号别分对应
"\1":
对应就是最外面大括号里的内容"yinzhengjie(dao ci yi you(2019))"
"\2":
对应的源字符串的第二对括号里的内容"dao ci yi you(2019)"
""\3":
对应的源字符串的第三对括号里的内容"2019"
2>.后向引用
引用前面的分组括号中的模式所匹配字符,而非模式本身,比如爬虫,nginx配置文件中大量使用。
3>.或者
示例:
a\|b:
对应a或者b
C\cat:
对应C或者cat \(C\|c\)at:
对应"Cat"或"cat"
[root@node101.yinzhengjie.org.cn ~]# cat /etc/fstab #
# /etc/fstab
# Created by anaconda on Mon Jul ::
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(), findfs(), mount() and/or blkid() for more info
#
/dev/mapper/centos-root / xfs defaults
UUID=343e9f9c---a10d-541627af8e04 /boot xfs defaults
/dev/mapper/centos-home /home xfs defaults
/dev/mapper/centos-swap swap swap defaults
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep "^#\|^$" /etc/fstab #
# /etc/fstab
# Created by anaconda on Mon Jul ::
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(), findfs(), mount() and/or blkid() for more info
#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -v "^#\|^$" /etc/fstab
/dev/mapper/centos-root / xfs defaults
UUID=343e9f9c---a10d-541627af8e04 /boot xfs defaults
/dev/mapper/centos-home /home xfs defaults
/dev/mapper/centos-swap swap swap defaults
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# grep -v "^#\|^$" /etc/fstab #过来空行或者以"#"开头的行
[root@node101.yinzhengjie.org.cn ~]# ifconfig enp0s8
enp0s8: flags=<UP,BROADCAST,RUNNING,MULTICAST> mtu
inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255
ether :::c1:c7: txqueuelen (Ethernet)
RX packets bytes (94.6 KiB)
RX errors dropped overruns frame
TX packets bytes (85.0 KiB)
TX errors dropped overruns carrier collisions [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ifconfig enp0s8 | grep -o '\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}' | head -
172.30.1.101
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ifconfig enp0s8 | grep -o '\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}' | head -1
4>.小试牛刀
(1)显示/proc/meminfo文件中以大小s开头的行(要求:使用两种方法) (2)显示/etc/passwd文件中不以/bin/bash结尾的行 (3)显示用户rpc默认的shell程序 (4)找出/etc/passwd中的两位或三位数 (5)显示CentOS7的/etc/grub2.cfg文件中,至少以一个空白字符开头的且后面有非空白字符的行 (6)找出“netstat -tan”命令结果中以LISTEN后跟任意多个空白字符结尾的行 (7)显示CentOS7上所有UID小于1000以内的用户名和UID (8)添加用户bash、testbash、basher、sh、nologin(其shell为/sbin/nologin),找出/etc/passwd用户名和shell同名的行 (9)利用df和grep,取出磁盘各分区利用率,并从大到小排序 (10)使用正则表达式将IP地址取出
八.扩展正则表达式
1>.扩展表达式
扩展正则表达式和基本正则表达式区别就在于转义"\",我们上面使用了一段时间的基本正则表达式发现"(){}"等字符都需要使用"\"进行转义。写起来特别不方便,接下来我们看看扩展正则表达式的书写语法吧。
而我们刚刚使用grep也支持扩展正则表达式,"egrep"等效于"grep -E"
语法格式:
egrep [OPTIONS] PATTERN [FILE...]
2>.字符匹配
.
任意单个字符
[]
指定范围的字符
[^]
不在指定范围的字符
3>.次数匹配
*
匹配前面字符任意次
?
0或1次
+
1次或多次
{m}
匹配m次
{m,n}
至少m,至多n次
4>.位置锚定
^
行首
$
行尾
\<, \b
语首
\>, \b
语尾
5>.分组
分组:
()
后向引用:
\, \, ...
[root@node101.yinzhengjie.org.cn ~]# ifconfig enp0s8
enp0s8: flags=<UP,BROADCAST,RUNNING,MULTICAST> mtu
inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255
ether :::c1:c7: txqueuelen (Ethernet)
RX packets bytes (113.8 KiB)
RX errors dropped overruns frame
TX packets bytes (102.1 KiB)
TX errors dropped overruns carrier collisions [root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ifconfig enp0s8 | grep -o '\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}' | head -
172.30.1.101
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ifconfig enp0s8 | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' | head -
172.30.1.101
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ifconfig enp0s8 | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' | head -1
6>.或者
a|b:
a或b
C|cat:
C或cat
(C|c)at:
Cat或cat
7>.小试牛刀
(1)显示三个用户root的UID和默认shell
(2)找出/etc/rc.d/init.d/functions文件中行首为某单词(包括下划线)后面跟一个小括号的行
(3)使用egrep取出/etc/rc.d/init.d/functions中其基名
(4)使用egrep取出上面路径的目录名
(5)统计last命令中以root登录的每个主机IP地址登录次数
(6)利用扩展正则表达式分别表示0-、-、-、-、-255
(7)显示ifconfig命令结果中所有IPv4地址
(8)将此字符串:welcome to yinzhengjie cnblogs linux 中的每个字符去重并排序,重复次数多的排到前面