1、显示/proc/meminfo文件中以大小s开头的行;(要求:使用两种方式)
第一种:
[root@localhost ~]# grep -i "^s" /proc/meminfo SwapCached: 0 kB SwapTotal: 4194300 kB SwapFree: 4194300 kB Shmem: 9216 kB Slab: 78280 kB SReclaimable: 29356 kB SUnreclaim: 48924 kB
第二种:
[root@localhost ~]# egrep "^(S|s)" /proc/meminfo SwapCached: 0 kB SwapTotal: 4194300 kB SwapFree: 4194300 kB Shmem: 9216 kB Slab: 78228 kB SReclaimable: 29380 kB SUnreclaim: 48848 kB
2、显示/etc/passwd文件中不以/bin/bash结尾的行
[root@localhost ~]# grep "/bin/bash$" /etc/passwd root:x:0:0:root:/root:/bin/bash nieda:x:1000:1000:nieda:/home/nieda:/bin/bash mage:x:1001:1001::/home/mage:/bin/bash wang:x:1002:1002::/home/wang:/bin/bash [root@localhost ~]# grep -v "/bin/bash$" /etc/passwd bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
........
3、显示用户rpc默认的shell程序
[root@localhost ~]# grep "^\brpc\b" /etc/passwd|cut -d: -f7 /sbin/nologin
4、找出/etc/passwd中的两位或三位数
[root@localhost ~]# egrep "\b[0-9]{2,3}\b" /etc/passwd mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin systemd-bus-proxy:x:999:997:systemd Bus Proxy:/:/sbin/nologin systemd-network:x:998:996:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin
........
5、显示/etc/grub2.cfg文件中,至少以一个空白字符开头的且后面存非空白字符的行
[root@localhost ~]# grep "^[[:space:]]\+[^[:space:]]\+" /etc/grub2.cfg load_env set default="${next_entry}" set next_entry= save_env next_entry set boot_once=true set default="${saved_entry}" menuentry_id_option="--id"
6、找出"netstat -tan"命令的结果中以‘LISTEN‘后跟0、1或多个空白字符结尾的行
[root@localhost ~]# netstat -ant|grep "\bLISTEN\b[[:space:]]\+$" tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:631 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN tcp6 0 0 ::1:6010 :::* LISTEN
7、添加用户bash、testbash、basher以及nologin(其shell为/sbin/nologin),而后找出/etc/passwd文件中用户名同shell名的行
[root@localhost ~]# grep "^\b\([[:alnum:]]\+\)\b.*\b\1\b$" passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt [root@localhost ~]# grep "^\([[:alnum:]]\+\).*/\1$" passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt
8、显示当前系统root、mage或wang用户的UID和默认shell
[root@localhost ~]# grep -E "^\b(root|mage|wang)\b" /etc/passwd|cut -d: -f3,7 0:/bin/bash 1001:/bin/bash 1002:/bin/bash
9、找出/etc/rc.d/init.d/functions文件中行首为某单词(包括下划线)后面跟一个小括号的行
[root@localhost ~]# grep -o "^[[:alpha:]_]\+()" /etc/rc.d/init.d/functions checkpid() __pids_var_run() __pids_pidof() daemon() killproc() pidfileofproc() pidofproc() status() echo_success() echo_failure() echo_passed() echo_warning() update_boot_stage() success() failure() passed() warning() action() strstr() is_ignored_file() is_true() is_false() apply_sysctl()
[root@localhost ~]# egrep -o "^([[:alpha:]]|_)+\(\)" /etc/rc.d/init.d/functions checkpid() __pids_var_run() __pids_pidof() daemon() killproc() pidfileofproc() pidofproc() status() echo_success() echo_failure() echo_passed() echo_warning() update_boot_stage() success() failure() passed() warning() action() strstr() is_ignored_file() is_true() is_false() apply_sysctl()
10、使用egrep取出/etc/rc.d/init.d/functions中其基名
[root@localhost ~]# echo "/etc/init.d/functions" |grep -E -o "[^/]+$" functions
[root@localhost ~]# echo "/etc/rc.d/init.d/functions" |tr ‘/‘ ‘\n‘|tail -1 functions·
[root@localhost ~]# basename /etc/rc.d/init.d/functions functions
11、使用egrep取出上面路径的目录名
[root@localhost ~]# echo "/etc/rc.d/init.d/functions" |egrep -o "/.*{1,}/" /etc/rc.d/init.d/
[root@localhost ~]# dirname /etc/rc.d/init.d/functions /etc/rc.d/init.d
12、统计以root身份登录的每个远程主机IP地址的登录次数
[root@localhost ~]# who |grep "^root\b"|egrep -o "([0-9]{1,3}\.){3}[0-9]{1,3}"|sort|uniq -c 4 10.1.250.91
13、利用扩展正则表达式分别表示0-9、10-99、100-199、200-249、250-255
[root@localhost ~]# egrep -o "\b[0-9]\b" test ###0-9 6 7 9 6 7 4 5 9 [root@localhost ~]# cat test 12 23 44 6 7 9 23 6 7 2b 34 4 5 10 9 99 213 34 45 231 199 2346 45346 249 250 299 300 123 345 56758 12423 57 547 325 23
[root@localhost ~]# egrep -o "\b[0-9]{2}\b" test ###10-99 12 23 44 23 34 10 99 34 45 57 23
[root@localhost ~]# egrep -o "\b1[0-9][0-9]\b" test 199 123
[root@localhost ~]# egrep -o "\b2[0-4][0-9]\b" test 213 231 249
[root@localhost ~]# egrep -o "\b25[0-5]\b" test 250
14、显示ifconfig命令结果中所有IPv4地址
[root@localhost ~]# ifconfig |egrep "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"|tr -s ‘ ‘|cut -d ‘ ‘ -f3 10.1.70.102 127.0.0.1 192.168.122.1
15、正则表达式匹配生活中的号码
匹配手机号码
[root@localhost ~]# cat test 13900885386 15945482358 19525235558 18985958483 [root@localhost ~]# egrep "1[34578][0-9]{9}" test 13900885386 15945482358 18985958483
匹配qq邮箱
[root@localhost ~]# egrep "[0-9]{5,9}\@qq\.com" test 12378884@qq.com [root@localhost ~]# cat test 13900885386 15945482358 19525235558 18985958483 12378884@qq.com 124156176@@qq.com 754625757@q.com 75656526@qqcom
匹配身份证号:
身份证号的数字范围及意义
[root@localhost ~]# egrep -o "(1[1-5]|2[1-3]|3[1-7]|4[1-6]|5[0-5]|6[1-5]|71|8[1-2])(0[1-9]|[1-6][0-9]|70)(0[1-9]|1[0-8]|2[1-9]|[3-9][0-9])[0-9]{4}((0[1,3,5,7,8]|1[0,2])(0[1-9]|[1-2][0-9]|3[0-1])|(0[4,6,9]|11)(0[1-9]|[1-2][0-9]|3[0-1])|02(0[1-9]|[1-2][0-9]))[0-9]{3}([0-9]|x)" a 440601198503262836 440305197005186134 632721197802191453 420114198109201171 330783197804282654 210422197007178073 370282198505288034 130921197409153670 211103198909115418 130229198306267293 330381198803231054 513221198408173119 140929197205245859 654027197703105551 411328198409102659 140727197307264299 653226197706175049 370781198809165827 411502197201226129 450481199002204846 510106198005117321 230715199004274022 340303198609101566 361127197304257404 141026197904281528 130121197504125869 441623197408283529 620105198306229342 320503198706241867 130404198608268308 230506198902183921 110229198902259325 640201198202204224 653101198505184805
[root@localhost ~]# cat a 440601198503262836 440305197005186134 632721197802191453 420114198109201171 330783197804282654 210422197007178073 370282198505288034 130921197409153670 211103198909115418 130229198306267293 330381198803231054 411000198606174894 371600197701165270 513221198408173119 140929197205245859 654027197703105551 411328198409102659 140727197307264299 653226197706175049 43060019900624166 370781198809165827 411502197201226129 450481199002204846 510106198005117321 230715199004274022 340303198609101566 361127197304257404 141026197904281528 130121197504125869 441623197408283529 620105198306229342 320503198706241867 450300197301179166 130404198608268308 230506198902183921 110229198902259325 640201198202204224 653101198505184805 120312828874712461 419874914912472317 418954194812419040 098634763161415612 398575673634683471
上面匹配身份证号只是一个粗略的匹配,对于闰年2月只能有28天无法识别,3位顺序码由于不同地区派出所分配的人数不同也忽略了,至于后面的一位校验码计算可以看看上面的连接(...............)
匹配IP地址:
[root@localhost ~]# ifconfig |grep -E "\b(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\b" inet 10.1.70.102 netmask 255.255.0.0 broadcast 10.1.255.255 inet 127.0.0.1 netmask 255.0.0.0 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
原文地址:http://11551196.blog.51cto.com/11541196/1834970