1、显示/proc/meminfo文件中以大小s开头的行;(要求:使用两种方式)
第一种:
[root@localhost ~]# grep -i "^s" /proc/meminfo SwapCached: 0 kB SwapTotal: 4194300 kB SwapFree: 4194300 kB Shmem: 9216 kB Slab: 78280 kB SReclaimable: 29356 kB SUnreclaim: 48924 kB
第二种:
[root@localhost ~]# egrep "^(S|s)" /proc/meminfo SwapCached: 0 kB SwapTotal: 4194300 kB SwapFree: 4194300 kB Shmem: 9216 kB Slab: 78228 kB SReclaimable: 29380 kB SUnreclaim: 48848 kB
2、显示/etc/passwd文件中不以/bin/bash结尾的行
[root@localhost ~]# grep "/bin/bash$" /etc/passwd root:x:0:0:root:/root:/bin/bash nieda:x:1000:1000:nieda:/home/nieda:/bin/bash mage:x:1001:1001::/home/mage:/bin/bash wang:x:1002:1002::/home/wang:/bin/bash [root@localhost ~]# grep -v "/bin/bash$" /etc/passwd bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
........
3、显示用户rpc默认的shell程序
[root@localhost ~]# grep "^\brpc\b" /etc/passwd|cut -d: -f7 /sbin/nologin
4、找出/etc/passwd中的两位或三位数
[root@localhost ~]# egrep "\b[0-9]{2,3}\b" /etc/passwd
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
systemd-bus-proxy:x:999:997:systemd Bus Proxy:/:/sbin/nologin
systemd-network:x:998:996:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
........
5、显示/etc/grub2.cfg文件中,至少以一个空白字符开头的且后面存非空白字符的行
[root@localhost ~]# grep "^[[:space:]]\+[^[:space:]]\+" /etc/grub2.cfg
load_env
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
set default="${saved_entry}"
menuentry_id_option="--id"
6、找出"netstat -tan"命令的结果中以'LISTEN'后跟0、1或多个空白字符结尾的行
[root@localhost ~]# netstat -ant|grep "\bLISTEN\b[[:space:]]\+$" tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:631 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN tcp6 0 0 ::1:6010 :::* LISTEN
7、添加用户bash、testbash、basher以及nologin(其shell为/sbin/nologin),而后找出/etc/passwd文件中用户名同shell名的行
[root@localhost ~]# grep "^\b\([[:alnum:]]\+\)\b.*\b\1\b$" passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt [root@localhost ~]# grep "^\([[:alnum:]]\+\).*/\1$" passwd sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt
8、显示当前系统root、mage或wang用户的UID和默认shell
[root@localhost ~]# grep -E "^\b(root|mage|wang)\b" /etc/passwd|cut -d: -f3,7 0:/bin/bash 1001:/bin/bash 1002:/bin/bash
9、找出/etc/rc.d/init.d/functions文件中行首为某单词(包括下划线)后面跟一个小括号的行
[root@localhost ~]# grep -o "^[[:alpha:]_]\+()" /etc/rc.d/init.d/functions checkpid() __pids_var_run() __pids_pidof() daemon() killproc() pidfileofproc() pidofproc() status() echo_success() echo_failure() echo_passed() echo_warning() update_boot_stage() success() failure() passed() warning() action() strstr() is_ignored_file() is_true() is_false() apply_sysctl()
[root@localhost ~]# egrep -o "^([[:alpha:]]|_)+\(\)" /etc/rc.d/init.d/functions checkpid() __pids_var_run() __pids_pidof() daemon() killproc() pidfileofproc() pidofproc() status() echo_success() echo_failure() echo_passed() echo_warning() update_boot_stage() success() failure() passed() warning() action() strstr() is_ignored_file() is_true() is_false() apply_sysctl()
10、使用egrep取出/etc/rc.d/init.d/functions中其基名
[root@localhost ~]# echo "/etc/init.d/functions" |grep -E -o "[^/]+$" functions
[root@localhost ~]# echo "/etc/rc.d/init.d/functions" |tr '/' '\n'|tail -1 functions·
[root@localhost ~]# basename /etc/rc.d/init.d/functions functions
11、使用egrep取出上面路径的目录名
[root@localhost ~]# echo "/etc/rc.d/init.d/functions" |egrep -o "/.*{1,}/"
/etc/rc.d/init.d/
[root@localhost ~]# dirname /etc/rc.d/init.d/functions /etc/rc.d/init.d
12、统计以root身份登录的每个远程主机IP地址的登录次数
[root@localhost ~]# who |grep "^root\b"|egrep -o "([0-9]{1,3}\.){3}[0-9]{1,3}"|sort|uniq -c
4 10.1.250.91
13、利用扩展正则表达式分别表示0-9、10-99、100-199、200-249、250-255
[root@localhost ~]# egrep -o "\b[0-9]\b" test ###0-9 6 7 9 6 7 4 5 9 [root@localhost ~]# cat test 12 23 44 6 7 9 23 6 7 2b 34 4 5 10 9 99 213 34 45 231 199 2346 45346 249 250 299 300 123 345 56758 12423 57 547 325 23
[root@localhost ~]# egrep -o "\b[0-9]{2}\b" test ###10-99
12
23
44
23
34
10
99
34
45
57
23
[root@localhost ~]# egrep -o "\b1[0-9][0-9]\b" test 199 123
[root@localhost ~]# egrep -o "\b2[0-4][0-9]\b" test 213 231 249
[root@localhost ~]# egrep -o "\b25[0-5]\b" test 250
14、显示ifconfig命令结果中所有IPv4地址
[root@localhost ~]# ifconfig |egrep "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"|tr -s ' '|cut -d ' ' -f3
10.1.70.102
127.0.0.1
192.168.122.1
15、正则表达式匹配生活中的号码
匹配手机号码
[root@localhost ~]# cat test
13900885386
15945482358
19525235558
18985958483
[root@localhost ~]# egrep "1[34578][0-9]{9}" test
13900885386
15945482358
18985958483
匹配qq邮箱
[root@localhost ~]# egrep "[0-9]{5,9}\@qq\.com" test
[email protected]
[root@localhost ~]# cat test
13900885386
15945482358
19525235558
18985958483
[email protected]
124156176@@qq.com
[email protected]
75656526@qqcom
匹配×××号:
×××号的数字范围及意义
http://baike.baidu.com/view/188003.htm?fromtitle=%E8%BA%AB%E4%BB%BD%E8%AF%81%E5%8F%B7%E7%A0%81&fromid=2135487&type=syn
[root@localhost ~]# egrep -o "(1[1-5]|2[1-3]|3[1-7]|4[1-6]|5[0-5]|6[1-5]|71|8[1-2])(0[1-9]|[1-6][0-9]|70)(0[1-9]|1[0-8]|2[1-9]|[3-9][0-9])[0-9]{4}((0[1,3,5,7,8]|1[0,2])(0[1-9]|[1-2][0-9]|3[0-1])|(0[4,6,9]|11)(0[1-9]|[1-2][0-9]|3[0-1])|02(0[1-9]|[1-2][0-9]))[0-9]{3}([0-9]|x)" a
440601198503262836
440305197005186134
632721197802191453
420114198109201171
330783197804282654
210422197007178073
370282198505288034
130921197409153670
211103198909115418
130229198306267293
330381198803231054
513221198408173119
140929197205245859
654027197703105551
411328198409102659
140727197307264299
653226197706175049
370781198809165827
411502197201226129
450481199002204846
510106198005117321
230715199004274022
340303198609101566
361127197304257404
141026197904281528
130121197504125869
441623197408283529
620105198306229342
320503198706241867
130404198608268308
230506198902183921
110229198902259325
640201198202204224
653101198505184805
[root@localhost ~]# cat a 440601198503262836 440305197005186134 632721197802191453 420114198109201171 330783197804282654 210422197007178073 370282198505288034 130921197409153670 211103198909115418 130229198306267293 330381198803231054 411000198606174894 371600197701165270 513221198408173119 140929197205245859 654027197703105551 411328198409102659 140727197307264299 653226197706175049 43060019900624166 370781198809165827 411502197201226129 450481199002204846 510106198005117321 230715199004274022 340303198609101566 361127197304257404 141026197904281528 130121197504125869 441623197408283529 620105198306229342 320503198706241867 450300197301179166 130404198608268308 230506198902183921 110229198902259325 640201198202204224 653101198505184805 120312828874712461 419874914912472317 418954194812419040 098634763161415612 398575673634683471
上面匹配×××号只是一个粗略的匹配,对于闰年2月只能有28天无法识别,3位顺序码由于不同地区派出所分配的人数不同也忽略了,至于后面的一位校验码计算可以看看上面的连接(...............)
匹配IP地址:
[root@localhost ~]# ifconfig |grep -E "\b(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\b" inet 10.1.70.102 netmask 255.255.0.0 broadcast 10.1.255.255 inet 127.0.0.1 netmask 255.0.0.0 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255